ahuston-0/hydra
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Merge commit from fork

Browse Source 
Fix GHSA-7qwg-q53v-vh99
This commit is contained in:
Janne Heß
2025-08-12 12:06:18 +02:00
committed by GitHub
parent 79ba8fdd04 c6424f37a6
commit dea1e168f5
31 changed files with 247 additions and 236 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/hydra-queue-runner/build-result.cc
View File

@@ -51,8 +51,8 @@ BuildOutput getBuildOutput(
"[[:space:]]+"
"([a-zA-Z0-9_-]+)" // subtype (e.g. "readme")
"[[:space:]]+"
"(\"[^\"]+\"|[^[:space:]\"]+)" // path (may be quoted)
"([[:space:]]+([^[:space:]]+))?" // entry point
"(\"[^\"]+\"|[^[:space:]<>\"]+)" // path (may be quoted)
"([[:space:]]+([^[:space:]<>]+))?" // entry point
, std::regex::extended);
for (auto & output : outputs) {
@@ -78,7 +78,7 @@ BuildOutput getBuildOutput(
product.type = match[1];
product.subtype = match[2];
std::string s(match[3]);
product.path = s[0] == '"' ? std::string(s, 1, s.size() - 2) : s;
product.path = s[0] == '"' && s.back() == '"' ? std::string(s, 1, s.size() - 2) : s;
product.defaultPath = match[5];
/* Ensure that the path exists and points into the Nix
@@ -93,6 +93,8 @@ BuildOutput getBuildOutput(
if (file == narMembers.end()) continue;
product.name = product.path == store->printStorePath(output) ? "" : baseNameOf(product.path);
if (!std::regex_match(product.name, std::regex("[a-zA-Z0-9.@:_ -]*")))
product.name = "";
if (file->second.type == SourceAccessor::Type::tRegular) {
product.isRegular = true;
@@ -127,8 +129,9 @@ BuildOutput getBuildOutput(
if (file == narMembers.end() ||
file->second.type != SourceAccessor::Type::tRegular)
continue;
res.releaseName = trim(file->second.contents.value());
// FIXME: validate release name
auto contents = trim(file->second.contents.value());
if (std::regex_match(contents, std::regex("[a-zA-Z0-9.@:_-]+")))
res.releaseName = contents;
}
/* Get metrics. */
@@ -140,10 +143,18 @@ BuildOutput getBuildOutput(
for (auto & line : tokenizeString<Strings>(file->second.contents.value(), "\n")) {
auto fields = tokenizeString<std::vector<std::string>>(line);
if (fields.size() < 2) continue;
if (!std::regex_match(fields[0], std::regex("[a-zA-Z0-9._-]+")))
continue;
BuildMetric metric;
metric.name = fields[0]; // FIXME: validate
metric.value = atof(fields[1].c_str()); // FIXME
metric.name = fields[0];
try {
metric.value = std::stod(fields[1]);
} catch (...) {
continue; // skip this metric
}
metric.unit = fields.size() >= 3 ? fields[2] : "";
if (!std::regex_match(metric.unit, std::regex("[a-zA-Z0-9._%-]+")))
metric.unit = "";
res.metrics[metric.name] = metric;
}
}

2
src/root/all.tt
View File

@@ -11,7 +11,7 @@ titleHTML="Latest builds" _
"") %]
[% PROCESS common.tt %]
<p>Showing builds [% (page - 1) * resultsPerPage + 1 %] - [% (page - 1) * resultsPerPage + builds.size %] out of [% total %] in order of descending finish time.</p>
<p>Showing builds [% (page - 1) * resultsPerPage + 1 %] - [% (page - 1) * resultsPerPage + builds.size %] out of [% HTML.escape(total) %] in order of descending finish time.</p>
[% INCLUDE renderBuildList hideProjectName=project hideJobsetName=jobset hideJobName=job %]
[% INCLUDE renderPager %]

76
src/root/build.tt
View File

@@ -37,7 +37,7 @@ END;
seen.${step.drvpath} = 1;
log = c.uri_for('/build' build.id 'nixlog' step.stepnr); %]
<tr>
<td>[% step.stepnr %]</td>
<td>[% HTML.escape(step.stepnr) %]</td>
<td>
[% IF step.type == 0 %]
Build of <tt>[% INCLUDE renderOutputs outputs=step.buildstepoutputs %]</tt>
@@ -86,7 +86,7 @@ END;
[% ELSIF step.status == 11 %]
<span class="error">Output limit exceeded</span>
[% ELSIF step.status == 12 %]
<span class="error">Non-determinism detected</span> [% IF step.timesbuilt %] after [% step.timesbuilt %] times[% END %]
<span class="error">Non-determinism detected</span> [% IF step.timesbuilt %] after [% HTML.escape(step.timesbuilt) %] times[% END %]
[% ELSIF step.errormsg %]
<span class="error">Failed</span>: <em>[% HTML.escape(step.errormsg) %]</em>
[% ELSE %]
@@ -112,16 +112,16 @@ END;
[% IF c.user_exists %]
[% IF available %]
[% IF build.keep %]
<a class="dropdown-item" href="[% c.uri_for('/build' build.id 'keep' 0) %]">Unkeep</a>
<a class="dropdown-item" [% HTML.attributes(href => c.uri_for('/build' build.id 'keep' 0)) %]>Unkeep</a>
[% ELSE %]
<a class="dropdown-item" href="[% c.uri_for('/build' build.id 'keep' 1) %]">Keep</a>
<a class="dropdown-item" [% HTML.attributes(href => c.uri_for('/build' build.id 'keep' 1)) %]>Keep</a>
[% END %]
[% END %]
[% IF build.finished %]
<a class="dropdown-item" href="[% c.uri_for('/build' build.id 'restart') %]">Restart</a>
<a class="dropdown-item" [% HTML.attributes(href => c.uri_for('/build' build.id 'restart')) %]>Restart</a>
[% ELSE %]
<a class="dropdown-item" href="[% c.uri_for('/build' build.id 'cancel') %]">Cancel</a>
<a class="dropdown-item" href="[% c.uri_for('/build' build.id 'bump') %]">Bump up</a>
<a class="dropdown-item" [% HTML.attributes(href => c.uri_for('/build' build.id 'cancel')) %]>Cancel</a>
<a class="dropdown-item" [% HTML.attributes(href => c.uri_for('/build' build.id 'bump')) %]>Bump up</a>
[% END %]
[% END %]
</div>
@@ -132,7 +132,7 @@ END;
<li class="nav-item"><a class="nav-link" href="#tabs-details" data-toggle="tab">Details</a></li>
<li class="nav-item"><a class="nav-link" href="#tabs-buildinputs" data-toggle="tab">Inputs</a></li>
[% IF steps.size() > 0 %]<li class="nav-item"><a class="nav-link" href="#tabs-buildsteps" data-toggle="tab">Build Steps</a></li>[% END %]
[% IF build.dependents %]<li class="nav-item"><a class="nav-link" href="#tabs-usedby" data-toggle="tab">Used By</a></li>[% END%]
[% IF build.dependents %]<li class="nav-item"><a class="nav-link" href="#tabs-usedby" data-toggle="tab">Used By</a></li>[% END %]
[% IF drvAvailable %]<li class="nav-item"><a class="nav-link" href="#tabs-build-deps" data-toggle="tab">Build Dependencies</a></li>[% END %]
[% IF localStore && available %]<li class="nav-item"><a class="nav-link" href="#tabs-runtime-deps" data-toggle="tab">Runtime Dependencies</a></li>[% END %]
[% IF runcommandlogProblem || runcommandlogs.size() > 0 %]<li class="nav-item"><a class="nav-link" href="#tabs-runcommandlogs" data-toggle="tab">RunCommand Logs[% IF runcommandlogProblem %] <span class="badge badge-warning">Disabled</span>[% END %]</a></li>[% END %]
@@ -151,7 +151,7 @@ END;
<table class="info-table">
<tr>
<th>Build ID:</th>
<td>[% build.id %]</td>
<td>[% HTML.escape(build.id) %]</td>
</tr>
<tr>
<th>Status:</th>
@@ -168,9 +168,9 @@ END;
END;
%];
[%+ IF nrFinished == nrConstituents && nrFailedConstituents == 0 %]
all [% nrConstituents %] constituent builds succeeded
all [% HTML.escape(nrConstituents) %] constituent builds succeeded
[% ELSE %]
[% nrFailedConstituents %] out of [% nrConstituents %] constituent builds failed
[% HTML.escape(nrFailedConstituents) %] out of [% HTML.escape(nrConstituents) %] constituent builds failed
[% IF nrFinished < nrConstituents %]
([% nrConstituents - nrFinished %] still pending)
[% END %]
@@ -180,25 +180,25 @@ END;
</tr>
<tr>
<th>System:</th>
<td><tt>[% build.system %]</tt></td>
<td><tt>[% build.system | html %]</tt></td>
</tr>
[% IF build.releasename %]
<tr>
<th>Release name:</th>
<td><tt>[% HTML.escape(build.releasename) %]</tt></td>
<td><tt>[% build.releasename | html %]</tt></td>
</tr>
[% ELSE %]
<tr>
<th>Nix name:</th>
<td><tt>[% build.nixname %]</tt></td>
<td><tt>[% build.nixname | html %]</tt></td>
</tr>
[% END %]
[% IF eval %]
<tr>
<th>Part of:</th>
<td>
<a href="[% c.uri_for(c.controller('JobsetEval').action_for('view'), [eval.id]) %]">evaluation [% eval.id %]</a>
[% IF nrEvals > 1 +%] (and <a href="[% c.uri_for('/build' build.id 'evals') %]">[% nrEvals - 1 %] others</a>)[% END %]
<a [% HTML.attributes(href => c.uri_for(c.controller('JobsetEval').action_for('view'), [eval.id])) %]>evaluation [% HTML.escape(eval.id) %]</a>
[% IF nrEvals > 1 +%] (and <a [% HTML.attributes(href => c.uri_for('/build' build.id 'evals')) %]>[% nrEvals - 1 %] others</a>)[% END %]
</td>
</tr>
[% END %]
@@ -226,9 +226,9 @@ END;
<th>Logfile:</th>
<td>
[% actualLog = cachedBuildStep ? c.uri_for('/build' cachedBuild.id 'nixlog' cachedBuildStep.stepnr) : c.uri_for('/build' build.id 'log') %]
<a class="btn btn-secondary btn-sm" href="[%actualLog%]">pretty</a>
<a class="btn btn-secondary btn-sm" href="[%actualLog%]/raw">raw</a>
<a class="btn btn-secondary btn-sm" href="[%actualLog%]/tail">tail</a>
<a class="btn btn-secondary btn-sm" [% HTML.attributes(href => actualLog) %]>pretty</a>
<a class="btn btn-secondary btn-sm" [% HTML.attributes(href => actualLog _ "/raw") %]>raw</a>
<a class="btn btn-secondary btn-sm" [% HTML.attributes(href => actualLog _ "/tail") %]>tail</a>
</td>
</tr>
[% END %]
@@ -336,12 +336,12 @@ END;
[% IF eval.nixexprinput %]
<tr>
<th>Nix expression:</th>
<td>file <tt>[% HTML.escape(eval.nixexprpath) %]</tt> in input <tt>[% HTML.escape(eval.nixexprinput) %]</tt></td>
<td>file <tt>[% eval.nixexprpath | html %]</tt> in input <tt>[% eval.nixexprinput | html %]</tt></td>
</tr>
[% END %]
<tr>
<th>Nix name:</th>
<td><tt>[% build.nixname %]</tt></td>
<td><tt>[% build.nixname | html %]</tt></td>
</tr>
<tr>
<th>Short description:</th>
@@ -361,11 +361,11 @@ END;
</tr>
<tr>
<th>System:</th>
<td><tt>[% build.system %]</tt></td>
<td><tt>[% build.system | html %]</tt></td>
</tr>
<tr>
<th>Derivation store path:</th>
<td><tt>[% build.drvpath %]</tt></td>
<td><tt>[% build.drvpath | html %]</tt></td>
</tr>
<tr>
<th>Output store paths:</th>
@@ -376,14 +376,14 @@ END;
<tr>
<th>Closure size:</th>
<td>[% mibs(build.closuresize / (1024 * 1024)) %] MiB
(<a href="[%chartsURL%]">history</a>)</td>
(<a [% HTML.attributes(href => chartsURL) %]>history</a>)</td>
</tr>
[% END %]
[% IF build.finished && build.closuresize %]
<tr>
<th>Output size:</th>
<td>[% mibs(build.size / (1024 * 1024)) %] MiB
(<a href="[%chartsURL%]">history</a>)</td>
(<a [% HTML.attributes(href => chartsURL) %]>history</a>)</td>
</tr>
[% END %]
[% IF build.finished && build.buildproducts %]
@@ -412,9 +412,9 @@ END;
<tbody>
[% FOREACH metric IN build.buildmetrics %]
<tr>
<td><tt><a class="row-link" [% HTML.attributes(href => c.uri_for('/job' project.name jobset.name job 'metric' metric.name)) %]">[%HTML.escape(metric.name)%]</a></tt></td>
<td style="text-align: right">[%metric.value%]</td>
<td>[%metric.unit%]</td>
<td><tt><a class="row-link" [% HTML.attributes(href => c.uri_for('/job' project.name jobset.name job 'metric' metric.name)) %]">[% metric.name | html %]</a></tt></td>
<td style="text-align: right">[% HTML.escape(metric.value) %]</td>
<td>[% HTML.escape(metric.unit) %]</td>
</tr>
[% END %]
</tbody>
@@ -456,8 +456,8 @@ END;
[% FOREACH input IN build.dependents %]
<tr>
<td>[% INCLUDE renderFullBuildLink build=input.build %]</td>
<td><tt>[% input.name %]</tt></td>
<td><tt>[% input.build.system %]</tt></td>
<td><tt>[% input.name | html %]</tt></td>
<td><tt>[% input.build.system | html %]</tt></td>
<td>[% INCLUDE renderDateTime timestamp = input.build.timestamp %]</td>
</tr>
[% END %]
@@ -484,7 +484,7 @@ END;
[% ELSIF runcommandlogProblem == "disabled-jobset" %]
This jobset does not enable Dynamic RunCommand support.
[% ELSE %]
Dynamic RunCommand is not enabled: [% runcommandlogProblem %].
Dynamic RunCommand is not enabled: [% HTML.escape(runcommandlogProblem) %].
[% END %]
</div>
[% END %]
@@ -503,18 +503,18 @@ END;
</div>
<div class="d-flex flex-column mr-auto align-self-center">
<div><tt>[% runcommandlog.command | html%]</tt></div>
<div><tt>[% runcommandlog.command | html %]</tt></div>
<div>
[% IF not runcommandlog.is_running() %]
[% IF runcommandlog.did_fail_with_signal() %]
Exit signal: [% runcommandlog.signal %]
Exit signal: [% runcommandlog.signal | html %]
[% IF runcommandlog.core_dumped %]
(Core Dumped)
[% END %]
[% ELSIF runcommandlog.did_fail_with_exec_error() %]
Exec error: [% runcommandlog.error_number %]
Exec error: [% runcommandlog.error_number | html %]
[% ELSIF not runcommandlog.did_succeed() %]
Exit code: [% runcommandlog.exit_code %]
Exit code: [% runcommandlog.exit_code | html %]
[% END %]
[% END %]
</div>
@@ -532,9 +532,9 @@ END;
[% IF runcommandlog.uuid != undef %]
[% runLog = c.uri_for('/build', build.id, 'runcommandlog', runcommandlog.uuid) %]
<div>
<a class="btn btn-secondary btn-sm" href="[% runLog %]">pretty</a>
<a class="btn btn-secondary btn-sm" href="[% runLog %]/raw">raw</a>
<a class="btn btn-secondary btn-sm" href="[% runLog %]/tail">tail</a>
<a class="btn btn-secondary btn-sm" [% HTML.attributes(href => runLog) %]>pretty</a>
<a class="btn btn-secondary btn-sm" [% HTML.attributes(href => runLog) %]/raw">raw</a>
<a class="btn btn-secondary btn-sm" [% HTML.attributes(href => runLog) %]/tail">tail</a>
</div>
[% END %]
</div>

