blob: a82b19a9d299d6c56c9f25954ab19446945fe630 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
{ lib, stdenv, fetchzip, zlib, xorg, freetype, jdk17, curl }:
stdenv.mkDerivation rec {
pname = "codeql";
version = "2.16.4";
dontConfigure = true;
dontBuild = true;
dontStrip = true;
src = fetchzip {
url = "https://github.com/github/codeql-cli-binaries/releases/download/v${version}/codeql.zip";
hash = "sha256-wpiySSAs4x0KfzBLHzP4YC2GB1NpeEHQlbfAWCUaV90=";
};
nativeBuildInputs = [
zlib
xorg.libX11
xorg.libXext
xorg.libXi
xorg.libXtst
xorg.libXrender
freetype
jdk17
stdenv.cc.cc.lib
curl
];
installPhase = ''
# codeql directory should not be top-level, otherwise,
# it'll include /nix/store to resolve extractors.
mkdir -p $out/{codeql,bin}
cp -R * $out/codeql/
ln -sf $out/codeql/tools/linux64/lib64trace.so $out/codeql/tools/linux64/libtrace.so
# many of the codeql extractors use CODEQL_DIST + CODEQL_PLATFORM to
# resolve java home, so to be able to create databases, we want to make
# sure that they point somewhere sane/usable since we can not autopatch
# the codeql packaged java dist, but we DO want to patch the extractors
# as well as the builders which are ELF binaries for the most part
rm -rf $out/codeql/tools/linux64/java
ln -s ${jdk17} $out/codeql/tools/linux64/java
ln -s $out/codeql/codeql $out/bin/
'';
meta = with lib; {
description = "Semantic code analysis engine";
homepage = "https://codeql.github.com";
maintainers = [ maintainers.dump_stack ];
platforms = lib.platforms.linux ++ lib.platforms.darwin;
license = licenses.unfree;
};
}
|