nixpkgs/pkgs/tools/security/semgrep/semgrep-core.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

54 lines
1.5 KiB
Nix
Raw Normal View History

{ lib, stdenvNoCC, fetchPypi, unzip }:
2022-07-13 08:33:54 +01:00
let
common = import ./common.nix { inherit lib; };
2022-07-13 08:33:54 +01:00
in
stdenvNoCC.mkDerivation rec {
pname = "semgrep-core";
inherit (common) version;
# fetch pre-built semgrep-core since the ocaml build is complex and relies on
# the opam package manager at some point
# pulling it out of the python wheel as r2c no longer release a built binary
# on github releases
src =
let
inherit (stdenvNoCC.hostPlatform) system;
data = common.core.${system} or (throw "Unsupported system: ${system}");
in
fetchPypi rec {
pname = "semgrep";
inherit version;
format = "wheel";
dist = python;
python = "cp38.cp39.cp310.cp311.py37.py38.py39.py310.py311";
inherit (data) platform hash;
};
nativeBuildInputs = [ unzip ];
# _tryUnzip from unzip's setup-hook doesn't recognise .whl
# "do not know how to unpack source archive"
# perform unpack by hand
unpackPhase = ''
runHook preUnpack
LANG=en_US.UTF-8 unzip -qq "$src"
runHook postUnpack
'';
dontConfigure = true;
dontBuild = true;
2022-07-13 08:33:54 +01:00
installPhase = ''
runHook preInstall
install -Dm 755 -t $out/bin semgrep-${version}.data/purelib/semgrep/bin/semgrep-core
2022-07-13 08:33:54 +01:00
runHook postInstall
'';
meta = common.meta // {
description = common.meta.description + " - core binary";
mainProgram = "semgrep-core";
2022-07-13 08:33:54 +01:00
sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];
platforms = lib.attrNames common.core;
2022-07-13 08:33:54 +01:00
};
}