8
src/root/channel-contents.tt
View File

@@ -7,7 +7,7 @@ href="http://nixos.org/">Nix package manager</a>. If you have Nix
installed, you can subscribe to this channel by once executing</p>
<div class="card bg-light"><div class="card-body"><pre>
<span class="shell-prompt">$ </span>nix-channel --add [% curUri +%]
<span class="shell-prompt">$ </span>nix-channel --add [% HTML.escape(curUri) +%]
<span class="shell-prompt">$ </span>nix-channel --update
</pre></div></div>
@@ -49,9 +49,9 @@ installed, you can subscribe to this channel by once executing</p>
[% b = pkg.build %]
<tr>
<td><a href="[% c.uri_for('/build' b.id) %]">[% b.id %]</a></td>
<td><tt>[% b.get_column('releasename') || b.nixname %]</tt></td>
<td><tt>[% b.system %]</tt></td>
<td><a [% HTML.attributes(href => c.uri_for('/build' b.id)) %]>[% HTML.escape(b.id) %]</a></td>
<td><tt>[% b.get_column('releasename') || b.nixname | html %]</tt></td>
<td><tt>[% b.system | html %]</tt></td>
<td>
[% IF b.homepage %]
<a [% HTML.attributes(href => b.homepage) %]>[% HTML.escape(b.description) %]</a>

