Age | Commit message (Collapse) | Author | Files | Lines |
|
* Treewide: re-run depotfmt
* //third_party/nixpkgs:html5validator: build with Python 3.11,
dependency openstackdocstheme doesn't support 3.12
* //users/sterni/machines/ingeborg: adapt to poorly handled fcgiwrap
module API change: https://github.com/NixOS/nixpkgs/pull/318599
* //tvix/*-go: regenerate protobuf files
* //third_party/nixpkgs:treefmt: Remove patch for merged pull request
* //users/flokli/ipu6-softisp: rebase, drop upstreamed kernel patches
Change-Id: Ie4e0df007c287e8cd6207683a9a25838aa5bd39a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11971
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
|
|
This breaks it with "ssh_dispatch_run_fatal: Connection to
2a01:4f8:242:5b21:0:feed:edef:beef port 29418: incorrect signature"
Change-Id: I9bafc5fb6d4743ce4f097158ec14fecc791366ca
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11965
Tested-by: BuildkiteCI
Autosubmit: lukegb <lukegb@tvl.fyi>
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
This bumps Gerrit to 3.10.0, and also introduces a new mechanism for
building it that should hopefully have some more stable hashes than the
previous bodgery.
In this world, we only cache what we explicitly want to. There are some
hooks implemented for `rules_java` and `rules_nodejs` (before version
6) that force use of local binaries; this means we can drop the use of
the FHSUserEnv and use the java and nodejs binaries provided by nixpkgs
instead.
detzip is deleted; it hasn't been used in yonks.
We also add https://gerrit-review.googlesource.com/c/gerrit/+/431977,
which bumps the SSHd version so that we can have U2F-based SSH keys.
Change-Id: Ie12a9a33bbb1e4bd96aa252580aca3b8bc4a1205
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11963
Reviewed-by: lukegb <lukegb@tvl.fyi>
Autosubmit: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
|
|
Change-Id: I8fa10b52c44bd3d5efb0fff740ad6d5da6e96831
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10802
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Bump gerrit plugins dep hashes, and for code-owners rebase it against
master.
Change-Id: If7da0ca391b4a5c0102560ca8d52b6f5a2dfd223
Reviewed-on: https://cl.tvl.fyi/c/depot/+/9734
Autosubmit: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
* //3p/sources: Note that emacs-overlay is not updated for now, as
changes in emacs HEAD break //users/sterni/emacs.
* //3p/gerrit_plugins/code-owners: deps hash changed once again
or was no longer in the Nix store.
Unfortunately, building the deps derivations from scratch for gerrit
and the gerrit plugins no longer works due to a nixpkgs regression:
Due to a (operator precedence) mistake in the way the deps
derivation's installPhase is computed, it would append extra code to
the installPhase provided by us, causing a bash syntax error.
I have proposed a fix for this
upstream (<https://github.com/NixOS/nixpkgs/pull/228305>). Adding a
workaround in the repo would be possible, but a bit annoying. Since
the derivations are fixed output anyways, I've opted to build the
missing deps derivation (for code-owners) locally using the fixed
nixpkgs, updated the sha256 and copied the result into whitby's Nix
store. Hopefully by the next time we'll be rebuilding the deps
derivations again the fix will have propagated into the NixOS unstable
channel.
* //users/grfn/system/system:roswellSystem: Use mysql80 from stable.
See also https://github.com/NixOS/nixpkgs/issues/226673.
Change-Id: I9b9d57f589be4cdc3fd4f39729c170a25a655b74
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8483
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
|
|
* //3p/gerrit{,_plugins}: adjust for API change to buildBazelPackage
https://github.com/NixOS/nixpkgs/commit/440b4de588d950e7fcf7add3b049fb209f097367
* //3p/gerrit_plugins: update hash of deps jar
Change-Id: I131d5846acbce718126fb47671893a568d1020dd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8445
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
Change-Id: Ib6f4fd5817fb5415cff5ea1d8c75c8c9a08d56b4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7185
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
We need a user in the context when we ask the groups backend to look up
groups by name, so for now if we don't have a _real_ user in the context
(such as during change indexing), then populate the context with the
anonymous user just for the duration of the groups backend calls.
Change-Id: If961d84fe57443cb95deb59628802658585ed1cb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7172
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
This is the New Thing that is intended to replace the find-owners
and owners plugins.
In particular:
* It inserts a submit requirement rather than providing a Prolog
predicate.
* The default OWNERS file formats are suspiciously Googley.
