the-distro/ofborg
2
0
Fork 1
Code Issues 1 Pull requests 1 Packages Projects Releases Wiki Activity

Compare commits

base: the-distro:1d74f577a10ca1adbc933bdfb966d380aa343eb1
Branches Tags
the-distro:main
the-distro:vcs-generalization
the-distro:systemd-creds
...
compare: the-distro:8cdae352b0b4fd148288e35c4348e6d236ea2271
Branches Tags
the-distro:vcs-generalization
the-distro:main
the-distro:systemd-creds

3 commits
1d74f577a1 ... 8cdae352b0

Author SHA1 Message Date
Pierre Bourdon 8cdae352b0
flake: update to a recent nixpkgs 2024-07-07 01:08:58 +02:00
Pierre Bourdon c8a94aaca7
flake: provide a default package now that PHP is gone 2024-07-07 01:04:31 +02:00
Pierre Bourdon be0a5f5627
treewide: remove PHP code 
The webhook receiver will be rewritten for Gerrit support anyway, so
we'll move it into the Rust part instead.
 2024-07-07 00:58:25 +02:00
11 changed files with 11 additions and 1050 deletions
Show stats Expand all files Collapse all files

2
.github/workflows/ci.yml vendored
View file

@ -30,4 +30,4 @@ jobs:
with: with:
nix_path: nixpkgs=channel:nixos-unstable nix_path: nixpkgs=channel:nixos-unstable
- name: nix-build - name: nix-build
run: nix-build -A ofborg.rs -A ofborg.php run: nix-build -A ofborg.rs

2
.gitignore vendored
View file

@ -1,7 +1,5 @@
config.php
vendor vendor
*.log *.log
test.php
config.json config.json
.bash_hist .bash_hist
config.private.json config.private.json

27
flake.lock
View file

@ -2,40 +2,23 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1670543317, "lastModified": 1720031269,
"narHash": "sha256-4mMR56rtxKr+Gwz399jFr4i76SQZxsLWxxyfQlPXRm0=", "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7a6a010c3a1d00f8470a5ca888f2f927f1860a19", "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-22.11", "ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-php": {
"locked": {
"lastModified": 1670538458,
"narHash": "sha256-mvKmBkdlhzsMBtnzYXjYn08EGw9rFBEE9hp4Uqgol1Q=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "99ec06122f481588abafd91f2710d80a5320efe6",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs"
"nixpkgs-for-php": "nixpkgs-for-php"
} }
} }
}, },

54
flake.nix
View file

@ -1,13 +1,11 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-for-php.url = "github:nixos/nixpkgs/nixos-22.05";
}; };
outputs = outputs =
{ self { self
, nixpkgs , nixpkgs
, nixpkgs-for-php
, ... , ...
}@inputs: }@inputs:
let let
@ -22,21 +20,6 @@
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;
}; };
phpPkgs = import nixpkgs-for-php {
inherit system;
};
phpEnv = pkgs.mkShell {
name = "gh-event-forwarder";
buildInputs = with pkgs; [
nix-prefetch-git
phpPkgs.php
phpPkgs.phpPackages.composer
git
curl
bash
];
};
in in
{ {
default = pkgs.mkShell { default = pkgs.mkShell {
@ -78,7 +61,6 @@
RUST_BACKTRACE = "1"; RUST_BACKTRACE = "1";
RUST_LOG = "ofborg=debug"; RUST_LOG = "ofborg=debug";
NIX_PATH = "nixpkgs=${pkgs.path}"; NIX_PATH = "nixpkgs=${pkgs.path}";
passthru.phpEnv = phpEnv;
}; };
}); });
@ -88,16 +70,12 @@
inherit system; inherit system;
}; };
phpPkgs = import nixpkgs-for-php {
inherit system;
};
pkg = pkgs.rustPlatform.buildRustPackage { pkg = pkgs.rustPlatform.buildRustPackage {
name = "ofborg"; name = "ofborg";
src = pkgs.nix-gitignore.gitignoreSource [ ] ./.; src = pkgs.nix-gitignore.gitignoreSource [ ] ./.;
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
pkgconfig pkg-config
pkgs.rustPackages.clippy pkgs.rustPackages.clippy
]; ];
@ -126,34 +104,12 @@
in in
{ {
inherit pkg; default = pkg;
ofborg = pkg;
ofborg.rs = pkgs.runCommand "ofborg-rs-symlink-compat" { src = pkg; } ''
mkdir -p $out/bin
for f in $(find $src -type f); do
bn=$(basename "$f")
ln -s "$f" "$out/bin/$bn"
# Rust 1.n? or Cargo starting outputting bins with dashes
# instead of underscores ... breaking all the callers.
if echo "$bn" | grep -q "-"; then
ln -s "$f" "$out/bin/$(echo "$bn" | tr '-' '_')"
fi
done
test -e $out/bin/builder
test -e $out/bin/github_comment_filter
test -e $out/bin/github_comment_poster
test -e $out/bin/log_message_collector
test -e $out/bin/evaluation_filter
'';
ofborg.php = import ./php { pkgs = phpPkgs; };
}); });
hydraJobs = { hydraJobs = {
buildRs = forAllSystems (system: self.packages.${system}.ofborg.rs); buildRs = forAllSystems (system: self.packages.${system}.ofborg);
buildPhp = self.packages.x86_64-linux.ofborg.php;
}; };
}; };
} }

