tjh.dev / nixpkgs
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / by-name / ko / konstraint / package.nix
at python-updates 60 lines 1.8 kB view raw
1{ 2 lib, 3 stdenv, 4 buildGoModule, 5 fetchFromGitHub, 6 installShellFiles, 7}: 8 9buildGoModule rec { 10 pname = "konstraint"; 11 version = "0.43.0"; 12 13 src = fetchFromGitHub { 14 owner = "plexsystems"; 15 repo = "konstraint"; 16 rev = "v${version}"; 17 sha256 = "sha256-PzJTdSkobcgg04C/sdHJF9IAZxK62axwkkI2393SFbg="; 18 }; 19 vendorHash = "sha256-nq1bHOOSNXcANTV0g8VCjcRKUCgfoMIHFgPqnJ+V4Bw="; 20 21 # Exclude go within .github folder 22 excludedPackages = ".github"; 23 24 nativeBuildInputs = [ installShellFiles ]; 25 26 ldflags = [ 27 "-s" 28 "-w" 29 "-X github.com/plexsystems/konstraint/internal/commands.version=${version}" 30 ]; 31 32 postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' 33 installShellCompletion --cmd konstraint \ 34 --bash <($out/bin/konstraint completion bash) \ 35 --fish <($out/bin/konstraint completion fish) \ 36 --zsh <($out/bin/konstraint completion zsh) 37 ''; 38 39 doInstallCheck = true; 40 installCheckPhase = '' 41 runHook preInstallCheck 42 $out/bin/konstraint --help 43 $out/bin/konstraint --version | grep "${version}" 44 runHook postInstallCheck 45 ''; 46 47 meta = { 48 homepage = "https://github.com/plexsystems/konstraint"; 49 changelog = "https://github.com/plexsystems/konstraint/releases/tag/v${version}"; 50 description = "Policy management tool for interacting with Gatekeeper"; 51 mainProgram = "konstraint"; 52 longDescription = '' 53 konstraint is a CLI tool to assist with the creation and management of templates and constraints when using 54 Gatekeeper. Automatically copy Rego to the ConstraintTemplate. Automatically update all ConstraintTemplates with 55 library changes. Enable writing the same policies for Conftest and Gatekeeper. 56 ''; 57 license = lib.licenses.mit; 58 maintainers = with lib.maintainers; [ jk ]; 59 }; 60}