commit e4e779cc361ea9720233f7c3b162fbc6d9d65992 · pyrox.dev/nixpkgs

+77 -49

pkgs/development/tools/infisical/default.nix

··· 1 - { stdenv, lib, callPackage, fetchurl }: 1 + { stdenv, lib, fetchurl, testers, infisical, installShellFiles }: 2 + 3 + # this expression is mostly automated, and you are STRONGLY 4 + # RECOMMENDED to use to nix-update for updating this expression when new 5 + # releases come out, which runs the sibling `update.sh` script. 6 + # 7 + # from the root of the nixpkgs git repository, run: 8 + # 9 + # nix-shell maintainers/scripts/update.nix \ 10 + # --argstr commit true \ 11 + # --argstr package infisical 2 12 3 13 let 4 - inherit (stdenv.hostPlatform) system; 5 - throwSystem = throw "Unsupported system: ${system}"; 14 + # build hashes, which correspond to the hashes of the precompiled binaries procured by GitHub Actions. 15 + buildHashes = builtins.fromJSON (builtins.readFile ./hashes.json); 6 16 7 - plat = { 8 - x86_64-linux = "linux_amd64"; 9 - x86_64-darwin = "darwin_amd64"; 10 - aarch64-linux = "linux_arm64"; 11 - aarch64-darwin = "darwin_arm64"; 12 - }.${system} or throwSystem; 17 + # the version of infisical 18 + version = "0.14.3"; 19 + 20 + # the platform-specific, statically linked binary 21 + src = 22 + let 23 + suffix = { 24 + # map the platform name to the golang toolchain suffix 25 + # NOTE: must be synchronized with update.sh! 26 + x86_64-linux = "linux_amd64"; 27 + x86_64-darwin = "darwin_amd64"; 28 + aarch64-linux = "linux_arm64"; 29 + aarch64-darwin = "darwin_arm64"; 30 + }."${stdenv.hostPlatform.system}" or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); 13 31 14 - archive_fmt = "tar.gz"; 32 + name = "infisical_${version}_${suffix}.tar.gz"; 33 + hash = buildHashes."${stdenv.hostPlatform.system}"; 34 + url = "https://github.com/Infisical/infisical/releases/download/infisical-cli%2Fv${version}/${name}"; 35 + in 36 + fetchurl { inherit name url hash; }; 15 37 16 - sha256 = { 17 - x86_64-linux = "e85c5f2ddca89caa6b44c61554c1dffeacdabc96c25a7e6881dc5722515270d1"; 18 - x86_64-darwin = "eddbcde10271f791eb1473ba00b85b442aa059cdfee38021b8f8880f33754821"; 19 - aarch64-linux = "9793a6db476492802ffec7f933d7f8f107a1c89fee09c8eb6bdb975b1fccecea"; 20 - aarch64-darwin = "46c8a82a71da5731c108d24b4a960a507af66d91bba7b7246dd3a3415afaf7d3"; 21 - }.${system} or throwSystem; 22 38 in 23 - stdenv.mkDerivation (finalAttrs: { 24 - pname = "infisical"; 25 - version = "0.14.2"; 39 + stdenv.mkDerivation { 40 + pname = "infisical"; 41 + version = version; 42 + inherit src; 26 43 27 - src = fetchurl { 28 - url = "https://github.com/Infisical/infisical/releases/download/infisical-cli%2Fv${finalAttrs.version}/infisical_${finalAttrs.version}_${plat}.tar.gz"; 29 - inherit sha256; 30 - }; 44 + nativeBuildInputs = [ installShellFiles ]; 31 45 32 - sourceRoot = "."; 33 - installPhase = '' 34 - mkdir -p $out/bin/ $out/share/completions/ $out/share/man/ 35 - cp completions/* $out/share/completions/ 36 - cp manpages/* $out/share/man/ 37 - cp infisical $out/bin 38 - ''; 46 + doCheck = true; 47 + dontConfigure = true; 48 + dontStrip = true; 39 49 40 - postInstall = '' 41 - installManPage share/man/infisical.1.gz 42 - installShellCompletion share/completions/infisical.{bash,fish,zsh} 43 - chmod +x bin/infisical 50 + sourceRoot = "."; 51 + buildPhase = "chmod +x ./infisical"; 52 + checkPhase = "./infisical --version"; 53 + installPhase = '' 54 + mkdir -p $out/bin/ $out/share/completions/ $out/share/man/ 55 + cp infisical $out/bin 56 + cp completions/* $out/share/completions/ 57 + cp manpages/* $out/share/man/ 58 + ''; 59 + postInstall = '' 60 + installManPage share/man/infisical.1.gz 61 + installShellCompletion share/completions/infisical.{bash,fish,zsh} 62 + ''; 63 + 64 + passthru = { 65 + updateScript = ./update.sh; 66 + tests.version = testers.testVersion { package = infisical; }; 67 + }; 68 + 69 + meta = with lib; { 70 + description = "The official Infisical CLI"; 71 + longDescription = '' 72 + Infisical is the open-source secret management platform: 73 + Sync secrets across your team/infrastructure and prevent secret leaks. 44 74 ''; 45 - 46 - meta = with lib; { 47 - description = "The official Infisical CLI"; 48 - longDescription = '' 49 - Infisical is an Open Source, End-to-End encrypted platform that lets you 50 - securely sync secrets and configs across your team, devices, and infrastructure 51 - ''; 52 - mainProgram = "infisical"; 53 - homepage = "https://infisical.com/"; 54 - downloadPage = "https://github.com/Infisical/infisical/releases/"; 55 - license = licenses.mit; 56 - maintainers = [ maintainers.ivanmoreau maintainers.jgoux ]; 57 - platforms = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" "aarch64-linux" ]; 58 - }; 59 - }) 75 + homepage = "https://infisical.com"; 76 + changelog = "https://github.com/infisical/infisical/releases/tag/infisical-cli%2Fv${version}"; 77 + license = licenses.mit; 78 + mainProgram = "infisical"; 79 + maintainers = [ maintainers.ivanmoreau maintainers.jgoux ]; 80 + platforms = [ 81 + "x86_64-linux" 82 + "aarch64-linux" 83 + "aarch64-darwin" 84 + "x86_64-darwin" 85 + ]; 86 + }; 87 + }