38
php/README.md
View file

@ -1,38 +0,0 @@
# Webhook Receiver
This PHP code receives the GitHub webhook, checks them for integrity and publishes messages on rabbitmq.
## Configuration
The code expects a `config.php` in it's parent directory. An example configuration looks like this:
```php
<?php
require_once __DIR__ . '/vendor/autoload.php';
use PhpAmqpLib\Connection\AMQPSSLConnection;
use PhpAmqpLib\Message\AMQPMessage;
function rabbitmq_conn($timeout = 3) {
$host = 'events.nix.gsc.io';
$connection = new AMQPSSLConnection(
$host, 5671,
'eventsuser, eventspassword, '/',
array(
'verify_peer' => true,
'verify_peer_name' => true,
'peer_name' => $host,
'verify_depth' => 10,
'ca_file' => '/etc/ssl/certs/ca-certificates.crt',
), array(
'connection_timeout' => $timeout,
)
);
return $connection;
}
function gh_secret() {
return "github webhook secret";
}
```

244
php/composer-env.nix
View file

@ -1,244 +0,0 @@
# This file originates from composer2nix
{ stdenv, lib, writeTextFile, fetchurl, php, unzip, phpPackages }:
let
inherit (phpPackages) composer;
filterSrc = src:
builtins.filterSource (path: type: type != "directory" || (baseNameOf path != ".git" && baseNameOf path != ".git" && baseNameOf path != ".svn")) src;
buildZipPackage = { name, src }:
stdenv.mkDerivation {
inherit name src;
nativeBuildInputs = [ unzip ];
buildCommand = ''
shopt -s dotglob
unzip $src
baseDir=$(find . -type d -mindepth 1 -maxdepth 1)
cd $baseDir
mkdir -p $out
mv * $out
'';
};
buildPackage =
{ name
, src
, packages ? {}
, devPackages ? {}
, buildInputs ? []
, symlinkDependencies ? false
, executable ? false
, removeComposerArtifacts ? false
, postInstall ? ""
, noDev ? false
, composerExtraArgs ? ""
, unpackPhase ? "true"
, buildPhase ? "true"
, ...}@args:
let
reconstructInstalled = writeTextFile {
name = "reconstructinstalled.php";
executable = true;
text = ''
#! ${php}/bin/php
<?php
if(file_exists($argv[1]))
{
$composerLockStr = file_get_contents($argv[1]);
if($composerLockStr === false)
{
fwrite(STDERR, "Cannot open composer.lock contents\n");
exit(1);
}
else
{
$config = json_decode($composerLockStr, true);
if(array_key_exists("packages", $config))
$allPackages = $config["packages"];
else
$allPackages = array();
${lib.optionalString (!noDev) ''
if(array_key_exists("packages-dev", $config))
$allPackages = array_merge($allPackages, $config["packages-dev"]);
''}
$packagesStr = json_encode($allPackages, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
print($packagesStr);
}
}
else
print("[]");
?>
'';
};
constructBin = writeTextFile {
name = "constructbin.php";
executable = true;
text = ''
#! ${php}/bin/php
<?php
$composerJSONStr = file_get_contents($argv[1]);
if($composerJSONStr === false)
{
fwrite(STDERR, "Cannot open composer.json contents\n");
exit(1);
}
else
{
$config = json_decode($composerJSONStr, true);
if(array_key_exists("bin-dir", $config))
$binDir = $config["bin-dir"];
else
$binDir = "bin";
if(array_key_exists("bin", $config))
{
if(!file_exists("vendor/".$binDir))
mkdir("vendor/".$binDir);
foreach($config["bin"] as $bin)
symlink("../../".$bin, "vendor/".$binDir."/".basename($bin));
}
}
?>
'';
};
bundleDependencies = dependencies:
lib.concatMapStrings (dependencyName:
let
dependency = dependencies.${dependencyName};
in
''
