tjh.dev
nixpkgs mirror (for testing)
github.com/NixOS/nixpkgs
nix
1{
2 lib,
3 fetchFromGitHub,
4 git,
5 python3,
6}:
7
8python3.pkgs.buildPythonApplication rec {
9 pname = "ggshield";
10 version = "1.40.0";
11 pyproject = true;
12
13 src = fetchFromGitHub {
14 owner = "GitGuardian";
15 repo = "ggshield";
16 tag = "v${version}";
17 hash = "sha256-Y42MBRyjPljUAGTwhH2FS8drUAceuJse8Qd1GbctWQs=";
18 };
19
20 pythonRelaxDeps = true;
21
22 build-system = with python3.pkgs; [ pdm-backend ];
23
24 dependencies = with python3.pkgs; [
25 appdirs
26 charset-normalizer
27 click
28 cryptography
29 marshmallow
30 marshmallow-dataclass
31 oauthlib
32 platformdirs
33 pygitguardian
34 pyjwt
35 python-dotenv
36 pyyaml
37 requests
38 rich
39 truststore
40 ];
41
42 nativeCheckInputs = [
43 git
44 ]
45 ++ (with python3.pkgs; [
46 jsonschema
47 pyfakefs
48 pytest-factoryboy
49 pytest-mock
50 pytest-voluptuous
51 pytestCheckHook
52 snapshottest
53 vcrpy
54 ]);
55
56 pythonImportsCheck = [ "ggshield" ];
57
58 disabledTestPaths = [
59 # Don't run functional tests
60 "tests/functional/"
61 "tests/unit/cmd/honeytoken"
62 "tests/unit/cmd/scan/"
63 "tests/test_factories.py"
64 ];
65
66 disabledTests = [
67 # No TLS certificate, no .git folder, etc.
68 "test_cache_catches"
69 "test_is_git_dir"
70 "test_is_valid_git_commit_ref"
71 "test_check_git_dir"
72 "test_does_not_fail_if_cache"
73 # Encoding issues
74 "test_create_files_from_paths"
75 "test_file_decode_content"
76 "test_file_is_longer_than_does_not_read_utf8_file"
77 "test_file_is_longer_using_8bit_codec"
78 "test_generate_files_from_paths"
79 # Nixpkgs issue
80 "test_get_file_sha_in_ref"
81 ];
82
83 meta = with lib; {
84 description = "Tool to find and fix various types of hardcoded secrets and infrastructure-as-code misconfigurations";
85 homepage = "https://github.com/GitGuardian/ggshield";
86 changelog = "https://github.com/GitGuardian/ggshield/blob/${version}/CHANGELOG.md";
87 license = licenses.mit;
88 maintainers = with maintainers; [ fab ];
89 mainProgram = "ggshield";
90 };
91}