feat(ops/buildkite-api-proxy): init

This provides a very simple http server, receiving a git sha1 and querying the buildkite api for the status - the same that's previously done by the frontend, but now without exposing the (read-only) token to users. We can add caching / rate-limiting if the need arises, for now we just propagate the `cache-control` headers (which seem to be set at "cache-control: max-age=0, private, must-revalidate" currently anyways) Part of #118. Change-Id: I8989a74cb2b278139d988089ff8d6e59e00969e4 Reviewed-on: https://cl.snix.dev/c/snix/+/30403 Reviewed-by: edef <edef@edef.eu> Tested-by: besadii Autosubmit: Florian Klink <flokli@flokli.de>
2025-05-04 01:05:09 +03:00 · 2025-05-04 01:05:09 +03:00 · 54c313c9b2
commit 54c313c9b2
parent ba1e30cfa3
4 changed files with 149 additions and 0 deletions
--- a/ops/buildkite-api-proxy/default.nix
+++ b/ops/buildkite-api-proxy/default.nix
@ -0,0 +1,14 @@
+{ pkgs, lib, ... }:
+
+pkgs.buildGoModule {
+  name = "buildkite-api-proxy";
+  src = lib.fileset.toSource {
+    root = ./.;
+    fileset = lib.fileset.unions [
+      ./main.go
+      ./go.mod
+      ./go.sum
+    ];
+  };
+  vendorHash = "sha256-YtLQYW1W+i9Zkw01kZf/xxJd1X5ttIutqlRpHNWvp4Y=";
+}