${if dependency.targetDir == "" then ''
vendorDir="$(dirname ${dependencyName})"
mkdir -p "$vendorDir"
${if symlinkDependencies then
''ln -s "${dependency.src}" "$vendorDir/$(basename "${dependencyName}")"''
else
''cp -av "${dependency.src}" "$vendorDir/$(basename "${dependencyName}")"''
}
'' else ''
namespaceDir="${dependencyName}/$(dirname "${dependency.targetDir}")"
mkdir -p "$namespaceDir"
${if symlinkDependencies then
''ln -s "${dependency.src}" "$namespaceDir/$(basename "${dependency.targetDir}")"''
else
''cp -av "${dependency.src}" "$namespaceDir/$(basename "${dependency.targetDir}")"''
}
''}
'') (builtins.attrNames dependencies);
extraArgs = removeAttrs args [ "packages" "devPackages" "buildInputs" ];
in
stdenv.mkDerivation ({
buildInputs = [ php composer ] ++ buildInputs;
inherit unpackPhase buildPhase;
installPhase = ''
${if executable then ''
mkdir -p $out/share/php
cp -av $src $out/share/php/$name
chmod -R u+w $out/share/php/$name
cd $out/share/php/$name
'' else ''
cp -av $src $out
chmod -R u+w $out
cd $out
''}
# Remove unwanted files
rm -f *.nix
export HOME=$TMPDIR
# Remove the provided vendor folder if it exists
rm -Rf vendor
# If there is no composer.lock file, compose a dummy file.
# Otherwise, composer attempts to download the package.json file from
# the registry which we do not want.
if [ ! -f composer.lock ]
then
cat > composer.lock <<EOF
{
"packages": []
}
EOF
fi
# Reconstruct the installed.json file from the lock file
mkdir -p vendor/composer
${php}/bin/php ${reconstructInstalled} composer.lock > vendor/composer/installed.json
# Copy or symlink the provided dependencies
cd vendor
${bundleDependencies packages}
${lib.optionalString (!noDev) (bundleDependencies devPackages)}
cd ..
# Reconstruct autoload scripts
# We use the optimize feature because Nix packages cannot change after they have been built
# Using the dynamic loader for a Nix package is useless since there is nothing to dynamically reload.
composer dump-autoload --optimize ${lib.optionalString noDev "--no-dev"} ${composerExtraArgs}
# Run the install step as a validation to confirm that everything works out as expected
composer install --optimize-autoloader ${lib.optionalString noDev "--no-dev"} ${composerExtraArgs}
${lib.optionalString executable ''
# Reconstruct the bin/ folder if we deploy an executable project
${php}/bin/php ${constructBin} composer.json
ln -s $(pwd)/vendor/bin $out/bin
''}
${lib.optionalString (!symlinkDependencies) ''
# Patch the shebangs if possible
if [ -d $(pwd)/vendor/bin ]
then
# Look for all executables in bin/
for i in $(pwd)/vendor/bin/*
do
# Look for their location
realFile=$(readlink -f "$i")
# Restore write permissions
chmod u+wx "$(dirname "$realFile")"
chmod u+w "$realFile"
# Patch shebang
sed -e "s|#!/usr/bin/php|#!${php}/bin/php|" \
-e "s|#!/usr/bin/env php|#!${php}/bin/php|" \
"$realFile" > tmp
mv tmp "$realFile"
chmod u+x "$realFile"
done
fi
''}
if [ "$removeComposerArtifacts" = "1" ]
then
# Remove composer stuff
rm -f composer.json composer.lock
fi
# Execute post install hook
runHook postInstall
'';
} // extraArgs);
in
{
inherit filterSrc;
composer = lib.makeOverridable composer;
buildZipPackage = lib.makeOverridable buildZipPackage;
buildPackage = lib.makeOverridable buildPackage;
}

