pyrox.dev
lol
scorecard: 2.2.8 -> 3.0.1
+23
-6
+23
-6
pkgs/tools/security/scorecard/default.nix
+23
-6
pkgs/tools/security/scorecard/default.nix
···
1
-
{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
1
+
{ lib, buildGoModule, fetchFromGitHub, fetchgit, installShellFiles }:
2
2
3
3
buildGoModule rec {
4
4
pname = "scorecard";
5
-
version = "2.2.8";
5
+
version = "3.0.1";
6
6
7
7
src = fetchFromGitHub {
8
8
owner = "ossf";
9
9
repo = pname;
10
10
rev = "v${version}";
11
-
sha256 = "sha256-U29NCZFXOhu0xLfDlJ1Q7m8TbAm+C6+ecYFhcI5gg6s=";
11
+
sha256 = "sha256-19XDAgv9ARCZ7eNlWUPcsbGNyKA9vYFry8m6D3+vQP8=";
12
+
# populate values otherwise taken care of by goreleaser,
13
+
# unfortunately these require us to use git. By doing
14
+
# this in postFetch we can delete .git afterwards and
15
+
# maintain better reproducibility of the src.
16
+
leaveDotGit = true;
17
+
postFetch = ''
18
+
cd "$out"
19
+
20
+
commit="$(git rev-parse HEAD)"
21
+
source_date_epoch=$(git log --date=iso8601-strict -1 --pretty=%ct)
22
+
23
+
substituteInPlace "$out/pkg/scorecard_version.go" \
24
+
--replace 'gitCommit = "unknown"' "gitCommit = \"$commit\"" \
25
+
--replace 'buildDate = "unknown"' "buildDate = \"$source_date_epoch\""
26
+
27
+
find "$out" -name .git -print0 | xargs -0 rm -rf
28
+
'';
12
29
};
13
-
vendorSha256 = "sha256-hOATCXjBE0doHnY2BaRKZocQ6SIigL0q4m9eEJGKh6Q=";
30
+
vendorSha256 = "sha256-ucF26pTEvG8tkzsyC9WNbvl8QCeetKBvBIcQL2NTfjo=";
14
31
15
32
# Install completions post-install
16
33
nativeBuildInputs = [ installShellFiles ];
···
20
37
ldflags = [
21
38
"-s"
22
39
"-w"
23
-
"-X github.com/ossf/scorecard/v2/pkg.gitVersion=v${version}"
24
-
"-X github.com/ossf/scorecard/v2/pkg.gitTreeState=clean"
40
+
"-X github.com/ossf/scorecard/v${lib.versions.major version}/pkg.gitVersion=v${version}"
41
+
"-X github.com/ossf/scorecard/v${lib.versions.major version}/pkg.gitTreeState=clean"
25
42
];
26
43
27
44
preCheck = ''