push sheeet

pkgs/by-name/ej/ejson2env/package.nix

@@ -0,0 +1,45 @@
+{
+  lib,
+  buildGoModule,
+  fetchFromGitHub,
+  nix-update-script,
+  testers,
+  callPackage,
+  ejson2env,
+}:
+
+buildGoModule rec {
+  pname = "ejson2env";
+  version = "2.0.8";
+
+  src = fetchFromGitHub {
+    owner = "Shopify";
+    repo = "ejson2env";
+    rev = "v${version}";
+    sha256 = "sha256-0DKKdu1b/gjwtKycdXrV3hzAeGmvK41MlZbltcEzj/g=";
+  };
+
+  vendorHash = "sha256-UskdGQbLR4W7ucC0foMWim8o9BqyE5o0Nza9yVBTftY=";
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-X main.version=${version}"
+  ];
+
+  passthru = {
+    updateScript = nix-update-script { };
+    tests = {
+      version = testers.testVersion { package = ejson2env; };
+      decryption = callPackage ./test-decryption.nix { };
+    };
+  };
+
+  meta = with lib; {
+    description = "Decrypt EJSON secrets and export them as environment variables";
+    homepage = "https://github.com/Shopify/ejson2env";
+    maintainers = with maintainers; [ viraptor ];
+    license = licenses.mit;
+    mainProgram = "ejson2env";
+  };
+}

pkgs/by-name/ej/ejson2env/test-decryption.nix

@@ -0,0 +1,21 @@
+{ ejson2env, runCommand }:
+runCommand "check-ejson2env.sh"
+  {
+    nativeBuildInputs = [ ejson2env ];
+  }
+  ''
+      cat > $TMP/abc.ejson <<EOF
+        {
+          "_public_key": "349a0e027725db0693cf0505344c5104807d38fb398cd4597029dccc8d0d8711",
+          "environment": {
+            "foo": "EJ[1:7oqIDkyXLro12rcrg7/psjK5Qcfuw5FRquvfBaRUBic=:OTtncVl0wT4U6UWdxoaCGBRnM2WzGnV3:1FiIgHYT5U6MjFN8IUU83T1fzQ==]"
+          }
+        }
+    EOF
+      response="$(echo "ff34961809e9d7a0ae20b9d09e5d8630c8d4924cef19cdb5385916b9be019954" | ejson2env --key-from-stdin $TMP/abc.ejson)"
+      if [[ "$response" != "export foo=bar" ]]; then
+        echo "test file not decrypted correctly"
+        exit 1
+      fi
+      touch $out
+  ''