7
php/composer.json
View file

@ -1,7 +0,0 @@
{
"name": "nixos/ofborg-webhook",
"require": {
"php-amqplib/php-amqplib": ">=3.6.2",
"svanderburg/composer2nix": ">=0.0.6"
}
}

412
php/composer.lock generated
View file

@ -1,412 +0,0 @@
{
"_readme": [
"This file locks the dependencies of your project to a known state",
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "cddc3bf153efe4b7d2314531fd7850a3",
"packages": [
{
"name": "paragonie/constant_time_encoding",
"version": "v2.7.0",
"source": {
"type": "git",
"url": "https://github.com/paragonie/constant_time_encoding.git",
"reference": "52a0d99e69f56b9ec27ace92ba56897fe6993105"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/52a0d99e69f56b9ec27ace92ba56897fe6993105",
"reference": "52a0d99e69f56b9ec27ace92ba56897fe6993105",
"shasum": ""
},
"require": {
"php": "^7|^8"
},
"require-dev": {
"phpunit/phpunit": "^6|^7|^8|^9",
"vimeo/psalm": "^1|^2|^3|^4"
},
"type": "library",
"autoload": {
"psr-4": {
"ParagonIE\\ConstantTime\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com",
"role": "Maintainer"
},
{
"name": "Steve 'Sc00bz' Thomas",
"email": "steve@tobtu.com",
"homepage": "https://www.tobtu.com",
"role": "Original Developer"
}
],
"description": "Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)",
"keywords": [
"base16",
"base32",
"base32_decode",
"base32_encode",
"base64",
"base64_decode",
"base64_encode",
"bin2hex",
"encoding",
"hex",
"hex2bin",
"rfc4648"
],
"support": {
"email": "info@paragonie.com",
"issues": "https://github.com/paragonie/constant_time_encoding/issues",
"source": "https://github.com/paragonie/constant_time_encoding"
},
"time": "2024-05-08T12:18:48+00:00"
},
{
"name": "paragonie/random_compat",
"version": "v9.99.100",
"source": {
"type": "git",
"url": "https://github.com/paragonie/random_compat.git",
"reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a",
"reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a",
"shasum": ""
},
"require": {
"php": ">= 7"
},
"require-dev": {
"phpunit/phpunit": "4.*|5.*",
"vimeo/psalm": "^1"
},
"suggest": {
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
},
"type": "library",
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
"keywords": [
"csprng",
"polyfill",
"pseudorandom",
"random"
],
"support": {
"email": "info@paragonie.com",
"issues": "https://github.com/paragonie/random_compat/issues",
"source": "https://github.com/paragonie/random_compat"
},
"time": "2020-10-15T08:29:30+00:00"
},
{
"name": "php-amqplib/php-amqplib",
"version": "v3.6.2",
"source": {
"type": "git",
"url": "https://github.com/php-amqplib/php-amqplib.git",
"reference": "cb514530ce45a6d2f636be5196010c47c3bcf6e0"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/php-amqplib/php-amqplib/zipball/cb514530ce45a6d2f636be5196010c47c3bcf6e0",
"reference": "cb514530ce45a6d2f636be5196010c47c3bcf6e0",
