1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
{ stdenv
, buildGoModule
, callPackage
, fetchFromGitHub
, lib
, buf
, cacert
, grpc-gateway
, protoc-gen-go
, protoc-gen-go-grpc
, protoc-gen-validate
, sass
, statik
}:
let
version = "2.42.10";
zitadelRepo = fetchFromGitHub {
owner = "zitadel";
repo = "zitadel";
rev = "v${version}";
hash = "sha256-Uv0iEIFkTdBAi0WDBQHf0ATs4L2FOU4NmiE9p1MHSa0=";
};
goModulesHash = "sha256-thd1bhbPVedYd+Yq1IYYUJFr66AWRTzA3DceCXFTEQo=";
buildZitadelProtocGen = name:
buildGoModule {
pname = "protoc-gen-${name}";
inherit version;
src = zitadelRepo;
proxyVendor = true;
vendorHash = goModulesHash;
buildPhase = ''
go install internal/protoc/protoc-gen-${name}/main.go
'';
postInstall = ''
mv $out/bin/main $out/bin/protoc-gen-${name}
'';
};
protoc-gen-authoption = buildZitadelProtocGen "authoption";
protoc-gen-zitadel = buildZitadelProtocGen "zitadel";
# Buf downloads dependencies from an external repo - there doesn't seem to
# really be any good way around it. We'll use a fixed-output derivation so it
# can download what it needs, and output the relevant generated code for use
# during the main build.
generateProtobufCode =
{ pname
, nativeBuildInputs ? [ ]
, bufArgs ? ""
, workDir ? "."
, outputPath
, hash
}:
stdenv.mkDerivation {
name = "${pname}-buf-generated";
src = zitadelRepo;
patches = [ ./console-use-local-protobuf-plugins.patch ];
nativeBuildInputs = nativeBuildInputs ++ [ buf ];
buildPhase = ''
cd ${workDir}
export SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt"
HOME=$TMPDIR buf generate ${bufArgs}
'';
installPhase = ''
cp -r ${outputPath} $out
'';
outputHashMode = "recursive";
outputHashAlgo = "sha256";
outputHash = hash;
};
protobufGenerated = generateProtobufCode {
pname = "zitadel";
nativeBuildInputs = [
grpc-gateway
protoc-gen-authoption
protoc-gen-go
protoc-gen-go-grpc
protoc-gen-validate
protoc-gen-zitadel
];
outputPath = ".artifacts";
hash = "sha256-ntIKudNFBs7kHjK7cfzbOfDCA6J8uvJRUbCTa6afK/I=";
};
in
buildGoModule rec {
name = "zitadel";
inherit version;
src = zitadelRepo;
nativeBuildInputs = [ sass statik ];
proxyVendor = true;
vendorHash = goModulesHash;
ldflags = [ "-X 'github.com/zitadel/zitadel/cmd/build.version=${version}'" ];
# Adapted from Makefile in repo, with dependency fetching and protobuf codegen
# bits removed
preBuild = ''
mkdir -p pkg/grpc
cp -r ${protobufGenerated}/grpc/github.com/zitadel/zitadel/pkg/grpc/* pkg/grpc
mkdir -p openapi/v2/zitadel
cp -r ${protobufGenerated}/grpc/zitadel/ openapi/v2/zitadel
go generate internal/api/ui/login/static/resources/generate.go
go generate internal/api/ui/login/statik/generate.go
go generate internal/notification/statik/generate.go
go generate internal/statik/generate.go
mkdir -p docs/apis/assets
go run internal/api/assets/generator/asset_generator.go -directory=internal/api/assets/generator/ -assets=docs/apis/assets/assets.md
cp -r ${passthru.console}/* internal/api/ui/console/static
'';
doCheck = false;
installPhase = ''
mkdir -p $out/bin
install -Dm755 $GOPATH/bin/zitadel $out/bin/
'';
passthru = {
console = callPackage
(import ./console.nix {
inherit generateProtobufCode version zitadelRepo;
})
{ };
};
meta = with lib; {
description = "Identity and access management platform";
homepage = "https://zitadel.com/";
downloadPage = "https://github.com/zitadel/zitadel/releases";
platforms = platforms.linux ++ platforms.darwin;
license = licenses.asl20;
sourceProvenance = [ sourceTypes.fromSource ];
maintainers = with maintainers; [ Sorixelle ];
};
}
|