112
src/root/common.tt
View File

@@ -55,17 +55,17 @@ BLOCK renderRelativeDate %]
[% END;
BLOCK renderProjectName %]
<a [% IF inRow %]class="row-link"[% END %] href="[% c.uri_for('/project' project) %]"><tt>[% project %]</tt></a>
<a [% IF inRow %]class="row-link"[% END %] [% HTML.attributes(href => c.uri_for('/project' project)) %]><tt>[% project | html %]</tt></a>
[% END;
BLOCK renderJobsetName %]
<a [% IF inRow %]class="row-link"[% END %] href="[% c.uri_for('/jobset' project jobset) %]"><tt>[% jobset %]</tt></a>
<a [% IF inRow %]class="row-link"[% END %] [% HTML.attributes(href => c.uri_for('/jobset' project jobset)) %]><tt>[% jobset | html %]</tt></a>
[% END;
BLOCK renderJobName %]
<a [% IF inRow %]class="row-link"[% END %] href="[% c.uri_for('/job' project jobset job) %]">[% job %]</a>
<a [% IF inRow %]class="row-link"[% END %] [% HTML.attributes(href => c.uri_for('/job' project jobset job)) %]>[% job | html %]</a>
[% END;
@@ -98,7 +98,7 @@ BLOCK renderDrvInfo;
.substr(0, -4); # strip `.drv`
IF drvname != releasename;
IF step.type == 0; action = "Build"; ELSE; action = "Substitution"; END;
IF drvname; %]<em> ([% action %] of [% drvname %])</em>[% END;
IF drvname; %]<em> ([% HTML.escape(action) %] of [% HTML.escape(drvname) %])</em>[% END;
END;
END;
@@ -140,25 +140,25 @@ BLOCK renderBuildListBody;
[% IF showSchedulingInfo %]
<td>[% IF busy %]<span class="badge badge-success">Started</span>[% ELSE %]<span class="badge badge-secondary">Queued</span>[% END %]</td>
[% END %]
<td><a class="row-link" href="[% link %]">[% build.id %]</a></td>
<td><a class="row-link" [% HTML.attributes(href => link) %]>[% HTML.escape(build.id) %]</a></td>
[% IF !hideJobName %]
<td>
<a href="[%link%]">[% IF !hideJobsetName %][%build.jobset.get_column("project")%]:[%build.jobset.get_column("name")%]:[% END %][%build.get_column("job")%]</a>
<a [% HTML.attributes(href => link) %]>[% IF !hideJobsetName %][% HTML.escape(build.jobset.get_column("project")) %]:[% HTML.escape(build.jobset.get_column("name")) %]:[% END %][% HTML.escape(build.get_column("job")) %]</a>
[% IF showStepName %]
[% INCLUDE renderDrvInfo step=build.buildsteps releasename=build.nixname %]
[% END %]
</td>
[% END %]
<td class="nowrap">[% t = showSchedulingInfo ? build.timestamp : build.stoptime; IF t; INCLUDE renderRelativeDate timestamp=(showSchedulingInfo ? build.timestamp : build.stoptime); ELSE; "-"; END %]</td>
<td>[% !showSchedulingInfo and build.get_column('releasename') ? build.get_column('releasename') : build.nixname %]</td>
<td class="nowrap"><tt>[% build.system %]</tt></td>
<td>[% !showSchedulingInfo and build.get_column('releasename') ? HTML.escape(build.get_column('releasename')) : HTML.escape(build.nixname) %]</td>
<td class="nowrap"><tt>[% build.system | html %]</tt></td>
[% IF showDescription %]
<td>[% build.description %]</td>
<td>[% HTML.escape(build.description) %]</td>
[% END %]
</tr>
[% END;
IF linkToAll %]
<tr><td class="centered" colspan="5"><a href="[% linkToAll %]"><em>More...</em></a></td></tr>
<tr><td class="centered" colspan="5"><a [% HTML.attributes(href => linkToAll) %]><em>More...</em></a></td></tr>
[% END;
END;
@@ -176,11 +176,11 @@ BLOCK renderBuildList;
END;
BLOCK renderLink %]<a href="[% uri %]">[% title %]</a>[% END;
BLOCK renderLink %]<a [% HTML.attributes(href => uri) %]>[% HTML.escape(title) %]</a>[% END;
BLOCK maybeLink;
IF uri %]<a [% HTML.attributes(href => uri, class => class); IF confirmmsg +%] onclick="javascript:return confirm('[% confirmmsg %]')"[% END %]>[% content %]</a>[% ELSE; content; END;
IF uri %]<a [% HTML.attributes(href => uri, class => class); IF confirmmsg +%] onclick="javascript:return confirm('[% confirmmsg %]')"[% END %]>[% HTML.escape(content) %]</a>[% ELSE; HTML.escape(content); END;
END;
@@ -192,7 +192,7 @@ BLOCK renderSelection;
<label class="radio inline">
<input type="radio" [% HTML.attributes(id => param, name => param, value => name) %]
[% IF name == curValue; "checked='1'"; END %]>
[% options.$name %]
[% HTML.escape(options.$name) %]
</input>
</label>
[% END %]
@@ -200,7 +200,7 @@ BLOCK renderSelection;
[% ELSE %]
<select class="custom-select" [% HTML.attributes(id => param, name => param) %]>
[% FOREACH name IN options.keys.sort %]
<option [% IF name == curValue; "selected='selected'"; END; " "; HTML.attributes(value => name) %]>[% options.$name %]</option>
<option [% IF name == curValue; "selected='selected'"; END; " "; HTML.attributes(value => name) %]>[% HTML.escape(options.$name) %]</option>
[% END %]
</select>
[% END;
@@ -216,12 +216,12 @@ BLOCK editString; %]
BLOCK renderFullBuildLink;
INCLUDE renderFullJobNameOfBuild build=build %] <a href="[% c.uri_for('/build' build.id) %]">build [% build.id %]</a>[%
INCLUDE renderFullJobNameOfBuild build=build %] <a [% HTML.attributes(href => c.uri_for('/build' build.id)) %]>build [% HTML.escape(build.id) %]</a>[%
END;
BLOCK renderBuildIdLink; %]
<a href="[% c.uri_for('/build' id) %]">build [% id %]</a>
<a [% HTML.attributes(href => c.uri_for('/build' id)) %]>build [% HTML.escape(id) %]</a>
[% END;
@@ -320,7 +320,7 @@ END;
BLOCK renderShortInputValue;
IF input.type == "build" || input.type == "sysbuild" %]
<a href="[% c.uri_for('/build' input.dependency.id) %]">[% input.dependency.id %]</a>
<a [% HTML.attributes(href => c.uri_for('/build' input.dependency.id)) %]>[% HTML.escape(input.dependency.id) %]</a>
[% ELSIF input.type == "string" %]
<tt>"[% HTML.escape(input.value) %]"</tt>
[% ELSIF input.type == "nix" || input.type == "boolean" %]
@@ -338,7 +338,7 @@ BLOCK renderDiffUri;
url = bi1.uri;
path = url.replace(base, '');
IF url.match(base) %]
<a target="_blank" href="[% m.uri.replace('_path_', path).replace('_1_', bi1.revision).replace('_2_', bi2.revision) %]">[% contents %]</a>
<a target="_blank" [% HTML.attributes(href => m.uri.replace('_path_', path).replace('_1_', bi1.revision).replace('_2_', bi2.revision)) %]>[% HTML.escape(contents) %]</a>
[% nouri = 0;
END;
END;
@@ -347,13 +347,13 @@ BLOCK renderDiffUri;
url = res.0;
branch = res.1;
IF bi1.type == "hg" || bi1.type == "git" %]
<a target="_blank" href="[% HTML.escape(c.uri_for('/api/scmdiff', {
<a target="_blank" [% HTML.attributes(href => c.uri_for('/api/scmdiff', {
uri = url,
rev1 = bi1.revision,
rev2 = bi2.revision,
type = bi1.type,
branch = branch
})) %]">[% contents %]</a>
})) %]>[% HTML.escape(contents) %]</a>
[% ELSE;
contents;
END;
@@ -369,8 +369,8 @@ BLOCK renderInputs; %]
<tbody>
[% FOREACH input IN inputs %]
<tr>
<td><tt>[% input.name %]</tt></td>
<td>[% type = input.type; inputTypes.$type %]</td>
<td><tt>[% input.name | html %]</tt></td>
<td>[% type = input.type; HTML.escape(inputTypes.$type) %]</td>
<td>
[% IF input.type == "build" || input.type == "sysbuild" %]
[% INCLUDE renderFullBuildLink build=input.dependency %]
@@ -383,7 +383,7 @@ BLOCK renderInputs; %]
[% END %]
</td>
<td>[% IF input.revision %][% HTML.escape(input.revision) %][% END %]</td>
<td><tt>[% input.path %]</tt></td>
<td><tt>[% input.path | html %]</tt></td>
</tr>
[% END %]
</tbody>
@@ -407,33 +407,33 @@ BLOCK renderInputDiff; %]
IF bi1.name == bi2.name;
IF bi1.type == bi2.type;
IF bi1.value != bi2.value || bi1.uri != bi2.uri %]
<tr><td><b>[% bi1.name %]</b></td><td><tt>[% INCLUDE renderShortInputValue input=bi1 %]</tt> to <tt>[% INCLUDE renderShortInputValue input=bi2 %]</tt></td></tr>
<tr><td><b>[% HTML.escape(bi1.name) %]</b></td><td><tt>[% INCLUDE renderShortInputValue input=bi1 %]</tt> to <tt>[% INCLUDE renderShortInputValue input=bi2 %]</tt></td></tr>
[% ELSIF bi1.uri == bi2.uri && bi1.revision != bi2.revision %]
[% IF bi1.type == "git" %]
<tr><td>
<b>[% bi1.name %]</b></td><td><tt>[% INCLUDE renderDiffUri contents=(bi1.revision.substr(0, 12) _ ' to ' _ bi2.revision.substr(0, 12)) %]</tt>
<b>[% HTML.escape(bi1.name) %]</b></td><td><tt>[% INCLUDE renderDiffUri contents=(bi1.revision.substr(0, 12) _ ' to ' _ bi2.revision.substr(0, 12)) %]</tt>
</td></tr>
[% ELSE %]
<tr><td>
<b>[% bi1.name %]</b></td><td><tt>[% INCLUDE renderDiffUri contents=(bi1.revision _ ' to ' _ bi2.revision) %]</tt>
<b>[% HTML.escape(bi1.name) %]</b></td><td><tt>[% INCLUDE renderDiffUri contents=(bi1.revision _ ' to ' _ bi2.revision) %]</tt>
</td></tr>
[% END %]
[% ELSIF bi1.dependency.id != bi2.dependency.id || bi1.path != bi2.path %]
<tr><td>
<b>[% bi1.name %]</b></td><td><tt>[% INCLUDE renderShortInputValue input=bi1 %]</tt> to <tt>[% INCLUDE renderShortInputValue input=bi2 %]</tt>
<b>[% HTML.escape(bi1.name) %]</b></td><td><tt>[% INCLUDE renderShortInputValue input=bi1 %]</tt> to <tt>[% INCLUDE renderShortInputValue input=bi2 %]</tt>
<br/>
<br/>
[% INCLUDE renderInputDiff inputs1=bi1.dependency.inputs inputs2=bi2.dependency.inputs nestedDiff=1 nestLevel=nestLevel+1 %]
</td></tr>
[% END %]
[% ELSE %]
<tr><td><b>[% bi1.name %]</b></td><td>Changed input type from '[% type = bi1.type; inputTypes.$type %]' to '[% type = bi2.type; inputTypes.$type %]'</td></tr>
<tr><td><b>[% HTML.escape(bi1.name) %]</b></td><td>Changed input type from '[% type = bi1.type; HTML.escape(inputTypes.$type) %]' to '[% type = bi2.type; HTML.escape(inputTypes.$type) %]'</td></tr>
[% END;
deletedInput = 0;
END;
END;
IF deletedInput == 1 %]
<tr><td><b>[% bi1.name %]</b></td><td>Input not present in this build.</td></tr>
<tr><td><b>[% HTML.escape(bi1.name) %]</b></td><td>Input not present in this build.</td></tr>
[% END;
END;
END %]
@@ -443,10 +443,10 @@ BLOCK renderInputDiff; %]
BLOCK renderPager %]
<ul class="pagination">
<li class="page-item[% IF page == 1 %] disabled[% END %]"><a class="page-link" href="[% "$baseUri?page=1" %]">&laquo; First</a></li>
<li class="page-item[% IF page == 1 %] disabled[% END %]"><a class="page-link" href="[% "$baseUri?page="; (page - 1) %]">&lsaquo; Previous</a></li>
<li class="page-item[% IF page * resultsPerPage >= total %] disabled[% END %]"><a class="page-link" href="[% "$baseUri?page="; (page + 1) %]">Next &rsaquo;</a></li>
<li class="page-item[% IF page * resultsPerPage >= total %] disabled[% END %]"><a class="page-link" href="[% "$baseUri?page="; (total - 1) div resultsPerPage + 1 %]">Last &raquo;</a></li>
<li class="page-item[% IF page == 1 %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page=1") %]>&laquo; First</a></li>
<li class="page-item[% IF page == 1 %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page="); (page - 1) %]>&lsaquo; Previous</a></li>
<li class="page-item[% IF page * resultsPerPage >= total %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page="); (page + 1) %]>Next &rsaquo;</a></li>
<li class="page-item[% IF page * resultsPerPage >= total %] disabled[% END %]"><a class="page-link" [% HTML.attributes("$baseUri?page="); (total - 1) div resultsPerPage + 1 %]>Last &raquo;</a></li>
</ul>
[% END;
@@ -455,13 +455,13 @@ BLOCK renderShortEvalInput;
IF input.type == "svn" || input.type == "svn-checkout" || input.type == "bzr" || input.type == "bzr-checkout" %]
r[% input.revision %]
[% ELSIF input.type == "git" %]
<tt>[% input.revision.substr(0, 7) %]</tt>
<tt>[% input.revision.substr(0, 7) | html %]</tt>
[% ELSIF input.type == "hg" %]
<tt>[% input.revision.substr(0, 12) %]</tt>
<tt>[% input.revision.substr(0, 12) | html %]</tt>
[% ELSIF input.type == "build" || input.type == "sysbuild" %]
<a href="[% c.uri_for('/build' input.get_column('dependency')) %]">[% input.get_column('dependency') %]</a>
<a [% HTML.attributes(href => c.uri_for('/build' input.get_column('dependency'))) %]>[% HTML.escape(input.get_column('dependency')) %]</a>
[% ELSE %]
<tt>[% input.revision %]</tt>
<tt>[% input.revision | html %]</tt>
[% END;
END;
@@ -498,7 +498,7 @@ BLOCK renderEvals %]
eval = e.eval;
link = c.uri_for(c.controller('JobsetEval').action_for('view'), [eval.id]) %]
<tr>
<td><a class="row-link" href="[% link %]">[% eval.id %]</a></td>
<td><a class="row-link" [% HTML.attributes(href => link) %]>[% HTML.escape(eval.id) %]</a></td>
[% IF !jobset && !build %]
<td>[% INCLUDE renderFullJobsetName project=eval.jobset.project.name jobset=eval.jobset.name %]</td>
[% END %]
@@ -507,7 +507,7 @@ BLOCK renderEvals %]
[% IF e.changedInputs.size > 0;
sep='';
FOREACH input IN e.changedInputs;
sep; %] [% input.name %] → [% INCLUDE renderShortEvalInput input=input;
sep; %] [% HTML.escape(input.name) %] → [% INCLUDE renderShortEvalInput input=input;
sep=', ';
END;
ELSE %]
@@ -518,29 +518,29 @@ BLOCK renderEvals %]
[% END %]
</td>
<td align='right' class="nowrap">
<span class="badge badge-success">[% e.nrSucceeded %]</span>
<span class="badge badge-success">[% HTML.escape(e.nrSucceeded) %]</span>
</td>
<td align="right" class="nowrap">
[% IF e.nrFailed > 0 %]
<span class="badge badge-danger">[% e.nrFailed %]</span>
<span class="badge badge-danger">[% HTML.escape(e.nrFailed) %]</span>
[% END %]
</td>
<td align="right" class="nowrap">
[% IF e.nrScheduled > 0 %]
<span class="badge badge-secondary">[% e.nrScheduled %]</span>
<span class="badge badge-secondary">[% HTML.escape(e.nrScheduled) %]</span>
[% END %]
</td>
<td align='right' class="nowrap">
[% IF e.diff > 0 %]
<span class='badge badge-success'><strong>+[% e.diff %]</strong></span>
<span class='badge badge-success'><strong>+[% HTML.escape(e.diff) %]</strong></span>
[% ELSIF e.diff < 0 && e.nrScheduled == 0 %]
<span class='badge badge-danger'><strong>[% e.diff %]</strong></span>
<span class='badge badge-danger'><strong>[% HTML.escape(e.diff) %]</strong></span>
[% END %]
</td>
</tr>
[% END;
IF linkToAll %]
<tr><td class="centered" colspan="7"><a href="[% linkToAll %]"><em>More...</em></a></td></tr>
<tr><td class="centered" colspan="7"><a [% HTML.attributes(href => linkToAll) %]><em>More...</em></a></td></tr>
[% END %]
</tbody>
</table>
@@ -548,19 +548,19 @@ BLOCK renderEvals %]
BLOCK renderLogLinks %]
(<a [% IF inRow %]class="row-link"[% END %] href="[% url %]">log</a>, <a href="[% "$url/raw" %]">raw</a>, <a href="[% "$url/tail" %]">tail</a>)
(<a [% IF inRow %]class="row-link"[% END %] [% HTML.attributes(href => url) %]>log</a>, <a [% HTML.attributes(href => "$url/raw") %]>raw</a>, <a [% HTML.attributes(href => "$url/tail") %]>tail</a>)
[% END;
BLOCK makeLazyTab %]
<div id="[% tabName %]" class="tab-pane">
<div [% HTML.attributes(id => tabName) %] class="tab-pane">
<center><span class="spinner-border spinner-border-sm"/></center>
</div>
<script>
[% IF callback.defined %]
$(function() { makeLazyTab("[% tabName %]", "[% uri %]", [% callback %] ); });
$(function() { makeLazyTab("[% HTML.escape(tabName) %]", "[% uri %]", [% callback %] ); });
[% ELSE %]
$(function() { makeLazyTab("[% tabName %]", "[% uri %]", null ); });
$(function() { makeLazyTab("[% HTML.escape(tabName) %]", "[% uri %]", null ); });
[% END %]
</script>
[% END;
@@ -587,7 +587,7 @@ BLOCK navItem %]
<li class="nav-item">
<a class="nav-link[% IF "${root}${curUri}" == uri %] active[% END %]"
[% HTML.attributes(href => uri) %]>
[% title %]
[% HTML.escape(title) %]
</a>
</li>
[% END;
@@ -657,17 +657,17 @@ BLOCK renderJobsetOverview %]
<td><span class="[% class %]">[% successrate FILTER format('%d') %]%</span></td>
<td>
[% IF j.get_column('nrsucceeded') > 0 %]
<span class="badge badge-success">[% j.get_column('nrsucceeded') %]</span>
<span class="badge badge-success">[% HTML.escape(j.get_column('nrsucceeded')) %]</span>
[% END %]
</td>
<td>
[% IF j.get_column('nrfailed') > 0 %]
<span class="badge badge-danger">[% j.get_column('nrfailed') %]</span>
<span class="badge badge-danger">[% HTML.escape(j.get_column('nrfailed')) %]</span>
[% END %]
</td>
<td>
[% IF j.get_column('nrscheduled') > 0 %]
<span class="badge badge-secondary">[% j.get_column('nrscheduled') %]</span>
<span class="badge badge-secondary">[% HTML.escape(j.get_column('nrscheduled')) %]</span>
[% END %]
</td>
</tr>
@@ -695,12 +695,12 @@ BLOCK renderYesNo %]
BLOCK createChart %]
<div id="[%id%]-chart" style="width: 1000px; height: 400px;"></div>
<div id="[%id%]-overview" style="margin-top: 20px; margin-left: 50px; margin-right: 50px; width: 900px; height: 100px"></div>
<div id="[% id %]-chart" style="width: 1000px; height: 400px;"></div>
<div id="[% id %]-overview" style="margin-top: 20px; margin-left: 50px; margin-right: 50px; width: 900px; height: 100px"></div>
<script type="text/javascript">
$(function() {
showChart("[%id%]", "[%dataUrl%]", "[%yaxis%]");
showChart("[% HTML.escape(id) %]", "[% dataUrl | uri %]", "[% yaxis %]");
});
</script>