"shasum": ""
},
"require": {
"ext-mbstring": "*",
"ext-sockets": "*",
"php": "^7.2||^8.0",
"phpseclib/phpseclib": "^2.0|^3.0"
},
"conflict": {
"php": "7.4.0 - 7.4.1"
},
"replace": {
"videlalvaro/php-amqplib": "self.version"
},
"require-dev": {
"ext-curl": "*",
"nategood/httpful": "^0.2.20",
"phpunit/phpunit": "^7.5|^9.5",
"squizlabs/php_codesniffer": "^3.6"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.0-dev"
}
},
"autoload": {
"psr-4": {
"PhpAmqpLib\\": "PhpAmqpLib/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"LGPL-2.1-or-later"
],
"authors": [
{
"name": "Alvaro Videla",
"role": "Original Maintainer"
},
{
"name": "Raúl Araya",
"email": "nubeiro@gmail.com",
"role": "Maintainer"
},
{
"name": "Luke Bakken",
"email": "luke@bakken.io",
"role": "Maintainer"
},
{
"name": "Ramūnas Dronga",
"email": "github@ramuno.lt",
"role": "Maintainer"
}
],
"description": "Formerly videlalvaro/php-amqplib. This library is a pure PHP implementation of the AMQP protocol. It's been tested against RabbitMQ.",
"homepage": "https://github.com/php-amqplib/php-amqplib/",
"keywords": [
"message",
"queue",
"rabbitmq"
],
"support": {
"issues": "https://github.com/php-amqplib/php-amqplib/issues",
"source": "https://github.com/php-amqplib/php-amqplib/tree/v3.6.2"
},
"time": "2024-04-15T18:31:22+00:00"
},
{
"name": "phpseclib/phpseclib",
"version": "3.0.37",
"source": {
"type": "git",
"url": "https://github.com/phpseclib/phpseclib.git",
"reference": "cfa2013d0f68c062055180dd4328cc8b9d1f30b8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/cfa2013d0f68c062055180dd4328cc8b9d1f30b8",
"reference": "cfa2013d0f68c062055180dd4328cc8b9d1f30b8",
"shasum": ""
},
"require": {
"paragonie/constant_time_encoding": "^1|^2",
"paragonie/random_compat": "^1.4|^2.0|^9.99.99",
"php": ">=5.6.1"
},
"require-dev": {
"phpunit/phpunit": "*"
},
"suggest": {
"ext-dom": "Install the DOM extension to load XML formatted public keys.",
"ext-gmp": "Install the GMP (GNU Multiple Precision) extension in order to speed up arbitrary precision integer arithmetic operations.",
"ext-libsodium": "SSH2/SFTP can make use of some algorithms provided by the libsodium-php extension.",
"ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.",
"ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations."
},
"type": "library",
"autoload": {
"files": [
"phpseclib/bootstrap.php"
],
"psr-4": {
"phpseclib3\\": "phpseclib/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Jim Wigginton",
"email": "terrafrost@php.net",
"role": "Lead Developer"
},
{
"name": "Patrick Monnerat",
"email": "pm@datasphere.ch",
"role": "Developer"
},
{
"name": "Andreas Fischer",
"email": "bantu@phpbb.com",
"role": "Developer"
},
{
"name": "Hans-Jürgen Petrich",
"email": "petrich@tronic-media.com",
"role": "Developer"
},
{
"name": "Graham Campbell",
