NotAShelf/circus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
93 commits 1 branch 0 tags 1.1 MiB
Commit graph

12 commits

Author SHA1 Message Date
NotAShelf
aa4ebf2f5b
 		various: harden input validation; add SSRF protection; fix default API key role 
Default API key role was "admin", which was something that I forgot to fix during testing. We
change it to "read-only". 

Additionally repository URLs now reject `file://` scheme (another testing artifact) localhost,
private IP ranges, and cloud metadata endpoints. Nix expressions reject path traversal (`..`)
and absolute paths. Validation is called at the evaluator endtrypoint before command construction.

Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I35729c6aa9ec4ff8d1ea19bd57ea93646a6a6964
 2026-02-15 23:37:49 +03:00
NotAShelf
75ff45fc91
 		various: initial support for S3 cache upload 
Not too stable yet, but might work.

Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: If134e7e45aa99ce8d18df7b78b1f881b6a6a6964
 2026-02-14 18:08:19 +03:00
NotAShelf
ec5fbb453d
 		fc-common: add AlertConfig and AlertManager for error tracking 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Iaf2f52f6e0cf33e3275528ac13cd92046a6a6964
 2026-02-14 18:08:17 +03:00
NotAShelf
0dc09dbd19
 		various: fix auto-fisable Clippy lints 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I79a708981b5aee43eadbd48d69fb78be6a6a6964
 2026-02-08 22:23:29 +03:00
NotAShelf
3a03cf7b3e
 		treewide: format with nightly rustfmt; auto-fix Clippy lints 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: If4fd0511087dbaa65afc56a34d7c2f166a6a6964
 2026-02-08 22:23:28 +03:00
NotAShelf
d4d9297d96
 		fc-common: add declarative sync for remote builders and channels 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I3dae89f04777f6d941824606aebe34446a6a6964
 2026-02-08 22:23:24 +03:00
NotAShelf
865b2f5f66
 		fc-common: better support declarative users with password file 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I1eac6decd68a4e59a52fecaecdd476b26a6a6964
 2026-02-08 22:23:17 +03:00
NotAShelf
b6012b932f
 		chore: update dependencies and configuration 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I5bab99cb7e7bb2125e7410b54911021a6a6a6964
 2026-02-07 22:09:24 +03:00
NotAShelf
c306383d27
 		chore: format with updated rustfmt and taplo rules 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Ie9ef5fc421fa20071946cf1073f7920c6a6a6964
 2026-02-05 22:45:06 +03:00
NotAShelf
4c5a99d554
 		crates/common: add branch and scheduling_shares to jobset models 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Ie19897f5ffdfb44654891511ce669d806a6a6964
 2026-02-02 01:49:27 +03:00
NotAShelf
1b12be3f8a
 		crates: production models and repo layer 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Iceb76724c09eaca7ca5d823010db76776a6a6964
 2026-02-02 01:15:05 +03:00
NotAShelf
0e6d249e0f
 		common: initial database handling 
Can be configured from the config file, and also using environment
options.

```toml
[database]
url = "postgresql://fc_ci:password@localhost/fc_ci"
max_connections = 20
min_connections = 5
connect_timeout = 30
idle_timeout = 600
max_lifetime = 1800
```

We'll want to support SQlite in the future, and better secret handling
for database credentials. For now, this is workable.

---

Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I36b4c1306511052a2748ca9d5d3429366a6a6964
 2026-02-02 01:15:01 +03:00