witness: 0.1.1 -> 0.1.6

also:
- added completions
- enabled tests
- added longDescription
- added changelog
- added myself as a maintainer

1 files changed, 37 insertions, 5 deletions

diff --git a/pkgs/tools/security/witness/default.nix b/pkgs/tools/security/witness/default.nix
index 571685afb4006..bb15d9d72cc05 100644
--- a/pkgs/tools/security/witness/default.nix
+++ b/pkgs/tools/security/witness/default.nix
@@ -1,25 +1,57 @@
-{ lib, buildGoModule, fetchFromGitHub }:
+{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
 
 buildGoModule rec {
   pname = "witness";
-  version = "0.1.1";
+  version = "0.1.6";
 
   src = fetchFromGitHub {
     owner = "testifysec";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-NnDsiDUTCdjsHVA/mHnB8WRnvwFTzETkWUOd7IgMIWE=";
+    sha256 = "sha256-/35hIA6Wm/F5hwyLZbt4JXpwWISWbzVAWrX29r6pejY=";
   };
 
-  vendorSha256 = "sha256-zkLparWJsuqrhOQxxV37dBqt6fwpSinTO+paJkbl+sM=";
+  vendorSha256 = "sha256-vXDsHHJknw9hsHx1mJA2c0CWwFbRXjCjitNWPh6V4yw=";
+
+  nativeBuildInputs = [ installShellFiles ];
 
   # We only want the witness binary, not the helper utilities for generating docs.
   subPackages = [ "cmd/witness" ];
 
+  ldflags = [
+    "-s"
+    "-w"
+    "-X github.com/testifysec/witness/cmd/witness/cmd.Version=v${version}"
+  ];
+
+  # Feed in all tests for testing
+  # This is because subPackages above limits what is built to just what we
+  # want but also limits the tests
+  preCheck = ''
+    unset subPackages
+  '';
+
+  postInstall = ''
+    installShellCompletion --cmd witness \
+      --bash <($out/bin/witness completion bash) \
+      --fish <($out/bin/witness completion fish) \
+      --zsh <($out/bin/witness completion zsh)
+  '';
+
   meta = with lib; {
     description = "A pluggable framework for software supply chain security. Witness prevents tampering of build materials and verifies the integrity of the build process from source to target";
+    longDescription = ''
+      Witness prevents tampering of build materials and verifies the integrity
+      of the build process from source to target. It works by wrapping commands
+      executed in a continuous integration process. Its attestation system is
+      pluggable and offers support out of the box for most major CI and
+      infrastructure providers. Verification of Witness metadata and a secure
+      PKI distribution system will mitigate against many software supply chain
+      attack vectors and can be used as a framework for automated governance.
+    '';
     homepage = "https://github.com/testifysec/witness";
+    changelog = "https://github.com/testifysec/witness/releases/tag/v${version}";
     license = licenses.asl20;
-    maintainers = with maintainers; [ fkautz ];
+    maintainers = with maintainers; [ fkautz jk ];
   };
 }