ahuston-0/hydra
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
4,457 Commits 3 Branches 0 Tags
b47b187553d206366261ea0cee41627a4848004c
Commit Graph

4457 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jörg Thalheim
b47b187553 webhooks: implement authentication for GitHub and Gitea 
- Add HMAC-SHA256 signature verification for webhooks
- Support multiple secrets for rotation
- Add security logging for authentication events
- Maintain backward compatibility (auth optional during migration)
- Add comprehensive test coverage

Without authentication, anyone could trigger job evaluations by sending
POST requests to webhook endpoints. This could lead to resource exhaustion
through repeated requests or manipulation of build scheduling. While not
a data breach risk, it allows unauthorized control over CI/CD operations.
 2025-08-10 12:41:47 +02:00
John Ericson
79ba8fdd04 Merge pull request #1505 from NixOS/no-built-scripts-meson-shell 
package.nix: fix PATH for devshell
 2025-08-05 14:35:14 +00:00
Jörg Thalheim
c645b7ff67 package.nix: fix PATH for devshell 
We don't install scripts to build so this must point to src
 2025-08-05 00:22:46 +02:00
John Ericson
c12d0a66d8 Merge pull request #1503 from NixOS/libpqxx-and-ci 
Libpqxx and ci
 2025-08-04 22:13:09 +00:00
Jörg Thalheim
2f6ec150ec ci: also build on aarch64-linux 2025-08-04 17:44:16 -04:00
Jörg Thalheim
2b4f4cf6f4 cache build with the magic nix cache 2025-08-04 17:44:16 -04:00
Jörg Thalheim
e33b4f88dc queue-runner: Add missing signal.h include for SIGINT and kill() 2025-08-04 17:44:16 -04:00
Jörg Thalheim
a9b89ee779 Migrate from deprecated notification_receiver to connection::listen() 
libpqxx 7.10.1 deprecates the notification_receiver class.
 2025-08-04 17:44:16 -04:00
Jörg Thalheim
84b4fe36b6 Fix libpqxx 7.10.1 API compatibility 
- Replace deprecated exec_params/exec_params0 calls with exec()
- Wrap all parameterized queries with pqxx::params{}
- Add .no_rows()/.one_row() to exec calls that don't return results
 2025-08-04 17:44:16 -04:00
Jörg Thalheim
081d0c079a hydra-eval-jobs: unset NIX_PATH 2025-08-04 17:44:16 -04:00
Jörg Thalheim
a75c5a405c docs/hacking: document how to run single tests 2025-08-04 17:44:16 -04:00
Janne Heß
957884d174 Merge pull request #1501 from NixOS/fix/useless-message 
Remove useless previous eval message
 2025-08-02 12:26:54 +00:00
Janne Heß
05a05667d8 Merge branch 'master' into fix/useless-message 2025-08-02 14:21:44 +02:00
Janne Heß
0527fddd6a Remove useless previous eval message 
This message serves no purpose and looks like something went wrong.
There is nothing wrong, there is just no previous evaluation.
 2025-08-02 14:20:59 +02:00
Janne Heß
0017a1d0f3 Merge pull request #1498 from NixOS/feat/new-q-runner-machine-status 
machine-status: Render new queue runner details
 2025-08-02 12:11:07 +00:00
Janne Heß
e9895e81af Merge branch 'master' into feat/new-q-runner-machine-status 2025-08-02 14:05:55 +02:00
Janne Heß
424a767035 Merge pull request #1500 from NixOS/feat/improve-developer-expercience 
Improve general developer experience
 2025-08-02 12:05:41 +00:00
Janne Heß
7096ae3a5b machine-status: Fixup double localhost during development 2025-08-02 14:05:23 +02:00
Janne Heß
ec3d0c696b Fix the evaluator not finding hydra-eval-jobset 2025-08-02 13:53:25 +02:00
Janne Heß
d2c10bf851 Fixup static libraries in development server 2025-08-02 13:53:22 +02:00
Janne Heß
80b9d82ea4 Fix meson and ninja commands and link bootstrap 2025-08-02 13:41:39 +02:00
Janne Heß
85ab735653 Add nix-direnv 2025-08-02 13:41:16 +02:00
Janne Heß
632a59172a machine-status: Make new runner status prettier 
- Remove bottom margin
- Properly format memory in human format
- Calculate free memory
- Format the load with 2 digits after comma
- Lpad pressure percentages
- Use a macro to render pressure
- Score -> Scheduling Score
- More spacing in the load
- Add IRQ pressure
 2025-08-01 11:25:14 +02:00
Janne Heß
95f5d331ee Merge pull request #1499 from NixOS/feat/document-pg-conncetion 
Document how to connect to postgres
 2025-07-31 16:54:32 +00:00
Janne Heß
6e9e13333f Document how to connect to postgres 2025-07-31 18:48:47 +02:00
Janne Heß
7b1968236d machine-status: Render new queue runner details 2025-07-31 18:45:04 +02:00
Janne Heß
b812bb5017 Merge pull request #869 from andir/patch-1 
Add Queue Runner Status to the topbar
 2025-07-17 21:31:27 +00:00
Janne Heß
61573c71d1 Merge pull request #1497 from helsinki-systems/feat/show-new-q-runner-status 
Show queue runner v2 status
 2025-07-17 21:30:36 +00:00
Janne Heß
f50263976c Merge branch 'master' into patch-1 2025-07-17 23:21:18 +02:00
Janne Heß
c413b275ff Merge pull request #1206 from iwanders/CORE-21733-add-link-to-raw-log 
Add a link to the raw log.
