tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / by-name / de / dependabot-cli / package.nix
at devShellTools-shell 3.9 kB view raw
1{ 2 lib, 3 stdenv, 4 buildGoModule, 5 dependabot-cli, 6 dockerTools, 7 fetchFromGitHub, 8 installShellFiles, 9 makeWrapper, 10 symlinkJoin, 11 testers, 12}: 13let 14 pname = "dependabot-cli"; 15 version = "1.68.0"; 16 17 # `tag` is what `dependabot` uses to find the relevant docker images. 18 tag = "nixpkgs-dependabot-cli-${version}"; 19 20 # Get these hashes from 21 # nix run nixpkgs#nix-prefetch-docker -- --image-name ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy --image-tag latest --final-image-name dependabot-update-job-proxy --final-image-tag ${tag} 22 updateJobProxy.imageDigest = "sha256:83834c9a112c3e29c4bc357e17ee057c32232f443bc295130b024077acbcca4e"; 23 updateJobProxy.hash = "sha256-ej6AEvnp7n8O6eArrVAJgXzeco/Rz+tXg7gVxo0OsW8="; 24 25 # Get these hashes from 26 # nix run nixpkgs#nix-prefetch-docker -- --image-name ghcr.io/dependabot/dependabot-updater-github-actions --image-tag latest --final-image-name dependabot-updater-github-actions --final-image-tag ${tag} 27 updaterGitHubActions.imageDigest = "sha256:90a65d2c98f8fc8ac1fd6291ea0be02a911818d4fa8ec788ceb1c9227fa844f4"; 28 updaterGitHubActions.hash = "sha256-uc/yetek6XHTWQb1+DJiOWEHS2nea+/jd/lJdpI6m7E="; 29in 30buildGoModule { 31 inherit pname version; 32 33 src = fetchFromGitHub { 34 owner = "dependabot"; 35 repo = "cli"; 36 rev = "v${version}"; 37 hash = "sha256-Pd9Q5ipwcj7KQ+Nr7Tyga3xwGKLPFJIPc23fob0EQeA="; 38 }; 39 40 vendorHash = "sha256-vitkSAvc7TAXcqXQPbnIE0z4tYlSvdx072hzAB50O3I="; 41 42 ldflags = [ 43 "-s" 44 "-w" 45 "-X github.com/dependabot/cli/cmd/dependabot/internal/cmd.version=v${version}" 46 ]; 47 48 nativeBuildInputs = [ 49 makeWrapper 50 installShellFiles 51 ]; 52 53 postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' 54 installShellCompletion --cmd dependabot \ 55 --bash <($out/bin/dependabot completion bash) \ 56 --fish <($out/bin/dependabot completion fish) \ 57 --zsh <($out/bin/dependabot completion zsh) 58 ''; 59 60 checkFlags = [ 61 "-skip=TestDependabot" 62 ]; 63 64 doInstallCheck = true; 65 installCheckPhase = '' 66 $out/bin/dependabot --help 67 ''; 68 69 passthru.updateScript = ./update.sh; 70 71 passthru.withDockerImages = symlinkJoin { 72 name = "dependabot-cli-with-docker-images"; 73 paths = [ dependabot-cli ]; 74 buildInputs = [ makeWrapper ]; 75 postBuild = 76 let 77 updateJobProxyImage = dockerTools.pullImage { 78 imageName = "ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy"; 79 finalImageName = "dependabot-update-job-proxy"; 80 finalImageTag = tag; 81 inherit (updateJobProxy) imageDigest hash; 82 }; 83 84 updaterGitHubActionsImage = dockerTools.pullImage { 85 imageName = "ghcr.io/dependabot/dependabot-updater-github-actions"; 86 finalImageName = "dependabot-updater-github-actions"; 87 finalImageTag = tag; 88 inherit (updaterGitHubActions) imageDigest hash; 89 }; 90 in 91 '' 92 # Create a wrapper that pins the docker images that `dependabot` uses. 93 wrapProgram $out/bin/dependabot \ 94 --run "docker load --input ${updateJobProxyImage} >&2" \ 95 --add-flags "--proxy-image=dependabot-update-job-proxy:${tag}" \ 96 --run "docker load --input ${updaterGitHubActionsImage} >&2" \ 97 --add-flags "--updater-image=dependabot-updater-github-actions:${tag}" 98 ''; 99 }; 100 101 passthru.tests.version = testers.testVersion { 102 package = dependabot-cli; 103 command = "dependabot --version"; 104 version = "v${version}"; 105 }; 106 107 meta = { 108 changelog = "https://github.com/dependabot/cli/releases/tag/v${version}"; 109 description = "Tool for testing and debugging Dependabot update jobs"; 110 mainProgram = "dependabot"; 111 homepage = "https://github.com/dependabot/cli"; 112 license = lib.licenses.mit; 113 maintainers = with lib.maintainers; [ 114 infinisil 115 philiptaron 116 ]; 117 }; 118}