brand new derivation
This commit is contained in:
jgoux
parent
8441191654
commit
20f7101e79
@ -1,59 +1,77 @@
|
||||
{ stdenv, lib, callPackage, fetchurl }:
|
||||
{ stdenv, lib, fetchurl, testers, infisical, installShellFiles }:
|
||||
|
||||
let
|
||||
inherit (stdenv.hostPlatform) system;
|
||||
throwSystem = throw "Unsupported system: ${system}";
|
||||
# build hashes, which correspond to the hashes of the precompiled binaries procured by GitHub Actions.
|
||||
buildHashes = builtins.fromJSON (builtins.readFile ./hashes.json);
|
||||
|
||||
plat = {
|
||||
x86_64-linux = "linux_amd64";
|
||||
x86_64-darwin = "darwin_amd64";
|
||||
aarch64-linux = "linux_arm64";
|
||||
aarch64-darwin = "darwin_arm64";
|
||||
}.${system} or throwSystem;
|
||||
# the version of infisical
|
||||
version = "0.14.3";
|
||||
|
||||
archive_fmt = "tar.gz";
|
||||
# the platform-specific, statically linked binary
|
||||
src =
|
||||
let
|
||||
suffix = {
|
||||
# map the platform name to the golang toolchain suffix
|
||||
# NOTE: must be synchronized with update.sh!
|
||||
x86_64-linux = "linux_amd64";
|
||||
x86_64-darwin = "darwin_amd64";
|
||||
aarch64-linux = "linux_arm64";
|
||||
aarch64-darwin = "darwin_arm64";
|
||||
}."${stdenv.hostPlatform.system}" or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
|
||||
|
||||
name = "infisical_${version}_${suffix}.tar.gz";
|
||||
hash = buildHashes."${stdenv.hostPlatform.system}";
|
||||
url = "https://github.com/Infisical/infisical/releases/download/infisical-cli%2Fv${version}/${name}";
|
||||
in
|
||||
fetchurl { inherit name url hash; };
|
||||
|
||||
sha256 = {
|
||||
x86_64-linux = "b137f0a2830de5c91d6b1a5de11df242f0c4613ee6b98653c85126d1ec4cdf73";
|
||||
x86_64-darwin = "07de3e985e56bb4a47288a3c0ae1c06eba2bcc8c4ad94eb8369dc91654dcd649";
|
||||
aarch64-linux = "786b8a9c2ea1d583d6d14758e7070285b892cc04c071298767a98a048dac47cd";
|
||||
aarch64-darwin = "b38b3595ad7ae5c439236f7a642796dd923261aa537d1c5adb441d6665ef89da";
|
||||
}.${system} or throwSystem;
|
||||
in
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "infisical";
|
||||
version = "0.14.3";
|
||||
stdenv.mkDerivation {
|
||||
pname = "infisical";
|
||||
version = version;
|
||||
inherit src;
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/Infisical/infisical/releases/download/infisical-cli%2Fv${finalAttrs.version}/infisical_${finalAttrs.version}_${plat}.tar.gz";
|
||||
inherit sha256;
|
||||
};
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
|
||||
sourceRoot = ".";
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin/ $out/share/completions/ $out/share/man/
|
||||
cp completions/* $out/share/completions/
|
||||
cp manpages/* $out/share/man/
|
||||
cp infisical $out/bin
|
||||
doCheck = true;
|
||||
dontConfigure = true;
|
||||
dontStrip = true;
|
||||
|
||||
sourceRoot = ".";
|
||||
buildPhase = "chmod +x ./infisical";
|
||||
checkPhase = "./infisical --version";
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin/ $out/share/completions/ $out/share/man/
|
||||
cp infisical $out/bin
|
||||
cp completions/* $out/share/completions/
|
||||
cp manpages/* $out/share/man/
|
||||
'';
|
||||
postInstall = ''
|
||||
installManPage share/man/infisical.1.gz
|
||||
installShellCompletion share/completions/infisical.{bash,fish,zsh}
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = ./update.sh;
|
||||
tests.version = testers.testVersion { package = infisical; };
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
description = "The official Infisical CLI";
|
||||
longDescription = ''
|
||||
Infisical is the open-source secret management platform:
|
||||
Sync secrets across your team/infrastructure and prevent secret leaks.