2
src/root/dashboard-my-jobs-tab.tt
View File

@@ -9,7 +9,7 @@
[% ELSE %]
<p>Below are the most recent builds of the [% builds.size %] jobs of which you
<p>Below are the most recent builds of the [% HTML.escape(builds.size) %] jobs of which you
(<tt>[% HTML.escape(user.emailaddress) %]</tt>) are a maintainer.</p>
[% INCLUDE renderBuildList %]

2
src/root/dashboard.tt
View File

@@ -24,7 +24,7 @@
<tr>
<td><span class="[% IF !jobExists(j.job.jobset j.job.job) %]disabled-job[% END %]">[% INCLUDE renderFullJobName project=j.job.get_column('project') jobset=j.job.get_column('jobset') job=j.job.job %]</span></td>
[% FOREACH b IN j.builds %]
<td><a href="[% c.uri_for('/build' b.id) %]">[% INCLUDE renderBuildStatusIcon size=16 build=b %]</a></td>
<td><a [% HTML.attributes(href => c.uri_for('/build' b.id)) %]>[% INCLUDE renderBuildStatusIcon size=16 build=b %]</a></td>
[% END %]
</tr>
[% END %]

8
src/root/deps.tt
View File

@@ -3,20 +3,20 @@
[% BLOCK renderNode %]
<li>
[% IF done.${node.path} %]
<tt>[% node.name %]</tt> (<a href="#[% done.${node.path} %]"><em>repeated</em></a>)
<tt>[% node.name | html %]</tt> (<a [% HTML.attributes(href => "#" _ done.${node.path}) %]><em>repeated</em></a>)
[% ELSE %]
[% done.${node.path} = global.nodeId; global.nodeId = global.nodeId + 1; %]
[% IF node.refs.size > 0 %]
<a href="javascript:" class="tree-toggle"></a>
[% END %]
<span id="[% done.${node.path} %]"><span class="dep-tree-line">
<span [% HTML.attributes(id => done.${node.path}) %]><span class="dep-tree-line">
[% IF node.buildStep %]
<a href="[% c.uri_for('/build' node.buildStep.get_column('build')) %]"><tt>[% node.name %]</tt></a> [%
<a [% HTML.attributes(href => c.uri_for('/build' node.buildStep.get_column('build'))) %]><tt>[% node.name %]</tt></a> [%
IF buildStepLogExists(node.buildStep);
INCLUDE renderLogLinks url=c.uri_for('/build' node.buildStep.get_column('build') 'nixlog' node.buildStep.stepnr);
END %]
[% ELSE %]
<tt>[% node.name %]</tt> (<em>no info</em>)
<tt>[% node.name | html %]</tt> (<em>no info</em>)
[% END %]
</span></span>
[% IF isRoot %]

12
src/root/edit-jobset.tt
View File

@@ -7,17 +7,17 @@
[% USE format %]
[% BLOCK renderJobsetInput %]
<tr class="input [% extraClass %]" [% IF id %]id="[% id %]"[% END %]>
<tr class="input [% extraClass %]" [% IF id %][% HTML.attributes(id => id) %][% END %]>
<td>
<button type="button" class="btn btn-warning" onclick='$(this).parents(".input").remove()'><i class="fas fa-trash"></i></button>
</td>
<td>
<input type="text" id="[% baseName %]-name" name="[% baseName %]-name" [% HTML.attributes(value => input.name) %]/>
<input type="text" [% HTML.attributes(id => baseName _ "-name", name => baseName _ "-name", value => input.name) %] />
</td>
<td>
[% INCLUDE renderSelection curValue=input.type param="$baseName-type" options=inputTypes edit=1 %]
</td>
<td id="[% baseName %]">
<td [% HTML.attributes(id => baseName) %]>
[% IF createFromEval %]
[% value = (input.uri or input.value); IF input.revision; value = value _ " " _ input.revision; END;
warn = input.altnr != 0;
@@ -36,7 +36,7 @@
<input style="width: 95%" type="text" [% HTML.attributes(value => value, id => "$baseName-value", name => "$baseName-value") %]/>
</td>
<td>
<input type="checkbox" id="[% baseName %]-emailresponsible" name="[% baseName %]-emailresponsible" [% IF input.emailresponsible; 'checked="checked"'; END %]/>
<input type="checkbox" [% HTML.attributes(id => "$baseName-emailresponsible", name => "$baseName-emailresponsible") %] [% IF input.emailresponsible; 'checked="checked"'; END %]/>
</td>
</tr>
[% END %]
@@ -149,7 +149,7 @@
<label class="col-sm-3" for="editjobsetschedulingshares">
Scheduling shares
[% IF totalShares %]
<small class="form-text text-muted">([% f = format("%.2f"); f(jobset.schedulingshares / totalShares * 100) %]% out of [% totalShares %] shares)</small>
<small class="form-text text-muted">([% f = format("%.2f"); f(jobset.schedulingshares / totalShares * 100) %]% out of [% HTML.escape(totalShares) %] shares)</small>
[% END %]
</label>
<div class="col-sm-9">
@@ -195,7 +195,7 @@
[% INCLUDE renderJobsetInputs %]
<button id="submit-jobset" type="submit" class="btn btn-primary"><i class="fas fa-check"></i> [%IF !edit %]Create jobset[% ELSE %]Apply changes[% END %]</button>
<button id="submit-jobset" type="submit" class="btn btn-primary"><i class="fas fa-check"></i> [% IF !edit %]Create jobset[% ELSE %]Apply changes[% END %]</button>
<table style="display: none">
[% INCLUDE renderJobsetInput input="" extraClass="template" id="input-template" baseName="input-template" %]

2
src/root/edit-project.tt
View File

@@ -86,7 +86,7 @@
<button id="submit-project" type="submit" class="btn btn-primary">
<i class="fas fa-check"></i>
[%IF create %]Create project[% ELSE %]Apply changes[% END %]
[% IF create %]Create project[% ELSE %]Apply changes[% END %]
</button>
</form>

2
src/root/evals.tt
View File

@@ -10,7 +10,7 @@
[% PROCESS common.tt %]
<p>Showing evaluations [% (page - 1) * resultsPerPage + 1 %] - [%
(page - 1) * resultsPerPage + evals.size %] out of [% total %].</p>
(page - 1) * resultsPerPage + evals.size %] out of [% HTML.escape(total) %].</p>
[% INCLUDE renderEvals %]

2
src/root/job-metrics-tab.tt
View File

@@ -16,7 +16,7 @@
[% FOREACH metric IN metrics %]
<h3>Metric: <a [% HTML.attributes(href => c.uri_for('/job' project.name jobset.name job 'metric' metric.name)) %]><tt>[%HTML.escape(metric.name)%]</tt></a></h3>
<h3>Metric: <a [% HTML.attributes(href => c.uri_for('/job' project.name jobset.name job 'metric' metric.name)) %]><tt>[% HTML.escape(metric.name) %]</tt></a></h3>
[% id = metricDivId(metric.name);
INCLUDE createChart dataUrl=c.uri_for('/job' project.name jobset.name job 'metric' metric.name); %]

