pkgs/by-name/sy/syft/package.nix at devShellTools-shell

tjh.dev / nixpkgs
fork
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork
nixpkgs / pkgs / by-name / sy / syft / package.nix
at devShellTools-shell 93 lines 2.5 kB view raw
wrap content
 1{
 2  lib,
 3  buildGoModule,
 4  fetchFromGitHub,
 5  installShellFiles,
 6}:
 7
 8buildGoModule rec {
 9  pname = "syft";
10  version = "1.29.1";
11
12  src = fetchFromGitHub {
13    owner = "anchore";
14    repo = "syft";
15    tag = "v${version}";
16    hash = "sha256-X+7X71M7nJKEAvAm0L9hh/zamJTGb+OyYNFWfiYlyew=";
17    # populate values that require us to use git. By doing this in postFetch we
18    # can delete .git afterwards and maintain better reproducibility of the src.
19    leaveDotGit = true;
20    postFetch = ''
21      cd "$out"
22      git rev-parse HEAD > $out/COMMIT
23      # 0000-00-00T00:00:00Z
24      date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%m-%dT%H:%M:%SZ" > $out/SOURCE_DATE_EPOCH
25      find "$out" -name .git -print0 | xargs -0 rm -rf
26    '';
27  };
28  # hash mismatch with darwin
29  proxyVendor = true;
30
31  vendorHash = "sha256-xgjnPTeSB+AWFLfXYLW3bveJowVje81lVvO30ZiCLxI=";
32
33  nativeBuildInputs = [ installShellFiles ];
34
35  subPackages = [ "cmd/syft" ];
36
37  ldflags = [
38    "-s"
39    "-w"
40    "-X=main.version=${version}"
41    "-X=main.gitDescription=v${version}"
42    "-X=main.gitTreeState=clean"
43  ];
44
45  postPatch = ''
46    # Don't check for updates.
47    substituteInPlace cmd/syft/internal/options/update_check.go \
48      --replace-fail "CheckForAppUpdate: true" "CheckForAppUpdate: false"
49  '';
50
51  preBuild = ''
52    ldflags+=" -X main.gitCommit=$(cat COMMIT)"
53    ldflags+=" -X main.buildDate=$(cat SOURCE_DATE_EPOCH)"
54  '';
55
56  # tests require a running docker instance
57  doCheck = false;
58
59  postInstall = ''
60    installShellCompletion --cmd syft \
61      --bash <($out/bin/syft completion bash) \
62      --fish <($out/bin/syft completion fish) \
63      --zsh <($out/bin/syft completion zsh)
64  '';
65
66  doInstallCheck = true;
67  installCheckPhase = ''
68    runHook preInstallCheck
69
70    $out/bin/syft --help
71    $out/bin/syft version | grep "${version}"
72
73    runHook postInstallCheck
74  '';
75
76  meta = {
77    description = "CLI tool and library for generating a Software Bill of Materials from container images and filesystems";
78    homepage = "https://github.com/anchore/syft";
79    changelog = "https://github.com/anchore/syft/releases/tag/v${version}";
80    longDescription = ''
81      A CLI tool and Go library for generating a Software Bill of Materials
82      (SBOM) from container images and filesystems. Exceptional for
83      vulnerability detection when used with a scanner tool like Grype.
84    '';
85    license = with lib.licenses; [ asl20 ];
86    maintainers = with lib.maintainers; [
87      developer-guy
88      jk
89      kashw2
90    ];
91    mainProgram = "syft";
92  };
93}
Configure Feed

Configure Feed
