| blob | 6f94432e5b078b123b4e9c3fe577ca6bc3f45fad |
1 {
2 lib,
3 buildGoModule,
4 fetchFromGitHub,
5 callPackage,
6 }:
7 buildGoModule rec {
8 pname = "ratchet";
9 version = "0.10.0";
11 # ratchet uses the git sha-1 in the version string, e.g.
12 #
13 # $ ./ratchet --version
14 # ratchet 0.9.2 (d57cc1a53c022d3f87c4820bc6b64384a06c8a07, darwin/arm64)
15 #
16 # so we need to either hard-code the sha-1 corresponding to the version tag
17 # head or retain the git metadata folder and extract it using the git cli.
18 # We currently hard-code it.
19 src = fetchFromGitHub {
20 owner = "sethvargo";
21 repo = "ratchet";
22 rev = "ebb7f24e0cbc288ab913b635480412934a2a5371";
23 hash = "sha256-Wt1/ahKQ8DOquXU5u6p+an9FJ5kYRl7F2EXOv/2rHlA=";
24 };
26 proxyVendor = true;
27 vendorHash = "sha256-J7LijbhpKDIfTcQMgk2x5FVaYG7Kgkba/1aSTmgs5yw=";
29 subPackages = [ "." ];
31 ldflags =
32 let
33 package_url = "github.com/sethvargo/ratchet";
34 in
35 [
36 "-s"
37 "-w"
38 "-X ${package_url}/internal/version.name=ratchet"
39 "-X ${package_url}/internal/version.version=${version}"
40 "-X ${package_url}/internal/version.commit=${src.rev}"
41 ];
43 doInstallCheck = true;
44 installCheckPhase = ''
45 $out/bin/ratchet --version 2>&1 | grep ${version};
46 '';
48 installPhase = ''
49 runHook preInstall
50 mkdir -p $out/bin
51 install -Dm755 "$GOPATH/bin/ratchet" -T $out/bin/ratchet
52 runHook postInstall
53 '';
55 passthru.tests = {
56 execution = callPackage ./tests.nix { };
57 };
59 meta = with lib; {
60 description = "Tool for securing CI/CD workflows with version pinning";
61 mainProgram = "ratchet";
62 downloadPage = "https://github.com/sethvargo/ratchet";
63 homepage = "https://github.com/sethvargo/ratchet";
64 license = licenses.asl20;
65 maintainers = with maintainers; [
66 cameronraysmith
67 ryanccn
68 ];
69 };
70 }