There's two Roles for the Forgejo application, "Admin" and
"Contributors".
Everyone gets the "Contributor" role assigned automatically (it doesn't
really give you a ton of privileges).
Regarding mapping Gerrit groups, it seems there's no support for this in
the `gerrit-oauth-provider` plugin (yet) -
see https://github.com/davido/gerrit-oauth-provider/issues/170.
Fixes#73.
Change-Id: I3cbb968e664125b1f08235db3008d1dbf778922a
Reviewed-on: https://cl.snix.dev/c/snix/+/30477
Tested-by: besadii
Reviewed-by: Jonas Chevalier <zimbatm@zimbatm.com>
Autosubmit: Florian Klink <flokli@flokli.de>
keycloak_openid_user_client_role_protocol_mapper.grafana_role_mapper was
missing. It is configured to make the client roles for this Application
(and only those for this application) available in the grafana_roles
claim.
We can also disable full scope, as we're not interested in other role
mappings.
The Terraform files are a bit reorganized, everything configuring the
Grafana client lives in grafana.tf (and vice-versa for Forgejo,
Buildkite and Gerrit). The only thing left in permissions.tf is global
groups, their memberships and mappings.
Change-Id: I37b0755f4f8658518083353ec6cc0193e805d5c2
Reviewed-on: https://cl.snix.dev/c/snix/+/30476
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Jonas Chevalier <zimbatm@zimbatm.com>
A mention of these different builders is included in the a footnote
in the documentation, and various issues for the different TODOs were
created:
- #128 Implement bwrap-based Builder
- #129 Implement gVisor-based builder
- #130 Implement Cloud Hypervisor-based builder
- #131 OCI builder: add preflight checks
- #132 BuildService: refactor to be more granular
Change-Id: I349b799e233ba8bef39a139cf2453d3214bb69b3
Reviewed-on: https://cl.snix.dev/c/snix/+/30474
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Jonas Chevalier <zimbatm@zimbatm.com>
This was most likely meant to refer to `exportReferencesGraph`, not
`fetchClosure`. `fetchClosure` is not used in nixpkgs - I created #127
still.
Issue #44 is extended to mention `ExportedPathInfo`.
Change-Id: Id898cb381db02c83888dc395cf3ab01ae6baf2aa
Reviewed-on: https://cl.snix.dev/c/snix/+/30473
Reviewed-by: Jonas Chevalier <zimbatm@zimbatm.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
This is very generic and not helpful.
Change-Id: Ie851e0e293023ab1794c6815e0a0e188471f509b
Reviewed-on: https://cl.snix.dev/c/snix/+/30471
Reviewed-by: Jonas Chevalier <zimbatm@zimbatm.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
This was already migrated to use a BigtableParameters struct, similar to
other backends.
Change-Id: Icc8a4902a6f24ce4a7f965abc800726b09030cb3
Reviewed-on: https://cl.snix.dev/c/snix/+/30470
Reviewed-by: Jonas Chevalier <zimbatm@zimbatm.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
This was migrated to #122 and #123.
Change-Id: I5196a12530fe420c7682312774e14807df688928
Reviewed-on: https://cl.snix.dev/c/snix/+/30467
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Jonas Chevalier <zimbatm@zimbatm.com>
These don't make sense without a parent, move these one level up.
Change-Id: I492e43da1d1a429e7c46b65b0c676d5d8c54fdf6
Reviewed-on: https://cl.snix.dev/c/snix/+/30466
Tested-by: besadii
Reviewed-by: Jonas Chevalier <zimbatm@zimbatm.com>
Autosubmit: Florian Klink <flokli@flokli.de>
This has been migrated to #64 a while ago.
Change-Id: Iec15043650284ac7c2cb62863028f360675bdc82
Reviewed-on: https://cl.snix.dev/c/snix/+/30465
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Jonas Chevalier <zimbatm@zimbatm.com>
This is slowly being plucked apart and migrated to more suitable places.
Change-Id: Ib4f4e76601a657cfef85dc759f8ec9bde4eadb86
Reviewed-on: https://cl.snix.dev/c/snix/+/30464
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Jonas Chevalier <zimbatm@zimbatm.com>
This makes them yellow, with a triangle, and a "Caution" title, which is
more appropriate for these warnings.
