Default API key role was "admin", which was something that I forgot to fix during testing. We
change it to "read-only".
Additionally repository URLs now reject `file://` scheme (another testing artifact) localhost,
private IP ranges, and cloud metadata endpoints. Nix expressions reject path traversal (`..`)
and absolute paths. Validation is called at the evaluator endtrypoint before command construction.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I35729c6aa9ec4ff8d1ea19bd57ea93646a6a6964
Adds a /metrics page with Chart.js charts, which requires an annoying
CDN fetch but until I figure out a good method of fetching things during
build it's our best bet. I've pinned the thing so it's probably good.
The page displays build counts, duration percentiles and system
distribution. Time range and project filters are included, and the
metrics page is linked from navigation.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I99059594c29a9b35d2fd4d140628d6f46a6a6964
Adds:
- `build_stats_timeseries()` for build counts over time
- `duration_percentiles_timeseries()` for P50/P95/P99
- `system_distribution()` for per-system counts
and of course, REST endpoints for `/api/v1/metrics/timeseries/*`. This
is a good start for data visualisation. My professors would be proud.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I3c0b9d14592945a661af77b7edf338a86a6a6964
I'm going to delete all migrations one of those days...
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I8e2e32118c2d85438a8b343614038eda6a6a6964
The migration adds PR support, models expose PR fields, webhooks handle
PR events, and tests validate it. To be honest the migrations are a bit
redundant at the moment, but I'd like to handle my old deployments so
it's nice(r) to have them. I *am* testing those on baremetal.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I02fb4540b62d3e8159ac18b9fa63be916a6a6964
Basically, implements a multi-entity search functionality with filters
for projects, jobsets, evaluations and builds. Also fixes COUNT query to
apply same filters as main query, and fixes an offset mismatch in
response. Some integration tests have also been added, but chances are
we'll want to write VM tests for this.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Icdda77966a7218f54fd34b78bdc9b55c6a6a6964
Eugh. Need I explain this? We now return a HTTP 507 INSUFFICIENT_STORAGE
for disk space errors rather than letting it all go to shit. Some better
error handling for disk/IO errors. See previous commit also.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Ieb6d6415ff8a7209590217933c6992796a6a6964
Adds a `DiskSpace` error variant and an `is_disk_full()` helper
alongside a `check_disk_space()` util that uses libc's `statsfs` on
unix. FC now detects disk space errors and logs recovery instructions
if applicable.
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Ia6d2c472219dc9d6eed6901dc733d7bb6a6a6964
