pyrox.dev
1{ lib, stdenv, fetchzip, zlib, xorg, freetype, jdk17, curl }:
2
3stdenv.mkDerivation rec {
4 pname = "codeql";
5 version = "2.15.1";
6
7 dontConfigure = true;
8 dontBuild = true;
9 dontStrip = true;
10
11 src = fetchzip {
12 url = "https://github.com/github/codeql-cli-binaries/releases/download/v${version}/codeql.zip";
13 hash = "sha256-ksWf5z0PM5osMxnR5XeEyZw4g7UbHUCqnpw2FB5M6kU=";
14 };
15
16 nativeBuildInputs = [
17 zlib
18 xorg.libX11
19 xorg.libXext
20 xorg.libXi
21 xorg.libXtst
22 xorg.libXrender
23 freetype
24 jdk17
25 stdenv.cc.cc.lib
26 curl
27 ];
28
29 installPhase = ''
30 # codeql directory should not be top-level, otherwise,
31 # it'll include /nix/store to resolve extractors.
32 mkdir -p $out/{codeql,bin}
33 cp -R * $out/codeql/
34
35 ln -sf $out/codeql/tools/linux64/lib64trace.so $out/codeql/tools/linux64/libtrace.so
36
37 # many of the codeql extractors use CODEQL_DIST + CODEQL_PLATFORM to
38 # resolve java home, so to be able to create databases, we want to make
39 # sure that they point somewhere sane/usable since we can not autopatch
40 # the codeql packaged java dist, but we DO want to patch the extractors
41 # as well as the builders which are ELF binaries for the most part
42 rm -rf $out/codeql/tools/linux64/java
43 ln -s ${jdk17} $out/codeql/tools/linux64/java
44
45 ln -s $out/codeql/codeql $out/bin/
46 '';
47
48 meta = with lib; {
49 description = "Semantic code analysis engine";
50 homepage = "https://codeql.github.com";
51 maintainers = [ maintainers.dump_stack ];
52 platforms = lib.platforms.linux ++ lib.platforms.darwin;
53 license = licenses.unfree;
54 };
55}