The firmware is not needed, and with some bad luck one will hit a
firmware upgrade when a setup job runs `apk upgrade`, which can take a
substantial amount of time.
Fetching it outside of this function will cause it to attempt to fetch
the auth context when the middleware is stood up, which occurs
unconditionally on all requests -- including unauthenticated ones, such
as /query/metrics. Moving it into the function body causes it to only
occur once we actually attempt to fetch jobs.
This implements visibility for build jobs. The visibility can be set
when submitting a build, and can also be changed retroactively from a
new job settings page.
A panic here will take down the whole server: dataloaden spawns a
new goroutine and will not recover. (Regardless, an error can
happen here because of a runtime issue, so a panic is not a good
idea.)
See https://todo.sr.ht/~sircmpwn/sr.ht/325
While working on hut I found a problem with my last patch concerning the
pruned URL feature [1]. The current implementation only works if the
GraphQL query contains the "created" timestamp, otherwise the "url"
field will always be null. That is caused by the zero value for time
which is used when created is not populated by the database query.
[1]: https://lists.sr.ht/~sircmpwn/sr.ht-dev/patches/39275
Excluding util-linux and libutil-linux caused some breakage and is
poorly justified, as it serves only to reduce time spent rebuilding the
initrd during package installation.
this ensures that everything updates before installing any dependencies.
importantly, this sidesteps a potential apk bug
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10881
caused by differences between 'upgrading' and 'adding' based on
already-installed dependencies.
Currently builds which use secrets will fail [1] with:
Error: GetSecret: pq: invalid input syntax for type uuid: "None"
That is caused by the uuid_or_string function never returning anything,
so the secrets array will simply consist of "None".
[1]: https://builds.sr.ht/~sircmpwn/job/947773
Updates the Debian image to match modern conventions:
* Use a separate file in /etc/apt/sources.list.d per each repository
instead of adding everything to sources.list.
* Instead of using trusted.gpg.d, add each repository key to
/etc/apt/keyrings.d and set the signed-by option on the sources.list
entry.
* Drop use of apt-key in the installation.
These are based on this document: https://wiki.debian.org/DebianRepository/UseThirdParty
In the latest Debian unstable (bookworm), `/bin` and `/lib` are symlinks
to `/usr/bin` and `/usr/lib` respectively. Hence, even though we
configure with e.g. `bindir=/bin`, the files get installed to
`/usr/bin` (same for the libs).
Docker COPY however does not resolve symlinks, so the actual path has to
be used. To avoid confusion, the arguments to `configure` have also been
updated (essentially a no-op on that image).
A lot of queries are for jobs by their group ID. These queries are
starting to show up in the slow query log. Add an index on the group ID
to speed things up.
This allows it to make use of the index on `owner_id` in the `job`
table. Without this, the query it makes is prohibitively expensive. A
sample query analysis went from > 1800 ms without the index to < 1ms
when using the index.