From e6a5b5f924091c4d52d2921de4291f8108acc07c Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sun, 24 Mar 2024 16:32:57 +0100 Subject: [PATCH 1/3] kubescape: 2.9.1 -> 3.0.7 --- pkgs/tools/security/kubescape/default.nix | 44 ++++++++++++----------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/pkgs/tools/security/kubescape/default.nix b/pkgs/tools/security/kubescape/default.nix index c6fb92044cdc..3141a22bbf04 100644 --- a/pkgs/tools/security/kubescape/default.nix +++ b/pkgs/tools/security/kubescape/default.nix @@ -1,6 +1,7 @@ { lib , buildGoModule , fetchFromGitHub +, git , installShellFiles , kubescape , testers @@ -8,52 +9,55 @@ buildGoModule rec { pname = "kubescape"; - version = "2.9.1"; + version = "3.0.7"; src = fetchFromGitHub { owner = "kubescape"; - repo = pname; + repo = "kubescape"; rev = "refs/tags/v${version}"; - hash = "sha256-FKWR3pxFtJBEa14Mn3RKsLvrliHaj6TuF4F2JLtw2qA="; + hash = "sha256-eQIP03UOUykb68u/LnvWwAs1pqm71bUH+/la5y+3ewU="; fetchSubmodules = true; }; - vendorHash = "sha256-zcv8oYm6srwkwT3pUECtTewyqVVpCIcs3i0VRTRft68="; + vendorHash = "sha256-Jz7CorEPKpgfhjf/jc1/dOWJ6pwxwG68cp8rzpZGpFs="; + + subPackages = [ + "." + ]; nativeBuildInputs = [ installShellFiles ]; + nativeCheckInputs = [ + git + ]; + ldflags = [ "-s" "-w" - "-X=github.com/kubescape/kubescape/v2/core/cautils.BuildNumber=v${version}" + "-X=github.com/kubescape/kubescape/v3/core/cautils.BuildNumber=v${version}" ]; - subPackages = [ "." ]; - preCheck = '' - # Feed in all but the integration tests for testing - # This is because subPackages above limits what is built to just what we - # want but also limits the tests - # Skip httphandler tests - the checkPhase doesn't care about excludedPackages - getGoDirs() { - go list ./... | grep -v httphandler - } + export HOME=$(mktemp -d) - # remove tests that use networking + # Remove tests that use networking rm core/pkg/resourcehandler/urlloader_test.go rm core/pkg/opaprocessor/*_test.go rm core/cautils/getter/downloadreleasedpolicy_test.go + rm core/core/initutils_test.go + rm core/core/list_test.go + rm core/pkg/resourcehandler/remotegitutils_test.go - # remove tests that use networking + # Remove tests that use networking substituteInPlace core/pkg/resourcehandler/repositoryscanner_test.go \ - --replace "TestScanRepository" "SkipScanRepository" \ - --replace "TestGit" "SkipGit" + --replace-fail "TestScanRepository" "SkipScanRepository" \ + --replace-fail "TestGit" "SkipGit" - # remove test that requires networking + # Remove test that requires networking substituteInPlace core/cautils/scaninfo_test.go \ - --replace "TestSetContextMetadata" "SkipSetContextMetadata" + --replace-fail "TestSetContextMetadata" "SkipSetContextMetadata" ''; postInstall = '' From 73cb5278cbd84512ce5fed32714e42db14eceabe Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 30 Mar 2024 17:46:44 +0100 Subject: [PATCH 2/3] kubescape: disable on darwin --- pkgs/tools/security/kubescape/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/tools/security/kubescape/default.nix b/pkgs/tools/security/kubescape/default.nix index 3141a22bbf04..7606d43bd45a 100644 --- a/pkgs/tools/security/kubescape/default.nix +++ b/pkgs/tools/security/kubescape/default.nix @@ -1,4 +1,5 @@ { lib +, stdenv , buildGoModule , fetchFromGitHub , git @@ -91,5 +92,6 @@ buildGoModule rec { ''; license = licenses.asl20; maintainers = with maintainers; [ fab jk ]; + broken = stdenv.isDarwin; }; } From 72ea5561d6554eb4595d81ead25c9dc196228090 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 30 Mar 2024 17:52:12 +0100 Subject: [PATCH 3/3] kubescape: 3.0.7 -> 3.0.8 Diff: https://github.com/kubescape/kubescape/compare/refs/tags/v3.0.7...v3.0.8 Changelog: https://github.com/kubescape/kubescape/releases/tag/v3.0.8 --- pkgs/tools/security/kubescape/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/tools/security/kubescape/default.nix b/pkgs/tools/security/kubescape/default.nix index 7606d43bd45a..2c74013c3ad1 100644 --- a/pkgs/tools/security/kubescape/default.nix +++ b/pkgs/tools/security/kubescape/default.nix @@ -10,17 +10,17 @@ buildGoModule rec { pname = "kubescape"; - version = "3.0.7"; + version = "3.0.8"; src = fetchFromGitHub { owner = "kubescape"; repo = "kubescape"; rev = "refs/tags/v${version}"; - hash = "sha256-eQIP03UOUykb68u/LnvWwAs1pqm71bUH+/la5y+3ewU="; + hash = "sha256-ZGDE9go8BmaXE1YFT/z5Nob90MhsKZ6oKrodDMu2npY="; fetchSubmodules = true; }; - vendorHash = "sha256-Jz7CorEPKpgfhjf/jc1/dOWJ6pwxwG68cp8rzpZGpFs="; + vendorHash = "sha256-qFJVoWzU9rqpYbb8gzdK33rq///zizxVkWhsNV8OXOM="; subPackages = [ "." @@ -76,7 +76,6 @@ buildGoModule rec { meta = with lib; { description = "Tool for testing if Kubernetes is deployed securely"; - mainProgram = "kubescape"; homepage = "https://github.com/kubescape/kubescape"; changelog = "https://github.com/kubescape/kubescape/releases/tag/v${version}"; longDescription = '' @@ -92,6 +91,7 @@ buildGoModule rec { ''; license = licenses.asl20; maintainers = with maintainers; [ fab jk ]; + mainProgram = "kubescape"; broken = stdenv.isDarwin; }; }