blob: 6f94432e5b078b123b4e9c3fe577ca6bc3f45fad (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
{
lib,
buildGoModule,
fetchFromGitHub,
callPackage,
}:
buildGoModule rec {
pname = "ratchet";
version = "0.10.0";
# ratchet uses the git sha-1 in the version string, e.g.
#
# $ ./ratchet --version
# ratchet 0.9.2 (d57cc1a53c022d3f87c4820bc6b64384a06c8a07, darwin/arm64)
#
# so we need to either hard-code the sha-1 corresponding to the version tag
# head or retain the git metadata folder and extract it using the git cli.
# We currently hard-code it.
src = fetchFromGitHub {
owner = "sethvargo";
repo = "ratchet";
rev = "ebb7f24e0cbc288ab913b635480412934a2a5371";
hash = "sha256-Wt1/ahKQ8DOquXU5u6p+an9FJ5kYRl7F2EXOv/2rHlA=";
};
proxyVendor = true;
vendorHash = "sha256-J7LijbhpKDIfTcQMgk2x5FVaYG7Kgkba/1aSTmgs5yw=";
subPackages = [ "." ];
ldflags =
let
package_url = "github.com/sethvargo/ratchet";
in
[
"-s"
"-w"
"-X ${package_url}/internal/version.name=ratchet"
"-X ${package_url}/internal/version.version=${version}"
"-X ${package_url}/internal/version.commit=${src.rev}"
];
doInstallCheck = true;
installCheckPhase = ''
$out/bin/ratchet --version 2>&1 | grep ${version};
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
install -Dm755 "$GOPATH/bin/ratchet" -T $out/bin/ratchet
runHook postInstall
'';
passthru.tests = {
execution = callPackage ./tests.nix { };
};
meta = with lib; {
description = "Tool for securing CI/CD workflows with version pinning";
mainProgram = "ratchet";
downloadPage = "https://github.com/sethvargo/ratchet";
homepage = "https://github.com/sethvargo/ratchet";
license = licenses.asl20;
maintainers = with maintainers; [
cameronraysmith
ryanccn
];
};
}
|
