mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-25 06:13:54 +00:00
ff1a94e523
The nixpkgs-unstable channel's programs.sqlite was used to identify packages producing exactly one binary, and these automatically added to their package definitions wherever possible.
56 lines
1.4 KiB
Nix
56 lines
1.4 KiB
Nix
{ lib
|
|
, buildGoModule
|
|
, fetchFromGitHub
|
|
, installShellFiles
|
|
}:
|
|
|
|
buildGoModule rec {
|
|
pname = "kubesec";
|
|
version = "2.14.0";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "controlplaneio";
|
|
repo = pname;
|
|
rev = "v${version}";
|
|
sha256 = "sha256-RNLvmoHna5EO0/p24opBagyWzzNbmFkWGzkUXirdWe0=";
|
|
};
|
|
vendorHash = "sha256-+Y5k9PRxnBR3lqi4T+3DH4Pw+cyHtt9+9OX4aw0CVl0=";
|
|
|
|
nativeBuildInputs = [ installShellFiles ];
|
|
|
|
ldflags = [
|
|
"-s"
|
|
"-w"
|
|
"-X github.com/controlplaneio/kubesec/v${lib.versions.major version}/cmd.version=v${version}"
|
|
];
|
|
|
|
# Tests wants to download the kubernetes schema for use with kubeval
|
|
doCheck = false;
|
|
|
|
postInstall = ''
|
|
installShellCompletion --cmd kubesec \
|
|
--bash <($out/bin/kubesec completion bash) \
|
|
--fish <($out/bin/kubesec completion fish) \
|
|
--zsh <($out/bin/kubesec completion zsh)
|
|
'';
|
|
|
|
doInstallCheck = true;
|
|
installCheckPhase = ''
|
|
runHook preInstallCheck
|
|
|
|
$out/bin/kubesec --help
|
|
$out/bin/kubesec version | grep "${version}"
|
|
|
|
runHook postInstallCheck
|
|
'';
|
|
|
|
meta = with lib; {
|
|
description = "Security risk analysis tool for Kubernetes resources";
|
|
mainProgram = "kubesec";
|
|
homepage = "https://github.com/controlplaneio/kubesec";
|
|
changelog = "https://github.com/controlplaneio/kubesec/blob/v${version}/CHANGELOG.md";
|
|
license = with licenses; [ asl20 ];
|
|
maintainers = with maintainers; [ fab jk ];
|
|
};
|
|
}
|