diff options
| author | Raghav Sood <r@raghavsood.com> | 2024-05-18 21:31:07 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-18 21:31:07 +0800 |
| commit | c7829cdc44581b1a589f6d84c125b2501fd158c5 (patch) | |
| tree | 99e4d6290b65542abf10406068a48b504443e4bf | |
| parent | 7aee1dba3d10d216b189862a617f3738dce43375 (diff) | |
| parent | 59921e79a26bfce40bc591c260684afa63a8e641 (diff) | |
Merge pull request #311799 from cameronraysmith/add-ratchet
ratchet: init at 0.9.2
| -rw-r--r-- | maintainers/maintainer-list.nix | 10 | ||||
| -rw-r--r-- | pkgs/by-name/ra/ratchet/package.nix | 70 | ||||
| -rw-r--r-- | pkgs/by-name/ra/ratchet/tests.nix | 17 |
3 files changed, 97 insertions, 0 deletions
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index d38d6fadc05dc..df3308c01abf5 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -3207,6 +3207,16 @@ githubId = 3212452; name = "Cameron Nemo"; }; + cameronraysmith = { + email = "cameronraysmith@gmail.com"; + matrix = "@cameronraysmith:matrix.org"; + github = "cameronraysmith"; + githubId = 420942; + name = "Cameron Smith"; + keys = [{ + fingerprint = "3F14 C258 856E 88AE E0F9 661E FF04 3B36 8811 DD1C"; + }]; + }; camillemndn = { email = "camillemondon@free.fr"; github = "camillemndn"; diff --git a/pkgs/by-name/ra/ratchet/package.nix b/pkgs/by-name/ra/ratchet/package.nix new file mode 100644 index 0000000000000..627ba522491f7 --- /dev/null +++ b/pkgs/by-name/ra/ratchet/package.nix @@ -0,0 +1,70 @@ +{ + lib, + buildGoModule, + fetchFromGitHub, + callPackage, +}: +buildGoModule rec { + pname = "ratchet"; + version = "0.9.2"; + + # ratchet uses the git sha-1 in the version string, e.g. + # + # $ ./ratchet --version + # ratchet 0.9.2 (d57cc1a53c022d3f87c4820bc6b64384a06c8a07, darwin/arm64) + # + # so we need to either hard-code the sha-1 corresponding to the version tag + # head or retain the git metadata folder and extract it using the git cli. + # We currently hard-code it. + src = fetchFromGitHub { + owner = "sethvargo"; + repo = "ratchet"; + rev = "d57cc1a53c022d3f87c4820bc6b64384a06c8a07"; + hash = "sha256-gQ98uD9oPUsECsduv/lqGdYNmtHetU49ETfWCE8ft8U="; + }; + + proxyVendor = true; + vendorHash = "sha256-J7LijbhpKDIfTcQMgk2x5FVaYG7Kgkba/1aSTmgs5yw="; + + subPackages = [ "." ]; + + ldflags = + let + package_url = "github.com/sethvargo/ratchet"; + in + [ + "-s" + "-w" + "-X ${package_url}/internal/version.name=${pname}" + "-X ${package_url}/internal/version.version=${version}" + "-X ${package_url}/internal/version.commit=${src.rev}" + ]; + + doInstallCheck = true; + installCheckPhase = '' + $out/bin/ratchet --version 2>&1 | grep ${version}; + ''; + + installPhase = '' + runHook preInstall + mkdir -p $out/bin + install -Dm755 "$GOPATH/bin/ratchet" -T $out/bin/ratchet + runHook postInstall + ''; + + passthru.tests = { + execution = callPackage ./tests.nix { }; + }; + + meta = with lib; { + description = "A tool for securing CI/CD workflows with version pinning."; + mainProgram = "ratchet"; + downloadPage = "https://github.com/sethvargo/ratchet"; + homepage = "https://github.com/sethvargo/ratchet"; + license = licenses.asl20; + maintainers = with maintainers; [ + cameronraysmith + ryanccn + ]; + }; +} diff --git a/pkgs/by-name/ra/ratchet/tests.nix b/pkgs/by-name/ra/ratchet/tests.nix new file mode 100644 index 0000000000000..7585c06d91728 --- /dev/null +++ b/pkgs/by-name/ra/ratchet/tests.nix @@ -0,0 +1,17 @@ +{ + lib, + runCommand, + ratchet, +}: let + inherit (ratchet) pname version; +in + runCommand "${pname}-tests" {meta.timeout = 60;} + '' + set -euo pipefail + + # Ensure ratchet is executable + ${ratchet}/bin/ratchet --version + ${ratchet}/bin/ratchet --help + + touch $out + '' |