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
installManPage share/man/infisical.1.gz
|
||||
installShellCompletion share/completions/infisical.{bash,fish,zsh}
|
||||
chmod +x bin/infisical
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "The official Infisical CLI";
|
||||
longDescription = ''
|
||||
Infisical is an Open Source, End-to-End encrypted platform that lets you
|
||||
securely sync secrets and configs across your team, devices, and infrastructure
|
||||
'';
|
||||
mainProgram = "infisical";
|
||||
homepage = "https://infisical.com/";
|
||||
downloadPage = "https://github.com/Infisical/infisical/releases/";
|
||||
license = licenses.mit;
|
||||
maintainers = [ maintainers.ivanmoreau maintainers.jgoux ];
|
||||
platforms = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" "aarch64-linux" ];
|
||||
};
|
||||
})
|
||||
homepage = "https://infisical.com";
|
||||
changelog = "https://github.com/infisical/infisical/releases/tag/infisical-cli%2Fv${version}";
|
||||
license = licenses.mit;
|
||||
mainProgram = "infisical";
|
||||
maintainers = [ maintainers.ivanmoreau maintainers.jgoux ];
|
||||
platforms = [
|
||||
"x86_64-linux"
|
||||
"aarch64-linux"
|
||||
"aarch64-darwin"
|
||||
"x86_64-darwin"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
6
pkgs/development/tools/infisical/hashes.json
Normal file
6
pkgs/development/tools/infisical/hashes.json
Normal file
@ -0,0 +1,6 @@
|
||||
{ "_comment": "@generated by pkgs/development/tools/infisical/update.sh"
|
||||
, "x86_64-linux": "sha256-sTfwooMN5ckdaxpd4R3yQvDEYT7muYZTyFEm0exM33M="
|
||||
, "x86_64-darwin": "sha256-B94+mF5Wu0pHKIo8CuHAbrorzIxK2U64Np3JFlTc1kk="
|
||||
, "aarch64-linux": "sha256-eGuKnC6h1YPW0UdY5wcChbiSzATAcSmHZ6mKBI2sR80="
|
||||
, "aarch64-darwin": "sha256-s4s1la165cQ5I296ZCeW3ZIyYapTfRxa20QdZmXvido="
|
||||
}
|
||||
41
pkgs/development/tools/infisical/update.sh
Executable file
41
pkgs/development/tools/infisical/update.sh
Executable file
@ -0,0 +1,41 @@
|
||||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -I nixpkgs=./. -i bash -p curl jq nix-prefetch common-updater-scripts nix coreutils
|
||||
# shellcheck shell=bash
|
||||
set -euo pipefail
|
||||
|
||||
RELEASE_NAME=$(curl -s https://api.github.com/repos/infisical/infisical/releases \
|
||||
| jq -r 'sort_by(.created_at) | reverse |
|
||||
(map
|
||||
(select ((.prerelease == false) and (.draft == false))) |
|
||||
first
|
||||
) | .name')
|
||||
VERSION=$(echo "$RELEASE_NAME" | sed -E 's/^infisical-cli\/v//')
|
||||
|
||||
echo "Latest infisical release: $VERSION"
|
||||
|
||||
ARCHS=(
|
||||
"x86_64-linux:linux_amd64"
|
||||
"x86_64-darwin:darwin_amd64"
|
||||
"aarch64-linux:linux_arm64"
|
||||
"aarch64-darwin:darwin_arm64"
|
||||
)
|
||||
|
||||
NFILE=pkgs/development/tools/infisical/default.nix
|
||||
HFILE=pkgs/development/tools/infisical/hashes.json
|
||||
rm -f "$HFILE" && touch "$HFILE"
|
||||
|
||||
printf "{ \"_comment\": \"@generated by pkgs/development/tools/infisical/update.sh\"\n" >> "$HFILE"
|
||||
|
||||
for arch in "${ARCHS[@]}"; do
|
||||
IFS=: read -r arch_name arch_target <<< "$arch"
|
||||
sha256hash="$(nix-prefetch-url --type sha256 "https://github.com/infisical/infisical/releases/download/${RELEASE_NAME}/infisical_${VERSION}_${arch_target}.tar.gz")"
|
||||
srihash="$(nix hash to-sri --type sha256 "$sha256hash")"
|
||||
echo ", \"$arch_name\": \"$srihash\"" >> "$HFILE"
|
||||
done
|
||||
echo "}" >> "$HFILE"
|
||||
|
||||
sed -i \
|
||||
'0,/version\s*=\s*".*";/s//version = "'"$VERSION"'";/' \
|
||||
"$NFILE"
|
||||
|
||||
echo "Done; wrote $HFILE and updated version in $NFILE."
|
||||
Loading…
Reference in New Issue
Block a user