pyrox.dev
lol
1{
2 lib,
3 fetchFromGitHub,
4 git,
5 python3,
6}:
7
8python3.pkgs.buildPythonApplication rec {
9 pname = "ggshield";
10 version = "1.39.0";
11 pyproject = true;
12
13 src = fetchFromGitHub {
14 owner = "GitGuardian";
15 repo = "ggshield";
16 tag = "v${version}";
17 hash = "sha256-9VQLWeZPYz3ZqNUzw1vLC5no2NjRru4GcUpjW4QhuBY=";
18 };
19
20 pythonRelaxDeps = true;
21
22 build-system = with python3.pkgs; [ pdm-backend ];
23
24 dependencies = with python3.pkgs; [
25 appdirs
26 charset-normalizer
27 click
28 cryptography
29 marshmallow
30 marshmallow-dataclass
31 oauthlib
32 platformdirs
33 pygitguardian
34 pyjwt
35 python-dotenv
36 pyyaml
37 requests
38 rich
39 truststore
40 ];
41
42 nativeCheckInputs =
43 [ git ]
44 ++ (with python3.pkgs; [
45 jsonschema
46 pyfakefs
47 pytest-factoryboy
48 pytest-mock
49 pytest-voluptuous
50 pytestCheckHook
51 snapshottest
52 vcrpy
53 ]);
54
55 pythonImportsCheck = [ "ggshield" ];
56
57 disabledTestPaths = [
58 # Don't run functional tests
59 "tests/functional/"
60 "tests/unit/cmd/honeytoken"
61 "tests/unit/cmd/scan/"
62 "tests/test_factories.py"
63 ];
64
65 disabledTests = [
66 # No TLS certificate, no .git folder, etc.
67 "test_cache_catches"
68 "test_is_git_dir"
69 "test_is_valid_git_commit_ref"
70 "test_check_git_dir"
71 "test_does_not_fail_if_cache"
72 # Encoding issues
73 "test_create_files_from_paths"
74 "test_file_decode_content"
75 "test_file_is_longer_than_does_not_read_utf8_file"
76 "test_file_is_longer_using_8bit_codec"
77 "test_generate_files_from_paths"
78 # Nixpkgs issue
79 "test_get_file_sha_in_ref"
80 ];
81
82 meta = with lib; {
83 description = "Tool to find and fix various types of hardcoded secrets and infrastructure-as-code misconfigurations";
84 homepage = "https://github.com/GitGuardian/ggshield";
85 changelog = "https://github.com/GitGuardian/ggshield/blob/${version}/CHANGELOG.md";
86 license = licenses.mit;
87 maintainers = with maintainers; [ fab ];
88 mainProgram = "ggshield";
89 };
90}