Change-Id: I2a99db30427bfd6003766214026c9be66acf8a0e
Reviewed-on: https://cl.snix.dev/c/snix/+/30450
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Vova Kryachko <v.kryachko@gmail.com>
Tested-by: besadii
Back when initially working on this, having all info about the Build in
one struct seemed a good idea for some future CI interface, but right
now this simply raises more questions and is quite theoretic.
Let's drop it for now, we can reintroduce it, or other request methods
when we get to it.
Change-Id: I105a8d5ae8bd7e0d5f8ee3e7edf2597100b43119
Reviewed-on: https://cl.snix.dev/c/snix/+/30425
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Vova Kryachko <v.kryachko@gmail.com>
The last example is TOML too, and flipping the order of footnotes and
expanded link URLs (or however that's called) fixes them.
Change-Id: Ia8f1dc72e2622f41b18fb4746966e667d9882456
Reviewed-on: https://cl.snix.dev/c/snix/+/30446
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Vova Kryachko <v.kryachko@gmail.com>
Put it in Guides, as it provides some examples at the end as well.
Change-Id: Ic5cd78bcda09c3bb82eeaa88ff0c959c4c876bd7
Reviewed-on: https://cl.snix.dev/c/snix/+/30445
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Yureka <snix@yuka.dev>
Tested-by: besadii
This makes it possible to fetch refs/meta/config from the forgejo
endpoint too. It was possible to fetch it from Gerrit directly before,
so this isn't more or less private than before.
Forgejo doesn't seem to provide an endpoint to link to refs/meta/config,
but it's perfectly fine to view the tree for a given commit from there:
dd5ed6266a
Change-Id: I9bbfb8c5994118e6a205e84d5584cc82a560cc23
Reviewed-on: https://cl.snix.dev/c/snix/+/30444
Reviewed-by: Vova Kryachko <v.kryachko@gmail.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
We stopped using them a while ago, no need to replicate.
Change-Id: I584a584b401ed357eba6d8f2349d2be40684765e
Reviewed-on: https://cl.snix.dev/c/snix/+/30443
Reviewed-by: Vova Kryachko <v.kryachko@gmail.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Part of #114
cargo fix wanted to rewrite `if let else` to match statements, but i
reverted them as they dont belong in this cl.
There weren't any warnings about locks (relative drop order changed in
2024)
Change-Id: I9c851ef8e214a481cbe7b4cf9b2634b5d56970d4
Reviewed-on: https://cl.snix.dev/c/snix/+/30369
Autosubmit: Bence Nemes <nemes.bence1@gmail.com>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Reviewed-by: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Since https://github.com/bornhack/bornhack-website/pull/1838, users can
set their preferred username there, so it can be correctly propagated
to Keycloak.
Change-Id: If492d4b92b420c07b9e1450883ccb30a18802a42
Reviewed-on: https://cl.snix.dev/c/snix/+/30424
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: Florian Klink <flokli@flokli.de>
This allows piping NAR data through a reader, and writing it back out to
a writer.
It can be used to validate a NAR to be syntactically correct, or to read
exactly to the end of a NAR file if the size is not given externally.
Change-Id: I0fc8d58e68783400d1cfee75c860138915974f3d
Reviewed-on: https://cl.snix.dev/c/snix/+/30423
Tested-by: besadii
Reviewed-by: edef <edef@edef.eu>
Autosubmit: Florian Klink <flokli@flokli.de>
This changes the BuildService trait to return a typed `BuildResult`,
which bundles the refscan info alongside the castore nodes.
The proto type is renamed to BuildResponse, to better map to gRPC
semantics.
In proto land, we don't send the name for outputs anymore, be it the
full path or the last component, as there's never been a guarantee this
is a valid PathComponent. That entry is now required to be anonymous.
The path of an output can be retrieved by looking at the original
BuildRequest.
