crane/lib/cargoAudit.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

43 lines
1.3 KiB
Nix
Raw Normal View History

{ cargo-audit
, lib
, mkCargoDerivation
}:
{ advisory-db
, cargoAuditExtraArgs ? ""
, cargoExtraArgs ? ""
, src
, ...
}@origArgs:
let
args = builtins.removeAttrs origArgs [
"cargoAuditExtraArgs"
"cargoExtraArgs"
];
in
mkCargoDerivation (args // {
buildPhaseCargoCommand = "cargo audit ${cargoExtraArgs} -n -d ${advisory-db} ${cargoAuditExtraArgs}";
src = lib.cleanSourceWith {
inherit src;
# Keep all Cargo.lock and audit.toml files in the source in case the caller wants to
# pass a flag to audit a specific one.
filter = path: type: type == "directory"
|| lib.hasSuffix "Cargo.lock" path
|| lib.hasSuffix "audit.toml" path;
};
cargoArtifacts = null; # Don't need artifacts, just Cargo.lock
cargoVendorDir = null; # Don't need dependencies either
doInstallCargoArtifacts = false; # We don't expect to/need to install artifacts
pnameSuffix = "-audit";
# Avoid trying to introspect the Cargo.toml file as it won't exist in the
# filtered source (it also might not exist in the original source either).
# So just use some placeholders here in case the caller did not set them.
pname = args.pname or "crate";
version = args.version or "0.0.0";
nativeBuildInputs = (args.nativeBuildInputs or [ ]) ++ [ cargo-audit ];
})