pkgs/development/python-modules/compliance-trestle/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

{
  attrs,
  buildPythonPackage,
  cmarkgfm,
  cryptography,
  defusedxml,
  datamodel-code-generator,
  email-validator,
  fetchFromGitHub,
  furl,
  ilcli,
  importlib-resources,
  jinja2,
  lib,
  mypy,
  openpyxl,
  orjson,
  paramiko,
  pytestCheckHook,
  pydantic,
  python-dotenv,
  python-frontmatter,
  requests,
  ruamel-yaml,
  setuptools,
  setuptools-scm,
}:

buildPythonPackage rec {
  pname = "compliance-trestle";
  version = "3.7.0";
  pyproject = true;

  src = fetchFromGitHub {
    owner = "oscal-compass";
    repo = "compliance-trestle";
    tag = "v${version}";
    hash = "sha256-MEPleUM5gSCJjVaVbNtNzRl+Vvvk97h6Q/mOWIxFd2Q=";
    fetchSubmodules = true;
  };

  pythonRelaxDeps = true;

  postPatch = ''
    substituteInPlace tests/trestle/misc/mypy_test.py \
      --replace-fail "trestle'," "${placeholder "out"}/bin/trestle'," \
  '';

  build-system = [
    setuptools
    setuptools-scm
  ];

  dependencies = [
    attrs
    cmarkgfm
    cryptography
    defusedxml
    datamodel-code-generator
    email-validator
    furl
    ilcli
    importlib-resources
    jinja2
    openpyxl
    orjson
    paramiko
    pydantic
    python-dotenv
    python-frontmatter
    requests
    ruamel-yaml
  ];

  nativeCheckInputs = [
    pytestCheckHook
    mypy
  ];

  disabledTests = [
    # Requires network access
    "test_import_from_url"
    "test_import_from_nist"
    "test_remote_profile_relative_cat"

    # AssertionError
    "test_profile_generate_assemble_rev_5"
    "test_ssp_assemble_fedramp_profile"
    "test_ssp_generate_aggregates_no_cds"
    "test_ssp_generate_aggregates_no_param_value_orig"
  ];

  disabledTestPaths = [
    # Requires network access
    "tests/trestle/core/remote"
  ];

  pythonImportsCheck = [ "trestle" ];

  meta = {
    description = "An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard";
    homepage = "https://github.com/oscal-compass/compliance-trestle";
    changelog = "https://github.com/oscal-compass/compliance-trestle/blob/${src.rev}/CHANGELOG.md";
    license = lib.licenses.asl20;
    maintainers = with lib.maintainers; [ tochiaha ];
    mainProgram = "trestle";
  };
}