diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/ggshield/default.nix')
-rw-r--r-- | nixpkgs/pkgs/tools/security/ggshield/default.nix | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/ggshield/default.nix b/nixpkgs/pkgs/tools/security/ggshield/default.nix new file mode 100644 index 000000000000..3f275875ed48 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ggshield/default.nix @@ -0,0 +1,78 @@ +{ lib +, fetchFromGitHub +, git +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "ggshield"; + version = "1.18.0"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "GitGuardian"; + repo = "ggshield"; + rev = "refs/tags/v${version}"; + hash = "sha256-CWWgt2Ec8ChhH+nL6DkGqI3GsR52HforUYaaxSpKgCs="; + }; + + pythonRelaxDeps = true; + + nativeBuildInputs = with python3.pkgs; [ + pythonRelaxDepsHook + setuptools + ]; + + propagatedBuildInputs = with python3.pkgs; [ + appdirs + charset-normalizer + click + cryptography + marshmallow + marshmallow-dataclass + oauthlib + pygitguardian + pyjwt + python-dotenv + pyyaml + requests + rich + ]; + + nativeCheckInputs = [ + git + ] ++ (with python3.pkgs; [ + pyfakefs + pytest-mock + pytest-voluptuous + pytestCheckHook + snapshottest + vcrpy + ]); + + pythonImportsCheck = [ + "ggshield" + ]; + + disabledTestPaths = [ + # Don't run functional tests + "tests/functional/" + ]; + + disabledTests = [ + # No TLS certificate, no .git folder, etc. + "test_cache_catches" + "test_is_git_dir" + "test_is_valid_git_commit_ref" + "test_check_git_dir" + "test_does_not_fail_if_cache" + ]; + + meta = with lib; { + description = "Tool to find and fix various types of hardcoded secrets and infrastructure-as-code misconfigurations"; + homepage = "https://github.com/GitGuardian/ggshield"; + changelog = "https://github.com/GitGuardian/ggshield/blob/${version}/CHANGELOG.md"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} |