+6

pkgs/development/tools/infisical/hashes.json

··· 1 + { "_comment": "@generated by pkgs/development/tools/infisical/update.sh" 2 + , "x86_64-linux": "sha256-sTfwooMN5ckdaxpd4R3yQvDEYT7muYZTyFEm0exM33M=" 3 + , "x86_64-darwin": "sha256-B94+mF5Wu0pHKIo8CuHAbrorzIxK2U64Np3JFlTc1kk=" 4 + , "aarch64-linux": "sha256-eGuKnC6h1YPW0UdY5wcChbiSzATAcSmHZ6mKBI2sR80=" 5 + , "aarch64-darwin": "sha256-s4s1la165cQ5I296ZCeW3ZIyYapTfRxa20QdZmXvido=" 6 + }

+41

pkgs/development/tools/infisical/update.sh

··· 1 + #!/usr/bin/env nix-shell 2 + #!nix-shell -I nixpkgs=./. -i bash -p curl jq nix-prefetch common-updater-scripts nix coreutils 3 + # shellcheck shell=bash 4 + set -euo pipefail 5 + 6 + RELEASE_NAME=$(curl -s https://api.github.com/repos/infisical/infisical/releases \ 7 + | jq -r 'sort_by(.created_at) | reverse | 8 + (map 9 + (select ((.prerelease == false) and (.draft == false))) | 10 + first 11 + ) | .name') 12 + VERSION=$(echo "$RELEASE_NAME" | sed -E 's/^infisical-cli\/v//') 13 + 14 + echo "Latest infisical release: $VERSION" 15 + 16 + ARCHS=( 17 + "x86_64-linux:linux_amd64" 18 + "x86_64-darwin:darwin_amd64" 19 + "aarch64-linux:linux_arm64" 20 + "aarch64-darwin:darwin_arm64" 21 + ) 22 + 23 + NFILE=pkgs/development/tools/infisical/default.nix 24 + HFILE=pkgs/development/tools/infisical/hashes.json 25 + rm -f "$HFILE" && touch "$HFILE" 26 + 27 + printf "{ \"_comment\": \"@generated by pkgs/development/tools/infisical/update.sh\"\n" >> "$HFILE" 28 + 29 + for arch in "${ARCHS[@]}"; do 30 + IFS=: read -r arch_name arch_target <<< "$arch" 31 + sha256hash="$(nix-prefetch-url --type sha256 "https://github.com/infisical/infisical/releases/download/${RELEASE_NAME}/infisical_${VERSION}_${arch_target}.tar.gz")" 32 + srihash="$(nix hash to-sri --type sha256 "$sha256hash")" 33 + echo ", \"$arch_name\": \"$srihash\"" >> "$HFILE" 34 + done 35 + echo "}" >> "$HFILE" 36 + 37 + sed -i \ 38 + '0,/version\s*=\s*".*";/s//version = "'"$VERSION"'";/' \ 39 + "$NFILE" 40 + 41 + echo "Done; wrote $HFILE and updated version in $NFILE."