pkgs/tools/admin/syft/default.nix at 23.05-pre

pyrox.dev / nixpkgs
fork
lol
fork
nixpkgs / pkgs / tools / admin / syft / default.nix
at 23.05-pre 80 lines 2.6 kB view raw
wrap content
R. Ryantm syft: 0.60.3 -> 0.62.0 3y ago
53e8108d
 1{ lib, stdenv, buildGoModule, fetchFromGitHub, installShellFiles }:
 2
 3buildGoModule rec {
 4  pname = "syft";
 5  version = "0.62.0";
 6
 7  src = fetchFromGitHub {
 8    owner = "anchore";
 9    repo = pname;
10    rev = "v${version}";
11    sha256 = "sha256-hed2ikV9xVDSSpLedAVcCJx/cQI5EPsb+fG2h63ij98=";
12    # populate values that require us to use git. By doing this in postFetch we
13    # can delete .git afterwards and maintain better reproducibility of the src.
14    leaveDotGit = true;
15    postFetch = ''
16      cd "$out"
17      git rev-parse HEAD > $out/COMMIT
18      # 0000-00-00T00:00:00Z
19      date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%m-%dT%H:%M:%SZ" > $out/SOURCE_DATE_EPOCH
20      find "$out" -name .git -print0 | xargs -0 rm -rf
21    '';
22  };
23  # hash mismatch with darwin
24  proxyVendor = true;
25  vendorSha256 = "sha256-FJtyCUzp/osfXtNRWH/gK7PGoe4gd23YxBxbF4o1qos=";
26
27  nativeBuildInputs = [ installShellFiles ];
28
29  subPackages = [ "cmd/syft" ];
30
31  ldflags = [
32    "-s"
33    "-w"
34    "-X github.com/anchore/syft/internal/version.version=${version}"
35    "-X github.com/anchore/syft/internal/version.gitDescription=v${version}"
36    "-X github.com/anchore/syft/internal/version.gitTreeState=clean"
37  ];
38
39  preBuild = ''
40    ldflags+=" -X github.com/anchore/syft/internal/version.gitCommit=$(cat COMMIT)"
41    ldflags+=" -X github.com/anchore/syft/internal/version.buildDate=$(cat SOURCE_DATE_EPOCH)"
42  '';
43
44  # tests require a running docker instance
45  doCheck = false;
46
47  postInstall = ''
48    # avoid update checks when generating completions
49    export SYFT_CHECK_FOR_APP_UPDATE=false
50
51    installShellCompletion --cmd syft \
52      --bash <($out/bin/syft completion bash) \
53      --fish <($out/bin/syft completion fish) \
54      --zsh <($out/bin/syft completion zsh)
55  '';
56
57  doInstallCheck = true;
58  installCheckPhase = ''
59    runHook preInstallCheck
60
61    export SYFT_CHECK_FOR_APP_UPDATE=false
62    $out/bin/syft --help
63    $out/bin/syft version | grep "${version}"
64
65    runHook postInstallCheck
66  '';
67
68  meta = with lib; {
69    homepage = "https://github.com/anchore/syft";
70    changelog = "https://github.com/anchore/syft/releases/tag/v${version}";
71    description = "CLI tool and library for generating a Software Bill of Materials from container images and filesystems";
72    longDescription = ''
73      A CLI tool and Go library for generating a Software Bill of Materials
74      (SBOM) from container images and filesystems. Exceptional for
75      vulnerability detection when used with a scanner tool like Grype.
76    '';
77    license = with licenses; [ asl20 ];
78    maintainers = with maintainers; [ jk ];
79  };
80}
Configure Feed

Configure Feed
