pkgs/by-name/de/dependency-track/package.nix at devShellTools-shell

tjh.dev / nixpkgs
fork atom
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / by-name / de / dependency-track / package.nix
at devShellTools-shell 127 lines 3.2 kB view raw
wrap content
  1{
  2  lib,
  3  buildNpmPackage,
  4  fetchFromGitHub,
  5  nodejs_20,
  6  jre_headless,
  7  protobuf_30,
  8  cyclonedx-cli,
  9  makeWrapper,
 10  maven,
 11  nix-update-script,
 12  nixosTests,
 13}:
 14let
 15  version = "4.13.2";
 16
 17  frontend = buildNpmPackage {
 18    pname = "dependency-track-frontend";
 19    inherit version;
 20
 21    # TODO: pinned due to build error on node 22
 22    nodejs = nodejs_20;
 23
 24    src = fetchFromGitHub {
 25      owner = "DependencyTrack";
 26      repo = "frontend";
 27      rev = version;
 28      hash = "sha256-HshphdOvJMRdMWYNc+nOkoFGA9Rr+N7+Gs8THBZjKTM=";
 29    };
 30
 31    installPhase = ''
 32      mkdir $out
 33      cp -R ./dist $out/
 34    '';
 35
 36    npmDepsHash = "sha256-u5yVJlW9LhptyHQddd1RCBgU/xNdSNX5FAmSEj6n7Ng=";
 37    forceGitDeps = true;
 38    makeCacheWritable = true;
 39
 40    # The prepack script runs the build script, which we'd rather do in the build phase.
 41    npmPackFlags = [ "--ignore-scripts" ];
 42  };
 43in
 44
 45maven.buildMavenPackage rec {
 46  inherit version;
 47  pname = "dependency-track";
 48
 49  src = fetchFromGitHub {
 50    owner = "DependencyTrack";
 51    repo = "dependency-track";
 52    rev = version;
 53    hash = "sha256-4A34lt6M0M1+HPGFFqH/Ik07FBNz6pI0XYiW9rIVsOk=";
 54  };
 55
 56  patches = [
 57    ./0000-remove-frontend-download.patch
 58    ./0001-add-junixsocket.patch
 59  ];
 60
 61  postPatch = ''
 62    substituteInPlace pom.xml \
 63      --replace-fail '<protocArtifact>''${tool.protoc.version}</protocArtifact>' \
 64      "<protocCommand>${protobuf_30}/bin/protoc</protocCommand>"
 65  '';
 66
 67  mvnJdk = jre_headless;
 68  mvnHash = "sha256-V0EhfPN8htR4v/KQpQ9tec6dAe/FOxBCp8cUZqL7mFo=";
 69  manualMvnArtifacts = [ "com.coderplus.maven.plugins:copy-rename-maven-plugin:1.0.1" ];
 70  buildOffline = true;
 71
 72  mvnDepsParameters = lib.escapeShellArgs [
 73    "-Dmaven.test.skip=true"
 74    "-P enhance"
 75    "-P embedded-jetty"
 76  ];
 77
 78  mvnParameters = lib.escapeShellArgs [
 79    "-Dmaven.test.skip=true"
 80    "-P enhance"
 81    "-P embedded-jetty"
 82    "-Dservices.bom.merge.skip=false"
 83    "-Dlogback.configuration.file=${src}/src/main/docker/logback.xml"
 84    "-Dcyclonedx-cli.path=${lib.getExe cyclonedx-cli}"
 85  ];
 86
 87  afterDepsSetup = ''
 88    mvn cyclonedx:makeBom -Dmaven.repo.local=$mvnDeps/.m2 \
 89      org.codehaus.mojo:exec-maven-plugin:exec@merge-services-bom
 90  '';
 91
 92  doCheck = false;
 93
 94  nativeBuildInputs = [ makeWrapper ];
 95
 96  installPhase = ''
 97    runHook preInstall
 98
 99    install -Dm644 target/dependency-track-*.jar $out/share/dependency-track/dependency-track.jar
100    makeWrapper ${jre_headless}/bin/java $out/bin/dependency-track \
101      --add-flags "-jar $out/share/dependency-track/dependency-track.jar"
102
103    runHook postInstall
104  '';
105
106  passthru = {
107    inherit frontend;
108    tests = {
109      inherit (nixosTests) dependency-track;
110    };
111    updateScript = nix-update-script {
112      extraArgs = [
113        "-s"
114        "frontend"
115      ];
116    };
117  };
118
119  meta = {
120    description = "Intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain";
121    homepage = "https://github.com/DependencyTrack/dependency-track";
122    license = lib.licenses.asl20;
123    teams = [ lib.teams.cyberus ];
124    mainProgram = "dependency-track";
125    inherit (jre_headless.meta) platforms;
126  };
127}