Commit Graph

979 Commits

Author SHA1 Message Date
Drew DeVault 1dd572a814 Upgrade to Alpine 3.19 2024-03-20 13:35:34 +01:00
Naglis Jonaitis b3c993e21b Do not use bare `except:`
According to PEP8[1]:

> A bare `except:` clause will catch SystemExit and KeyboardInterrupt
> exceptions, making it harder to interrupt a program with Control-C,
> and can disguise other problems.

Use more specific exceptions or `contextlib.suppress()` in case of
`try: ... except: pass`.

[1]: https://peps.python.org/pep-0008/#programming-recommendations
2024-02-21 09:25:03 +01:00
Simon Ser 45812720f3 gitsrht-update-hook: always enable secrets when submitting builds
Ensure secrets are enabled for all builds. This disables the
auto-detection done by default by builds.sr.ht when the secrets arg
is left unspecified.

While at it, remove the unbound $execute variable.
2024-02-15 13:36:31 +01:00
Drew DeVault 2f8bcb8df7 .builds: drop arch, debian 2024-02-09 10:18:17 +01:00
Naglis Jonaitis e3198ebd3b Use f-strings in `linecounter`
This is a bit simpler and has a marginal performance gain.
2024-02-06 11:09:22 +01:00
Naglis Jonaitis 2a40a3f233 Fix undefined `ResponseError`
`ResponseError` is currently undefined. It manifests when an exception
is raised in the `try` block.

`ResponseError` was renamed[1] to `S3Error` in minio 7.0.0.

[1]: b81883a98e
2024-02-06 11:07:57 +01:00
Simon Ser d3ff388b65 api/graph: use core-go's s3.Enabled 2024-02-02 12:09:50 +01:00
Simon Ser 31a3186618 makefile: add loaders to gqlgen deps
Without the loaders, gqlgen fails with:

    validation failed: packages.Load: /home/simon/src/todo.sr.ht/api/loaders/middleware.go:34:26: undefined: EntitiesByParticipantIDLoader
2024-01-31 12:01:39 +01:00
Simon Ser 18d92014bf makefile: use grouped target for loaders
That way make will only run it once for the whole group.
2024-01-31 11:53:43 +01:00
Simon Ser a785075776 makefile: don't re-generate if unchanged
Use make targets to skip "go generate" invocations when unnecessary.
2024-01-31 11:36:17 +01:00
Naglis Jonaitis 237aa3712e Replace inline CSS with Bootstrap classes
This replaces occurrences of inline CSS that can be replaced directly
(equivalent style) with Bootstrap classes.

Inline styles are generally longer, are not cached, make implementing
CSP policies harder, etc.
2024-01-31 10:21:08 +01:00
Simon Ser 1d342a2a35 Assert error is not nil before using it
Same as d70bfd1812b8 in page.sr.ht.
2024-01-24 15:45:23 +01:00
Simon Ser 2da016a3d3 Add support for [objects]s3-insecure 2024-01-24 12:51:32 +01:00
Simon Ser 3f02d409c2 Upgrade core-go 2024-01-24 12:06:52 +01:00
KAAtheWise adc6fbc160 Fix repo visibility change API not working
During the upgrade to `gqlgen` version 1.17.42 a breaking change was
introduced, as `map[string]interface{}` values were changed to be type
checked in 1.17.40 (commit 74e918f9, PR
https://github.com/99designs/gqlgen/pull/2830).  As Emersion noted,
changing `OptionalString` to `Optional` fixes this.

Additionally, I replaced the "placeholder" error message with something
a bit more descriptive as a stopgap measure.
2024-01-20 15:17:44 +01:00
Simon Ser d1957c458d Fix defer cleanups 2024-01-17 19:33:34 +01:00
Simon Ser 1e779fe7aa Remove unnecessary recover calls 2024-01-17 19:24:38 +01:00
Simon Ser 408f23a5b2 Drop gqlparser v1 dependency 2024-01-17 13:47:52 +01:00
Drew DeVault f39c67ced8 gitsrht-shell: close database before exec 2024-01-17 10:47:07 +01:00
Drew DeVault 26809b6b5b Add more missing database close calls 2024-01-17 10:42:14 +01:00
Drew DeVault 34fa7d7556 gitsrht-shell: add missing db.Close 2024-01-17 10:37:50 +01:00
Simon Ser dfbd1bd359 Upgrade dependencies 2024-01-09 11:56:38 +01:00
Simon Ser b2d793f4ba Upgrade core-go 2024-01-09 11:53:42 +01:00
Simon Ser 0291c7c6b7 gitsrht-shell: fix formatting directive 2024-01-09 10:33:04 +01:00
Simon Ser 81e2e8471b Drop go.mod files in subdirectories
Only use a single top-level go.mod.
2023-12-04 12:13:23 +01:00
Simon Ser 5610eb6e5c gitsrht-update-hook: drop trivial getters
Individual fields can be accessed directly.
2023-12-04 12:13:22 +01:00
Ersei Saggi 4278f329f8 Improve performance on rendering files by ~30% 2023-12-04 11:06:12 +01:00
Thorben Günther fb1f3a947c gitsrht-update-hook: Remove doubled context import 2023-12-04 11:06:12 +01:00
Thorben Günther 86dbd617ee gitsrht-update-hook: Remove unused function 2023-12-04 11:06:12 +01:00
Conrad Hoffmann 9cd8be0740 Remove unused PoC using sr.ht as pygit2 backend
Not sure if it ever worked, but it depends on the legacy API.
2023-12-04 11:06:12 +01:00
Gabriel Augendre 32c466e8a7 show ref in title
Signed-off-by: Gabriel Augendre <gabriel@augendre.info>
2023-12-04 11:06:12 +01:00
Gregory Anders 8249531f38 Use next commit in log continuation
Fix a bug where the first commit in the log after clicking "Next" is the
same as the last commit on the previous page.
2023-12-04 11:06:12 +01:00
Conrad Hoffmann 4f0a8ec086 Update core-go and associated dependencies
Kudos to minio for breaking changes in a patch release...
2023-11-23 11:20:38 +01:00
Thorben Günther 7325a149a0 gitsrht-update-hook: Don't exit on build submission failure
Right now the postUpdate function exits early when it fails to submit
the build manifests. This prevents the function from other tasks like
delivering webhooks.
2023-11-17 14:38:57 +01:00
наб 7922c6d097 Consistently accept both spellings of LICENCES in presence detexion and tree traversal 2023-10-24 13:27:36 +02:00
наб 631e5dbc17 Match LICENSES entries by full name before dot-stripping
This meant that for a repository with
  LICENSES/
    0BSD
    GPL-2.0
only 0BSD was detected.

