ahuston-0/hydra
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
4,513 Commits 4 Branches 0 Tags
d0991730b668df4bc344e0c75c73dae0d9335431
Commit Graph

4513 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ahuston-0
d0991730b6 sync gitea changes with github changes 2025-10-10 16:29:05 -04:00
ahuston-0
437e4efea2 add declaritive hydra spec 2025-10-10 16:29:05 -04:00
ahuston-0
ba588429cf add gitea refs 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
Reviewed-on: https://<censored>/ahuston-0/hydra/pulls/1
 2025-10-10 16:29:05 -04:00
ahuston-0
0c9ed318f9 add Gitea pulls docs entry 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2025-10-10 16:29:05 -04:00
Faye Chun
4a2c2b4c49 Add a plugin to poll Gitea pull requests 
Based off the existing GithubPulls.pm and GitlabPulls.pm plugins.

Also adds an integration test for the new 'giteapulls' input type to
the existing 'gitea' test.
 2025-10-10 16:29:05 -04:00
John Ericson
f1463d4bce Merge pull request #1522 from NixOS/no-jq 
hydra-plugins: replace jq with perl's own canonical json output
 2025-10-10 14:19:58 +00:00
John Ericson
94eaad22bc Merge pull request #1528 from NixOS/nix-2.31 
Bump to nix/nix-eval-jobs 2.31
 2025-10-08 21:07:05 +00:00
Jörg Thalheim
a499063834 bump to nix/nix-eval-jobs 2.31 2025-10-08 16:47:31 -04:00
John Ericson
3059dc16a3 Merge pull request #1502 from NixOS/nix-2.30-fix 
Update hydra to nix 2.30
 2025-10-06 20:39:33 +00:00
John Ericson
d36b943e93 Skip content-addressing test for now 
It is hard to debug.
 2025-10-06 16:18:17 -04:00
Jörg Thalheim
4b2d60e185 bump to nix/nix-eval-jobs 2.30 2025-10-06 16:18:17 -04:00
John Ericson
528a623b32 Merge pull request #1492 from NixOS/update-flakes 
Update flake inputs
 2025-10-06 18:31:46 +00:00
github-merge-queue
06be60349b flake.lock: Update 2025-10-06 14:08:38 -04:00
Jörg Thalheim
274027eb50 Merge pull request #1521 from NixOS/download-regression 
Fix download regression
 2025-09-13 08:10:38 +00:00
Jörg Thalheim
a329537e55 Merge pull request #1523 from NixOS/gitea 
tests: Gitea test nitpicks
 2025-09-13 08:01:10 +00:00
Jörg Thalheim
5f8ae153b4 tests: Gitea test nitpicks 
- Add proper waitpid() for child process cleanup
- Simplify file existence check loop with early exit
- Rename variables for clarity ($uri -> $request_uri, remove unused $i)
 2025-09-13 09:36:53 +02:00
Jörg Thalheim
990fe22f80 add regression test for download api 2025-09-13 09:27:31 +02:00
Jörg Thalheim
7fa3da755e hydra-plugins: replace jq with perl's own canonical json output 2025-09-13 09:18:05 +02:00
Jörg Thalheim
56f07573ea Avoid shadowing internal run function by renaming it to runCommand 
see https://github.com/NixOS/hydra/issues/1520
 2025-09-12 21:45:58 +02:00
Martin Weinelt
8481acda2f Merge pull request #1516 from Notarin/master 
docs: tiny typo fix in README.md
 2025-08-30 12:11:30 +00:00
Notarin Steele
75824e546f docs: tiny typo fix in README.md 2025-08-29 22:28:38 -04:00
Jörg Thalheim
b0c1f689c2 Merge pull request #1506 from NixOS/ipc 
Stop shelling out
 2025-08-29 09:15:49 +00:00
Jörg Thalheim
a4d7e7df93 Merge pull request #1514 from NixOS/no-eval-cache 
hydra-eval-jobset: disable eval cache
 2025-08-29 09:15:34 +00:00
Jörg Thalheim
5cc6ae3ca3 replace all system() shell invocation with safer non-shell alternative 2025-08-28 13:08:59 +02:00
Jörg Thalheim
19280b3466 perlcritic: run with --quiet flag to not log all files 
we only want warnings, we don't care which files have been checked.
 2025-08-28 13:08:59 +02:00
Jörg Thalheim
c6139736ed add perlcritic module to disallow system/exec 2025-08-28 13:08:59 +02:00
Jörg Thalheim
29734ae51f replace backtick operator with run3 2025-08-28 13:08:59 +02:00
Jörg Thalheim
38b4d5fa0f perlcritic: no longer allow qx/backticks 2025-08-28 13:08:59 +02:00
Jörg Thalheim
137761f8cc hydra-eval-jobset: disable eval cache 2025-08-28 12:08:01 +02:00
Jörg Thalheim
06d20bb8e0 Merge pull request #1513 from dermetfan/doc-force-push 
document `force` parameter for `/api/push`
 2025-08-27 08:28:42 +00:00
Robin Stumm
c25a2f626d document force parameter for /api/push 2025-08-26 14:38:18 +02:00
Jörg Thalheim
0d2a030661 Merge pull request #1510 from NixOS/fix/too-much-xss 
Fix too much XSS protections
 2025-08-14 16:26:09 +00:00
Janne Heß
fd0b8ec8e0 Fix too much XSS protections 
- Fixes build graphs
- Fixes pagination
- Fixes pressure of new queue runner
 2025-08-14 12:25:17 +02:00
Jörg Thalheim
81fd47df42 Merge pull request #1504 from ulucs/patch-1 
Correctly apply the setting `allow_import_from_derivation = true`
 2025-08-13 06:48:18 +00:00
Jörg Thalheim
2c4460942d Merge pull request #1509 from SuperSandro2000/patch-2 
Fix webhook-secrets.conf permissions for real
 2025-08-13 06:47:48 +00:00
Martin Weinelt
2e41e7e8e2 Merge pull request #1507 from NixOS/compare-active-jobsets 
jobset-eval: reduce compare options to active jobsets
 2025-08-12 22:42:08 +00:00
Sandro
242eb72dbb Fix webhook-secrets.conf permissions for real 
I did not notice in #1508 that the hydra evaluator now crashed because the hydra config is shared between all components, all of them need to be able to read the secret.
 2025-08-12 23:38:05 +02:00
Janne Heß
bddf15de46 Merge pull request #1508 from SuperSandro2000/patch-2 
Fix webhook-secrets.conf permissions
 2025-08-12 16:55:57 +00:00
Sandro
5f530d7d56 Fix webhook-secrets.conf permissions 
The secret is read by hydra-server which is run under hydra-www so that needs to be able to read the file.
 2025-08-12 16:36:39 +02:00
Martin Weinelt
e851d9f9f6 jobset-eval: reduce compare options to active jobsets 
The list of jobsets is very high on hydra.nixos.org and the compare to
dropdown listing goes over multiple full pages in the busy projects.

