pkgs/development/tools/infisical/default.nix at python-updates

tjh.dev / nixpkgs
fork atom
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / development / tools / infisical / default.nix
at python-updates 96 lines 2.8 kB view raw
wrap content
 1{
 2  stdenv,
 3  lib,
 4  fetchurl,
 5  testers,
 6  installShellFiles,
 7}:
 8
 9# this expression is mostly automated, and you are STRONGLY
10# RECOMMENDED to use to nix-update for updating this expression when new
11# releases come out, which runs the sibling `update.sh` script.
12#
13# from the root of the nixpkgs git repository, run:
14#
15#    nix-shell maintainers/scripts/update.nix \
16#      --argstr commit true \
17#      --argstr package infisical
18
19let
20  # build hashes, which correspond to the hashes of the precompiled binaries procured by GitHub Actions.
21  buildHashes = builtins.fromJSON (builtins.readFile ./hashes.json);
22
23  # the version of infisical
24  version = "0.41.90";
25
26  # the platform-specific, statically linked binary
27  src =
28    let
29      suffix =
30        {
31          # map the platform name to the golang toolchain suffix
32          # NOTE: must be synchronized with update.sh!
33          x86_64-linux = "linux_amd64";
34          x86_64-darwin = "darwin_amd64";
35          aarch64-linux = "linux_arm64";
36          aarch64-darwin = "darwin_arm64";
37        }
38        ."${stdenv.hostPlatform.system}" or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
39
40      name = "infisical_${version}_${suffix}.tar.gz";
41      hash = buildHashes."${stdenv.hostPlatform.system}";
42      url = "https://github.com/Infisical/infisical/releases/download/infisical-cli%2Fv${version}/${name}";
43    in
44    fetchurl { inherit name url hash; };
45
46in
47stdenv.mkDerivation (finalAttrs: {
48  pname = "infisical";
49  version = version;
50  inherit src;
51
52  nativeBuildInputs = [ installShellFiles ];
53
54  doCheck = true;
55  dontConfigure = true;
56  dontStrip = true;
57
58  sourceRoot = ".";
59  buildPhase = "chmod +x ./infisical";
60  checkPhase = "./infisical --version";
61  installPhase = ''
62    mkdir -p $out/bin/ $out/share/completions/ $out/share/man/
63    cp infisical $out/bin
64    cp completions/* $out/share/completions/
65    cp manpages/* $out/share/man/
66  '';
67  postInstall = ''
68    installManPage share/man/infisical.1.gz
69    installShellCompletion share/completions/infisical.{bash,fish,zsh}
70  '';
71
72  passthru = {
73    updateScript = ./update.sh;
74    tests.version = testers.testVersion { package = finalAttrs.finalPackage; };
75  };
76
77  meta = {
78    description = "Official Infisical CLI";
79    longDescription = ''
80      Infisical is the open-source secret management platform:
81      Sync secrets across your team/infrastructure and prevent secret leaks.
82    '';
83    homepage = "https://infisical.com";
84    changelog = "https://github.com/infisical/infisical/releases/tag/infisical-cli%2Fv${version}";
85    license = lib.licenses.mit;
86    mainProgram = "infisical";
87    maintainers = with lib.maintainers; [ hausken ];
88    teams = [ lib.teams.infisical ];
89    platforms = [
90      "x86_64-linux"
91      "aarch64-linux"
92      "aarch64-darwin"
93      "x86_64-darwin"
94    ];
95  };
96})