* It provides a neat UI for finding OWNERS and tracking approval
state on a per-file basis.
When we fully migrate to using the code-owners plugin, a few
things will need to land, which I will likely do "offline"
directly to the Gerrit backing Git repos:
* Add the corresponding Gerrit config
* Replace OWNERS files depot-wide
* Add OWNERS files to the refs/meta/config branch
* Introduce the Owners-Override label, settable by depot-interventions
The enclosed patch adds two extra pieces of functionality that
we need in tvldepot but aren't upstream:
1. The ability to just specify usernames rather than email addresses
2. The ability to specify `group:GROUPNAME`, _as long as_ that group is
visible to everyone. This is a restriction intended to avoid having
the plugin just leak group membership.
Change-Id: I27d92b6cb7449af83030b9015f09a1571aa8452f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/6664
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
This change cannot be deployed OOTB: you must upgrade
by 3.5.2+ first, and run copy-approvals.
Change-Id: Ia2e49da4d801a21a3db59e2d5b054eeb46d7dc79
Reviewed-on: https://cl.tvl.fyi/c/depot/+/6505
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
* //3p/gerrit_plugins:owners: update output sha256
Change-Id: I1dded4b0abbf1bfab546040f9e84295663a0b2cc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5400
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
|
|
This CL can be used to compare the style of nixpkgs-fmt against other
formatters (nixpkgs, alejandra).
Change-Id: I87c6abff6bcb546b02ead15ad0405f81e01b6d9e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4397
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: wpcarro <wpcarro@gmail.com>
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: cynthia <cynthia@tvl.fyi>
Reviewed-by: edef <edef@edef.eu>
Reviewed-by: eta <tvl@eta.st>
Reviewed-by: grfn <grfn@gws.fyi>
|
|
* Switch from (unused) NixOS 21.05 to newly released NixOS 21.11
channel.
* grfn/machines/yeren: Linux 5.14.x -> 5.15.x
* 3p/gerrit, 3p/gerrit_plugin/oauth: update dependency bundle output
hashes to what whitby comes up with now.
Change-Id: Id3bfe3d07b9223f77ec628954783a6b0a48f4086
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4310
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
|
|
This function is also generally useful for readTree consumers that
have the concept of subtargets.
Change-Id: Ic7fc03380dec6953fb288763a28e50ab3624d233
|
|
Brings us back to a stable version of Gerrit instead of a random
commit. Note that Gerrit 3.4.1 is out, but due to a bug it can not be
built publicly because it accidentally points at a private
submodule (this is being fixed upstream).
Change-Id: I0376c63a649498cef999dfa99bfccba511f2c8da
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3444
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
* users/grfn/system/home/yeren: remove obsolete awscli2 overrides
* ops: make new isSystemUser || isNormalUser assertion happy
* users/grfn/system/system/mugwump: make buildkite agents system users
* users/tazjin/nixos/camden: set isSystemUser = true for git
* users/tazjin/emacs: Remove missing & broken packages
* third_party/openldap: remove, as the argon2 module is now enabled upstream
* third_party/gerrit_plugins: Pinned new unstable hashes
* third_party/nix, third_party/grpc: Disabled CI as these are broken
* third_party/overlays/emacs: Bumped version to stay in sync with channel
* third_party/buzz: Update LIBCLANG_PATH to reference libclang.lib,
since libclang's default output no longer contains libclang.so
* users/grfn/system/home: Install julia-stable instead of julia (which
aliases to julia-lts), as the latter depends on an insecure version of
libgit
Change-Id: Iff33b0ecb0ef07a82d1de35e23c40d2f4bf0f8ed
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3001
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
|
|
CAS nested attributes produce a key called "attributes", which is
disliked by Grafana, because it expects any key called attributes to be
a map<string, list<string>>, whereas CAS just produces a map<string,
string>.
As part of setting up Grafana SSO we need therefore to fix Gerrit so it
can adapt to the new syntax that we're adopting.
Change-Id: Ia79dae78c0eae6e21135a06cd5850606f82bcdb8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2981
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
|
|
This reverts commit 9551b628d02323b01ecb80220342eea488f7200e (i.e. this is a rollfoward for https://cl.tvl.fyi/c/depot/+/2817)
Change-Id: Iaffcf1cdbe119d26ecb09cc88f9a56436b374c08
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2870
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
|
|
This reverts commit f59c6214c4b1812120bd500a23d1cb6e160d6665.
