hydra

Author	SHA1	Message	Date
Jörg Thalheim	f2cbf14f7e	webhooks: implement authentication for GitHub and Gitea - Add HMAC-SHA256 signature verification for webhooks - Support multiple secrets for rotation - Add security logging for authentication events - Maintain backward compatibility (auth optional during migration) - Add comprehensive test coverage Without authentication, anyone could trigger job evaluations by sending POST requests to webhook endpoints. This could lead to resource exhaustion through repeated requests or manipulation of build scheduling. While not a data breach risk, it allows unauthorized control over CI/CD operations.	2025-09-07 22:48:40 -04:00
ajs124	17094c8371	lazy-load evaluation errors Closes #1362	2025-04-09 11:31:47 -04:00
Jörg Thalheim	b6f44b5cd0	Merge pull request #1402 from NixOS/like-sub tests: use `like` for testing regexes	2024-09-15 23:50:13 +02:00
Martin Weinelt	f730433789	Create eval-jobset role and guard /api/push route	2024-08-27 19:49:05 +02:00
Janne Heß	916531dc9c	api: Require POST for /api/push	2024-08-27 17:52:13 +02:00
Jörg Thalheim	250780aaf2	tests: use `like` for testing regexes This gives us better diagnostics when the test fails.	2024-08-21 08:34:25 +02:00
Maximilian Bosch	fd765bc97a	Fix "My Jobs" tab in user dashboard Nowadays `Builds` doesn't reference `Project` directly anymore. This means that simply resolving both `jobset` and `project` with a single JOIN from `Builds` doesn't work anymore. Instead we need to resolve the relation to `jobset` first and then the relation to `project`. For similar fixes see e.g. `c7c4759600`.	2022-11-22 20:54:51 +01:00
Maximilian Bosch	d3fe4ffbf6	Job: expose `closuresize` and `size` (output size in the UI) as prometheus metrics	2022-09-22 10:47:22 +02:00
Graham Christensen	5c90edd19f	Merge pull request #1103 from DeterminateSystems/runcommand/dynamic Dynamic RunCommand	2022-04-19 10:09:47 -04:00
Graham Christensen	78e9872251	ldap.t: write the password to an external .conf file	2022-02-11 11:27:10 -05:00
Graham Christensen	848fb3b265	ldap-legacy.t: specify the root password manually	2022-02-11 11:26:56 -05:00
Graham Christensen	f07fb7d279	LDAP support: include BC support for the YAML based loading Includes a refactoring of the configuration loader.	2022-02-11 10:49:38 -05:00
Graham Christensen	76b4b43ac5	Move ldap.t to a legacy-ldap.t, make ldap.t use the new format config.	2022-02-11 10:49:38 -05:00
Graham Christensen	80c6525029	LDAP: Create a test which does not use a VM	2022-02-09 20:56:10 -05:00
Graham Christensen	845e6d4760	captureStdoutStderr*: move to Hydra::Helper::Exec which helps avoid some environment variable fixation problems	2022-02-09 14:28:50 -05:00
Graham Christensen	2635607b6e	whoops: add a test on the enable_dynamic_run_command field	2022-02-01 10:58:54 -05:00
Graham Christensen	1affb1cfb1	jobset API: expose and check the enable_dynamic_run_command	2022-02-01 10:58:54 -05:00
Graham Christensen	726ea80e99	HTTP/Jobset: support setting / reading enable_dynamic_run_command	2022-02-01 10:58:54 -05:00
Graham Christensen	2abcd84931	Merge pull request #1115 from DeterminateSystems/project-jobset/builds-json-repr Project jobset: update builds json repr	2022-01-15 12:09:45 -05:00
Graham Christensen	cb68629417	test a Build's json representation	2022-01-14 21:19:48 -05:00
Graham Christensen	f4c4b496d8	Projects: delete: delete all builds first Deleting jobsets first would fail because buildmetrics has an FK to the jobset. However, the jobset / project relationship is not marked as CASCADE. Deleting all the builds automatically cascades to delete buildmetrics, so deleting the relevant builds first, then deleting the jobset solves it.	2022-01-14 20:37:55 -05:00
Graham Christensen	0044622198	Projects: test deleting	2022-01-14 20:36:52 -05:00
Graham Christensen	8ae2daece7	root: test /steps and /evals	2022-01-14 16:49:58 -05:00
Graham Christensen	e0e8840d8f	Test /search	2022-01-14 16:38:25 -05:00
Graham Christensen	42a871e413	Merge pull request #1111 from DeterminateSystems/project-jobset/queue-summary-machines Project jobset columns: fixup /queue-summary and /machines	2022-01-14 15:34:43 -05:00
Graham Christensen	bdccad573c	machines: test	2022-01-14 15:23:19 -05:00
Graham Christensen	da516f70a4	queue summary: test	2022-01-14 15:23:19 -05:00
Graham Christensen	a81e358016	API: test api/push-github	2022-01-14 14:57:32 -05:00
Graham Christensen	20db82b001	API test /api/push	2022-01-14 14:57:24 -05:00
Graham Christensen	fe095a56c5	API: test /nrbuilds and fix jobset / project references	2022-01-14 14:57:15 -05:00
Graham Christensen	e5c8a35423	API: test fetching the queue and latestbuilds	2022-01-14 14:57:03 -05:00
Graham Christensen	8383679bf6	test /queue and /status, both of which use buildListColumns	2022-01-14 12:48:51 -05:00
Graham Christensen	59d0259220	test /eval/ID/channel works Uses buildListColumns	2022-01-14 12:48:51 -05:00
Graham Christensen	2de40f86ec	test /job/PROJECT/JOBSET/JOB works Uses buildListColumns	2022-01-14 12:48:51 -05:00
Graham Christensen	4a07622195	test /job/PROJECT/JOBSET/JOB/prometheus works Uses buildListColumns	2022-01-14 12:48:51 -05:00
Graham Christensen	b37ca88fd5	test /job/PROJECT/JOBSET/JOB/shield works Uses buildListColumns	2022-01-14 12:48:51 -05:00
Graham Christensen	796cae0fd0	Test Job's builds and channel pages	2022-01-14 11:52:07 -05:00
Graham Christensen	a2adb8cfb6	Test Jobset's builds and channel pages	2022-01-14 11:28:39 -05:00
Graham Christensen	23d7046522	t/Controller/Build/constituents.t: assert the response is valid JSON, dump if it isn't	2022-01-14 11:28:39 -05:00
Graham Christensen	9291cba89f	Project: tests we can get the channel for the latest builds	2022-01-14 11:28:39 -05:00
Graham Christensen	dcefb88373	test /project/NAME/all returns a 200	2022-01-14 11:28:39 -05:00
Graham Christensen	ca6ba409de	Relocate new tests in to the Hydra subdir	2022-01-11 09:54:51 -05:00
Graham Christensen	a5d1d36fa6	Tests: restructure to more closely mirror the sources t/ had lots of directories and files mirroring src/lib/Hydra. This moves those files under t/Hydra	2022-01-10 15:34:52 -05:00

43 Commits