tjh.dev / nixpkgs
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / development / python-modules / compliance-trestle / default.nix
at python-updates 143 lines 3.5 kB view raw
1{ 2 lib, 3 buildPythonPackage, 4 fetchFromGitHub, 5 pythonAtLeast, 6 7 # build-system 8 hatchling, 9 10 # dependencies 11 attrs, 12 cmarkgfm, 13 cryptography, 14 defusedxml, 15 furl, 16 ilcli, 17 importlib-resources, 18 jinja2, 19 openpyxl, 20 orjson, 21 paramiko, 22 pydantic, 23 python-dotenv, 24 python-frontmatter, 25 requests, 26 ruamel-yaml, 27 28 # tests 29 datamodel-code-generator, 30 pytestCheckHook, 31 mypy, 32}: 33 34let 35 # nist-content is a git submodule, but using fetchSubmodules in src fails while recursing into 36 # nist-content itself. 37 # Thus we simply inject it after the fact in postPatch. 38 nist-content = fetchFromGitHub { 39 name = "nist-content"; 40 owner = "usnistgov"; 41 repo = "oscal-content"; 42 rev = "941c978d14c57379fbf6f7fb388f675067d5bff7"; 43 hash = "sha256-sDvNMheZZhk09YEfY5ocmZmAC3t3KenqD3PaNsi0mMU="; 44 }; 45in 46buildPythonPackage (finalAttrs: { 47 pname = "compliance-trestle"; 48 version = "3.11.0"; 49 pyproject = true; 50 51 src = fetchFromGitHub { 52 owner = "oscal-compass"; 53 repo = "compliance-trestle"; 54 tag = "v${finalAttrs.version}"; 55 # TODO: Try to fall back to fetchSubmodules at the next release 56 # fetchSubmodules = true; 57 hash = "sha256-vhRD2NTt9F/7lgbmrjp5AWSUIs/iaqUAAAxs8T4Ap4A="; 58 }; 59 60 postPatch = '' 61 substituteInPlace tests/trestle/misc/mypy_test.py \ 62 --replace-fail "trestle'," "${placeholder "out"}/bin/trestle'," 63 '' 64 # Replace the expected nist-content git submodule with the pre-fetched path. 65 + '' 66 rmdir ./nist-content 67 ln -s ${nist-content} ./nist-content 68 ''; 69 70 build-system = [ 71 hatchling 72 ]; 73 74 dependencies = [ 75 attrs 76 cmarkgfm 77 cryptography 78 defusedxml 79 furl 80 ilcli 81 importlib-resources 82 jinja2 83 openpyxl 84 orjson 85 paramiko 86 pydantic 87 python-dotenv 88 python-frontmatter 89 requests 90 ruamel-yaml 91 ] 92 ++ pydantic.optional-dependencies.email; 93 94 nativeCheckInputs = [ 95 datamodel-code-generator 96 mypy 97 pytestCheckHook 98 ]; 99 100 disabledTests = [ 101 # Requires network access 102 "test_import_from_url" 103 "test_import_from_nist" 104 "test_remote_profile_relative_cat" 105 106 # AssertionError 107 "test_profile_generate_assemble_rev_5" 108 "test_ssp_assemble_fedramp_profile" 109 "test_ssp_generate_aggregates_no_cds" 110 "test_ssp_generate_aggregates_no_param_value_orig" 111 ] 112 ++ lib.optionals (pythonAtLeast "3.14") [ 113 # AssertionError: assert 1 == 0 114 # AttributeError: 'AliasTracker' object has no attribute 'aliases' 115 "test_arguments" 116 "test_get_list_cli" 117 "test_load_custom_config" 118 "test_load_default_config" 119 "test_split_catalog_star" 120 "test_split_comp_def" 121 ]; 122 123 disabledTestPaths = [ 124 # Requires network access 125 "tests/trestle/core/remote" 126 ] 127 ++ lib.optionals (pythonAtLeast "3.14") [ 128 # pydantic.v1.errors.ConfigError: unable to infer type for attribute "poam" 129 "tests/trestle/core/models/interfaces_test.py" 130 "tests/trestle/tasks/ocp4_cis_profile_to_oscal_catalog_test.py" 131 ]; 132 133 pythonImportsCheck = [ "trestle" ]; 134 135 meta = { 136 description = "Opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard"; 137 homepage = "https://github.com/oscal-compass/compliance-trestle"; 138 changelog = "https://github.com/oscal-compass/compliance-trestle/blob/${finalAttrs.src.tag}/CHANGELOG.md"; 139 license = lib.licenses.asl20; 140 maintainers = with lib.maintainers; [ tochiaha ]; 141 mainProgram = "trestle"; 142 }; 143})