-
Notifications
You must be signed in to change notification settings - Fork 31
/
Copy pathflake.nix
66 lines (64 loc) · 2.27 KB
/
flake.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
{
description = "applications for recovering snowplow bad rows";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
flake-utils.url = "github:numtide/flake-utils";
flake-utils.inputs.nixpkgs.follows = "nixpkgs";
devenv.url = "github:cachix/devenv";
devenv.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = {
nixpkgs,
flake-utils,
devenv,
...
} @ inputs:
flake-utils.lib.eachDefaultSystem (
system: let
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
config.allowUnsupportedSystem = true;
};
jre = pkgs.openjdk11;
sbt = pkgs.sbt.override {inherit jre;};
coursier = pkgs.coursier.override {inherit jre;};
metals = pkgs.metals.override {inherit coursier jre;};
in {
devShell = devenv.lib.mkShell {
inherit inputs pkgs;
modules = [
{
packages = [
jre
metals
sbt
pkgs.kubernetes-helm
# (pkgs.wrapHelm pkgs.kubernetes-helm {plugins = [pkgs.kubernetes-helmPlugins.helm-diff];})
# pkgs.google-cloud-sdk.withExtraComponents( with pkgs.google-cloud-sdk.components [ gke-gcloud-auth-plugin ]);
(pkgs.google-cloud-sdk.withExtraComponents [pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin])
# pkgs.google-cloud-sdk-gce
pkgs.snyk
pkgs.gitleaks
];
scripts = {
snyk-check.exec = ''
for p in kinesis pubsub kafka nsq; do sbt "project ''${p}Distroless; set version := \"latest\"; Docker / publishLocal"; snyk container test --platform=linux/arm64 --app-vulns snowplow/scala-stream-collector-''${p}:latest-distroless; done
'';
};
languages.nix.enable = true;
pre-commit.hooks = {
alejandra.enable = true;
deadnix.enable = true;
gitleaks = {
enable = true;
name = "gitleaks";
entry = "${pkgs.gitleaks}/bin/gitleaks detect --source . -v";
};
};
}
];
};
}
);
}