pyrox.dev
1{ pkgs, ... }:
2let
3 dependencyTrackPort = 8081;
4in
5{
6 name = "dependency-track";
7 meta = {
8 maintainers = pkgs.lib.teams.cyberus.members;
9 };
10
11 nodes = {
12 server =
13 { pkgs, ... }:
14 {
15 virtualisation = {
16 cores = 2;
17 diskSize = 4096;
18 memorySize = 1024 * 2;
19 };
20
21 environment.systemPackages = with pkgs; [ curl ];
22 systemd.services.dependency-track = {
23 # source: https://github.com/DependencyTrack/dependency-track/blob/37e0ba59e8057c18a87a7a76e247a8f75677a56c/dev/scripts/data-nist-generate-dummy.sh
24 preStart = ''
25 set -euo pipefail
26
27 NIST_DIR="$HOME/.dependency-track/nist"
28
29 rm -rf "$NIST_DIR"
30 mkdir -p "$NIST_DIR"
31
32 for feed in $(seq "2024" "2002"); do
33 touch "$NIST_DIR/nvdcve-1.1-$feed.json.gz"
34 echo "9999999999999" > "$NIST_DIR/nvdcve-1.1-$feed.json.gz.ts"
35 done
36 '';
37 };
38 services.dependency-track = {
39 enable = true;
40
41 # The Java VM defaults (correctly) to tiny heap on this tiny
42 # VM, but that's not enough to start dependency-track.
43 javaArgs = [ "-Xmx4G" ];
44
45 port = dependencyTrackPort;
46 nginx.domain = "localhost";
47 database.passwordFile = "${pkgs.writeText "dbPassword" ''hunter2'THE'''H''''E''}";
48 };
49 };
50 };
51
52 testScript =
53 # python
54 ''
55 import json
56
57 start_all()
58
59 server.wait_for_unit("dependency-track.service")
60 server.wait_until_succeeds(
61 "journalctl -o cat -u dependency-track.service | grep 'Dependency-Track is ready'"
62 )
63 server.wait_for_open_port(${toString dependencyTrackPort})
64
65 with subtest("version api returns correct version"):
66 version = json.loads(
67 server.succeed("curl http://localhost/api/version")
68 )
69 assert version["version"] == "${pkgs.dependency-track.version}"
70
71 with subtest("nginx serves frontend"):
72 server.succeed("curl http://localhost/ | grep \"<title>Dependency-Track</title>\"")
73 '';
74}