Change-Id: If5ce3a009cd3dd6bb6505cd51d5f4deda261ea85
Reviewed-on: https://cl.snix.dev/c/snix/+/30387
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Vova Kryachko <v.kryachko@gmail.com>
This points our own gerrit check to the deployed buildkite-api-proxy,
updates the URL and stops sending an outdated token.
Fixes#118.
Change-Id: Ic7ace4d67a6bd05c408ac14fe988ae3fe829a49b
Reviewed-on: https://cl.snix.dev/c/snix/+/30406
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: edef <edef@edef.eu>
This is a read-only Buildkite token, it was generated and installed by
flokli@ and has read_builds, read_build_logs, and read_pipelines
permissions.
Part of #118.
Change-Id: I0bbfbab9ad1152ff8e781b7380f44d3cd7245bab
Reviewed-on: https://cl.snix.dev/c/snix/+/30404
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: edef <edef@edef.eu>
This provides a very simple http server, receiving a git sha1 and
querying the buildkite api for the status - the same that's previously
done by the frontend, but now without exposing the (read-only) token
to users.
We can add caching / rate-limiting if the need arises, for now we
just propagate the `cache-control` headers (which seem to be set at
"cache-control: max-age=0, private, must-revalidate" currently anyways)
Part of #118.
Change-Id: I8989a74cb2b278139d988089ff8d6e59e00969e4
Reviewed-on: https://cl.snix.dev/c/snix/+/30403
Reviewed-by: edef <edef@edef.eu>
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
besadii is called as `patchset-created` or `change-merged`, not
`ref-updated`.
Change-Id: I843f2d749ab152fb0061b6a9da44775ed58a9eae
Reviewed-on: https://cl.snix.dev/c/snix/+/30344
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
There is no point in separately checking lt/eq/gt separately when we
always need the full ordering anyway.
Change-Id: I993108029d205ac17f01acdb6dbf9b2f0cd80f28
Reviewed-on: https://cl.snix.dev/c/snix/+/30372
Reviewed-by: Florian Klink <flokli@flokli.de>
Tested-by: besadii
We can just iterate key-value pairs for our merge sort, rather than
relying on unsafe to get us the value without costing us a presence
check.
Change-Id: I7145a1b2f33a8510de8d7fbd1a12804517a78042
Reviewed-on: https://cl.snix.dev/c/snix/+/30371
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
This blocks a bunch of AI scrapers from Forgejo, which seems to be
particularly attractive.
Especially meta-externalagent has been scraping very excessively.
The list comes from https://github.com/ai-robots-txt/ai.robots.txt,
let's see how often this needs updating.
Change-Id: I55ae7c42c6a3eeff6f0457411a8b05d55cb24f65
Reviewed-on: https://cl.snix.dev/c/snix/+/30370
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: edef <edef@edef.eu>
Without this, the website just shows a white page with a "This line is
from …" message. Downgrading hugo to 0.145.0 fixes it.
Change-Id: I5a4e2b5d00d3772580daf8d863375471979a5825
Reviewed-on: https://cl.snix.dev/c/snix/+/30368
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Bence Nemes <nemes.bence1@gmail.com>
Tested-by: besadii
This doesn't seem to do anything, and logs a warning on startup.
Change-Id: I4d883f2a95d5934bc3dc2998a497f3c2a8ff857d
Reviewed-on: https://cl.snix.dev/c/snix/+/30364
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Tested-by: besadii
It seems this now gets added automatically, and causes nginx to fail
with an emergency due to the directive being there two times.
Drop one of it, which gets nginx to boot up again.
Change-Id: I0df3c2f7c2cfbe23d717249570d5a4d1a7fe2f2b
Reviewed-on: https://cl.snix.dev/c/snix/+/30363
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
grafana-agent has been removed, but the failing eval was missed due
to #80.
Change-Id: I87cfc71c8c98e27e32f4e95e4d85901195cb5b75
Reviewed-on: https://cl.snix.dev/c/snix/+/30347
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Tested-by: besadii
This was missed, due to #80.
Change-Id: I3b10fa615c09fdd9887c63c847cfd70f5a80d277
Reviewed-on: https://cl.snix.dev/c/snix/+/30346
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
Autosubmit: Florian Klink <flokli@flokli.de>