grype: 0.49.0 -> 0.51.0

1 files changed, 46 insertions, 7 deletions

diff --git a/pkgs/tools/security/grype/default.nix b/pkgs/tools/security/grype/default.nix
index 182df4ceb967a..12b21d28034a3 100644
--- a/pkgs/tools/security/grype/default.nix
+++ b/pkgs/tools/security/grype/default.nix
@@ -1,19 +1,20 @@
 { lib
-, stdenv
 , buildGoModule
 , fetchFromGitHub
 , installShellFiles
+
+, openssl
 }:
 
 buildGoModule rec {
   pname = "grype";
-  version = "0.49.0";
+  version = "0.51.0";
 
   src = fetchFromGitHub {
     owner = "anchore";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-MShlKtrorqXRInQ01dEzVeLDRDua9PISkficF02PrBI=";
+    sha256 = "sha256-WTDUkC+TFVkT/D36hDusqxwidy6O+iMInBpTumdCaw4=";
     # populate values that require us to use git. By doing this in postFetch we
     # can delete .git afterwards and maintain better reproducibility of the src.
     leaveDotGit = true;
@@ -25,13 +26,15 @@ buildGoModule rec {
       find "$out" -name .git -print0 | xargs -0 rm -rf
     '';
   };
-
-  vendorSha256 = "sha256-MusEvYNaMM0kqHSDdenPKo4IrIFmvPHSCRzciKMFiew=";
+  vendorSha256 = "sha256-bpWUo6YA0TkIyDg27mv88X1fh+1Wal362Sqi7loo/Zs=";
 
   nativeBuildInputs = [
     installShellFiles
   ];
 
+  subPackages = [ "." ];
+  excludedPackages = "test/integration";
+
   ldflags = [
     "-s"
     "-w"
@@ -49,8 +52,44 @@ buildGoModule rec {
     ldflags+=" -X github.com/anchore/grype/internal/version.buildDate=$(cat SOURCE_DATE_EPOCH)"
   '';
 
-  # Tests require a running Docker instance
-  doCheck = false;
+  checkInputs = [ openssl ];
+  preCheck = ''
+    # test all dirs (except excluded)
+    unset subPackages
+    # test goldenfiles expect no version
+    unset ldflags
+
+    # patch utility script
+    patchShebangs grype/db/test-fixtures/tls/generate-x509-cert-pair.sh
+
+    # remove tests that depend on docker
+    substituteInPlace test/cli/cmd_test.go \
+      --replace "TestCmd" "SkipCmd"
+    substituteInPlace grype/pkg/provider_test.go \
+      --replace "TestSyftLocationExcludes" "SkipSyftLocationExcludes"
+    substituteInPlace grype/presenter/cyclonedx/presenter_test.go \
+      --replace "TestCycloneDxPresenterImage" "SkipCycloneDxPresenterImage"
+    substituteInPlace grype/presenter/cyclonedxvex/presenter_test.go \
+      --replace "TestCycloneDxPresenterImage" "SkipCycloneDxPresenterImage"
+    substituteInPlace grype/presenter/sarif/presenter_test.go \
+      --replace "Test_imageToSarifReport" "Skip_imageToSarifReport" \
+      --replace "TestSarifPresenterImage" "SkipSarifPresenterImage"
+
+    # remove tests that depend on git
+    substituteInPlace test/cli/db_validations_test.go \
+      --replace "TestDBValidations" "SkipDBValidations"
+    substituteInPlace test/cli/registry_auth_test.go \
+      --replace "TestRegistryAuth" "SkipRegistryAuth"
+    substituteInPlace test/cli/sbom_input_test.go \
+      --replace "TestSBOMInput_FromStdin" "SkipSBOMInput_FromStdin" \
+      --replace "TestSBOMInput_AsArgument" "SkipSBOMInput_AsArgument" \
+      --replace "TestAttestationInput_AsArgument" "SkipAttestationInput_AsArgument"
+    substituteInPlace test/cli/subprocess_test.go \
+      --replace "TestSubprocessStdin" "SkipSubprocessStdin"
+
+    # segfault
+    rm grype/db/v5/namespace/cpe/namespace_test.go
+  '';
 
   postInstall = ''
     installShellCompletion --cmd grype \