Compare commits

..

1 commit

Author SHA1 Message Date
Antoine Martin c8ca07068c ci: setup cachix build 2021-04-08 04:13:58 +02:00
11 changed files with 694 additions and 852 deletions

View file

@ -1,18 +1,22 @@
name: "Cachix build" name: "Build everything and push to cachix"
on: on:
workflow_dispatch: workflow_dispatch:
schedule:
- cron: '0 */4 * * *'
push: push:
paths: branches:
- 'flake.nix'
- 'flake.lock'
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v2.3.4
- uses: cachix/install-nix-action@v24 - uses: cachix/install-nix-action@v13
- uses: cachix/cachix-action@v12 with:
install_url: https://nixos-nix-install-tests.cachix.org/serve/lb41az54kzk6j12p81br4bczary7m145/install
install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve'
extra_nix_config: |
experimental-features = nix-command flakes
- uses: cachix/cachix-action@v8
with: with:
name: alarsyo name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'

View file

@ -1,4 +1,4 @@
on: [push, pull_request, workflow_dispatch] on: [push, pull_request]
name: CI name: CI
@ -8,34 +8,62 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@v4 uses: actions/checkout@v2
- name: Install stable toolchain - name: Install stable toolchain
uses: dtolnay/rust-toolchain@stable uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- run: cargo check - name: Run cargo check
uses: actions-rs/cargo@v1
with:
command: check
test: test:
name: Test Suite name: Test Suite
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@v4 uses: actions/checkout@v2
- name: Install stable toolchain - name: Install stable toolchain
uses: dtolnay/rust-toolchain@stable uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- run: cargo test - name: Run cargo test
uses: actions-rs/cargo@v1
with:
command: test
lints: lints:
name: Lints name: Lints
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@v4 uses: actions/checkout@v2
- name: Install stable toolchain - name: Install stable toolchain
uses: dtolnay/rust-toolchain@stable uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
components: rustfmt, clippy
- run: cargo fmt --all -- --check - name: Run cargo fmt
- run: cargo clippy --all-features -- -D warnings uses: actions-rs/cargo@v1
with:
command: fmt
args: --all -- --check
- name: Run cargo clippy
uses: actions-rs/clippy-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
args: --all-features -- -D warnings

1391
Cargo.lock generated

File diff suppressed because it is too large Load diff

View file

@ -1,13 +1,12 @@
[package] [package]
name = "lohr" name = "lohr"
version = "0.4.5" version = "0.4.0"
authors = ["Antoine Martin <antoine@alarsyo.net>"] authors = ["Antoine Martin <antoine@alarsyo.net>"]
edition = "2018" edition = "2018"
license = "Apache-2.0 OR MIT" license = "Apache-2.0 OR MIT"
description = "A Git mirroring daemon" description = "A Git mirroring daemon"
homepage = "https://github.com/alarsyo/lohr" homepage = "https://github.com/alarsyo/lohr"
repository = "https://github.com/alarsyo/lohr" repository = "https://github.com/alarsyo/lohr"
resolver = "2"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
@ -24,7 +23,7 @@ serde_yaml = "0.8.17"
sha2 = "0.9.3" sha2 = "0.9.3"
[dependencies.rocket] [dependencies.rocket]
version = "0.5.0" version = "0.5.0-dev"
# don't need private-cookies # don't need private-cookies
default-features = false default-features = false
@ -32,3 +31,6 @@ default-features = false
version = "2.33.3" version = "2.33.3"
# no need for suggestions or color with only one argument # no need for suggestions or color with only one argument
default-features = false default-features = false
[patch.crates-io]
rocket = { git = "https://github.com/SergioBenitez/Rocket", rev = "8d4d01106e2e10b08100805d40bfa19a7357e900" }

View file

@ -3,11 +3,11 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1606424373,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-oq8d4//CJOrVj+EcOaSXvMebvuTkmBJuT5tzlfewUnQ=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "99f1c2157fba4bfe6211a321fd0ee43199025dbf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -17,15 +17,12 @@
} }
}, },
"flake-utils": { "flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": { "locked": {
"lastModified": 1701680307, "lastModified": 1614513358,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "rev": "5466c5bbece17adaab2d82fae80b46e807611bf3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -36,11 +33,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1702272962, "lastModified": 1616670887,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", "narHash": "sha256-wn+l9qJfR5sj5Gq4DheJHAcBDfOs9K2p9seW2f35xzs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", "rev": "c0e881852006b132236cbf0301bd1939bb50867e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -56,21 +53,6 @@
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

View file

@ -16,11 +16,11 @@
{ {
defaultPackage = pkgs.rustPlatform.buildRustPackage { defaultPackage = pkgs.rustPlatform.buildRustPackage {
pname = "lohr"; pname = "lohr";
version = "0.4.5"; version = "0.4.0";
src = ./.; src = ./.;
cargoHash = "sha256-hext0S0o9D9pN9epzXtD5dwAYMPCLpBBOBT4FX0mTMk="; cargoSha256 = "sha256-5a2mK+E6LlR5RHDAhHDvnfPNG+0JdvpnL4kuTiz7vVg=";
meta = with pkgs.lib; { meta = with pkgs.lib; {
description = "A Git mirroring tool"; description = "A Git mirroring tool";
@ -43,7 +43,6 @@
rustPackages.clippy rustPackages.clippy
rustc rustc
rustfmt rustfmt
rust-analyzer
]; ];
RUST_SRC_PATH = pkgs.rustPlatform.rustLibSrc; RUST_SRC_PATH = pkgs.rustPlatform.rustLibSrc;

