ahtlon/hydra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,562 Commits 36 Branches 0 Tags
8bc95a96f787eb36f29ceec773f5bf48bd121097
Commit Graph

3158 Commits

Author SHA1 Message Date
Amaan Qureshi
82cd5e0e23 Fix build after Nix bump 2026-01-23 18:49:40 -05:00
John Ericson
b45f0d1fa7 Merge pull request #1556 from Mindavi/bugfix/perlcritic-fixes 
treewide: update split calls to make perlcritic happy
 2026-01-23 23:22:23 +00:00
Rick van Schijndel
e4fe9d43c1 treewide: update split calls to make perlcritic happy 
In nixpkgs this started to fail the hydra tests.
It's not completely clear why because it seems the perlcritic
rule has existed for quite some time.

Anyway, this should solve the issues.
 2026-01-17 15:55:29 +01:00
Jörg Thalheim
f089ff87f5 build: automatically include all sql files 
To prevent issues as in 43006db8 we can just install all sql files by
default
 2026-01-14 09:45:57 +01:00
Jörg Thalheim
43006db835 meson: add missing schema file 
This is missing from: https://github.com/NixOS/hydra/pull/1548
 2026-01-14 09:39:43 +01:00
Janne Heß
4ebfaba862 Merge pull request #1548 from NixOS/fix/hashlengths 
feat: Use short revision from git
 2026-01-13 14:34:55 +00:00
Janne Heß
6dde18cb5e Merge pull request #1551 from knedlsepp/fix-scmdiff 
Fix broken api/scmdiff endpoint
 2026-01-05 13:37:12 +00:00
Josef Kemetmüller
e0f65d4d3d Fix broken api/scmdiff endpoint 
Same fix as in #1215, which got accidentally removed in #1506.
 2026-01-05 14:16:47 +01:00
Janne Heß
5e2e9672cf Merge pull request #1549 from NixOS/feat/github-diffs 
feat: Offload git diffs to GitHub
 2026-01-05 13:10:00 +00:00
Janne Heß
44780c786e Merge branch 'master' into pathinput_freq 2026-01-04 19:05:05 +01:00
Janne Heß
2db62e86e7 feat: Store the short rev length 2026-01-04 19:01:49 +01:00
Janne Heß
d042e3c82c refactor: Revision for the frontend from one place 2026-01-04 18:23:44 +01:00
Janne Heß
a31f5d654c Merge pull request #1270 from b-bondurant/sysbuild-fix 
Use project name in sysbuild query
 2026-01-04 15:53:17 +00:00
Janne Heß
3b901f19a4 Merge branch 'master' into sysbuild-fix 2026-01-04 16:30:35 +01:00
Janne Heß
673e18415e Merge branch 'master' into master 2026-01-04 16:29:27 +01:00
Janne Heß
f1b26134d7 feat: Offload git diffs to GitHub 
If we are on GitHub, use their scm diff by default which is more
feature-rich and offloads the diff work to stronger infrastructure
 2026-01-04 15:49:25 +01:00
Janne Heß
425d78763d Merge pull request #1543 from diogotcorreia/fix-link-not-in-last-eval 
fix: broken anchor tag in job.tt
 2026-01-04 13:39:25 +00:00
Janne Heß
53d8e26b59 Merge pull request #1546 from jmbaur/jared/local-repro 
build: quote flake URI for local repro instructions
 2026-01-04 13:38:45 +00:00
Marian Hammer
7d12fa6a55 hydra/plugins/gitlabpulls: use utf-8 encoding for gitlab-pulls-sorted.json 
unbreaks umlaute
 2025-12-12 14:40:03 +01:00
Jared Baur
7a67ba925d build: quote flake URI for local repro instructions 
Often times flake URIs have ampersands in them, making them unsuitable
for pasting into shells directly.
 2025-12-10 14:17:45 -08:00
Diogo Correia
662d1198d4 fix: broken anchor tag in job.tt 2025-12-05 00:52:06 +01:00
Jörg Thalheim
241ab71800 Merge pull request #1536 from NixOS/fix-1535 
Revert "Deduplicate protocol code more with `ServeProto::BasicClientConnection`
 2025-11-06 19:23:48 +00:00
Jörg Thalheim
78ed8d7aa5 Merge pull request #1533 from hacker1024/patch-3 
GithubRefs: Allow arbitrary ref types
 2025-11-06 09:38:05 +00:00
John Ericson
4bd941daa8 Revert "Deduplicate protocol code more with ServeProto::BasicClientConnection" 
This reverts commit 58846b0a1c.
 2025-10-30 14:01:38 -04:00
John Ericson
449791b1c7 Upgrade Nix to 2.32 2025-10-16 01:58:08 -04:00
Joshua Leivenzon
d7b40c4233 GithubRefs: Allow arbitrary ref types 
GitHub's reference list API does not actually restrict the specified type, so don't artificially restrict it.

