Default API key role was "admin", which was something that I forgot to fix during testing. We
change it to "read-only".
Additionally repository URLs now reject `file://` scheme (another testing artifact) localhost,
private IP ranges, and cloud metadata endpoints. Nix expressions reject path traversal (`..`)
and absolute paths. Validation is called at the evaluator endtrypoint before command construction.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I35729c6aa9ec4ff8d1ea19bd57ea93646a6a6964
Adds:
- `build_stats_timeseries()` for build counts over time
- `duration_percentiles_timeseries()` for P50/P95/P99
- `system_distribution()` for per-system counts
and of course, REST endpoints for `/api/v1/metrics/timeseries/*`. This
is a good start for data visualisation. My professors would be proud.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I3c0b9d14592945a661af77b7edf338a86a6a6964
I'm going to delete all migrations one of those days...
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I8e2e32118c2d85438a8b343614038eda6a6a6964
The migration adds PR support, models expose PR fields, webhooks handle
PR events, and tests validate it. To be honest the migrations are a bit
redundant at the moment, but I'd like to handle my old deployments so
it's nice(r) to have them. I *am* testing those on baremetal.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I02fb4540b62d3e8159ac18b9fa63be916a6a6964
Basically, implements a multi-entity search functionality with filters
for projects, jobsets, evaluations and builds. Also fixes COUNT query to
apply same filters as main query, and fixes an offset mismatch in
response. Some integration tests have also been added, but chances are
we'll want to write VM tests for this.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Icdda77966a7218f54fd34b78bdc9b55c6a6a6964
Adds a `DiskSpace` error variant and an `is_disk_full()` helper
alongside a `check_disk_space()` util that uses libc's `statsfs` on
unix. FC now detects disk space errors and logs recovery instructions
if applicable.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Ia6d2c472219dc9d6eed6901dc733d7bb6a6a6964
Can be configured from the config file, and also using environment
options.
```toml
[database]
url = "postgresql://fc_ci:password@localhost/fc_ci"
max_connections = 20
min_connections = 5
connect_timeout = 30
idle_timeout = 600
max_lifetime = 1800
```
We'll want to support SQlite in the future, and better secret handling
for database credentials. For now, this is workable.
---
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I36b4c1306511052a2748ca9d5d3429366a6a6964
