pkgs/applications/networking/cluster/helm/plugins/helm-secrets.nix at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / applications / networking / cluster / helm / plugins / helm-secrets.nix

at devShellTools-shell 67 lines 1.4 kB view raw

 1{
 2  lib,
 3  stdenv,
 4  fetchFromGitHub,
 5  makeWrapper,
 6  coreutils,
 7  findutils,
 8  getopt,
 9  gnugrep,
10  gnused,
11  sops,
12}:
13
14stdenv.mkDerivation rec {
15  pname = "helm-secrets";
16  version = "4.6.5";
17
18  src = fetchFromGitHub {
19    owner = "jkroepke";
20    repo = pname;
21    rev = "v${version}";
22    hash = "sha256-gSWavqvKdVBRF182fzEiRqEVg8douzEcpKiOdmSZ9hg=";
23  };
24
25  nativeBuildInputs = [ makeWrapper ];
26  buildInputs = [
27    getopt
28    sops
29  ];
30
31  # NOTE: helm-secrets is comprised of shell scripts.
32  dontBuild = true;
33
34  # NOTE: Fix version string
35  postPatch = ''
36    sed -i 's/^version:.*/version: "${version}"/' plugin.yaml
37  '';
38
39  installPhase = ''
40    runHook preInstall
41
42    install -dm755 $out/${pname} $out/${pname}/scripts
43    install -m644 -Dt $out/${pname} plugin.yaml
44    cp -r scripts/* $out/${pname}/scripts
45    wrapProgram $out/${pname}/scripts/run.sh \
46        --prefix PATH : ${
47          lib.makeBinPath [
48            coreutils
49            findutils
50            getopt
51            gnugrep
52            gnused
53            sops
54          ]
55        }
56
57    runHook postInstall
58  '';
59
60  meta = with lib; {
61    description = "Helm plugin that helps manage secrets";
62    homepage = "https://github.com/jkroepke/helm-secrets";
63    license = licenses.asl20;
64    maintainers = with maintainers; [ yurrriq ];
65    platforms = platforms.unix;
66  };
67}