pkgs/by-name/gi/gitleaks/package.nix at python-updates · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / by-name / gi / gitleaks / package.nix

at python-updates 61 lines 1.5 kB view raw

 1{
 2  lib,
 3  stdenv,
 4  buildGoModule,
 5  fetchFromGitHub,
 6  installShellFiles,
 7  nix-update-script,
 8  versionCheckHook,
 9  git,
10}:
11
12buildGoModule rec {
13  pname = "gitleaks";
14  version = "8.28.0";
15
16  src = fetchFromGitHub {
17    owner = "zricethezav";
18    repo = "gitleaks";
19    tag = "v${version}";
20    hash = "sha256-smh3Ge278lYVEcs6r1F43daexgjgddy1HKhU5E4CBYM=";
21  };
22
23  vendorHash = "sha256-dd9sHt5t0s4Vff1rOwQY1OC+0FIw0SDt/cwJN+IL5D8=";
24
25  ldflags = [
26    "-s"
27    "-w"
28    "-X=github.com/zricethezav/gitleaks/v${lib.versions.major version}/cmd.Version=${version}"
29  ];
30
31  nativeBuildInputs = [
32    installShellFiles
33    versionCheckHook
34  ];
35
36  nativeCheckInputs = [ git ];
37
38  postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
39    installShellCompletion --cmd ${pname} \
40      --bash <($out/bin/${pname} completion bash) \
41      --fish <($out/bin/${pname} completion fish) \
42      --zsh <($out/bin/${pname} completion zsh)
43  '';
44
45  doInstallCheck = true;
46
47  passthru.updateScript = nix-update-script { };
48
49  meta = {
50    description = "Scan git repos (or files) for secrets";
51    longDescription = ''
52      Gitleaks is a SAST tool for detecting hardcoded secrets like passwords,
53      API keys and tokens in git repos.
54    '';
55    homepage = "https://github.com/zricethezav/gitleaks";
56    changelog = "https://github.com/zricethezav/gitleaks/releases/tag/v${version}";
57    license = with lib.licenses; [ mit ];
58    maintainers = with lib.maintainers; [ fab ];
59    mainProgram = "gitleaks";
60  };
61}