From 4b5ac200917c296ce00cd0a49d6b9d2c6781170b Mon Sep 17 00:00:00 2001
From: Yuriy Taraday <yorik.sar@gmail.com>
Date: Mon, 24 Jul 2023 15:01:14 +0200
Subject: [PATCH] Install gh

Using patch to make access to Keychain more secure, see
https://github.com/cli/cli/pull/7743
---
 nix/gh.nix            | 12 ++++++++
 nix/pkgs/gh.nix       | 70 +++++++++++++++++++++++++++++++++++++++++++
 nix/profiles/base.nix |  1 +
 3 files changed, 83 insertions(+)
 create mode 100644 nix/gh.nix
 create mode 100644 nix/pkgs/gh.nix

diff --git a/nix/gh.nix b/nix/gh.nix
new file mode 100644
index 0000000..1652f3b
--- /dev/null
+++ b/nix/gh.nix
@@ -0,0 +1,12 @@
+{pkgs, ...}: {
+  programs.gh = {
+    enable = true;
+    package = pkgs.callPackage ./pkgs/gh.nix {};
+    settings = {
+      aliases.co = "pr checkout";
+    };
+  };
+  xdg.configFile."gh/hosts.yml".source = (pkgs.formats.yaml {}).generate "gh-hosts.yml" {
+    "github.com".user = "YorikSar";
+  };
+}
diff --git a/nix/pkgs/gh.nix b/nix/pkgs/gh.nix
new file mode 100644
index 0000000..fa1c926
--- /dev/null
+++ b/nix/pkgs/gh.nix
@@ -0,0 +1,70 @@
+{
+  lib,
+  fetchFromGitHub,
+  fetchpatch,
+  buildGoModule,
+  installShellFiles,
+  stdenv,
+  testers,
+  gh,
+}:
+buildGoModule rec {
+  pname = "gh";
+  version = "2.32.0";
+
+  src = fetchFromGitHub {
+    owner = "cli";
+    repo = "cli";
+    rev = "v${version}";
+    hash = "sha256-YnIwrx/NEOH3yXkkCq30i9Jt2IXKX5IX8BuM6+u9tvs=";
+  };
+
+  patches = [
+    (fetchpatch {
+      url = "https://github.com/yoriksar/cli/commit/43dfa0fdd4f8ecd72d36eb755b05e9b416efaee5.patch";
+      sha256 = "sha256-ozGP50Z/B6FcUYNYZV8/znRCmDElNOicB+WPPXFmmm4=";
+    })
+  ];
+
+  vendorHash = "sha256-G6fdROuwpFncO5FL7DRwRQAiHRgtc3IFsvx0HfmWqxU=";
+
+  nativeBuildInputs = [installShellFiles];
+
+  buildPhase = ''
+    runHook preBuild
+    make GO_LDFLAGS="-s -w" GH_VERSION=${version} bin/gh ${lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) "manpages"}
+    runHook postBuild
+  '';
+
+  installPhase =
+    ''
+      runHook preInstall
+      install -Dm755 bin/gh -t $out/bin
+    ''
+    + lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
+      installManPage share/man/*/*.[1-9]
+
+      installShellCompletion --cmd gh \
+        --bash <($out/bin/gh completion -s bash) \
+        --fish <($out/bin/gh completion -s fish) \
+        --zsh <($out/bin/gh completion -s zsh)
+    ''
+    + ''
+      runHook postInstall
+    '';
+
+  # most tests require network access
+  doCheck = false;
+
+  passthru.tests.version = testers.testVersion {
+    package = gh;
+  };
+
+  meta = with lib; {
+    description = "GitHub CLI tool";
+    homepage = "https://cli.github.com/";
+    changelog = "https://github.com/cli/cli/releases/tag/v${version}";
+    license = licenses.mit;
+    maintainers = with maintainers; [zowoq];
+  };
+}
diff --git a/nix/profiles/base.nix b/nix/profiles/base.nix
index fdd83c9..fdb8859 100644
--- a/nix/profiles/base.nix
+++ b/nix/profiles/base.nix
@@ -1,6 +1,7 @@
 {pkgs, ...}: {
   imports = [
     ../git.nix
+    ../gh.nix
     ../htop.nix
     ../neovim.nix
     ../tmux.nix