pkgs/development/tools/infisical/default.nix at 24.05-pre

pyrox.dev / nixpkgs
fork atom
lol
fork atom
nixpkgs / pkgs / development / tools / infisical / default.nix
at 24.05-pre 87 lines 2.8 kB view raw
wrap content
jgoux add note 2y ago
206b76c9
 1{ stdenv, lib, fetchurl, testers, infisical, installShellFiles }:
 2
 3# this expression is mostly automated, and you are STRONGLY
 4# RECOMMENDED to use to nix-update for updating this expression when new
 5# releases come out, which runs the sibling `update.sh` script.
 6#
 7# from the root of the nixpkgs git repository, run:
 8#
 9#    nix-shell maintainers/scripts/update.nix \
10#      --argstr commit true \
11#      --argstr package infisical
12
13let
14  # build hashes, which correspond to the hashes of the precompiled binaries procured by GitHub Actions.
15  buildHashes = builtins.fromJSON (builtins.readFile ./hashes.json);
16
17  # the version of infisical
18  version = "0.14.3";
19
20  # the platform-specific, statically linked binary
21  src =
22    let
23      suffix = {
24        # map the platform name to the golang toolchain suffix
25        # NOTE: must be synchronized with update.sh!
26        x86_64-linux = "linux_amd64";
27        x86_64-darwin = "darwin_amd64";
28        aarch64-linux = "linux_arm64";
29        aarch64-darwin = "darwin_arm64";
30      }."${stdenv.hostPlatform.system}" or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
31
32      name = "infisical_${version}_${suffix}.tar.gz";
33      hash = buildHashes."${stdenv.hostPlatform.system}";
34      url = "https://github.com/Infisical/infisical/releases/download/infisical-cli%2Fv${version}/${name}";
35    in
36    fetchurl { inherit name url hash; };
37
38in
39stdenv.mkDerivation {
40  pname = "infisical";
41  version = version;
42  inherit src;
43
44  nativeBuildInputs = [ installShellFiles ];
45
46  doCheck = true;
47  dontConfigure = true;
48  dontStrip = true;
49
50  sourceRoot = ".";
51  buildPhase = "chmod +x ./infisical";
52  checkPhase = "./infisical --version";
53  installPhase = ''
54    mkdir -p $out/bin/ $out/share/completions/ $out/share/man/
55    cp infisical $out/bin
56    cp completions/* $out/share/completions/
57    cp manpages/* $out/share/man/
58  '';
59  postInstall = ''
60    installManPage share/man/infisical.1.gz
61    installShellCompletion share/completions/infisical.{bash,fish,zsh}
62  '';
63
64  passthru = {
65    updateScript = ./update.sh;
66    tests.version = testers.testVersion { package = infisical; };
67  };
68
69  meta = with lib; {
70    description = "The official Infisical CLI";
71    longDescription = ''
72      Infisical is the open-source secret management platform:
73      Sync secrets across your team/infrastructure and prevent secret leaks.
74    '';
75    homepage = "https://infisical.com";
76    changelog = "https://github.com/infisical/infisical/releases/tag/infisical-cli%2Fv${version}";
77    license = licenses.mit;
78    mainProgram = "infisical";
79    maintainers = [ maintainers.ivanmoreau maintainers.jgoux ];
80    platforms = [
81      "x86_64-linux"
82      "aarch64-linux"
83      "aarch64-darwin"
84      "x86_64-darwin"
85    ];
86  };
87}