talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
nixpkgs/pkgs/development/python-modules/semgrep/default.nix
Martin Weinelt ae4a1a485a
treewide: add explicit format attribute for Python packages 
If a Python package does not come with either `format` or `pyproject` we
consider it a setuptools build, that calls `setup.py` directly, which is
deprecated.

This change, as a first step, migrates a large chunk of these packages to
set setuptools as their explicit format

This is so we can unify the problem space for the next step of the
migration.
2025-07-02 05:56:47 +02:00

178 lines
3.6 KiB
Nix
Raw Permalink Blame History

{
lib,
callPackage,
fetchFromGitHub,
semgrep-core,
buildPythonPackage,
pytestCheckHook,
git,
# python packages
attrs,
boltons,
click,
click-option-group,
colorama,
defusedxml,
flaky,
glom,
jsonschema,
opentelemetry-api,
opentelemetry-exporter-otlp-proto-http,
opentelemetry-instrumentation-requests,
opentelemetry-sdk,
packaging,
peewee,
pytest-freezegun,
pytest-mock,
pytest-snapshot,
python-lsp-jsonrpc,
requests,
rich,
ruamel-yaml,
tomli,
tqdm,
types-freezegun,
typing-extensions,
urllib3,
wcmatch,
}:
# testing locally post build:
# ./result/bin/semgrep scan --metrics=off --config 'r/generic.unicode.security.bidi.contains-bidirectional-characters'
let
common = import ./common.nix { inherit lib; };
semgrepBinPath = lib.makeBinPath [ semgrep-core ];
in
buildPythonPackage rec {
format = "setuptools";
pname = "semgrep";
inherit (common) version;
src = fetchFromGitHub {
owner = "semgrep";
repo = "semgrep";
rev = "v${version}";
hash = common.srcHash;
};
# prepare a subset of the submodules as we only need a handful
# and there are many many submodules total
postPatch =
(lib.concatStringsSep "\n" (
lib.mapAttrsToList (path: submodule: ''
# substitute ${path}
# remove git submodule placeholder
rm -r ${path}
# link submodule
ln -s ${submodule}/ ${path}
'') passthru.submodulesSubset
))
+ ''
cd cli
'';
# tell cli/setup.py to not copy semgrep-core into the result
# this means we can share a copy of semgrep-core and avoid an issue where it
# copies the binary but doesn't retain the executable bit
SEMGREP_SKIP_BIN = true;
pythonRelaxDeps = [
"boltons"
"glom"
];
dependencies = [
attrs
boltons
colorama
click
click-option-group
glom
requests
rich
ruamel-yaml
tqdm
packaging
jsonschema
wcmatch
peewee
defusedxml
urllib3
typing-extensions
python-lsp-jsonrpc
tomli
opentelemetry-api
opentelemetry-sdk
opentelemetry-exporter-otlp-proto-http
opentelemetry-instrumentation-requests
];
doCheck = true;
nativeCheckInputs = [
git
pytestCheckHook
flaky
pytest-snapshot
pytest-mock
pytest-freezegun
types-freezegun
];
disabledTestPaths = [
"tests/default/e2e"
"tests/default/e2e-pysemgrep"
"tests/default/e2e-other"
];
disabledTests = [
# requires networking
"test_send"
# requires networking
"test_parse_exclude_rules_auto"
# many child tests require networking to download files
"TestConfigLoaderForProducts"
# doesn't start flaky plugin correctly
"test_debug_performance"
# requires .git directory
"clean_project_url"
];
preCheck = ''
# tests need a home directory
export HOME="$(mktemp -d)"
# tests need access to `semgrep-core`
export OLD_PATH="$PATH"
export PATH="$PATH:${semgrepBinPath}"
'';
postCheck = ''
export PATH="$OLD_PATH"
unset OLD_PATH
'';
# since we stop cli/setup.py from finding semgrep-core and copying it into
# the result we need to provide it on the PATH
preFixup = ''
makeWrapperArgs+=(--prefix PATH : ${semgrepBinPath})
'';
postInstall = ''
chmod +x $out/bin/{,py}semgrep
'';
passthru = {
inherit common semgrep-core;
submodulesSubset = lib.mapAttrs (k: args: fetchFromGitHub args) common.submodules;
updateScript = ./update.sh;
};
meta = common.meta // {
description = common.meta.description + " - cli";
inherit (semgrep-core.meta) platforms;
};
}
Reference in New Issue View Git Blame Copy Permalink