14
src/root/job.tt
View File

@@ -10,8 +10,8 @@
[% IF !jobExists(jobset, job) %]
<div class="alert alert-warning">This job is not a member of the <a
href="[%c.uri_for('/jobset' project.name jobset.name
'evals')%]">latest evaluation</a> of its jobset. This means it was
[% HTML.attributes(href => c.uri_for('/jobset' project.name jobset.name
'evals')) %]>latest evaluation</a> of its jobset. This means it was
removed or had an evaluation error.</div>
[% END %]
@@ -46,7 +46,7 @@ removed or had an evaluation error.</div>
its success or failure is determined entirely by the result of
building its <em>constituent jobs</em>. The table below shows
the status of each constituent job for the [%
aggregates.keys.size %] most recent builds of the
HTML.escape(aggregates.keys.size) %] most recent builds of the
aggregate.</div>
[% aggs = aggregates.keys.nsort.reverse %]
@@ -58,7 +58,7 @@ removed or had an evaluation error.</div>
<th class="rotate-45">
[% agg_ = aggregates.$agg %]
<div><span class="[% agg_.build.finished == 0 ? "text-info" : (agg_.build.buildstatus == 0 ? "text-success" : "text-warning") %] override-link">
<a href="[% c.uri_for('/build' agg) %]">[% agg %]</a>
<a [% HTML.attributes(href => c.uri_for('/build' agg)) %]>[% agg %]</a>
</span></div></th>
[% END %]
</tr>
@@ -70,7 +70,7 @@ removed or had an evaluation error.</div>
[% FOREACH agg IN aggs %]
<td>
[% r = aggregates.$agg.constituents.$j; IF r.id %]
<a href="[% c.uri_for('/build' r.id) %]">
<a [% HTML.attributes(href => c.uri_for('/build' r.id)) %]>
[% INCLUDE renderBuildStatusIcon size=16 build=r %]
</a>
[% END %]
@@ -89,8 +89,8 @@ removed or had an evaluation error.</div>
<div id="tabs-links" class="tab-pane">
<ul>
<li><a href="[% c.uri_for('/job' project.name jobset.name job 'latest') %]">Latest successful build</a></li>
<li><a href="[% c.uri_for('/job' project.name jobset.name job 'latest-finished') %]">Latest successful build from a finished evaluation</a></li>
<li><a [% HTML.attributes(href => c.uri_for('/job' project.name jobset.name job 'latest')) %]>Latest successful build</a></li>
<li><a [% HTML.attributes(href => c.uri_for('/job' project.name jobset.name job 'latest-finished')) %]>Latest successful build from a finished evaluation</a></li>
</ul>
</div>

6
src/root/jobset-channels-tab.tt
View File

@@ -14,7 +14,7 @@
[% FOREACH eval IN evalIds %]
<th class="rotate-45">
<div><span>
<a href="[% c.uri_for('/eval' eval) %]">[% INCLUDE renderRelativeDate timestamp=evals.$eval.timestamp %]</a>
<a [% HTML.attributes(href => c.uri_for('/eval' eval)) %]>[% INCLUDE renderRelativeDate timestamp=evals.$eval.timestamp %]</a>
</span></div></th>
[% END %]
</tr>
@@ -22,9 +22,9 @@
<tbody>
[% FOREACH chan IN channels-%]
<tr>
<th><span><a href="[% c.uri_for('/channel/custom' project.name jobset.name chan) %]">[% chan %]</a></span></th>
<th><span><a [% HTML.attributes(href => c.uri_for('/channel/custom' project.name jobset.name chan)) %]>[% HTML.escape(chan) %]</a></span></th>
[% FOREACH eval IN evalIds %]
<td>[% r = evals.$eval.builds.$chan; IF r.id %]<a href="[% c.uri_for('/build' r.id) %]">[% INCLUDE renderBuildStatusIcon size=16 build=r %]</a>[% END %]</td>
<td>[% r = evals.$eval.builds.$chan; IF r.id %]<a [% HTML.attributes(href => c.uri_for('/build' r.id)) %]>[% INCLUDE renderBuildStatusIcon size=16 build=r %]</a>[% END %]</td>
[% END %]
</tr>
[% END %]

44
src/root/jobset-eval.tt
View File

@@ -14,22 +14,22 @@
[% IF project.jobsets_rs.count > 1 %]
<div class="dropdown-divider"></div>
[% FOREACH j IN project.jobsets.sort('name'); IF j.name != jobset.name %]
<a class="dropdown-item" href="?compare=[% j.name %]&full=[% full ? 1 : 0 %]">Jobset <tt>[% project.name %]:[% j.name %]</tt></a>
<a class="dropdown-item" href="?compare=[% j.name | uri %]&full=[% full ? 1 : 0 %]">Jobset <tt>[% project.name | html %]:[% j.name | html %]</tt></a>
[% END; END %]
[% END %]
</div>
</div>
<p>This evaluation was performed [% IF eval.flake %]from the flake
<tt>[%HTML.escape(eval.flake)%]</tt>[%END%] on [% INCLUDE renderDateTime
<tt>[% HTML.escape(eval.flake) %]</tt>[% END %] on [% INCLUDE renderDateTime
timestamp=eval.timestamp %]. Fetching the dependencies took [%
eval.checkouttime %]s and evaluation took [% eval.evaltime %]s.</p>
eval.checkouttime %]s and evaluation took [% HTML.escape(eval.evaltime) %]s.</p>
[% IF otherEval %]
<p>Comparisons are relative to [% INCLUDE renderFullJobsetName
project=otherEval.jobset.project.name jobset=otherEval.jobset.name %] evaluation <a href="[%
c.uri_for(c.controller('JobsetEval').action_for('view'),
[otherEval.id]) %]">[% otherEval.id %]</a>.</p>
project=otherEval.jobset.project.name jobset=otherEval.jobset.name %] evaluation <a [%
HTML.attributes(href => c.uri_for(c.controller('JobsetEval').action_for('view'),
[otherEval.id])) %]>[% HTML.escape(otherEval.id) %]</a>.</p>
[% END %]
<form>
@@ -45,46 +45,46 @@ c.uri_for(c.controller('JobsetEval').action_for('view'),
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" data-toggle="dropdown" href="#">Actions</a>
<div class="dropdown-menu">
<a class="dropdown-item" href="[% c.uri_for(c.controller('JobsetEval').action_for('create_jobset'), [eval.id]) %]">Create a jobset from this evaluation</a>
<a class="dropdown-item" [% HTML.attributes(href => c.uri_for(c.controller('JobsetEval').action_for('create_jobset'), [eval.id])) %]>Create a jobset from this evaluation</a>
[% IF totalQueued > 0 %]
<a class="dropdown-item" href="[% c.uri_for(c.controller('JobsetEval').action_for('cancel'), [eval.id]) %]">Cancel all scheduled builds</a>
<a class="dropdown-item" [% HTML.attributes(href => c.uri_for(c.controller('JobsetEval').action_for('cancel'), [eval.id])) %]>Cancel all scheduled builds</a>
[% END %]
[% IF totalFailed > 0 %]
<a class="dropdown-item" href="[% c.uri_for(c.controller('JobsetEval').action_for('restart_failed'), [eval.id]) %]">Restart all failed builds</a>
<a class="dropdown-item" [% HTML.attributes(href => c.uri_for(c.controller('JobsetEval').action_for('restart_failed'), [eval.id])) %]>Restart all failed builds</a>
[% END %]
[% IF totalAborted > 0 %]
<a class="dropdown-item" href="[% c.uri_for(c.controller('JobsetEval').action_for('restart_aborted'), [eval.id]) %]">Restart all aborted builds</a>
<a class="dropdown-item" [% HTML.attributes(href => c.uri_for(c.controller('JobsetEval').action_for('restart_aborted'), [eval.id])) %]>Restart all aborted builds</a>
[% END %]
[% IF totalQueued > 0 %]
<a class="dropdown-item" href="[% c.uri_for(c.controller('JobsetEval').action_for('bump'), [eval.id]) %]">Bump builds to front of queue</a>
<a class="dropdown-item" [% HTML.attributes(href => c.uri_for(c.controller('JobsetEval').action_for('bump'), [eval.id])) %]>Bump builds to front of queue</a>
[% END %]
</div>
</li>
[% END %]
[% IF aborted.size > 0 %]
<li class="nav-item"><a class="nav-link" href="#tabs-aborted" data-toggle="tab"><span class="text-warning">Aborted / Timed out Jobs ([% aborted.size %])</span></a></li>
<li class="nav-item"><a class="nav-link" href="#tabs-aborted" data-toggle="tab"><span class="text-warning">Aborted / Timed out Jobs ([% HTML.escape(aborted.size) %])</span></a></li>
[% END %]
[% IF nowFail.size > 0 %]
<li class="nav-item"><a class="nav-link" href="#tabs-now-fail" data-toggle="tab"><span class="text-warning">Newly Failing Jobs ([% nowFail.size %])</span></a></li>
<li class="nav-item"><a class="nav-link" href="#tabs-now-fail" data-toggle="tab"><span class="text-warning">Newly Failing Jobs ([% HTML.escape(nowFail.size) %])</span></a></li>
[% END %]
[% IF nowSucceed.size > 0 %]
<li class="nav-item"><a class="nav-link" href="#tabs-now-succeed" data-toggle="tab"><span class="text-success">Newly Succeeding Jobs ([% nowSucceed.size %])</span></a></li>
<li class="nav-item"><a class="nav-link" href="#tabs-now-succeed" data-toggle="tab"><span class="text-success">Newly Succeeding Jobs ([% HTML.escape(nowSucceed.size) %])</span></a></li>
[% END %]
[% IF new.size > 0 %]
<li class="nav-item"><a class="nav-link" href="#tabs-new" data-toggle="tab">New Jobs ([% new.size %])</a></li>
<li class="nav-item"><a class="nav-link" href="#tabs-new" data-toggle="tab">New Jobs ([% HTML.escape(new.size) %])</a></li>
[% END %]
[% IF removed.size > 0 %]
<li class="nav-item"><a class="nav-link" href="#tabs-removed" data-toggle="tab">Removed Jobs ([% removed.size %])</a></li>
<li class="nav-item"><a class="nav-link" href="#tabs-removed" data-toggle="tab">Removed Jobs ([% HTML.escape(removed.size) %])</a></li>
[% END %]
[% IF stillFail.size > 0 %]
<li class="nav-item"><a class="nav-link" href="#tabs-still-fail" data-toggle="tab">Still Failing Jobs ([% stillFail.size %])</a></li>
<li class="nav-item"><a class="nav-link" href="#tabs-still-fail" data-toggle="tab">Still Failing Jobs ([% HTML.escape(stillFail.size) %])</a></li>
[% END %]
[% IF stillSucceed.size > 0 %]
<li class="nav-item"><a class="nav-link" href="#tabs-still-succeed" data-toggle="tab">Still Succeeding Jobs ([% stillSucceed.size %])</a></li>
<li class="nav-item"><a class="nav-link" href="#tabs-still-succeed" data-toggle="tab">Still Succeeding Jobs ([% HTML.escape(stillSucceed.size) %])</a></li>
[% END %]
[% IF unfinished.size > 0 %]
<li class="nav-item"><a class="nav-link" href="#tabs-unfinished" data-toggle="tab">Queued Jobs ([% unfinished.size %])</a></li>
<li class="nav-item"><a class="nav-link" href="#tabs-unfinished" data-toggle="tab">Queued Jobs ([% HTML.escape(unfinished.size) %])</a></li>
[% END %]
<li class="nav-item"><a class="nav-link" href="#tabs-inputs" data-toggle="tab">Inputs</a></li>
@@ -99,7 +99,7 @@ c.uri_for(c.controller('JobsetEval').action_for('view'),
[% INCLUDE renderBuildListBody builds=builds.slice(0, (size > max ? max : size) - 1)
hideProjectName=1 hideJobsetName=1 busy=0 %]
[% IF size > max; params = c.req.params; params.full = 1 %]
<tr><td class="centered" colspan="6"><a href="[% c.uri_for(c.controller('JobsetEval').action_for('view'), [eval.id], params) %][% tabname %]"><em>([% size - max %] more builds omitted)</em></a></td></tr>
<tr><td class="centered" colspan="6"><a [% HTML.attributes(href => c.uri_for(c.controller('JobsetEval').action_for('view'), [eval.id], params) _ tabname) %]><em>([% size - max %] more builds omitted)</em></a></td></tr>
[% END %]
[% INCLUDE renderBuildListFooter %]
[% END %]
@@ -132,11 +132,11 @@ c.uri_for(c.controller('JobsetEval').action_for('view'),
[% FOREACH j IN removed.slice(0,(size > max ? max : size) - 1) %]
<tr>
<td>[% INCLUDE renderJobName project=project.name jobset=jobset.name job=j.job %]</td>
<td><tt>[% j.system %]</tt></td>
<td><tt>[% j.system | html %]</tt></td>
</tr>
[% END %]
[% IF size > max; params = c.req.params; params.full = 1 %]
<tr><td class="centered" colspan="2"><a href="[% c.uri_for(c.controller('JobsetEval').action_for('view'), [eval.id], params) %]#tabs-removed"><em>([% size - max %] more jobs omitted)</em></a></td></tr>
<tr><td class="centered" colspan="2"><a [% HTML.attributes(c.uri_for(c.controller('JobsetEval').action_for('view'), [eval.id], params) _ "#tabs-removed") %]><em>([% size - max %] more jobs omitted)</em></a></td></tr>
[% END %]
</tbody>
</table>