 2025-07-16 20:18:43 +00:00
John Ericson
f7a9113166 Merge pull request #1494 from SuperSandro2000/patch-2 
module: sync with nixpkgs
 2025-07-16 19:44:14 +00:00
Janne Heß
97ec796db5 Merge branch 'master' into CORE-21733-add-link-to-raw-log 2025-07-16 18:42:40 +02:00
Janne Heß
42400ef20c Merge pull request #1156 from helsinki-systems/fix/local-store-detection 
Fix local store detection and related issues
 2025-07-16 16:31:15 +00:00
Janne Heß
2fcfa969b8 Merge branch 'master' into fix/local-store-detection 2025-07-16 18:25:54 +02:00
Janne Heß
4f3b783d30 Merge pull request #1493 from NixOS/hostname-utility 
Replace nettools with hostname-debian
 2025-07-16 16:22:17 +00:00
Janne Heß
80980f8b32 Fix PATH for the foreman scripts 2025-07-16 17:39:19 +02:00
Janne Heß
d0008d4238 Show queue runner v2 status 
This is guarded behind a setting and will overwrite everything that was
learned from the machines file. Also drops `sshKeys` since that wasn't
used anyway.
 2025-07-16 17:39:06 +02:00
Janne Heß
3b89d2d6b5 Merge pull request #1495 from Erethon/fix-nix-download-url 
fix: Update Nix download url
 2025-07-15 19:16:32 +00:00
Dionysis Grigoropoulos
62fcacb7d2 fix: Update Nix download url 2025-07-15 19:45:13 +03:00
Sandro
b3b48bc237 module: sync with nixpkgs 2025-07-04 12:01:42 +02:00
Martin Weinelt
c544042051 Replace nettools with hostname-debian 
As far as I understand we include nettools for its hostname executable
used by the Sys-Hostname-Long perl package. But if we just need that then
the hostname-debian package provides a simpler and better maintained
version.
 2025-07-04 06:46:35 +02:00
Jörg Thalheim
aa62c7f7db Merge pull request #1490 from NixOS/update-flakes 
Update flake inputs
 2025-06-24 23:19:28 +00:00
Mic92
605a0e9ce9 flake.lock: Update 2025-06-25 01:03:35 +02:00
Jörg Thalheim
6786e52eb5 Merge pull request #1489 from NixOS/ci 
github: update test workflow to use latest nix &  add update-flakes action
 2025-06-24 16:51:54 +00:00
Jörg Thalheim
9efe38c60b add update-flakes action 2025-06-24 18:46:33 +02:00
Jörg Thalheim
c621f27482 test: bump used nix version 2025-06-24 18:45:14 +02:00
John Ericson
ed500ca434 Merge pull request #1202 from thejohncrafter/doc-request-base 
docs: refine instructions for proxy setting
 2025-06-15 22:14:38 +00:00
Julien Marquet
635aff50dd docs: refine instructions for proxy setting 2025-05-27 12:45:12 -04:00
Jörg Thalheim
2e3c168ec4 Merge pull request #1487 from tomjnixon/reverse_proxy_docs 
doc/manual: correct nginx reverse proxy example
 2025-05-27 04:58:53 +00:00
John Ericson
362524b563 Merge pull request #1485 from NixOS/nix-2.29 
Nix 2.29
 2025-05-26 05:17:23 +00:00