"email": "graham@alt-three.com",
"role": "Developer"
}
],
"description": "PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.",
"homepage": "http://phpseclib.sourceforge.net",
"keywords": [
"BigInteger",
"aes",
"asn.1",
"asn1",
"blowfish",
"crypto",
"cryptography",
"encryption",
"rsa",
"security",
"sftp",
"signature",
"signing",
"ssh",
"twofish",
"x.509",
"x509"
],
"support": {
"issues": "https://github.com/phpseclib/phpseclib/issues",
"source": "https://github.com/phpseclib/phpseclib/tree/3.0.37"
},
"funding": [
{
"url": "https://github.com/terrafrost",
"type": "github"
},
{
"url": "https://www.patreon.com/phpseclib",
"type": "patreon"
},
{
"url": "https://tidelift.com/funding/github/packagist/phpseclib/phpseclib",
"type": "tidelift"
}
],
"time": "2024-03-03T02:14:58+00:00"
},
{
"name": "svanderburg/composer2nix",
"version": "v0.0.6",
"source": {
"type": "git",
"url": "https://github.com/svanderburg/composer2nix.git",
"reference": "299caca4aac42d7639a42eb4dde951c010f6e91c"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/svanderburg/composer2nix/zipball/299caca4aac42d7639a42eb4dde951c010f6e91c",
"reference": "299caca4aac42d7639a42eb4dde951c010f6e91c",
"shasum": ""
},
"require": {
"svanderburg/pndp": "0.0.4"
},
"bin": [
"bin/composer2nix"
],
"type": "library",
"autoload": {
"psr-4": {
"Composer2Nix\\": "src/Composer2Nix"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Sander van der Burg",
"email": "svanderburg@gmail.com",
"homepage": "http://sandervanderburg.nl"
}
],
"description": "Generate Nix expressions to build PHP composer packages",
"support": {
"issues": "https://github.com/svanderburg/composer2nix/issues",
"source": "https://github.com/svanderburg/composer2nix/tree/v0.0.6"
},
"time": "2022-03-01T23:41:50+00:00"
},
{
"name": "svanderburg/pndp",
"version": "v0.0.4",
"source": {
"type": "git",
"url": "https://github.com/svanderburg/pndp.git",
"reference": "bc795b341d95c24bb577e0d7a4a37fde98b1cce8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/svanderburg/pndp/zipball/bc795b341d95c24bb577e0d7a4a37fde98b1cce8",
"reference": "bc795b341d95c24bb577e0d7a4a37fde98b1cce8",
"shasum": ""
},
"bin": [
"bin/pndp-build"
],
"type": "library",
"autoload": {
"psr-4": {
"PNDP\\": "src/PNDP"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Sander van der Burg",
"email": "svanderburg@gmail.com",
"homepage": "http://sandervanderburg.nl"
}
],
"description": "PNDP: An internal DSL for Nix in PHP",
"support": {
"issues": "https://github.com/svanderburg/pndp/issues",
"source": "https://github.com/svanderburg/pndp/tree/v0.0.4"
},
"time": "2022-02-26T22:15:06+00:00"
}
],
"packages-dev": [],
"aliases": [],
"minimum-stability": "stable",
"stability-flags": [],
"prefer-stable": false,
"prefer-lowest": false,
"platform": [],
"platform-dev": [],
"plugin-api-version": "2.6.0"
}