So keep allowing LICENSES/0BSD.jpeg,
but also don't break LICENSES/GPL-2.0.
2023-10-24 13:27:31 +02:00
наб e7fb739535 Consistently render and link to discovered-signed format of archive
We linked to and served .tar.asc but the archive link both said
.tar.gz and /linked/ to .tar.gz. We never linked to .tar, or even
exposed the possibility.
2023-10-24 13:27:24 +02:00
Simon Ser 4de526de53 api/graph: fix invalid @access directive in WebhookEvent enum
Fixes the following schema error:

    Directive access is not applicable on ENUM_VALUE.
2023-10-24 13:27:01 +02:00
Thorben Günther 59efc97987 gitsrht-update-hook: Submit builds under the pusher's account
If you give a user read/write access to a repository, in theory he would
be able to leak the repo owner's secrets by adding them to the build
manifest. Instead submit the build under the account of the one who
initiated the push.
2023-10-24 13:26:21 +02:00
Simon Ser a99fda3715 gitsrht-update-hook: drop BuildSubmitter interface
This is unused.
2023-08-16 11:50:26 +02:00
Conrad Hoffmann ee7701a9eb api: fix timezone issue in repo pagination
As lists of repositories are sorted and paginated by their "updated"
timestamp, a cursor carries such a timestamp, so that the next query can
pick up where the last one left off. However, the passing of this
timestamp is broken on systems that do not run on UTC.

Go translates time values to the system's timezone, but this timezone
information gets lost when handing the value to postgres, presumably
because the column type is "timestamp without time zone".

Avoid the issue by converting the parsed timestamp back to UTC right
away.
2023-08-16 11:19:11 +02:00
Conrad Hoffmann a063090a89 api: micro-second resolution for repo pagination
Lists of repositories are sorted and paginated based on their "updated"
timestamp. However, fractional seconds are discarded. This can cause
issues with repositories that have been updated in the same second (e.g.
by running a script).

This commit leverages the micro-second resolution of the timestamp in
postgres to make this case not impossible, yet highly unlikely.
2023-08-16 11:19:10 +02:00
Conrad Hoffmann 490163fcd1 api: fix join for repositories resolver
The left join used for listing repositories has a curious issue: if you
grant access to a private repo to x people, where x > 1, this repo will
show up x times if you list your own repos via GraphQL.

To fix, add an additional join restriction: we are only interested in
ACLs for the calling user. This makes sure that at most one ACL will be
returned, hence avoiding duplicate repositories.
2023-08-16 11:18:43 +02:00
Simon Ser da71f500a9 gitsrht-update-hook: set GIT_REF environment variable
This is useful to terminate the build early unless it was started
from a specific branch.
2023-08-16 11:18:29 +02:00
Adnan Maolood e520aa8a73 gitsrht/templates: Drop /item/ from forge meta tags
Links with /item/ result in 404s for the root directory. Remove /item/
so that links to the root directory work properly.

For example, this link on godocs.io is broken:
https://godocs.io/git.sr.ht/~sircmpwn/getopt#pkg-files
2023-08-16 11:18:24 +02:00
Conrad Hoffmann 5e5b7b77f0 gitsrht-dispatch: fix config item in error message
Signed-off-by: Conrad Hoffmann <ch@bitfehler.net>
2023-08-16 11:18:21 +02:00
Thorben Günther e1244429d4 api/acls: Error out early
This simplifies the database query and is more consistent with how
tracker and list acl queries behave.
2023-07-07 10:10:38 +02:00
Thorben Günther 31832f94c4 blueprints/manage.py: Fix description in repository creation
Right now the description gets set to an empty string if no input is
specified instead of "null". In comparison updating a repository handles
it correctly [1].

[1]: f3df3ac3f1/item/gitsrht/blueprints/manage.py (L120)
2023-06-22 10:41:02 +02:00
Jonne Ransijn f3df3ac3f1 prevent XSS attacks from raw blobs 2023-06-01 12:42:40 +02:00
Jonne Ransijn b52b348696 Allow rendering of images from blob
Adds a `Content-Type` header to image files.
This allows images to be rendered by the browser.
In particular, it allows SVGs to be used in READMEs.

I have restricted this feature to only work on image files for now,
but it might make sense to send this header for other file types as
well if we can reasonably assume that the browser is able to render
it, such as PDFs and XML documents.
2023-06-01 12:42:37 +02:00