forked from semgrep/semgrep
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsemgrep.nix
More file actions
275 lines (253 loc) · 7.56 KB
/
semgrep.nix
File metadata and controls
275 lines (253 loc) · 7.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
{
opam-nix,
opam-repository,
hasSubmodules,
ocamlVersion ? "5.3.0",
}:
{ pkgs, system }:
let
lib =
let
on = opam-nix.lib.${system};
libunwind-dev = if pkgs.stdenv.isDarwin then pkgs.darwin.libunwind else pkgs.libunwind.dev;
in
rec {
# We need to add the pkg-config path to the PATH for these packages so that
# dune can find it
# TODO fix on opam side to use pkg-conf on macos
addPkgConfig =
pkg: inputs:
pkg.overrideAttrs (prev: {
nativeBuildInputs = prev.nativeBuildInputs ++ [ pkgs.pkg-config ];
});
patchesOverlay = final: prev: {
conf-libpcre = addPkgConfig prev.conf-libpcre [ pkgs.pkg-config ];
conf-libffi = addPkgConfig prev.conf-libffi [ pkgs.pkg-config ];
conf-libpcre2-8 = addPkgConfig prev.conf-libpcre2-8 [ pkgs.pkg-config ];
conf-unwind = prev.conf-unwind.overrideAttrs (old: {
buildInputs = old.buildInputs ++ [ libunwind-dev ];
nativeBuildInputs = old.nativeBuildInputs ++ [ libunwind-dev ];
});
# remove lzma from conf-xz, since we don't have it, and instead add xz
conf-libdw = (
if !pkgs.stdenv.isDarwin then
(prev.conf-libdw.overrideAttrs (old: {
buildInputs = prev.conf-libpcre.buildInputs ++ [
pkgs.elfutils.dev
pkgs.xz.dev
pkgs.zstd.dev
];
nativeBuildInputs = prev.conf-libpcre.nativeBuildInputs ++ [
pkgs.elfutils.dev
pkgs.xz.dev
pkgs.zstd.dev
];
}))
else
prev.conf-libdw
);
};
# helper to add buildinputs to an existing pkg
addBuildInputs =
pkg: inputs:
pkg.overrideAttrs (prev: {
buildInputs = prev.buildInputs ++ inputs;
});
# convert scopes to a list of pkgs so we can explicitly add packages from
# the query
scopeToPkgs =
query: scope: builtins.attrValues (pkgs.lib.getAttrs (builtins.attrNames query) scope);
# Pass a src and list of paths in that source to get a src that is only
# those paths
strictSrc =
src: paths:
# Use cleanSource, but limit it to only include srcs explicitly listed
with pkgs.lib.fileset;
(toSource {
root = src;
fileset = (intersection (fromSource (pkgs.lib.sources.cleanSource src)) (unions paths));
});
mapDev =
pkg: field:
builtins.map (
dep:
if
(
(builtins.isAttrs dep)
&& (builtins.hasAttr "pname" dep)
&& pkgs.lib.strings.hasSuffix "-dev" dep.name
)
then
(mapDev dep field)
else
dep
) pkg.${field};
filterDevDeps =
pkg:
let
in
pkg.overrideAttrs (prev: {
buildInputs = mapDev prev "buildInputs";
nativeBuildInputs = mapDev prev "nativeBuildInputs";
});
# TODO https://github.com/tweag/opam-nix/blob/main/DOCUMENTATION.md#materialization
# Will speed it up
buildOpamPkg =
{
name,
src,
query ? { },
overlays ? [
patchesOverlay
on.defaultOverlay
],
inputs ? [ ],
}:
let
# Force ocaml version
#
# you can also force specific ocaml package versions like
#
# ocamlfind = "1.9.8";
baseQuery = {
ocaml-base-compiler = ocamlVersion;
};
resolveArgs = {
# speeds up so we don't get a solver timeout
criteria = null;
};
repos = [ "${opam-repository}" ];
# repos = opamRepos to force newest version of opam
# pkgs = pkgs to force newest version of nixpkgs instead of using opam-nix's
# overlays = to force the default and patches overlay
scope = on.buildOpamProject {
inherit
pkgs
repos
overlays
resolveArgs
;
} name src (baseQuery // query);
inputsFromQuery = scopeToPkgs query scope;
pkgWithInputs = addBuildInputs scope.${name} (inputs ++ inputsFromQuery);
in
filterDevDeps pkgWithInputs;
# make sure we have submodules
# See https://github.com/NixOS/nix/pull/7862
buildPhaseSubmoduleCheck =
buildPhase:
let
buildPhaseFail = ''
echo "Derivation won't build outside of a nix shell without submodules:"
echo " nix build '.?submodules=1#' # build from local sources"
exit 1
'';
in
if hasSubmodules then buildPhase else buildPhaseFail;
};
# Grab opam packages from opam file
semgrepOpam = lib.buildOpamPkg {
name = "semgrep";
src = ./.;
inputs = (
with pkgs;
[
tree-sitter
]
++ (if pkgs.stdenv.isDarwin then [ libdwarf ] else [ ])
);
};
devOptional = lib.buildOpamPkg {
name = "optional";
src = ./dev;
# You can force versions of certain packages here
query = {
utop = "2.15.0";
};
};
devRequired = lib.buildOpamPkg {
name = "required";
src = ./dev;
};
in
let
#
# semgrep
#
darwinEnv = {
# all the dune files of semgrep treesitter <LANG> are missing the
# :standard field. Basically all compilers autodetct if something is c
# or c++ based on file extension, and add the c stdlib based on that.
# Nix doesn't because reasons:
# https://github.com/NixOS/nixpkgs/issues/150655 Dune also passes
# -xc++ if it detects a c++ file (again sane), but it's included in
# the :standard var, which we don't add because ??? TODO add and
# commit them instead of doing this
NIX_CFLAGS_COMPILE = "-I${pkgs.libcxx.dev}/include/c++/v1";
};
env = {
# Needed so we don't pass any flags in flags.sh
SEMGREP_NIX_BUILD = "1";
}
// (if pkgs.stdenv.isDarwin then darwinEnv else { });
semgrep = semgrepOpam.overrideAttrs (prev: rec {
# Special environment variables for osemgrep for linking stuff
# coupling: if you add files here you probably want to add them to the
# Dockerfile and the pro Dockerfile
src = (
lib.strictSrc ./. (
with pkgs.lib.fileset;
[
./Makefile
./cygwin-env.mk
./TCB
./bin
# might be missing due to submodule issue (dumb)
(maybeMissing ./cli/src/semgrep/semgrep_interfaces)
./dune
./dune-project
./interfaces
./languages
./libs
./src
./tools
# only needed for testing
# TODO split out into separate derivation
./cli/tests
./scripts/run-core-test
./scripts/make-symlinks
./test
./tests
]
)
);
inherit env;
buildPhase = lib.buildPhaseSubmoduleCheck "make core";
# needed for networking tests
nativeCheckInputs = (
with pkgs;
[
cacert
git
]
);
# git init is needed so tests work successfully since many rely on git root existing
checkPhase = ''
git init
make test
'';
# DONE! Copy semgrep binaries!!!!
installPhase = ''
mkdir -p $out/bin
cp _build/install/default/bin/* $out/bin
'';
});
# for development
devPkgs = devOptional.buildInputs ++ devRequired.buildInputs;
in
{
pkg = semgrep;
devEnv = env;
inherit devPkgs;
inherit lib;
}