From fba06eb6d9476240622bcbb9d328af75fc03429e Mon Sep 17 00:00:00 2001
From: ngrok-release-bot <release-noreply@ngrok.com>
Date: Fri, 9 Jul 2021 14:17:51 -0700
Subject: [PATCH] pull arch-specific base images

required re-working [distro].nix files to take sha256s as arguments

also bumped alpine while we're at it
---
 alpine.nix  | 27 ++++++++++++++-------------
 debian.nix  | 27 ++++++++++++++-------------
 default.nix | 24 ++++++++++++++++++++++++
 3 files changed, 52 insertions(+), 26 deletions(-)

diff --git a/alpine.nix b/alpine.nix
index 8541578..b8b894d 100644
--- a/alpine.nix
+++ b/alpine.nix
@@ -1,23 +1,24 @@
-{ pkgs, arch, entrypoint, ngrokBin, shadowSetup, extraCommands, version }:
+{ pkgs, arch, entrypoint, ngrokBin, shadowSetup, extraCommands, version
+, imageDigest, imageSha256 }:
 
 with pkgs;
 let
-  alpine = dockerTools.pullImage {
-    inherit arch;
-    imageName = "alpine";
-    # alpine 3.13.5 on 6/11/21
-    imageDigest =
-      "sha256:def822f9851ca422481ec6fee59a9966f12b351c62ccb9aca841526ffaa9f748";
-    os = "linux";
-    sha256 = "0g5jh5bqg0hxs5f6vazpfnfbbd1hjj7rczizyxxzrcifvcgfys09";
-    finalImageName = "alpine";
-    finalImageTag = "3.13.5";
-  };
+  alpine = { imageDigest, sha256 }:
+    dockerTools.pullImage {
+      inherit arch imageDigest sha256;
+      imageName = "alpine";
+      os = "linux";
+      finalImageName = "alpine";
+      finalImageTag = "3.14.0";
+    };
 in dockerTools.buildLayeredImage {
   inherit extraCommands;
   name = "ngrok/ngrok";
   tag = "${version}-alpine-${arch}";
-  fromImage = alpine;
+  fromImage = alpine {
+    sha256 = imageSha256;
+    inherit imageDigest;
+  };
   contents = [ ngrokBin entrypoint ] ++ shadowSetup;
   config = {
     ExposedPorts = { "4040" = { }; };
diff --git a/debian.nix b/debian.nix
index 6b31e62..a534074 100644
--- a/debian.nix
+++ b/debian.nix
@@ -1,23 +1,24 @@
-{ pkgs, arch, entrypoint, ngrokBin, shadowSetup, extraCommands, version }:
+{ pkgs, arch, entrypoint, ngrokBin, shadowSetup, extraCommands, version
+, imageDigest, imageSha256 }:
 
