tiiuae · henrirosten · Jan 5, 2025 · Jan 3, 2025
diff --git a/nix/checks.nix b/nix/checks.nix
@@ -1,7 +1,11 @@
 # SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII)
 #
 # SPDX-License-Identifier: Apache-2.0
-{lib, ...}: {
+{
+  lib,
+  self,
+  ...
+}: {
   perSystem = {
     self',
     pkgs,
@@ -15,30 +19,35 @@
           pkgs.runCommandLocal "reuse-lint" {
             nativeBuildInputs = [pkgs.reuse];
           } ''
-            cd ${../.}
+            cd ${self.outPath}
             reuse lint
             touch $out
           '';
         pycodestyle =
           pkgs.runCommandLocal "pycodestyle" {
             nativeBuildInputs = [pkgs.python3.pkgs.pycodestyle];
           } ''
-            cd ${../.}
-            pycodestyle --max-line-length 90 $(find . -name "*.py" ! -path "*venv*" ! -path "*eggs*")
+            cd ${self.outPath}
+            pycodestyle --max-line-length 90 $(find . -name "*.py")
             touch $out
           '';
         pylint =
           pkgs.runCommandLocal "pylint" {
-            nativeBuildInputs = [self'.packages.python pkgs.python3.pkgs.pylint];
+            nativeBuildInputs = [self'.devShells.default.nativeBuildInputs];
           } ''
-            cd ${../.}
+            cd ${self.outPath}
             export HOME=/tmp
-            pylint --enable=useless-suppression --fail-on=I0021 --disable=duplicate-code -rn $(find . -name "*.py" ! -path "*venv*" ! -path "*eggs*")
+            pylint \
+              $(find . -name "*.py") \
+              --reports n \
+              --enable=useless-suppression \
+              --fail-on=useless-suppression \
+              --disable=duplicate-code
             touch $out
           '';
       }
       //
-      # merge in the package derivations to force a build of all packages during a `nix flake check`
+      # Force a build of all packages during a `nix flake check`
       (with lib; mapAttrs' (n: nameValuePair "package-${n}") self'.packages);
   };
 }
diff --git a/nix/devshell.nix b/nix/devshell.nix
@@ -8,29 +8,13 @@
     ...
   }: {
     devShells.default = pkgs.mkShell rec {
-      name = "sbomnix-dev-shell";
-
-      packages =
-        (with pkgs; [
-          black
-          coreutils
-          csvkit
-          curl
-          gnugrep
-          gnused
-          graphviz
-          grype
-          gzip
-          nix
-          nix-visualize
-          pylint
-          reuse
-          vulnix
-        ])
-        ++ (with self'.packages; [
-          python # that python with all sbomnix [dev-]dependencies
-        ]);
-
+      name = "sbomnix-devshell";
+      packages = with self'.packages; [
+        pkgs.python3.pkgs.pylint # for running pylint manually in devshell
+        pkgs.black # for running black manually in devshell
+        sbomnix.propagatedBuildInputs
+        sbomnix.nativeBuildInputs
+      ];
       # Add the repo root to PYTHONPATH, so invoking entrypoints (and them being
       # able to find the python packages in the repo) becomes possible.
       # `pytest.ini` already sets this for invoking `pytest`

diff --git a/nix/packages.nix b/nix/packages.nix
@@ -8,6 +8,14 @@
     ...
   }: let
     pp = pkgs.python3Packages;
+    prefix_path = with pkgs; [
+      git
+      graphviz
+      grype
+      nix
+      nix-visualize
+      vulnix
+    ];
   in {
     packages = rec {
       default = sbomnix;
@@ -19,6 +27,13 @@
 
         src = lib.cleanSource ../.;
 
+        nativeCheckInputs = with pp;
+          [
+            jsonschema
+            pytest
+          ]
+          ++ prefix_path;
+
         propagatedBuildInputs = with pp; [
           beautifulsoup4
           colorlog
@@ -40,41 +55,9 @@
         pythonImportsCheck = ["sbomnix"];
 
         makeWrapperArgs = [
-          "--prefix PATH : ${lib.makeBinPath (with pkgs; [
-            git
-            nix
-            graphviz
-            nix-visualize
-            vulnix
-            grype
-          ])}"
+          "--prefix PATH : ${lib.makeBinPath prefix_path}"
         ];
       };
-      # a python with all python packages imported by sbomnix itself
-      python = pkgs.python3.withPackages (
-        ps: (with ps; [
-          beautifulsoup4
-          colorlog
-          dfdiskcache
-          filelock
-          graphviz
-          numpy
-          packageurl-python
-          packaging
-          pandas
-          reuse
-          requests
-          requests-cache
-          requests-ratelimiter
-          setuptools
-          tabulate
-          venvShellHook
-
-          # dev dependencies
-          jsonschema
-          pytest
-        ])
-      );
     };
   };
 }