Loading pkgs/development/tools/infisical/default.nix +82 −54 Original line number Diff line number Diff line { stdenv, lib, callPackage, fetchurl }: { stdenv, lib, fetchurl, testers, infisical, installShellFiles }: # this expression is mostly automated, and you are STRONGLY # RECOMMENDED to use to nix-update for updating this expression when new # releases come out, which runs the sibling `update.sh` script. # # from the root of the nixpkgs git repository, run: # # nix-shell maintainers/scripts/update.nix \ # --argstr commit true \ # --argstr package infisical let inherit (stdenv.hostPlatform) system; throwSystem = throw "Unsupported system: ${system}"; # build hashes, which correspond to the hashes of the precompiled binaries procured by GitHub Actions. buildHashes = builtins.fromJSON (builtins.readFile ./hashes.json); # the version of infisical version = "0.14.3"; plat = { # the platform-specific, statically linked binary src = let suffix = { # map the platform name to the golang toolchain suffix # NOTE: must be synchronized with update.sh! x86_64-linux = "linux_amd64"; x86_64-darwin = "darwin_amd64"; aarch64-linux = "linux_arm64"; aarch64-darwin = "darwin_arm64"; }.${system} or throwSystem; }."${stdenv.hostPlatform.system}" or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); archive_fmt = "tar.gz"; name = "infisical_${version}_${suffix}.tar.gz"; hash = buildHashes."${stdenv.hostPlatform.system}"; url = "https://github.com/Infisical/infisical/releases/download/infisical-cli%2Fv${version}/${name}"; in fetchurl { inherit name url hash; }; sha256 = { x86_64-linux = "e85c5f2ddca89caa6b44c61554c1dffeacdabc96c25a7e6881dc5722515270d1"; x86_64-darwin = "eddbcde10271f791eb1473ba00b85b442aa059cdfee38021b8f8880f33754821"; aarch64-linux = "9793a6db476492802ffec7f933d7f8f107a1c89fee09c8eb6bdb975b1fccecea"; aarch64-darwin = "46c8a82a71da5731c108d24b4a960a507af66d91bba7b7246dd3a3415afaf7d3"; }.${system} or throwSystem; in stdenv.mkDerivation (finalAttrs: { stdenv.mkDerivation { pname = "infisical"; version = "0.14.2"; version = version; inherit src; src = fetchurl { url = "https://github.com/Infisical/infisical/releases/download/infisical-cli%2Fv${finalAttrs.version}/infisical_${finalAttrs.version}_${plat}.tar.gz"; inherit sha256; }; nativeBuildInputs = [ installShellFiles ]; doCheck = true; dontConfigure = true; dontStrip = true; sourceRoot = "."; buildPhase = "chmod +x ./infisical"; checkPhase = "./infisical --version"; installPhase = '' mkdir -p $out/bin/ $out/share/completions/ $out/share/man/ cp infisical $out/bin cp completions/* $out/share/completions/ cp manpages/* $out/share/man/ cp infisical $out/bin ''; postInstall = '' installManPage share/man/infisical.1.gz installShellCompletion share/completions/infisical.{bash,fish,zsh} chmod +x bin/infisical ''; passthru = { updateScript = ./update.sh; tests.version = testers.testVersion { package = infisical; }; }; meta = with lib; { description = "The official Infisical CLI"; longDescription = '' Infisical is an Open Source, End-to-End encrypted platform that lets you securely sync secrets and configs across your team, devices, and infrastructure Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure and prevent secret leaks. ''; mainProgram = "infisical"; homepage = "https://infisical.com/"; downloadPage = "https://github.com/Infisical/infisical/releases/"; homepage = "https://infisical.com"; changelog = "https://github.com/infisical/infisical/releases/tag/infisical-cli%2Fv${version}"; license = licenses.mit; mainProgram = "infisical"; maintainers = [ maintainers.ivanmoreau maintainers.jgoux ]; platforms = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" "aarch64-linux" ]; platforms = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" "x86_64-darwin" ]; }; }) } pkgs/development/tools/infisical/hashes.json 0 → 100644 +6 −0 Original line number Diff line number Diff line { "_comment": "@generated by pkgs/development/tools/infisical/update.sh" , "x86_64-linux": "sha256-sTfwooMN5ckdaxpd4R3yQvDEYT7muYZTyFEm0exM33M=" , "x86_64-darwin": "sha256-B94+mF5Wu0pHKIo8CuHAbrorzIxK2U64Np3JFlTc1kk=" , "aarch64-linux": "sha256-eGuKnC6h1YPW0UdY5wcChbiSzATAcSmHZ6mKBI2sR80=" , "aarch64-darwin": "sha256-s4s1la165cQ5I296ZCeW3ZIyYapTfRxa20QdZmXvido=" } pkgs/development/tools/infisical/update.sh 0 → 100755 +41 −0 Original line number Diff line number Diff line #!