This is an attempt to restore the old formatting, e.g. with failed
checks and a link to the URI.
At the same time, this attempts to fix the eager +1 Verified tag which
is sent when nix-eval is started (?) and not done or when the evaluation
is done instead of the whole nix-eval job seen as completed.
One of the root cause was the hell-ish expected builder name check…
This is also a big cleanup of all the typing issues we accumulated over
time.
Signed-off-by: Raito Bezarius <raito@lix.systems>
We can now implement a Nix library for Buildbot CI. :)
We dump it into a file, it's better to pass large stuff and easier to
escape things.
Signed-off-by: Raito Bezarius <raito@lix.systems>
Previously, we needed to hardcode the URL for private SSH keys,
this is cleaned up and we can iterate over each project for its
configuration.
Configuration is at deployment time.
Signed-off-by: Raito Bezarius <raito@lix.systems>
It was relying on GitHub stuff which we don't have and is not an option
we want to support.
If we wanted to do it, we would rather use S3 directly.
Signed-off-by: Raito Bezarius <raito@lix.systems>
This removes the need for a proxy and rely on the `groups` property of
the `userDetails` passed at the authentication layer.
To add a certain role, add the group `buildbot-$role` to that user via
Keycloak.
Signed-off-by: Raito Bezarius <raito@lix.systems>
using `--option` like this hid that the silent timeout was never
actually set, instead we set the unknown and thus ignored option
`--max-silent-time`. while we're at it we can also set a timeout
for the entire build, chosen as two hours because that should be
enough for all current jobs (and hopefully it'll stay that way).
it's off by default and thus not representative of user flake setup, we
don't use it anyway, and it's a security risk to boot. there is no good
reason to enable this in any setting that is not perfectly trusted, and
even there it is not such a great idea due to the impurity it requires.
This is a cursed option that is free root for anyone who puts hacks into
flake.nix. We don't actually use `nixConfig` in Lix, so we can just
delete this thing.
Fixes: #11
We package a quite old plugin for Buildbot: https://github.com/claws/buildbot-prometheus
Ideally, we should probably vendor it and maintain it ourselves.
There seems to be no protection against the metrics endpoint for
Buildbot, this is not a big deal given that the CI is public.
Signed-off-by: Raito Bezarius <raito@lix.systems>