{ lib, stdenv, buildGoModule, dependabot-cli, dockerTools, fetchFromGitHub, installShellFiles, makeWrapper, symlinkJoin, testers, }: let pname = "dependabot-cli"; version = "1.68.0"; # `tag` is what `dependabot` uses to find the relevant docker images. tag = "nixpkgs-dependabot-cli-${version}"; # Get these hashes from # nix run nixpkgs#nix-prefetch-docker -- --image-name ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy --image-tag latest --final-image-name dependabot-update-job-proxy --final-image-tag ${tag} updateJobProxy.imageDigest = "sha256:83834c9a112c3e29c4bc357e17ee057c32232f443bc295130b024077acbcca4e"; updateJobProxy.hash = "sha256-ej6AEvnp7n8O6eArrVAJgXzeco/Rz+tXg7gVxo0OsW8="; # Get these hashes from # nix run nixpkgs#nix-prefetch-docker -- --image-name ghcr.io/dependabot/dependabot-updater-github-actions --image-tag latest --final-image-name dependabot-updater-github-actions --final-image-tag ${tag} updaterGitHubActions.imageDigest = "sha256:90a65d2c98f8fc8ac1fd6291ea0be02a911818d4fa8ec788ceb1c9227fa844f4"; updaterGitHubActions.hash = "sha256-uc/yetek6XHTWQb1+DJiOWEHS2nea+/jd/lJdpI6m7E="; in buildGoModule { inherit pname version; src = fetchFromGitHub { owner = "dependabot"; repo = "cli"; rev = "v${version}"; hash = "sha256-Pd9Q5ipwcj7KQ+Nr7Tyga3xwGKLPFJIPc23fob0EQeA="; }; vendorHash = "sha256-vitkSAvc7TAXcqXQPbnIE0z4tYlSvdx072hzAB50O3I="; ldflags = [ "-s" "-w" "-X github.com/dependabot/cli/cmd/dependabot/internal/cmd.version=v${version}" ]; nativeBuildInputs = [ makeWrapper installShellFiles ]; postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' installShellCompletion --cmd dependabot \ --bash <($out/bin/dependabot completion bash) \ --fish <($out/bin/dependabot completion fish) \ --zsh <($out/bin/dependabot completion zsh) ''; checkFlags = [ "-skip=TestDependabot" ]; doInstallCheck = true; installCheckPhase = '' $out/bin/dependabot --help ''; passthru.updateScript = ./update.sh; passthru.withDockerImages = symlinkJoin { name = "dependabot-cli-with-docker-images"; paths = [ dependabot-cli ]; buildInputs = [ makeWrapper ]; postBuild = let updateJobProxyImage = dockerTools.pullImage { imageName = "ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy"; finalImageName = "dependabot-update-job-proxy"; finalImageTag = tag; inherit (updateJobProxy) imageDigest hash; }; updaterGitHubActionsImage = dockerTools.pullImage { imageName = "ghcr.io/dependabot/dependabot-updater-github-actions"; finalImageName = "dependabot-updater-github-actions"; finalImageTag = tag; inherit (updaterGitHubActions) imageDigest hash; }; in '' # Create a wrapper that pins the docker images that `dependabot` uses. wrapProgram $out/bin/dependabot \ --run "docker load --input ${updateJobProxyImage} >&2" \ --add-flags "--proxy-image=dependabot-update-job-proxy:${tag}" \ --run "docker load --input ${updaterGitHubActionsImage} >&2" \ --add-flags "--updater-image=dependabot-updater-github-actions:${tag}" ''; }; passthru.tests.version = testers.testVersion { package = dependabot-cli; command = "dependabot --version"; version = "v${version}"; }; meta = { changelog = "https://github.com/dependabot/cli/releases/tag/v${version}"; description = "Tool for testing and debugging Dependabot update jobs"; mainProgram = "dependabot"; homepage = "https://github.com/dependabot/cli"; license = lib.licenses.mit; maintainers = with lib.maintainers; [ infinisil philiptaron ]; }; }