/usr/bin/env nix-shell #!nix-shell -I nixpkgs=./. -i bash -p curl jq nix-prefetch common-updater-scripts nix coreutils # shellcheck shell=bash set -euo pipefail RELEASE_NAME=$(curl -s https://api.github.com/repos/infisical/infisical/releases \ | jq -r 'sort_by(.created_at) | reverse | (map (select ((.prerelease == false) and (.draft == false))) | first ) | .name') VERSION=$(echo "$RELEASE_NAME" | sed -E 's/^infisical-cli\/v//') echo "Latest infisical release: $VERSION" ARCHS=( "x86_64-linux:linux_amd64" "x86_64-darwin:darwin_amd64" "aarch64-linux:linux_arm64" "aarch64-darwin:darwin_arm64" ) NFILE=pkgs/development/tools/infisical/default.nix HFILE=pkgs/development/tools/infisical/hashes.json rm -f "$HFILE" && touch "$HFILE" printf "{ \"_comment\": \"@generated by pkgs/development/tools/infisical/update.sh\"\n" >> "$HFILE" for arch in "${ARCHS[@]}"; do IFS=: read -r arch_name arch_target <<< "$arch" sha256hash="$(nix-prefetch-url --type sha256 "https://github.com/infisical/infisical/releases/download/${RELEASE_NAME}/infisical_${VERSION}_${arch_target}.tar.gz")" srihash="$(nix hash to-sri --type sha256 "$sha256hash")" echo ", \"$arch_name\": \"$srihash\"" >> "$HFILE" done echo "}" >> "$HFILE" sed -i \ '0,/version\s*=\s*".*";/s//version = "'"$VERSION"'";/' \ "$NFILE" echo "Done; wrote $HFILE and updated version in $NFILE." Loading
pkgs/development/tools/infisical/default.nix +82 −54 Original line number Diff line number Diff line { stdenv, lib, callPackage, fetchurl }: { stdenv, lib, fetchurl, testers, infisical, installShellFiles }: # this expression is mostly automated, and you are STRONGLY # RECOMMENDED to use to nix-update for updating this expression when new # releases come out, which runs the sibling `update.sh` script. # # from the root of the nixpkgs git repository, run: # # nix-shell maintainers/scripts/update.nix \ # --argstr commit true \ # --argstr package infisical let inherit (stdenv.hostPlatform) system; throwSystem = throw "Unsupported system: ${system}"; # build hashes, which correspond to the hashes of the precompiled binaries procured by GitHub Actions. buildHashes = builtins.fromJSON (builtins.readFile ./hashes.json); # the version of infisical version = "0.14.3"; plat = { # the platform-specific, statically linked binary src = let suffix = { # map the platform name to the golang toolchain suffix # NOTE: must be synchronized with update.sh! x86_64-linux = "linux_amd64"; x86_64-darwin = "darwin_amd64"; aarch64-linux = "linux_arm64"; aarch64-darwin = "darwin_arm64"; }.${system} or throwSystem; }."${stdenv.hostPlatform.system}" or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); archive_fmt = "tar.gz"; name = "infisical_${version}_${suffix}.tar.gz"; hash = buildHashes."${stdenv.hostPlatform.system}"; url = "https://github.com/Infisical/infisical/releases/download/infisical-cli%2Fv${version}/${name}"; in fetchurl { inherit name url hash; }; sha256 = { x86_64-linux = "e85c5f2ddca89caa6b44c61554c1dffeacdabc96c25a7e6881dc5722515270d1"; x86_64-darwin = "eddbcde10271f791eb1473ba00b85b442aa059cdfee38021b8f8880f33754821"; aarch64-linux = "9793a6db476492802ffec7f933d7f8f107a1c89fee09c8eb6bdb975b1fccecea"; aarch64-darwin = "46c8a82a71da5731c108d24b4a960a507af66d91bba7b7246dd3a3415afaf7d3"; }.