tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / by-name / ra / ratchet / package.nix
at devShellTools-shell 72 lines 1.8 kB view raw
1{ 2 lib, 3 buildGoModule, 4 fetchFromGitHub, 5 callPackage, 6}: 7 8buildGoModule rec { 9 pname = "ratchet"; 10 version = "0.10.2"; 11 12 # ratchet uses the git sha-1 in the version string, e.g. 13 # 14 # $ ./ratchet --version 15 # ratchet 0.9.2 (d57cc1a53c022d3f87c4820bc6b64384a06c8a07, darwin/arm64) 16 # 17 # so we need to either hard-code the sha-1 corresponding to the version tag 18 # head or retain the git metadata folder and extract it using the git cli. 19 # We currently hard-code it. 20 src = fetchFromGitHub { 21 owner = "sethvargo"; 22 repo = "ratchet"; 23 rev = "ee93c849418d0b9316703bb349055a4078ad205e"; 24 hash = "sha256-pVpZB8WWGgFbu0iK6gM2lEaXN4IqDJ1lMtVnUfcE4MQ="; 25 }; 26 27 proxyVendor = true; 28 29 vendorHash = "sha256-KKHlegmvpmmUZGoiEawgSUwOPQEfTjfzTYvere1YAv4="; 30 31 subPackages = [ "." ]; 32 33 ldflags = 34 let 35 package_url = "github.com/sethvargo/ratchet"; 36 in 37 [ 38 "-s" 39 "-w" 40 "-X ${package_url}/internal/version.name=ratchet" 41 "-X ${package_url}/internal/version.version=${version}" 42 "-X ${package_url}/internal/version.commit=${src.rev}" 43 ]; 44 45 doInstallCheck = true; 46 47 installCheckPhase = '' 48 $out/bin/ratchet --version 2>&1 | grep ${version}; 49 ''; 50 51 installPhase = '' 52 runHook preInstall 53 54 install -Dm755 "$GOPATH/bin/ratchet" -T $out/bin/ratchet 55 56 runHook postInstall 57 ''; 58 59 passthru.tests.execution = callPackage ./tests.nix { }; 60 61 meta = { 62 description = "Tool for securing CI/CD workflows with version pinning"; 63 mainProgram = "ratchet"; 64 downloadPage = "https://github.com/sethvargo/ratchet"; 65 homepage = "https://github.com/sethvargo/ratchet"; 66 license = lib.licenses.asl20; 67 maintainers = with lib.maintainers; [ 68 cameronraysmith 69 ryanccn 70 ]; 71 }; 72}