about summary refs log tree commit diff
path: root/pkgs/development/tools/infisical/default.nix
blob: e420cbd735e47bcea9895a7e2e3ca6702bd07b58 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
{ stdenv, lib, fetchurl, testers, installShellFiles }:

# this expression is mostly automated, and you are STRONGLY
# RECOMMENDED to use to nix-update for updating this expression when new
# releases come out, which runs the sibling `update.sh` script.
#
# from the root of the nixpkgs git repository, run:
#
#    nix-shell maintainers/scripts/update.nix \
#      --argstr commit true \
#      --argstr package infisical

let
  # build hashes, which correspond to the hashes of the precompiled binaries procured by GitHub Actions.
  buildHashes = builtins.fromJSON (builtins.readFile ./hashes.json);

  # the version of infisical
  version = "0.31.0";

  # the platform-specific, statically linked binary
  src =
    let
      suffix = {
        # map the platform name to the golang toolchain suffix
        # NOTE: must be synchronized with update.sh!
        x86_64-linux = "linux_amd64";
        x86_64-darwin = "darwin_amd64";
        aarch64-linux = "linux_arm64";
        aarch64-darwin = "darwin_arm64";
      }."${stdenv.hostPlatform.system}" or (throw "Unsupported system: ${stdenv.hostPlatform.system}");

      name = "infisical_${version}_${suffix}.tar.gz";
      hash = buildHashes."${stdenv.hostPlatform.system}";
      url = "https://github.com/Infisical/infisical/releases/download/infisical-cli%2Fv${version}/${name}";
    in
    fetchurl { inherit name url hash; };

in
stdenv.mkDerivation (finalAttrs: {
  pname = "infisical";
  version = version;
  inherit src;

  nativeBuildInputs = [ installShellFiles ];

  doCheck = true;
  dontConfigure = true;
  dontStrip = true;

  sourceRoot = ".";
  buildPhase = "chmod +x ./infisical";
  checkPhase = "./infisical --version";
  installPhase = ''
    mkdir -p $out/bin/ $out/share/completions/ $out/share/man/
    cp infisical $out/bin
    cp completions/* $out/share/completions/
    cp manpages/* $out/share/man/
  '';
  postInstall = ''
    installManPage share/man/infisical.1.gz
    installShellCompletion share/completions/infisical.{bash,fish,zsh}
  '';

  passthru = {
    updateScript = ./update.sh;
    tests.version = testers.testVersion { package = finalAttrs.finalPackage; };
  };

  meta = with lib; {
    description = "Official Infisical CLI";
    longDescription = ''
      Infisical is the open-source secret management platform:
      Sync secrets across your team/infrastructure and prevent secret leaks.
    '';
    homepage = "https://infisical.com";
    changelog = "https://github.com/infisical/infisical/releases/tag/infisical-cli%2Fv${version}";
    license = licenses.mit;
    mainProgram = "infisical";
    maintainers = teams.infisical.members ++ (with maintainers; [ hausken ]);
    platforms = [
      "x86_64-linux"
      "aarch64-linux"
      "aarch64-darwin"
      "x86_64-darwin"
    ];
  };
})