 with pkgs;
 let
-  debianBuster = dockerTools.pullImage {
-    inherit arch;
-    imageName = "debian";
-    # debian:buster at 2021-07-06
-    imageDigest =
-      "sha256:5625c115ad881f19967a9b66416f8d40710bb307ad607d037f8ad8289260f75f";
-    os = "linux";
-    sha256 = "1rqvk4zhxx7xi5gqzwdz5f36s40avan4fbimkfbvg2jq8i0jqnd5";
-    finalImageName = "debian";
-    finalImageTag = "buster";
-  };
+  debianBuster = { sha256, imageDigest }:
+    dockerTools.pullImage {
+      inherit arch sha256 imageDigest;
+      imageName = "debian";
+      os = "linux";
+      finalImageName = "debian";
+      finalImageTag = "buster";
+    };
 in dockerTools.buildLayeredImage {
   inherit extraCommands;
   name = "ngrok/ngrok";
   tag = "${version}-debian-${arch}";
-  fromImage = debianBuster;
+  fromImage = debianBuster {
+    sha256 = imageSha256;
+    inherit imageDigest;
+  };
   contents = [ ngrokBin entrypoint ] ++ shadowSetup;
   config = {
     ExposedPorts = { "4040" = { }; };
diff --git a/default.nix b/default.nix
index efc1743..69fbab7 100644
--- a/default.nix
+++ b/default.nix
@@ -49,46 +49,70 @@ in {
     ngrokBin = ngrokBinArm64;
     arch = "arm64";
     pkgs = pkgsCross.aarch64-multiplatform;
+    imageSha256 = "0n2i0862bahqdwwxf1gypvlrzrl8cdmph6h76r45awh1lcxn650f";
+    imageDigest =
+      "sha256:eb9b613b4f63193f4476e62af4cb5bff5e3ba0683c4c7f317b2a2c7e3ec22ee6";
     inherit extraCommands entrypoint shadowSetup version;
   };
   alpineArm64 = import ./alpine.nix {
     ngrokBin = ngrokBinArm64;
     arch = "arm64";
     pkgs = pkgsCross.aarch64-multiplatform;
+    imageSha256 = "13h5sh8fnxyaw7n69h7865ybda6lr7vhagf5fgxwjm8yr1pxf3li";
+    imageDigest =
+      "sha256:53b74ddfc6225e3c8cc84d7985d0f34666e4e8b0b6892a9b2ad1f7516bc21b54";
     inherit extraCommands entrypoint shadowSetup version;
   };
   debianAmd64 = import ./debian.nix {
     ngrokBin = ngrokBinAmd64;
     arch = "amd64";
+    imageSha256 = "1rqvk4zhxx7xi5gqzwdz5f36s40avan4fbimkfbvg2jq8i0jqnd5";
+    imageDigest =
+      "sha256:5625c115ad881f19967a9b66416f8d40710bb307ad607d037f8ad8289260f75f";
     inherit pkgs extraCommands entrypoint shadowSetup version;
   };
   alpineAmd64 = import ./alpine.nix {
     ngrokBin = ngrokBinAmd64;
     arch = "amd64";
+    imageDigest =
+      "sha256:1775bebec23e1f3ce486989bfc9ff3c4e951690df84aa9f926497d82f2ffca9d";
+    imageSha256 = "1jjqqp6vkmmy1i37dk0z3slsdbjahy9shsm7vhhrk07kgx8ia7xs";
     inherit pkgs extraCommands entrypoint shadowSetup version;
   };
   debianArm = import ./debian.nix {
     ngrokBin = ngrokBinArm;
     arch = "arm";
     pkgs = pkgsCross.armv7l-hf-multiplatform;
+    imageSha256 = "0hxqdcwnkv55l56jgg1iqk9lhgnz43v4kqbycnb3zhjvkkjk6b51";
+    imageDigest =
+      "sha256:32c2874ad59bf7908d2a9f7b25409b17cd2927e852d46ed91acfcca4fb64590f";
     inherit extraCommands entrypoint shadowSetup version;
   };
   alpineArm = import ./alpine.nix {
     ngrokBin = ngrokBinArm;
     arch = "arm";
     pkgs = pkgsCross.armv7l-hf-multiplatform;
+    imageSha256 = "1idf4x6dk290wm731yjpf2swyrlajbdd9bg3z7vvsrrzz2gsdgjn";
+    imageDigest =
+      "sha256:8d99168167baa6a6a0d7851b9684625df9c1455116a9601835c2127df2aaa2f5";
     inherit extraCommands entrypoint shadowSetup version;
   };
   debian386 = import ./debian.nix {
     ngrokBin = ngrokBini386;
     arch = "i386";
     pkgs = pkgsCross.gnu32;
+    imageSha256 = "19fcclfrd6wpdxkxccfg23f7zvaqm4sdd9vyfv9fssi4662809ps";
+    imageDigest =
+      "sha256:8aa52e36d688dfaf6a949884cecc0aa5bd0bc92a626b11c2feeb8a23fbcf3190";
     inherit extraCommands entrypoint shadowSetup version;
   };
   alpine386 = import ./alpine.nix {
     ngrokBin = ngrokBini386;
     arch = "i386";
     pkgs = pkgsCross.gnu32;
+    imageSha256 = "07lapaqi63rz58fxhp13h673aj3mpsxkl0mhb4hxprkpg58hfgh0";
+    imageDigest =
+      "sha256:52a197664c8ed0b4be6d3b8372f1d21f3204822ba432583644c9ce07f7d6448f";
     inherit extraCommands entrypoint shadowSetup version;
   };
 }