${system} or throwSystem; in stdenv.mkDerivation (finalAttrs: { stdenv.mkDerivation { pname = "infisical"; version = "0.14.2"; version = version; inherit src; src = fetchurl { url = "https://github.com/Infisical/infisical/releases/download/infisical-cli%2Fv${finalAttrs.version}/infisical_${finalAttrs.version}_${plat}.tar.gz"; inherit sha256; }; nativeBuildInputs = [ installShellFiles ]; doCheck = true; dontConfigure = true; dontStrip = true; sourceRoot = "."; buildPhase = "chmod +x ./infisical"; checkPhase = "./infisical --version"; installPhase = '' mkdir -p $out/bin/ $out/share/completions/ $out/share/man/ cp infisical $out/bin cp completions/* $out/share/completions/ cp manpages/* $out/share/man/ cp infisical $out/bin ''; postInstall = '' installManPage share/man/infisical.1.gz installShellCompletion share/completions/infisical.{bash,fish,zsh} chmod +x bin/infisical ''; passthru = { updateScript = ./update.sh; tests.version = testers.testVersion { package = infisical; }; }; meta = with lib; { description = "The official Infisical CLI"; longDescription = '' Infisical is an Open Source, End-to-End encrypted platform that lets you securely sync secrets and configs across your team, devices, and infrastructure Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure and prevent secret leaks. ''; mainProgram = "infisical"; homepage = "https://infisical.com/"; downloadPage = "https://github.com/Infisical/infisical/releases/"; homepage = "https://infisical.com"; changelog = "https://github.com/infisical/infisical/releases/tag/infisical-cli%2Fv${version}"; license = licenses.mit; mainProgram = "infisical"; maintainers = [ maintainers.ivanmoreau maintainers.jgoux ]; platforms = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" "aarch64-linux" ]; platforms = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" "x86_64-darwin" ]; }; }) }
pkgs/development/tools/infisical/hashes.json 0 → 100644 +6 −0 Original line number Diff line number Diff line { "_comment": "@generated by pkgs/development/tools/infisical/update.sh" , "x86_64-linux": "sha256-sTfwooMN5ckdaxpd4R3yQvDEYT7muYZTyFEm0exM33M=" , "x86_64-darwin": "sha256-B94+mF5Wu0pHKIo8CuHAbrorzIxK2U64Np3JFlTc1kk=" , "aarch64-linux": "sha256-eGuKnC6h1YPW0UdY5wcChbiSzATAcSmHZ6mKBI2sR80=" , "aarch64-darwin": "sha256-s4s1la165cQ5I296ZCeW3ZIyYapTfRxa20QdZmXvido=" }
pkgs/development/tools/infisical/update.sh 0 → 100755 +41 −0 Original line number Diff line number Diff line #!/usr/bin/env nix-shell #!nix-shell -I nixpkgs=./. -i bash -p curl jq nix-prefetch common-updater-scripts nix coreutils # shellcheck shell=bash set -euo pipefail RELEASE_NAME=$(curl -s https://api.github.com/repos/infisical/infisical/releases \ | jq -r 'sort_by(.created_at) | reverse | (map (select ((.prerelease == false) and (.draft == false))) | first ) | .name') VERSION=$(echo "$RELEASE_NAME" | sed -E 's/^infisical-cli\/v//') echo "Latest infisical release: $VERSION" ARCHS=( "x86_64-linux:linux_amd64" "x86_64-darwin:darwin_amd64" "aarch64-linux:linux_arm64" "aarch64-darwin:darwin_arm64" ) NFILE=pkgs/development/tools/infisical/default.nix HFILE=pkgs/development/tools/infisical/hashes.json rm -f "$HFILE" && touch "$HFILE" printf "{ \"_comment\": \"@generated by pkgs/development/tools/infisical/update.sh\"\n" >> "$HFILE" for arch in "${ARCHS[@]}"; do IFS=: read -r arch_name arch_target <<< "$arch" sha256hash="$(nix-prefetch-url --type sha256 "https://github.com/infisical/infisical/releases/download/${RELEASE_NAME}/infisical_${VERSION}_${arch_target}.tar.gz")" srihash="$(nix hash to-sri --type sha256 "$sha256hash")" echo ", \"$arch_name\": \"$srihash\"" >> "$HFILE" done echo "}" >> "$HFILE" sed -i \ '0,/version\s*=\s*".*";/s//version = "'"$VERSION"'";/' \ "$NFILE" echo "Done; wrote $HFILE and updated version in $NFILE."
