tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / by-name / co / codeql / package.nix
at devShellTools-shell 1.6 kB view raw
1{ 2 lib, 3 stdenv, 4 fetchzip, 5 zlib, 6 xorg, 7 freetype, 8 jdk17, 9 curl, 10}: 11 12stdenv.mkDerivation rec { 13 pname = "codeql"; 14 version = "2.22.1"; 15 16 dontConfigure = true; 17 dontBuild = true; 18 dontStrip = true; 19 20 src = fetchzip { 21 url = "https://github.com/github/codeql-cli-binaries/releases/download/v${version}/codeql.zip"; 22 hash = "sha256-wXwFrAFODwVj/6b9Nh2wWnNjMMyjlnGXOWiT2/HW2r4="; 23 }; 24 25 nativeBuildInputs = [ 26 zlib 27 xorg.libX11 28 xorg.libXext 29 xorg.libXi 30 xorg.libXtst 31 xorg.libXrender 32 freetype 33 jdk17 34 (lib.getLib stdenv.cc.cc) 35 curl 36 ]; 37 38 installPhase = '' 39 # codeql directory should not be top-level, otherwise, 40 # it'll include /nix/store to resolve extractors. 41 mkdir -p $out/{codeql,bin} 42 cp -R * $out/codeql/ 43 44 ln -sf $out/codeql/tools/linux64/lib64trace.so $out/codeql/tools/linux64/libtrace.so 45 46 # many of the codeql extractors use CODEQL_DIST + CODEQL_PLATFORM to 47 # resolve java home, so to be able to create databases, we want to make 48 # sure that they point somewhere sane/usable since we can not autopatch 49 # the codeql packaged java dist, but we DO want to patch the extractors 50 # as well as the builders which are ELF binaries for the most part 51 rm -rf $out/codeql/tools/linux64/java 52 ln -s ${jdk17} $out/codeql/tools/linux64/java 53 54 ln -s $out/codeql/codeql $out/bin/ 55 ''; 56 57 meta = with lib; { 58 description = "Semantic code analysis engine"; 59 homepage = "https://codeql.github.com"; 60 maintainers = [ maintainers.dump_stack ]; 61 platforms = lib.platforms.linux ++ lib.platforms.darwin; 62 license = licenses.unfree; 63 }; 64}