If we ignore jobsets that we disable this interface becomes more usable
again.
 2025-08-12 12:40:12 +02:00
Janne Heß
f7bda020c6 Merge commit from fork 
webhooks: implement authentication for GitHub and Gitea
 2025-08-12 12:10:29 +02:00
Janne Heß
dea1e168f5 Merge commit from fork 
Fix GHSA-7qwg-q53v-vh99
 2025-08-12 12:06:18 +02:00
Jörg Thalheim
b47b187553 webhooks: implement authentication for GitHub and Gitea 
- Add HMAC-SHA256 signature verification for webhooks
- Support multiple secrets for rotation
- Add security logging for authentication events
- Maintain backward compatibility (auth optional during migration)
- Add comprehensive test coverage

Without authentication, anyone could trigger job evaluations by sending
POST requests to webhook endpoints. This could lead to resource exhaustion
through repeated requests or manipulation of build scheduling. While not
a data breach risk, it allows unauthorized control over CI/CD operations.
 2025-08-10 12:41:47 +02:00
Janne Heß
c6424f37a6 templates: Hopefully escape all template inputs 2025-08-10 12:40:21 +02:00
Janne Heß
b94f47ed27 templates: Make whitespace in [% %] consistent 2025-08-10 12:40:21 +02:00
Janne Heß
615798a51e templates: Use HTML.attributes for all links 2025-08-10 12:40:21 +02:00
Janne Heß
99a6656b40 build: Properly escape all input values 2025-08-10 12:40:21 +02:00
Janne Heß
33b5c6fb41 product-list: Escape untrusted values 2025-08-10 12:40:21 +02:00
Janne Heß
5f226f3b6f hydra-queue-runner: Validate metric type 2025-08-10 12:40:21 +02:00
Janne Heß
7c4f0ab01a hydra-queue-runner: Validate hydra-metrics unit 2025-08-10 12:40:21 +02:00