nixpkgs/pkgs/tools/security/ggshield/default.nix

79 lines
1.5 KiB
Nix

{ lib
, fetchFromGitHub
, git
, python3
}:
python3.pkgs.buildPythonApplication rec {
pname = "ggshield";
version = "1.20.0";
format = "pyproject";
src = fetchFromGitHub {
owner = "GitGuardian";
repo = "ggshield";
rev = "refs/tags/v${version}";
hash = "sha256-J2kz8PcR6f7u9+pI1jGAYCakSwj0/WKskQLWuYC5+Hs=";
};
pythonRelaxDeps = true;
nativeBuildInputs = with python3.pkgs; [
pythonRelaxDepsHook
setuptools
];
propagatedBuildInputs = with python3.pkgs; [
appdirs
charset-normalizer
click
cryptography
marshmallow
marshmallow-dataclass
oauthlib
pygitguardian
pyjwt
python-dotenv
pyyaml
requests
rich
];
nativeCheckInputs = [
git
] ++ (with python3.pkgs; [
pyfakefs
pytest-mock
pytest-voluptuous
pytestCheckHook
snapshottest
vcrpy
]);
pythonImportsCheck = [
"ggshield"
];
disabledTestPaths = [
# Don't run functional tests
"tests/functional/"
];
disabledTests = [
# No TLS certificate, no .git folder, etc.
"test_cache_catches"
"test_is_git_dir"
"test_is_valid_git_commit_ref"
"test_check_git_dir"
"test_does_not_fail_if_cache"
];
meta = with lib; {
description = "Tool to find and fix various types of hardcoded secrets and infrastructure-as-code misconfigurations";
homepage = "https://github.com/GitGuardian/ggshield";
changelog = "https://github.com/GitGuardian/ggshield/blob/${version}/CHANGELOG.md";
license = licenses.mit;
maintainers = with maintainers; [ fab ];
};
}