1
rust-toolchain Normal file
View file

@ -0,0 +1 @@
stable

View file

@ -1,2 +0,0 @@
[toolchain]
channel = "stable"

View file

@ -2,6 +2,7 @@ use serde::Deserialize;
#[derive(Clone, Deserialize)] #[derive(Clone, Deserialize)]
pub(crate) struct Repository { pub(crate) struct Repository {
pub(crate) name: String,
pub(crate) full_name: String, pub(crate) full_name: String,
pub(crate) ssh_url: String, pub(crate) ssh_url: String,
} }

View file

@ -30,8 +30,8 @@ struct Secret(String);
#[post("/", data = "<payload>")] #[post("/", data = "<payload>")]
fn gitea_webhook( fn gitea_webhook(
payload: SignedJson<GiteaWebHook>, payload: SignedJson<GiteaWebHook>,
sender: &State<JobSender>, sender: State<JobSender>,
config: &State<GlobalSettings>, config: State<GlobalSettings>,
) -> Status { ) -> Status {
if config if config
.blacklist .blacklist
@ -121,7 +121,7 @@ async fn main() -> anyhow::Result<()> {
repo_updater(receiver, homedir, config); repo_updater(receiver, homedir, config);
}); });
rocket::build() rocket::ignite()
.mount("/", routes![gitea_webhook]) .mount("/", routes![gitea_webhook])
.manage(JobSender(Mutex::new(sender))) .manage(JobSender(Mutex::new(sender)))
.manage(Secret(secret)) .manage(Secret(secret))

View file

@ -8,7 +8,7 @@ use rocket::{
http::ContentType, http::ContentType,
State, State,
}; };
use rocket::{http::Status, request::local_cache}; use rocket::{http::Status, local_cache};
use rocket::{Data, Request}; use rocket::{Data, Request};
use anyhow::{anyhow, Context}; use anyhow::{anyhow, Context};
@ -72,15 +72,15 @@ where
{ {
type Error = anyhow::Error; type Error = anyhow::Error;
async fn from_data(request: &'r Request<'_>, data: Data<'r>) -> Outcome<'r, Self> { async fn from_data(request: &'r Request<'_>, data: Data) -> Outcome<Self, Self::Error> {
let json_ct = ContentType::new("application", "json"); let json_ct = ContentType::new("application", "json");
if request.content_type() != Some(&json_ct) { if request.content_type() != Some(&json_ct) {
return Outcome::Error((Status::BadRequest, anyhow!("wrong content type"))); return Outcome::Failure((Status::BadRequest, anyhow!("wrong content type")));
} }
let signatures = request.headers().get(X_GITEA_SIGNATURE).collect::<Vec<_>>(); let signatures = request.headers().get(X_GITEA_SIGNATURE).collect::<Vec<_>>();
if signatures.len() != 1 { if signatures.len() != 1 {
return Outcome::Error(( return Outcome::Failure((
Status::BadRequest, Status::BadRequest,
anyhow!("request header needs exactly one signature"), anyhow!("request header needs exactly one signature"),
)); ));
@ -91,24 +91,26 @@ where
Ok(s) if s.is_complete() => s.into_inner(), Ok(s) if s.is_complete() => s.into_inner(),
Ok(_) => { Ok(_) => {
let eof = io::ErrorKind::UnexpectedEof; let eof = io::ErrorKind::UnexpectedEof;
return Outcome::Error(( return Outcome::Failure((
Status::PayloadTooLarge, Status::PayloadTooLarge,
io::Error::new(eof, "data limit exceeded").into(), io::Error::new(eof, "data limit exceeded").into(),
)); ));
} }
Err(e) => return Outcome::Error((Status::BadRequest, e.into())), Err(e) => return Outcome::Failure((Status::BadRequest, e.into())),
}; };
let signature = signatures[0]; let signature = signatures[0];
let secret = request.guard::<&State<Secret>>().await.unwrap(); let secret = request.guard::<State<Secret>>().await.unwrap();
if !validate_signature(&secret.0, signature, &content) { if !validate_signature(&secret.0, &signature, &content) {
return Outcome::Error((Status::BadRequest, anyhow!("couldn't verify signature"))); return Outcome::Failure((Status::BadRequest, anyhow!("couldn't verify signature")));
} }
match Self::from_str(local_cache!(request, content)) { let content = match Self::from_str(local_cache!(request, content)) {
Ok(content) => Outcome::Success(content), Ok(content) => Outcome::Success(content),
Err(e) => Outcome::Error((Status::BadRequest, e)), Err(e) => Outcome::Failure((Status::BadRequest, e)),
} };
content
} }
} }