14
php/default.nix
View file

@ -1,14 +0,0 @@
{pkgs ? import <nixpkgs> {
inherit system;
}, system ? builtins.currentSystem, noDev ? false, php ? pkgs.php, phpPackages ? pkgs.phpPackages}:
let
composerEnv = import ./composer-env.nix {
inherit (pkgs) stdenv lib writeTextFile fetchurl unzip;
inherit php phpPackages;
};
in
import ./php-packages.nix {
inherit composerEnv noDev;
inherit (pkgs) fetchurl fetchgit fetchhg fetchsvn;
}

75
php/php-packages.nix
View file

@ -1,75 +0,0 @@
{composerEnv, fetchurl, fetchgit ? null, fetchhg ? null, fetchsvn ? null, noDev ? false}:
let
packages = {
"paragonie/constant_time_encoding" = {
targetDir = "";
src = composerEnv.buildZipPackage {
name = "paragonie-constant_time_encoding-52a0d99e69f56b9ec27ace92ba56897fe6993105";
src = fetchurl {
url = "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/52a0d99e69f56b9ec27ace92ba56897fe6993105";
sha256 = "1ja5b3fm5v665igrd37vs28zdipbh1xgh57lil2iaggvh1b8kh4x";
};
};
};
"paragonie/random_compat" = {
targetDir = "";
src = composerEnv.buildZipPackage {
name = "paragonie-random_compat-996434e5492cb4c3edcb9168db6fbb1359ef965a";
src = fetchurl {
url = "https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a";
sha256 = "0ky7lal59dihf969r1k3pb96ql8zzdc5062jdbg69j6rj0scgkyx";
};
};
};
"php-amqplib/php-amqplib" = {
targetDir = "";
src = composerEnv.buildZipPackage {
name = "php-amqplib-php-amqplib-cb514530ce45a6d2f636be5196010c47c3bcf6e0";
src = fetchurl {
url = "https://api.github.com/repos/php-amqplib/php-amqplib/zipball/cb514530ce45a6d2f636be5196010c47c3bcf6e0";
sha256 = "0mjca0m9960m8xgi22azwk8v1lgg8yznxscw10sqfzgp4wj4sfv0";
};
};
};
"phpseclib/phpseclib" = {
targetDir = "";
src = composerEnv.buildZipPackage {
name = "phpseclib-phpseclib-cfa2013d0f68c062055180dd4328cc8b9d1f30b8";
src = fetchurl {
url = "https://api.github.com/repos/phpseclib/phpseclib/zipball/cfa2013d0f68c062055180dd4328cc8b9d1f30b8";
sha256 = "1wgzy4fbj565czpn9xasr8lnd9ilh1x3bsalrpx5bskvqr4zspgj";
};
};
};
"svanderburg/composer2nix" = {
targetDir = "";
src = composerEnv.buildZipPackage {
name = "svanderburg-composer2nix-299caca4aac42d7639a42eb4dde951c010f6e91c";
src = fetchurl {
url = "https://api.github.com/repos/svanderburg/composer2nix/zipball/299caca4aac42d7639a42eb4dde951c010f6e91c";
sha256 = "0vb7q4za6z89azz4c5v7hgcv9gblcpk7hffl6va7q5f27fyyhwy0";
};
};
};
"svanderburg/pndp" = {
targetDir = "";
src = composerEnv.buildZipPackage {
name = "svanderburg-pndp-bc795b341d95c24bb577e0d7a4a37fde98b1cce8";
src = fetchurl {
url = "https://api.github.com/repos/svanderburg/pndp/zipball/bc795b341d95c24bb577e0d7a4a37fde98b1cce8";
sha256 = "1y46wsccjwdkvs1c1bklwbp7crsg0axyr7ncdibbny1sr54xb24i";
};
};
};
};
devPackages = {};
in
composerEnv.buildPackage {
inherit packages devPackages noDev;
name = "nixos-ofborg-webhook";
src = composerEnv.filterSrc ./.;
executable = false;
symlinkDependencies = false;
meta = {};
}