6
src/root/jobset-jobs-tab.tt
View File

@@ -41,7 +41,7 @@
[% ELSE %]
[% IF nrJobs > jobs.size %]
<div class="alert alert-info">Showing the first [% jobs.size %] jobs. <a href="javascript:setFilter('filter=%')">Show all [% nrJobs %] jobs...</a></div>
<div class="alert alert-info">Showing the first [% HTML.escape(jobs.size) %] jobs. <a href="javascript:setFilter('filter=%')">Show all [% HTML.escape(nrJobs) %] jobs...</a></div>
[% END %]
[% evalIds = evals.keys.nsort.reverse %]
@@ -52,7 +52,7 @@
[% FOREACH eval IN evalIds %]
<th class="rotate-45">
<div><span>
<a href="[% c.uri_for('/eval' eval) %]">[% INCLUDE renderRelativeDate timestamp=evals.$eval.timestamp %]</a>
<a [% HTML.attributes(href => c.uri_for('/eval' eval)) %]>[% INCLUDE renderRelativeDate timestamp=evals.$eval.timestamp %]</a>
</span></div></th>
[% END %]
</tr>
@@ -62,7 +62,7 @@
<tr>
<th><span [% IF inactiveJobs.$j %]class="muted override-link"[% END %]>[% INCLUDE renderJobName project=project.name jobset=jobset.name job=j %]</span></th>
[% FOREACH eval IN evalIds %]
<td>[% r = evals.$eval.builds.$j; IF r.id %]<a href="[% c.uri_for('/build' r.id) %]">[% INCLUDE renderBuildStatusIcon size=16 build=r %]</a>[% END %]</td>
<td>[% r = evals.$eval.builds.$j; IF r.id %]<a [% HTML.attributes(href => c.uri_for('/build' r.id)) %]>[% INCLUDE renderBuildStatusIcon size=16 build=r %]</a>[% END %]</td>
[% END %]
</tr>
[% END %]

12
src/root/jobset.tt
View File

@@ -6,14 +6,14 @@
[% BLOCK renderJobsetInput %]
<tr class="input [% extraClass %]" [% IF id %]id="[% id %]"[% END %]>
<tr class="input [% extraClass %]" [% IF id %][% HTML.attributes(id => id) %][% END %]>
<td>
<tt>[% HTML.escape(input.name) %]</tt>
</td>
<td>
[% INCLUDE renderSelection curValue=input.type param="$baseName-type" options=inputTypes %]
</td>
<td class="inputalts" id="[% baseName %]">
<td class="inputalts" [% HTML.attributes(id => baseName) %]>
[% FOREACH alt IN input.search_related('jobsetinputalts', {}, { order_by => 'altnr' }) %]
<tt class="inputalt">
[% IF input.type == "string" %]
@@ -153,11 +153,11 @@
[% END %]
<tr>
<th>Check interval:</th>
<td>[% jobset.checkinterval || "<em>disabled</em>" %]</td>
<td>[% HTML.escape(jobset.checkinterval) || "<em>disabled</em>" %]</td>
</tr>
<tr>
<th>Scheduling shares:</th>
<td>[% jobset.schedulingshares %] [% IF totalShares %] ([% f = format("%.2f"); f(jobset.schedulingshares / totalShares * 100) %]% out of [% totalShares %] shares)[% END %]</td>
<td>[% HTML.escape(jobset.schedulingshares) %] [% IF totalShares %] ([% f = format("%.2f"); f(jobset.schedulingshares / totalShares * 100) %]% out of [% HTML.escape(totalShares) %] shares)[% END %]</td>
</tr>
<tr>
<th>Enable Dynamic RunCommand Hooks:</th>
@@ -175,7 +175,7 @@
[% END %]
<tr>
<th>Number of evaluations to keep:</th>
<td>[% jobset.keepnr %]</td>
<td>[% HTML.escape(jobset.keepnr) %]</td>
</tr>
</table>
@@ -188,7 +188,7 @@
<div id="tabs-links" class="tab-pane">
<ul>
<li><a href="[% c.uri_for(c.controller('Jobset').action_for('latest_eval'), c.req.captures) %]">Latest finished evaluation</a></li>
<li><a [% HTML.attributes(href => c.uri_for(c.controller('Jobset').action_for('latest_eval'), c.req.captures)) %]>Latest finished evaluation</a></li>
</ul>
</div>

2
src/root/layout.tt
View File

@@ -24,7 +24,7 @@
<nav class="navbar navbar-expand-md navbar-light bg-light">
<div class="container">
<a class="navbar-brand" href="[% c.uri_for(c.controller('Root').action_for('index')) %]">
<a class="navbar-brand" [% HTML.attributes(href => c.uri_for(c.controller('Root').action_for('index'))) %]>
[% IF logo == "" %]
Hydra
[% ELSE %]

12
src/root/log.tt
View File

@@ -11,14 +11,14 @@
[% ELSE %]
is
[% END %]
the build log (<a href="[% step ? c.uri_for('/build' build.id 'nixlog' step.stepnr, 'raw')
: c.uri_for('/build' build.id 'log', 'raw') %]">raw</a>) of derivation <tt>[% IF step; step.drvpath; ELSE; build.drvpath; END %]</tt>.
the build log (<a [% HTML.attributes(href => step ? c.uri_for('/build' build.id 'nixlog' step.stepnr, 'raw')
: c.uri_for('/build' build.id 'log', 'raw')) %]>raw</a>) of derivation <tt>[% IF step; step.drvpath; ELSE; build.drvpath; END %]</tt>.
[% IF step && step.machine %]
It was built on <tt>[% step.machine %]</tt>.
It was built on <tt>[% step.machine | html %]</tt>.
[% END %]
[% IF tail %]
The <a href="[% step ? c.uri_for('/build' build.id 'nixlog' step.stepnr)
: c.uri_for('/build' build.id 'log') %]">full log</a> is also available.
The <a [% HTML.attributes(href => step ? c.uri_for('/build' build.id 'nixlog' step.stepnr)
: c.uri_for('/build' build.id 'log')) %]>full log</a> is also available.
[% END %]
</p>
@@ -37,7 +37,7 @@
[% IF tail %]
/* The server may give us a full log (e.g. if the log is in
S3). So extract the last lines. */
log_data = log_data.split("\n").slice(-[%tail%]).join("\n");
log_data = log_data.split("\n").slice(-[% HTML.escape(tail) %]).join("\n");
[% END %]
$("#contents").text(log_data);