The API does not actually make a distinction between the "type" and "prefix" at all, but this is maintained for backwards compatibility. The two are simply concatenated.
 2025-10-16 16:35:31 +11:00
John Ericson
58846b0a1c Deduplicate protocol code more with ServeProto::BasicClientConnection 
I did this in Nix for this purpose, but didn't get around to actually
taking advantage of it here, until now.
 2025-10-15 18:00:20 -04:00
John Ericson
f1463d4bce Merge pull request #1522 from NixOS/no-jq 
hydra-plugins: replace jq with perl's own canonical json output
 2025-10-10 14:19:58 +00:00
Jörg Thalheim
a499063834 bump to nix/nix-eval-jobs 2.31 2025-10-08 16:47:31 -04:00
Jörg Thalheim
7fa3da755e hydra-plugins: replace jq with perl's own canonical json output 2025-09-13 09:18:05 +02:00
Jörg Thalheim
56f07573ea Avoid shadowing internal run function by renaming it to runCommand 
see https://github.com/NixOS/hydra/issues/1520
 2025-09-12 21:45:58 +02:00
Jörg Thalheim
b0c1f689c2 Merge pull request #1506 from NixOS/ipc 
Stop shelling out
 2025-08-29 09:15:49 +00:00
Jörg Thalheim
5cc6ae3ca3 replace all system() shell invocation with safer non-shell alternative 2025-08-28 13:08:59 +02:00
Jörg Thalheim
c6139736ed add perlcritic module to disallow system/exec 2025-08-28 13:08:59 +02:00
Jörg Thalheim
29734ae51f replace backtick operator with run3 2025-08-28 13:08:59 +02:00
Jörg Thalheim
137761f8cc hydra-eval-jobset: disable eval cache 2025-08-28 12:08:01 +02:00
Janne Heß
fd0b8ec8e0 Fix too much XSS protections 
- Fixes build graphs
- Fixes pagination
- Fixes pressure of new queue runner
 2025-08-14 12:25:17 +02:00
Jörg Thalheim
81fd47df42 Merge pull request #1504 from ulucs/patch-1 
Correctly apply the setting `allow_import_from_derivation = true`
 2025-08-13 06:48:18 +00:00
Martin Weinelt
e851d9f9f6 jobset-eval: reduce compare options to active jobsets 
The list of jobsets is very high on hydra.nixos.org and the compare to
dropdown listing goes over multiple full pages in the busy projects.

If we ignore jobsets that we disable this interface becomes more usable
again.
 2025-08-12 12:40:12 +02:00
Janne Heß
f7bda020c6 Merge commit from fork 
webhooks: implement authentication for GitHub and Gitea
 2025-08-12 12:10:29 +02:00
Janne Heß
dea1e168f5 Merge commit from fork 
Fix GHSA-7qwg-q53v-vh99
 2025-08-12 12:06:18 +02:00
Jörg Thalheim
b47b187553 webhooks: implement authentication for GitHub and Gitea 
- Add HMAC-SHA256 signature verification for webhooks
- Support multiple secrets for rotation
- Add security logging for authentication events
- Maintain backward compatibility (auth optional during migration)
- Add comprehensive test coverage

Without authentication, anyone could trigger job evaluations by sending
POST requests to webhook endpoints. This could lead to resource exhaustion
through repeated requests or manipulation of build scheduling. While not
a data breach risk, it allows unauthorized control over CI/CD operations.
 2025-08-10 12:41:47 +02:00
Janne Heß
c6424f37a6 templates: Hopefully escape all template inputs 2025-08-10 12:40:21 +02:00
Janne Heß
b94f47ed27 templates: Make whitespace in [% %] consistent 2025-08-10 12:40:21 +02:00
Janne Heß
615798a51e templates: Use HTML.attributes for all links 2025-08-10 12:40:21 +02:00
Janne Heß
99a6656b40 build: Properly escape all input values 2025-08-10 12:40:21 +02:00
Janne Heß
33b5c6fb41 product-list: Escape untrusted values 2025-08-10 12:40:21 +02:00
Janne Heß
5f226f3b6f hydra-queue-runner: Validate metric type 2025-08-10 12:40:21 +02:00
Janne Heß
7c4f0ab01a hydra-queue-runner: Validate hydra-metrics unit 2025-08-10 12:40:21 +02:00
Janne Heß
0d3842aa2f hydra-queue-runner: Validate metric name in hydra-metrics 2025-08-10 12:40:21 +02:00