pkgs/by-name/ku/kubesec/package.nix at devShellTools-shell

tjh.dev / nixpkgs

fork atom

nixpkgs mirror (for testing) github.com/NixOS/nixpkgs

nix

fork atom

nixpkgs / pkgs / by-name / ku / kubesec / package.nix

at devShellTools-shell 60 lines 1.4 kB view raw

wrap content

 1{
 2  lib,
 3  buildGoModule,
 4  fetchFromGitHub,
 5  installShellFiles,
 6}:
 7
 8buildGoModule rec {
 9  pname = "kubesec";
10  version = "2.14.2";
11
12  src = fetchFromGitHub {
13    owner = "controlplaneio";
14    repo = "kubesec";
15    tag = "v${version}";
16    hash = "sha256-4jVRd6XQekL4wMZ+Icoa2DEsTGzBISK2QPO+gu890kA=";
17  };
18
19  vendorHash = "sha256-6jXGc9tkqRTjzEiug8lGursPm9049THWlk8xY3pyVgo=";
20
21  nativeBuildInputs = [ installShellFiles ];
22
23  ldflags = [
24    "-s"
25    "-w"
26    "-X=github.com/controlplaneio/kubesec/v${lib.versions.major version}/cmd.version=v${version}"
27  ];
28
29  # Tests wants to download the kubernetes schema for use with kubeval
30  doCheck = false;
31
32  postInstall = ''
33    installShellCompletion --cmd kubesec \
34      --bash <($out/bin/kubesec completion bash) \
35      --fish <($out/bin/kubesec completion fish) \
36      --zsh <($out/bin/kubesec completion zsh)
37  '';
38
39  doInstallCheck = true;
40  installCheckPhase = ''
41    runHook preInstallCheck
42
43    $out/bin/kubesec --help
44    $out/bin/kubesec version | grep "${version}"
45
46    runHook postInstallCheck
47  '';
48
49  meta = {
50    description = "Security risk analysis tool for Kubernetes resources";
51    mainProgram = "kubesec";
52    homepage = "https://github.com/controlplaneio/kubesec";
53    changelog = "https://github.com/controlplaneio/kubesec/blob/v${version}/CHANGELOG.md";
54    license = with lib.licenses; [ asl20 ];
55    maintainers = with lib.maintainers; [
56      fab
57      jk
58    ];
59  };
60}