tjh.dev
1{
2 lib,
3 buildGoModule,
4 fetchFromGitHub,
5 makeWrapper,
6 gitMinimal,
7 testers,
8 gitsign,
9}:
10
11buildGoModule rec {
12 pname = "gitsign";
13 version = "0.13.0";
14
15 src = fetchFromGitHub {
16 owner = "sigstore";
17 repo = "gitsign";
18 rev = "v${version}";
19 hash = "sha256-sxkQOqlCgS/QFfRN5Rtdih2zjiGHY6H9Kjlw0Q74W2A=";
20 };
21 vendorHash = "sha256-CvswCIczi+MyHsluz39CnfVJEcc49wkEby67qHxv+wI=";
22
23 subPackages = [
24 "."
25 "cmd/gitsign-credential-cache"
26 ];
27
28 nativeBuildInputs = [ makeWrapper ];
29 nativeCheckInputs = [ gitMinimal ];
30
31 ldflags = [
32 "-s"
33 "-w"
34 "-X github.com/sigstore/gitsign/pkg/version.gitVersion=${version}"
35 ];
36
37 preCheck = ''
38 # test all paths
39 unset subPackages
40 '';
41
42 postInstall = ''
43 for f in $out/bin/*; do
44 wrapProgram $f --prefix PATH : ${lib.makeBinPath [ gitMinimal ]}
45 done
46 '';
47
48 passthru.tests.version = testers.testVersion { package = gitsign; };
49
50 meta = {
51 homepage = "https://github.com/sigstore/gitsign";
52 changelog = "https://github.com/sigstore/gitsign/releases/tag/v${version}";
53 description = "Keyless Git signing using Sigstore";
54 license = lib.licenses.asl20;
55 maintainers = with lib.maintainers; [
56 lesuisse
57 developer-guy
58 ];
59 mainProgram = "gitsign";
60 };
61}