Reason for revert: new gerrit's JS appears to not have compiled correctly; rolling back until I can figure out why
Change-Id: If16fe341aad25bef30ed7be8c6ac49cadf2a732c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2821
Reviewed-by: lukegb <lukegb@tvl.fyi>
Tested-by: BuildkiteCI
|
|
Yeet.
Change-Id: I4de6453419f520a44af19d561a36d242195a64e9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2817
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Add the OAuth gerrit plugin to our mini collection of Gerrit plugins.
This includes a patch to make the plugin work correctly with CAS 6.x,
which has changed the attributes into a JSON object with the attributes
nested inside, instead of a JSON list.
Change-Id: I4741f137cca9c8eb45b9ea660fb4cbf6962be9a4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2782
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
I'm dropping the leaveDotGit and deepClone bits; they were set like that
purely to try to make the build stamping work. In practice, not only
does the build stamping not work, but it also means we hit some
inconveniently-different hashes from time to time when gitiles does...
something??? on its backend.
I'm also putting some gcroots for these on whitby, which should also
help a bit, although it's a bit of a hack.
Change-Id: Ie6082248393e62795c18b1971fc2d16f4e8cc81d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2781
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I76aeaa879e43b1fd08440f60a4f320bb7b48c6ab
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2630
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
|
|
Change-Id: I1807ac1771d23b00e3a78cc36fb2f82a12900993
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2629
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Once again the sha256 of the fetchgit fixed output derivation for check
changed which was brought to light by the recent GC on whitby.
Change-Id: Ib3c3b5b489717ac6d73631282f27e4363d4ac5c1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2481
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Changes:
* ops/nixos/tvl-slapd: The NixOS module for OpenLDAP has removed the
ability to configure OpenLDAP directly and now forces users to use
some kind of weird Nix->OLC mapping that is mostly undocumented.
This moves the config we need to the new format in a way that may or
may not work and does the other arbitrary dance steps that someone
decided to impose on us. Note that this now throws lots of warnings,
but I can't be bothered to fix them.
* 3p: Random package removals accomodated
* users/glittershark: Pin grfn's kernel to 5.9, because the CK patch
is not yet updated for 5.10
* users/glittershark: Update vendor hash for pg-dump-upsert, I suspect
this changed because of something in the Go build machinery in
nixpkgs. The deleteVendor flag also has no effect anymore and has been
removed.
* users/glittershark: agda build is broken, commenting out development
home-manager environment until it can be fixed
* third_party/haskell_overlay: updating random needs upper boundarles
of a few dependencies relaxed (curse them)
* third_party/gerrit_plugins: for some cursed reason the fixed-output
hash of the gerrit owners plugin fetchgit changed, updated.
Same for the checks plugin.
Change-Id: Ica37995fe8039d3ba80eab643867f98795c56734
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2295
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I0aee39b21346f378964bab69bd903e8f43b7e7e8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2265
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: Ia7b17ca83ace164881a4dd8b0288741489bc467c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2164
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
|
|
Change-Id: I650777bbbd24a1922f26967fbbd7da06d14b6786
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1516
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
The Gerrit Checks plugin adds a new tab to the Gerrit UI, which is
intended for display of status of automated checks which are being run.
We can use this for e.g. reporting the run status of our CI builds/other
stuff.
Change-Id: Ib0d9a8ae68061a76191a56d467d915100b766e1b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1462
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
This looks particularly obnoxious for the owners plugin, because it's
actually two plugins with a common library in the same repo. Other
plugins are much cleaner to deal with (hence the default for
overlayPluginCmd).
Change-Id: Ibb9588c8a29b63e8509436fcbb70054e89349712
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1461
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
|
|
This plugin just blindly assigns everyone and, as q3k has already
pointed out, just isn't particularly useful.
We might want to roll our own, for example:
19: 40:41 <+Remosi> I want the virtual owner thing, we could call it
Gerrit Workgroup Synthesizer Queuing, or gwsq for short.
Change-Id: Ib12a921ae4047ac6a734035dd0900c8964fb12d8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/350
Reviewed-by: riking <rikingcoding@gmail.com>
|
|
Change-Id: I0b1a2871768a8369dac7a3e2b06a38c07741e945
Reviewed-on: https://cl.tvl.fyi/c/depot/+/281
Reviewed-by: lukegb <lukegb@tvl.fyi>
|
|
Change-Id: I319f812746aea6069c45727f5afae8b9b79effdd
Reviewed-on: https://cl.tvl.fyi/c/depot/+/221
Reviewed-by: q3k <q3k@q3k.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
|