open-policy-agent: 0.32.1 -> 0.33.1

Added tests and a feature toggle for enableWasmEval enableWasmEval is not enabled as it breaks reproducability and isn't in most workloads. Added shell completions
2021-10-08 13:07:54 +01:00 · 2021-10-08 13:07:54 +01:00 · cd8b4d3ba9
commit cd8b4d3ba9
parent 549044ea1c
1 changed files with 44 additions and 3 deletions
--- a/pkgs/development/tools/open-policy-agent/default.nix
+++ b/pkgs/development/tools/open-policy-agent/default.nix
@ -1,26 +1,67 @@
-{ lib, buildGoModule, fetchFromGitHub }:
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, installShellFiles
+
+, enableWasmEval ? false
+}:

 buildGoModule rec {
  pname = "open-policy-agent";
-  version = "0.32.1";
+  version = "0.33.1";

  src = fetchFromGitHub {
    owner = "open-policy-agent";
    repo = "opa";
    rev = "v${version}";
-    sha256 = "sha256-pd0bOE0cSi+93B0U46KpeC7AHgsV3oBJcT/wg8XED5Y=";
+    sha256 = "sha256-n0VuzYlgn9IGiaxzDeuVjMqFbDwTe3UjExk7BT2DNZc=";
  };
  vendorSha256 = null;

+  nativeBuildInputs = [ installShellFiles ];
+
  subPackages = [ "." ];

  ldflags = [ "-s" "-w" "-X github.com/open-policy-agent/opa/version.Version=${version}" ];

+  tags = lib.optional enableWasmEval (
+    builtins.trace
+      ("Warning: enableWasmEval breaks reproducability, "
+        + "ensure you need wasm evaluation. "
+        + "`opa build` does not need this feature.")
+      "opa_wasm");
+
+  preCheck = ''
+    # Feed in all but the e2e tests for testing
+    # This is because subPackages above limits what is built to just what we
+    # want but also limits the tests
+    getGoDirs() {
+      go list ./... | grep -v e2e
+    }
+
+    # Remove test case that fails on < go1.17
+    rm test/cases/testdata/cryptox509parsecertificates/test-cryptox509parsecertificates-0123.yaml
+  '';
+
+  postInstall = ''
+    installShellCompletion --cmd opa \
+      --bash <($out/bin/opa completion bash) \
+      --fish <($out/bin/opa completion fish) \
+      --zsh <($out/bin/opa completion zsh)
+  '';
+
  doInstallCheck = true;
  installCheckPhase = ''
    runHook preInstallCheck
+
    $out/bin/opa --help
    $out/bin/opa version | grep "Version: ${version}"
+
+    ${lib.optionalString enableWasmEval ''
+      # If wasm is enabled verify it works
+      $out/bin/opa eval -t wasm 'trace("hello from wasm")'
+    ''}
+
    runHook postInstallCheck
  '';