Script to update Bazel multitool.lock.json

cgoldberg · cgoldberg · commit 8914b7778c45 · 2025-07-16T14:14:58.000-04:00
diff --git a/multitool.lock.json b/multitool.lock.json
@@ -4,41 +4,41 @@
     "binaries": [
       {
         "kind": "archive",
-        "url": "https://github.com/astral-sh/ruff/releases/download/0.11.11/ruff-aarch64-unknown-linux-musl.tar.gz",
+        "url": "https://github.com/astral-sh/ruff/releases/download/0.12.3/ruff-aarch64-unknown-linux-musl.tar.gz",
         "file": "ruff-aarch64-unknown-linux-musl/ruff",
-        "sha256": "3ca33d9b68b8b0bc7e3673b7638910ac2f7c5399303b37bec4d13c005481a78a",
+        "sha256": "7890e49b12c1321688540324a7788457a22711657301598402cba1a9e9be6607",
         "os": "linux",
         "cpu": "arm64"
       },
       {
         "kind": "archive",
-        "url": "https://github.com/astral-sh/ruff/releases/download/0.11.11/ruff-x86_64-unknown-linux-musl.tar.gz",
+        "url": "https://github.com/astral-sh/ruff/releases/download/0.12.3/ruff-x86_64-unknown-linux-musl.tar.gz",
         "file": "ruff-x86_64-unknown-linux-musl/ruff",
-        "sha256": "bb64b083767a5fd0a62e10e9a35614974ad53025e2878cf14a0c698680e6c30c",
+        "sha256": "6ee9216ba4f7fd761e68bd5c23958e662c67fcff8f49e511660d557431b4bd7c",
         "os": "linux",
         "cpu": "x86_64"
       },
       {
         "kind": "archive",
-        "url": "https://github.com/astral-sh/ruff/releases/download/0.11.11/ruff-aarch64-apple-darwin.tar.gz",
+        "url": "https://github.com/astral-sh/ruff/releases/download/0.12.3/ruff-aarch64-apple-darwin.tar.gz",
         "file": "ruff-aarch64-apple-darwin/ruff",
-        "sha256": "814ccb26bed9c027bfc20ac88d33494ab0be62721757c73be70e26c23efbb3f7",
+        "sha256": "5769e4841870d1f7c17f12a7d1437222e8035eded52f93c54c035c770dbffebb",
         "os": "macos",
         "cpu": "arm64"
       },
       {
         "kind": "archive",
-        "url": "https://github.com/astral-sh/ruff/releases/download/0.11.11/ruff-x86_64-apple-darwin.tar.gz",
+        "url": "https://github.com/astral-sh/ruff/releases/download/0.12.3/ruff-x86_64-apple-darwin.tar.gz",
         "file": "ruff-x86_64-apple-darwin/ruff",
-        "sha256": "8bef00e82bc07ea26b45adcffc3d55b2d0821f3a3e4d5f441f4dd4ad608fc1be",
+        "sha256": "472a4790db11a8bcd79cf7b731fb1c036c376f9cc4e6532099f8f39a6f86b9bb",
         "os": "macos",
         "cpu": "x86_64"
       },
       {
         "kind": "archive",
-        "url": "https://github.com/astral-sh/ruff/releases/download/0.11.11/ruff-x86_64-pc-windows-msvc.zip",
+        "url": "https://github.com/astral-sh/ruff/releases/download/0.12.3/ruff-x86_64-pc-windows-msvc.zip",
         "file": "ruff-x86_64-pc-windows-msvc/ruff.exe",
-        "sha256": "b7619ff27098a4d7f37c52fb8fc61ccfe677aaade7722a385b40f8d5273ebddd",
+        "sha256": "37dc6f2f5756421fc59fe5f841ecaa92beee38a39751dfe5a42bdc13992da3d5",
         "os": "windows",
         "cpu": "x86_64"
       }
diff --git a/py/tox.ini b/py/tox.ini
@@ -43,7 +43,7 @@ commands =
 [testenv:linting]
 skip_install = true
 deps =
-    ruff==0.11.12
+    ruff==0.12.3
 commands =
     ruff check --fix --show-fixes --exit-non-zero-on-fix .
     ruff format --exit-non-zero-on-format .
diff --git a/scripts/update_multitool_binaries.py b/scripts/update_multitool_binaries.py
@@ -0,0 +1,87 @@
+#!/usr/bin/env python
+
+"""
+This script updates the version of tool binaries defined in a Bazel rules_multitool lockfile.
+If the tool has binaries hosted in a public GitHub repo's Release assets, it will update the
+lockfile's URL and hash to the latest versions, otherwise it will skip it.
+
+See: https://github.com/theoremlp/rules_multitool
+
+Requires:
+  - github module (pip install PyGithub)
+
+```
+usage: update_multitool_binaries.py [-h] [--file LOCKFILE_PATH]
+
+options:
+  -h, --help            show this help message and exit
+  --file LOCKFILE_PATH  path to multitool lockfile (defaults to 'multitool.lock.json' in current directory)
+```
+"""
+
+import argparse
+import hashlib
+import json
+import os
+import re
+import urllib.request
+
+try:
+    from github import Github
+except ModuleNotFoundError:
+    exit("requires github module (run: pip install PyGithub)")
+
+
+def run(lockfile_path):
+    with open(lockfile_path) as f:
+        data = json.load(f)
+
+    for tool in [tool for tool in data if tool != "$schema"]:
+        version = re.search(f"download/(.*?)/{tool}", data[tool]["binaries"][0]["url"])[
+            1
+        ]
+        match = re.search(
+            f"github.com/(.*?)/releases", data[tool]["binaries"][0]["url"]
+        )
+        if match:
+            user_repo = match[1]
+        else:
+            continue
+        try:
+            new_version = Github().get_repo(user_repo).get_releases()[0].title
+        except Exception:
+            continue
+        if new_version != version:
+            print(f"found new version of '{tool}': {new_version}")
+            for binary in data[tool]["binaries"]:
+                new_url = binary["url"].replace(version, new_version)
+                try:
+                    with urllib.request.urlopen(new_url) as response:
+                        sha256_hash = hashlib.sha256()
+                        sha256_hash.update(response.read())
+                        new_hash = sha256_hash.hexdigest()
+                    binary["url"] = new_url
+                    binary["sha256"] = new_hash
+                except Exception:
+                    continue
+
+    with open(lockfile_path, "w") as f:
+        json.dump(data, f, indent=2)
+
+    print(f"\ngenerated new '{lockfile_path}' with updated urls and hashes")
+
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+        "--file",
+        dest="lockfile_path",
+        default=os.path.join(os.getcwd(), "multitool.lock.json"),
+        help="path to multitool lockfile (defaults to 'multitool.lock.json' in current directory)",
+    )
+    args = parser.parse_args()
+    run(args.lockfile_path)
+
+
+if __name__ == "__main__":
+    main()