24
src/root/machine-status.tt
View File

@@ -21,22 +21,22 @@
<tt [% IF m.value.disabled %]style="text-decoration: line-through;"[% END %]>[% INCLUDE renderMachineName machine=m.key %]</tt>
[% IF m.value.primarySystemType %]
<span class="muted" style="font-weight: normal;">
(<tt>[% m.value.primarySystemType %]</tt>)
(<tt>[% m.value.primarySystemType | html %]</tt>)
</span>
&nbsp;
[% WRAPPER makePopover title="Details" classes="btn-secondary btn-sm" %]
<ul class="list-unstyled mb-0">
<li><b>System types:&nbsp;</b>[% comma=0; FOREACH system IN m.value.systemTypes %][% IF comma; %], [% ELSE; comma = 1; END %]<tt>[% system %]</tt>[% END %]</li>
<li><b>Supported Features:&nbsp;</b>[% comma=0; FOREACH feat IN m.value.supportedFeatures %][% IF comma; %], [% ELSE; comma = 1; END %]<tt>[% feat %]</tt>[% END %]</li>
<li><b>Mandatory Features:&nbsp;</b>[% comma=0; FOREACH feat IN m.value.mandatoryFeatures %][% IF comma; %], [% ELSE; comma = 1; END %]<tt>[% feat %]</tt>[% END %]</li>
<li><b>System types:&nbsp;</b>[% comma=0; FOREACH system IN m.value.systemTypes %][% IF comma; %], [% ELSE; comma = 1; END %]<tt>[% system | html%]</tt>[% END %]</li>
<li><b>Supported Features:&nbsp;</b>[% comma=0; FOREACH feat IN m.value.supportedFeatures %][% IF comma; %], [% ELSE; comma = 1; END %]<tt>[% feat| html %]</tt>[% END %]</li>
<li><b>Mandatory Features:&nbsp;</b>[% comma=0; FOREACH feat IN m.value.mandatoryFeatures %][% IF comma; %], [% ELSE; comma = 1; END %]<tt>[% feat| html %]</tt>[% END %]</li>
<li><b>Capacity:&nbsp;</b>[% INCLUDE renderYesNo value=m.value.hasCapacity %]&nbsp;<b>Static:&nbsp;</b>[% INCLUDE renderYesNo value=m.value.hasStaticCapacity %]&nbsp;<b>Dynamic:&nbsp;</b>[% INCLUDE renderYesNo value=m.value.hasDynamicCapacity %]</li>
<li><b>Scheduling Score:&nbsp;</b>[% m.value.score %]</li>
<li><b>Load:&nbsp;</b><tt>[% pretty_load(m.value.stats.load1) %]</tt>&nbsp;&nbsp;&nbsp;<tt>[% pretty_load(m.value.stats.load5) %]</tt>&nbsp;&nbsp;&nbsp;<tt>[% pretty_load(m.value.stats.load15) %]</tt></li>
<li><b>Memory:&nbsp;</b><tt>[% human_bytes(m.value.stats.memUsage) %]</tt> of <tt>[% human_bytes(m.value.memTotal) %]</tt> used (<tt>[% human_bytes(m.value.memTotal - m.value.stats.memUsage) %]</tt> free)</li>
<li><b>Scheduling Score:&nbsp;</b>[% HTML.escape(m.value.score) %]</li>
<li><b>Load:&nbsp;</b><tt>[% pretty_load(m.value.stats.load1) | html %]</tt>&nbsp;&nbsp;&nbsp;<tt>[% pretty_load(m.value.stats.load5) | html %]</tt>&nbsp;&nbsp;&nbsp;<tt>[% pretty_load(m.value.stats.load15) | html %]</tt></li>
<li><b>Memory:&nbsp;</b><tt>[% human_bytes(m.value.stats.memUsage) | html %]</tt> of <tt>[% human_bytes(m.value.memTotal) | html %]</tt> used (<tt>[% human_bytes(m.value.memTotal - m.value.stats.memUsage) | html %]</tt> free)</li>
[% pressure = m.value.stats.pressure %]
[% MACRO render_pressure(title, pressure) BLOCK %]
[% IF pressure %]
<tr><td><b>[% title %]:</b></td><td><tt>[% pretty_percent(pressure.avg10) %]%</tt></td><td><td><tt>[% pretty_percent(pressure.avg60) %]%</tt></td><td><td><tt>[% pretty_percent(pressure.avg300) %]%</tt></td><td>
<tr><td><b>[% HTML.escape(title) %]:</b></td><td><tt>[% pretty_percent(pressure.avg10) | html %]%</tt></td><td><td><tt>[% pretty_percent(pressure.avg60) | html %]%</tt></td><td><td><tt>[% pretty_percent(pressure.avg300) | html %]%</tt></td><td>
[% END %]
[% END %]
[% IF pressure %]
@@ -56,7 +56,7 @@
[% ELSE %]
[% IF m.value.systemTypes %]
<span class="muted" style="font-weight: normal;">
([% comma=0; FOREACH system IN m.value.systemTypes %][% IF comma; %], [% ELSE; comma = 1; END %]<tt>[% system %]</tt>[% END %])
([% comma=0; FOREACH system IN m.value.systemTypes %][% IF comma; %], [% ELSE; comma = 1; END %]<tt>[% system | html %]</tt>[% END %])
</span>
[% END %]
[% END %]
@@ -76,9 +76,9 @@
[% idle = 0 %]
<tr>
<td><tt>[% INCLUDE renderFullJobName project=step.project jobset=step.jobset job=step.job %]</tt></td>
<td><a href="[% c.uri_for('/build' step.build) %]">[% step.build %]</a></td>
<td>[% IF step.busy >= 30 %]<a class="row-link" href="[% c.uri_for('/build' step.build 'nixlog' step.stepnr 'tail') %]">[% step.stepnr %]</a>[% ELSE; step.stepnr; END %]</td>
<td><tt>[% step.drvpath.match('-(.*)').0 %]</tt></td>
<td><a [% HTML.attributes(href => c.uri_for('/build' step.build)) %]>[% HTML.escape(step.build) %]</a></td>
<td>[% IF step.busy >= 30 %]<a class="row-link" [% HTML.attributes(href => c.uri_for('/build' step.build 'nixlog' step.stepnr 'tail')) %]>[% HTML.escape(step.stepnr) %]</a>[% ELSE; HTML.escape(step.stepnr); END %]</td>
<td><tt>[% step.drvpath.match('-(.*)').0 | html %]</tt></td>
<td>[% INCLUDE renderBusyStatus %]</td>
<td style="width: 10em">[% INCLUDE renderDuration duration = curTime - step.starttime %] </td>
</tr>

8
src/root/machines.tt
View File

@@ -15,11 +15,11 @@
[% FOREACH m IN machines %]
<tr>
<td><input type="checkbox" name="enabled" [% IF m.value.maxJobs > 0 %]CHECKED[% END %] disabled="true" /></td>
<td>[% m.key %]</a></td>
<td>[% m.value.maxJobs %]</td>
<td>[% m.value.speedFactor %]</td>
<td>[% HTML.escape(m.key) %]</a></td>
<td>[% HTML.escape(m.value.maxJobs) %]</td>
<td>[% HTML.escape(m.value.speedFactor) %]</td>
<td>
[% comma=0; FOREACH system IN m.value.systemTypes %][% IF comma; %], [% ELSE; comma = 1; END; system; END %]
[% comma=0; FOREACH system IN m.value.systemTypes %][% IF comma; %], [% ELSE; comma = 1; END; HTML.escape(system); END %]
</td>
</tr>
[% END %]

4
src/root/overview.tt
View File

@@ -6,7 +6,7 @@
[% FOREACH i IN newsItems %]
<div class="news-item">
[% contents = String.new(i.contents) %]
<h4 class="alert-heading">[% INCLUDE renderDateTime timestamp=i.createtime %] by [% i.author.fullname %]</h4>
<h4 class="alert-heading">[% INCLUDE renderDateTime timestamp=i.createtime %] by [% HTML.escape(i.author.fullname) %]</h4>
[% contents.replace('\n','<br />\n') %]
</div>
[% END %]
@@ -65,7 +65,7 @@
[% ELSE %]
<div class="alert alert-warning">Hydra has no projects yet. Please
<a href="[% c.uri_for(c.controller('Project').action_for('create')) %]">create a project</a>.</div>
<a [% HTML.attributes(href => c.uri_for(c.controller('Project').action_for('create'))) %]>create a project</a>.</div>
[% END %]

58
src/root/product-list.tt
View File

@@ -1,17 +1,17 @@
[% BLOCK renderProductLinks %]
<tr>
<th>URL:</th>
<td><a href="[% uri %]"><tt>[% uri %]</tt></a></td>
<td><a [% HTML.attributes(href => uri) %]><tt>[% uri | html %]</tt></a></td>
</tr>
[% IF latestRoot %]
<tr>
<th>Links to latest:</th>
<td>
[% uri2 = "${c.uri_for(latestRoot.join('/') 'download-by-type' product.type product.subtype)}" %]
<a href="[% uri2 %]"><tt>[% uri2 %]</tt></a>
<a [% HTML.attributes(href => uri2) %]><tt>[% uri2 | html %]</tt></a>
<br />
[% uri2 = "${c.uri_for(latestRoot.join('/') 'download' product.productnr)}" %]
<a href="[% uri2 %]"><tt>[% uri2 %]</tt></a>
<a [% HTML.attributes(href => uri2) %]><tt>[% uri2 | html %]</tt></a>
</td>
</tr>
[% END %]
@@ -49,7 +49,7 @@
Error
</td>
<td>
<a href="[% contents %]">
<a [% HTML.attributes(href => contents) %]>
Failed build produced output. Click here to inspect the output.
</a>
</td>
@@ -58,9 +58,9 @@
<p>If you have Nix installed on your machine, this failed build output and
all its dependencies can be unpacked into your local Nix store by doing:</p>
<div class="card bg-light"><div class="card-body p-2"><code><span class="shell-prompt">$ </span>curl [% uri %] | gunzip | nix-store --import</code></div></div>
<div class="card bg-light"><div class="card-body p-2"><code><span class="shell-prompt">$ </span>curl [% HTML.escape(uri) %] | gunzip | nix-store --import</code></div></div>
<p>The build output can then be found in the path <tt>[% product.path %]</tt>.</p>
<p>The build output can then be found in the path <tt>[% product.path | html %]</tt>.</p>
[% END %]
</td>
</tr>
@@ -74,17 +74,17 @@
Nix package
</td>
<td>
<tt>[% HTML.escape(build.nixname) %]</tt>
<tt>[% build.nixname | html %]</tt>
</td>
<td>
[% WRAPPER makePopover title="Help" classes="btn-secondary btn-sm"
%] <p>You can install this package using the Nix package
manager from the command-line:</p>
<div class="card bg-light"><div class="card-body p-2"><code><span class="shell-prompt">$ </span>nix-env -i [%HTML.escape(product.path)%][% IF binaryCachePublicUri %] --option binary-caches [% HTML.escape(binaryCachePublicUri) %][% END %]</code></div></div>
<div class="card bg-light"><div class="card-body p-2"><code><span class="shell-prompt">$ </span>nix-env -i [% HTML.escape(product.path) %][% IF binaryCachePublicUri %] --option binary-caches [% HTML.escape(binaryCachePublicUri) %][% END %]</code></div></div>
[% END %]
[% IF localStore %]
<a class="btn btn-secondary btn-sm" href="[% contents %]">Contents</a>
<a class="btn btn-secondary btn-sm" [% HTML.attributes(href => contents) %]>Contents</a>
[% END %]
</td>
</tr>
@@ -100,8 +100,8 @@
[% filename = build.nixname _ (product.subtype ? "-" _ product.subtype : "") _ ".closure.gz" %]
[% uri = c.uri_for('/build' build.id 'nix' 'closure' filename ) %]
<a href="[% uri %]">
<tt>[% product.path %]</tt>
<a [% HTML.attributes(href => uri) %]>
<tt>[% product.path | html %]</tt>
</a>
</td>
<td>
@@ -110,16 +110,16 @@
all its dependencies can be unpacked into your local Nix
store by doing:</p>
<div class="card bg-light"><div class="card-body p-2"><code><span class="shell-prompt">$ </span>gunzip &lt; [% filename %] | nix-store --import</code></div></div>
<div class="card bg-light"><div class="card-body p-2"><code><span class="shell-prompt">$ </span>gunzip &lt; [% HTML.escape(filename) %] | nix-store --import</code></div></div>
<p>or to download and unpack in one command:</p>
<div class="card bg-light"><div class="card-body p-2"><code><span class="shell-prompt">$ </span>curl [% uri %] | gunzip | nix-store --import</code></div></div>
<div class="card bg-light"><div class="card-body p-2"><code><span class="shell-prompt">$ </span>curl [% HTML.escape(uri) %] | gunzip | nix-store --import</code></div></div>
<p>The package can then be found in the path <tt>[%
product.path %]</tt>. Youll probably also want to do</p>
product.path | html %]</tt>. Youll probably also want to do</p>
<div class="card bg-light"><div class="card-body p-2"><code><span class="shell-prompt">$ </span>nix-env -i [% product.path %]</code></div></div>
<div class="card bg-light"><div class="card-body p-2"><code><span class="shell-prompt">$ </span>nix-env -i [% HTML.escape(product.path) %]</code></div></div>
<p>to actually install the package in your Nix user environment.</p>
@@ -174,16 +174,16 @@
</td>
<td>
Channel expression tarball
[% IF product.subtype != "-" %]for <tt>[% product.subtype %]</tt>[% END %]
[% IF product.subtype != "-" %]for <tt>[% product.subtype | html %]</tt>[% END %]
</td>
[% ELSE %]
<td>File</td>
<td>[% product.subtype %]</td>
<td>[% HTML.escape(product.subtype) %]</td>
[% END %]
[% END %]
<td>
<a href="[% uri %]">
<tt>[% product.name %]</tt>
<a [% HTML.attributes(href => uri) %]>
<tt>[% product.name | html %]</tt>
</a>
</td>
<td>
@@ -191,12 +191,12 @@
<table class="info-table">
[% INCLUDE renderProductLinks %]
<tr><th>File size:</th><td>[% product.filesize %] bytes ([% mibs(product.filesize / (1024 * 1024)) %] MiB)</td></tr>
<tr><th>SHA-256 hash:</th><td><tt>[% product.sha256hash %]</tt></td></tr>
<tr><th>Full path:</th><td><tt>[% product.path %]</tt></td></tr>
<tr><th>SHA-256 hash:</th><td><tt>[% product.sha256hash | html %]</tt></td></tr>
<tr><th>Full path:</th><td><tt>[% product.path | html %]</tt></td></tr>
</table>
[% END %]
[% IF localStore %]
<a class="btn btn-secondary btn-sm" href="[% contents %]">Contents</a>
<a class="btn btn-secondary btn-sm" [% HTML.attributes(href => contents) %]>Contents</a>
[% END %]
</td>
</tr>
@@ -211,15 +211,15 @@
[% CASE "coverage" %]
<td>Code coverage</td>
<td>
<a href="[% uri %]">
<a [% HTML.attributes(href => uri) %]>
Analysis report
</a>
</td>
[% CASE DEFAULT %]
<td>Report</td>
<td>
<a href="[% uri %]">
<tt>[% product.subtype %]</tt>
<a [% HTML.attributes(href => uri) %]>
<tt>[% product.subtype | html %]</tt>
</a>
</td>
[% END %]
@@ -240,7 +240,7 @@
Documentation
</td>
<td>
<a href="[% uri %]">
<a [% HTML.attributes(href => uri) %]>
[% SWITCH product.subtype %]
[% CASE "readme" %]
Read Me!
@@ -249,7 +249,7 @@
[% CASE "release-notes" %]
Release notes
[% CASE DEFAULT %]
[% product.subtype %]
[% HTML.escape(product.subtype) %]
[% END %]
</a>
</td>
@@ -266,12 +266,12 @@
<tr class="product">
<td>
<tt>[% product.type %]</tt>
<tt>[% product.type | html %]</tt>
</td>
<td>
</td>
<td>
[% product %]
[% HTML.escape(product) %]
</td>
<td>
</td>