186
php/web/index.php
View file

@ -1,186 +0,0 @@
<?php
ini_set("display_errors", 0);
error_reporting(-1);
ob_start();
require_once __DIR__ . '/../config.php';
use PhpAmqpLib\Message\AMQPMessage;
class DumpableException extends \Exception{}
class InvalidPayloadException extends DumpableException {}
class InvalidSignatureException extends DumpableException {}
class InvalidEventTypeException extends DumpableException {}
class ValidationFailureException extends DumpableException {}
class ExecutionFailureException extends DumpableException {}
function retry_rabbitmq_conn() {
$maximum_time = 25;
$delay = 1;
$timeout = 0.5;
for ($i = 0.0; $i < $maximum_time; $i += ($timeout + $delay)) {
try {
return rabbitmq_conn($timeout);
} catch (ErrorException $e) {
trigger_error(print_r($e, true), E_USER_WARNING);
}
sleep($delay);
}
trigger_error("Failed to connect to RabbitMQ", E_USER_WARNING);
echo "rabbit failure";
exit(1);
}
function payload() {
if (!isset($_SERVER)) {
throw new InvalidPayloadException('_SERVER undefined');
}
if (!isset($_SERVER['CONTENT_TYPE'])) {
throw new InvalidPayloadException('CONTENT_TYPE not set in _SERVER');
}
switch ($_SERVER['CONTENT_TYPE']) {
case 'application/json':
$input = file_get_contents('php://input');
if ($input === false) {
throw new InvalidPayloadException('Failed to read php://input for application/json');
} else {
return $input;
}
default:
throw new InvalidPayloadException('Unsupported content type: ' . $_SERVER['CONTENT_TYPE']);
}
}
function signature() {
if (!isset($_SERVER)) {
throw new InvalidSignatureException('_SERVER undefined');
}
if (!isset($_SERVER['HTTP_X_HUB_SIGNATURE'])) {
throw new InvalidSignatureException('HTTP_X_HUB_SIGNATURE absent from _SERVER');
}
return $_SERVER['HTTP_X_HUB_SIGNATURE'];
}
function event_type() {
if (!isset($_SERVER)) {
throw new InvalidEventTypeException('_SERVER undefined');
}
if (!isset($_SERVER['HTTP_X_GITHUB_EVENT'])) {
throw new InvalidEventTypeException('HTTP_X_GITHUB_EVENT absent from _SERVER');
}
$type = trim($_SERVER['HTTP_X_GITHUB_EVENT']);
if (strlen($type) === 0) {
throw new InvalidEventTypeException('After trimming, event type is zero-length');
}
return $type;
}
function validate_payload_signature($secret, $payload, $signature) {
if (!extension_loaded('hash')) {
throw new ValidationFailureException('Missing hash extension');
}
$components = explode('=', $signature, 2);
if (count($components) != 2) {
throw new ValidationFailureException('Provided signature seems invalid after splitting on =');
}
$algo = $components[0];
$provided_hash = $components[1];
if (!in_array($algo, hash_algos(), true)) {
throw new ValidationFailureException("Hash algorithm '$algo' is not supported by the extension.");
}
$ok_algos = [
'sha1',
'sha256',
'sha512',
];
if (!in_array($algo, $ok_algos, true)) {
throw new ValidationFailureException("Hash algorithm '$algo' is not considered okay");
}
$calculated_hash = hash_hmac($algo, $payload, $secret);
return hash_equals($provided_hash, $calculated_hash);
}
try {
$raw = payload();
if (!validate_payload_signature(gh_secret(), $raw, signature())) {
throw new ExecutionFailureException('Failed to validate signature');
}
$input = json_decode($raw);
if ($input === null) {
throw new ExecutionFailureException('Failed to decode the JSON');
}
if (!isset($input->repository)) {
throw new ExecutionFailureException('Dataset does not have a repository');
}
if (!isset($input->repository->full_name)) {
throw new ExecutionFailureException('Dataset repository does not have a name');
}
$name = strtolower($input->repository->full_name);
$eventtype = event_type();
$connection = retry_rabbitmq_conn();
$channel = $connection->channel();
$dec = $channel->exchange_declare(
'github-events',
'topic',
false, // passive
true, // durable
false // auto_delete
);
$channel->queue_declare(
'github-events-unknown',
false, // passive
true, // durable
false, // exclusive
false // auto-delete
);
$channel->queue_bind(
'github-events-unknown',
'github-events',
'unknown.*'
);
$message = new AMQPMessage(json_encode($input),
array(
'content_type' => 'application/json',
'delivery_mode' => AMQPMessage::DELIVERY_MODE_PERSISTENT,
));
$routing_key = "$eventtype.$name";
$rec = $channel->basic_publish($message, 'github-events', $routing_key);
echo "ok";
} catch (DumpableException $e) {
trigger_error(print_r($e, true), E_USER_WARNING);
header("HTTP/1.1 400 Eh", true, 400);
var_dump($e);
echo ob_get_clean();
} catch (\Exception $e) {
trigger_error(print_r($e, true), E_USER_WARNING);
header("HTTP/1.1 400 Meh", true, 400);
var_dump(get_class($e));
echo ob_get_clean();
}