2
src/root/queue-summary.tt
View File

@@ -39,7 +39,7 @@
[% FOREACH s IN systems %]
<tr>
<td><tt>[% HTML.escape(s.system) %]</tt></td>
<td>[% s.c %]</td>
<td>[% HTML.escape(s.c) %]</td>
</tr>
[% END %]
</tdata>

6
src/root/runcommand-log.tt
View File

@@ -12,9 +12,9 @@
is
[% END %]
the output of a RunCommand execution of the command <tt>[% HTML.escape(runcommandlog.command) %]</tt>
on <a href="[% c.uri_for('/build', build.id) %]">Build [% build.id %]</a>.
on <a [% HTML.attributes(href => c.uri_for('/build', build.id)) %]>Build [% HTML.escape(build.id) %]</a>.
[% IF tail %]
The <a href="[% c.uri_for('/build', build.id, 'runcommandlog', runcommandlog.uuid) %]">full log</a> is also available.
The <a [% HTML.attributes(href => c.uri_for('/build', build.id, 'runcommandlog', runcommandlog.uuid)) %]>full log</a> is also available.
[% END %]
</p>
@@ -33,7 +33,7 @@
[% IF tail %]
/* The server may give us a full log (e.g. if the log is in
S3). So extract the last lines. */
log_data = log_data.split("\n").slice(-[%tail%]).join("\n");
log_data = log_data.split("\n").slice(-[% HTML.escape(tail) %]).join("\n");
[% END %]
$("#contents").text(log_data);

4
src/root/search.tt
View File

@@ -7,7 +7,7 @@
[% IF builds.size > 0 %]
<p>The following builds match your query:[% IF builds.size > limit %] <span class="text-warning">(first [% limit %] results only)</span>[% END %]</p>
<p>The following builds match your query:[% IF builds.size > limit %] <span class="text-warning">(first [% HTML.escape(limit) %] results only)</span>[% END %]</p>
[% INCLUDE renderBuildList %]
@@ -58,7 +58,7 @@
[% IF jobs.size > 0; matched = 1 %]
<p>The following jobs match your query:[% IF jobs.size > limit %] <span class="text-warning">(first [% limit %] results only)</span>[% END %]</p>
<p>The following jobs match your query:[% IF jobs.size > limit %] <span class="text-warning">(first [% HTML.escape(limit) %] results only)</span>[% END %]</p>
<table class="table table-striped table-condensed clickable-rows">
<thead>

6
src/root/steps.tt
View File

@@ -2,7 +2,7 @@
[% PROCESS common.tt %]
<p>Showing steps [% (page - 1) * resultsPerPage + 1 %] - [% (page - 1)
* resultsPerPage + steps.size %] of about [% total %] in
* resultsPerPage + steps.size %] of about [% HTML.escape(total) %] in
order of descending finish time.</p>
<table class="table table-striped table-condensed clickable-rows">
@@ -24,8 +24,8 @@ order of descending finish time.</p>
<td>[% INCLUDE renderBuildStatusIcon buildstatus=step.status size=16 %]</td>
<td><tt>[% step.drvpath.match('-(.*).drv').0 %]</tt></td>
<td><tt>[% INCLUDE renderFullJobNameOfBuild build=step.build %]</tt></td>
<td><a href="[% c.uri_for('/build' step.build.id) %]">[% step.build.id %]</a></td>
<td><a class="row-link" href="[% c.uri_for('/build' step.build.id 'nixlog' step.stepnr 'tail') %]">[% step.stepnr %]</a></td>
<td><a [% HTML.attributes(href => c.uri_for('/build' step.build.id)) %]>[% HTML.escape(step.build.id) %]</a></td>
<td><a class="row-link" [% HTML.attributes(href => c.uri_for('/build' step.build.id 'nixlog' step.stepnr 'tail')) %]>[% HTML.escape(step.stepnr) %]</a></td>
<td>[% INCLUDE renderRelativeDate timestamp=step.stoptime %]</td>
<td style="width: 10em">[% INCLUDE renderDuration duration = step.stoptime - step.starttime %] </td>
<td><tt>[% INCLUDE renderMachineName machine=step.machine %]</tt></td>

10
src/root/style.tt
View File

@@ -4,14 +4,14 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link href="[% c.uri_for("/static/fontawesome/css/all.css") %]" rel="stylesheet" />
<link [% HTML.attributes(href => c.uri_for("/static/fontawesome/css/all.css")) %] rel="stylesheet" />
<script type="text/javascript" src="[% c.uri_for("/static/js/popper.min.js") %]"></script>
<script type="text/javascript" src="[% c.uri_for("/static/bootstrap/js/bootstrap.min.js") %]"></script>
<link href="[% c.uri_for("/static/bootstrap/css/bootstrap.min.css") %]" rel="stylesheet" />
<link [% HTML.attributes(href => c.uri_for("/static/bootstrap/css/bootstrap.min.css")) %] rel="stylesheet" />
<!-- hydra.css may need to be moved to before boostrap to make the @media rule work. -->
<link rel="stylesheet" href="[% c.uri_for("/static/css/hydra.css") %]" type="text/css" />
<link rel="stylesheet" href="[% c.uri_for("/static/css/rotated-th.css") %]" type="text/css" />
<link rel="stylesheet" [% HTML.attributes(href => c.uri_for("/static/css/hydra.css")) %] type="text/css" />
<link rel="stylesheet" [% HTML.attributes(href => c.uri_for("/static/css/rotated-th.css")) %] type="text/css" />
<style>
.popover { max-width: 40%; }
@@ -19,6 +19,6 @@
<script type="text/javascript" src="[% c.uri_for("/static/js/bootbox.min.js") %]"></script>
<link rel="stylesheet" href="[% c.uri_for("/static/css/tree.css") %]" type="text/css" />
<link rel="stylesheet" [% HTML.attributes(href => c.uri_for("/static/css/tree.css")) %] type="text/css" />
<script type="text/javascript" src="[% c.uri_for("/static/js/common.js") %]"></script>

4
src/root/topbar.tt
View File

@@ -1,6 +1,6 @@
[% BLOCK makeSubMenu %]
<li class="nav-item dropdown" [% IF id; HTML.attributes(id => id); END %] >
<a class="nav-link dropdown-toggle" href="#" data-toggle="dropdown">[% title %]<b class="caret"></b></a>
<a class="nav-link dropdown-toggle" href="#" data-toggle="dropdown">[% HTML.escape(title) %]<b class="caret"></b></a>
<div class="dropdown-menu[% IF align == 'right' %] dropdown-menu-right[% END %]">
[% content %]
</div>
@@ -143,7 +143,7 @@
<div class="dropdown-divider"></div>
[% END %]
[% IF c.config.github_client_id %]
<a class="dropdown-item" href="/github-redirect?after=[% c.req.path %]">Sign in with GitHub</a>
<a class="dropdown-item" href="/github-redirect?after=[% c.req.path | uri %]">Sign in with GitHub</a>
<div class="dropdown-divider"></div>
[% END %]
<a class="dropdown-item" href="#hydra-signin" data-toggle="modal">Sign in with a Hydra account</a>

2
src/root/user.tt
View File

@@ -17,7 +17,7 @@
disabled="disabled"
[% END %]
[% HTML.attributes(id => "role-${role}", value => role) %] />
<label [% HTML.attributes(for => "role-${role}") %]> [% role %]</label><br />
<label [% HTML.attributes(for => "role-${role}") %]> [% HTML.escape(role) %]</label><br />
[% END %]
<form>

6
src/root/users.tt
View File

@@ -14,17 +14,17 @@
<tbody>
[% FOREACH u IN users %]
<tr>
<td><a class="row-link" href="[% c.uri_for(c.controller('User').action_for('edit'), [u.username]) %]">[% HTML.escape(u.username) %]</a></td>
<td><a class="row-link" [% HTML.attributes(href => c.uri_for(c.controller('User').action_for('edit'), [u.username])) %]>[% HTML.escape(u.username) %]</a></td>
<td>[% HTML.escape(u.fullname) %]</td>
<td>[% HTML.escape(u.emailaddress) %]</td>
<td>[% FOREACH r IN u.userroles %]<i>[% r.role %]</i> [% END %]</td>
<td>[% FOREACH r IN u.userroles %]<i>[% HTML.escape(r.role) %]</i> [% END %]</td>
<td>[% IF u.emailonerror %]Yes[% ELSE %]No[% END %]</td>
</tr>
[% END %]
</tbody>
</table>
<a class="btn btn-primary" href="[% c.uri_for(c.controller('Root').action_for('register')) %]">
<a class="btn btn-primary" [% HTML.attributes(href => c.uri_for(c.controller('Root').action_for('register'))) %]>
<i class="fas fa-plus"></i> Add a new user
</a>