Switch to local-path-provisioner.

docker/webhook_bridge/Dockerfile

@@ -1,36 +1,18 @@
-#
-# Builder
-#
+# syntax=docker/dockerfile:1
+ARG ALPINE_VERSION="3.20"
 
-FROM nixos/nix:latest AS builder
+FROM rustlang/rust:nightly-alpine$ALPINE_VERSION AS builder
 
-COPY . /tmp/build
-WORKDIR /tmp/build
+RUN apk add --no-cache musl-dev pkgconfig libressl-dev
 
-RUN nix \
-    --extra-experimental-features "nix-command flakes" \
-    --option filter-syscalls false \
-    build '.#docker_env'
+RUN mkdir /source
+WORKDIR /source
+COPY --link . .
+# TODO: Add static build, which currently errors due to proc_macro. RUSTFLAGS="-C target-feature=+crt-static"
+RUN --mount=type=tmpfs,target=/tmp --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked CARGO_TARGET_DIR=/target cargo build --profile release-lto --bin webhook_bridge
 
-# Export the built closure to a folder
-RUN mkdir /tmp/nix-store-closure
-RUN cp -R $(nix-store -qR result/) /tmp/nix-store-closure
-RUN ln -s $(readlink -f /tmp/build/result/bin/sh) /tmp/sh
+FROM alpine:$ALPINE_VERSION AS runner
 
+COPY --link --from=builder /target/release-lto/webhook_bridge /usr/bin/
 
-
-#
-# Runner
-#
-
-FROM scratch
-
-WORKDIR /app
-
-ENV PATH="$PATH:/app/bin"
-
-COPY --from=builder /tmp/nix-store-closure /nix/store
-COPY --from=builder /tmp/build/result /app
-COPY --from=builder /tmp/sh /bin/sh
-EXPOSE 9988
-CMD ["/app/bin/webhook_bridge"]
+ENTRYPOINT ["/usr/bin/webhook_bridge"]

flake.lock

@@ -1,48 +0,0 @@
-{
-  "nodes": {
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1777578337,
-        "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "15f4ee454b1dce334612fa6843b3e05cf546efab",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "nixpkgs": "nixpkgs",
-        "rust-overlay": "rust-overlay"
-      }
-    },
-    "rust-overlay": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1777691680,
-        "narHash": "sha256-sdCAzrPAaKu+yo7L2pWddy5PN6U9bO++WEWc1zcr7aQ=",
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "rev": "4757db4358c77c1cbe878fa5990e6ea88d82f6b5",
-        "type": "github"
-      },
-      "original": {
-        "owner": "oxalica",
-        "repo": "rust-overlay",
-        "type": "github"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}

flake.nix

@@ -1,92 +0,0 @@
-{
-  description = "webhook-bridge development environment";
-
-  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-    rust-overlay = {
-      url = "github:oxalica/rust-overlay";
-      inputs = {
-        nixpkgs.follows = "nixpkgs";
-      };
-    };
-  };
-
-  outputs =
-    {
-      self,
-      nixpkgs,
-      rust-overlay,
-    }:
-    let
-      forAllSystems =
-        func:
-        builtins.listToAttrs (
-          map (system: {
-            name = system;
-            value = func system;
-          }) nixpkgs.lib.systems.flakeExposed
-        );
-    in
-    {
-      devShells = forAllSystems (
-        system:
-        let
-          overlays = [ (import rust-overlay) ];
-          pkgs = import nixpkgs {
-            inherit system overlays;
-          };
-          rustToolchain = pkgs.pkgsBuildHost.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
-        in
-        {
-          default = pkgs.mkShell {
-            nativeBuildInputs = [
-              pkgs.pkg-config
-              rustToolchain
-              pkgs.openssl
-            ];
-            buildInputs = with pkgs; [
-              # sqlx-cli # For sqlx CLI to manage migrations
-              # sqlite # To access the database (sqlite is bundled into the together_alone binary but this is for manually accessing the db).
-            ];
-          };
-        }
-      );
-      packages = forAllSystems (
-        system:
-        let
-          overlays = [ (import rust-overlay) ];
-          pkgs = import nixpkgs {
-            inherit system overlays;
-          };
-          rustToolchain = pkgs.pkgsBuildHost.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
-        in
-        rec {
-          app = pkgs.rustPlatform.buildRustPackage {
-            pname = "webhook-bridge";
-            version = "0.0.0";
-            src = ./.;
-
-            # If you have a Cargo.lock file, use this:
-            cargoLock.lockFile = ./Cargo.lock;
-
-            nativeBuildInputs = [
-              pkgs.pkg-config
-            ];
-            buildInputs = [
-              pkgs.openssl
-            ];
-          };
-          docker_env = pkgs.buildEnv {
-            name = "webhook-bridge";
-            paths = with pkgs; [
-              app
-              bash
-              uutils-coreutils-noprefix
-              # toybox # Smaller than uutils-coreutils?
-            ];
-          };
-          default = app;
-        }
-      );
-    };
-}

local_payload.json

@@ -1,37 +1,14 @@
 {
-  "ref": "refs/heads/kubernetes",
-  "before": "e767de378a478fa41615cee71a9ba04830520d7d",
-  "after": "c83b8afd7910f25eb94d90325f3765b5d19900e4",
-  "compare_url": "https://code.fizz.buzz/talexander/machine_setup/compare/e767de378a478fa41615cee71a9ba04830520d7d...c83b8afd7910f25eb94d90325f3765b5d19900e4",
-  "commits": [
-    {
-      "id": "c83b8afd7910f25eb94d90325f3765b5d19900e4",
-      "message": "Delete images after 24 hours of being unused.\n",
-      "url": "https://code.fizz.buzz/talexander/machine_setup/commit/c83b8afd7910f25eb94d90325f3765b5d19900e4",
-      "author": {
-        "name": "Tom Alexander",
-        "email": "tom@fizz.buzz",
-        "username": ""
-      },
-      "committer": {
-        "name": "Tom Alexander",
-        "email": "tom@fizz.buzz",
-        "username": ""
-      },
-      "verification": null,
-      "timestamp": "2026-05-02T15:53:35-04:00",
-      "added": [],
-      "removed": [],
-      "modified": [
-        "nix/kubernetes/roles/kubelet/default.nix"
-      ]
-    }
-  ],
-  "total_commits": 1,
+  "ref": "refs/tags/v0.0.19",
+  "before": "0000000000000000000000000000000000000000",
+  "after": "3f2bdda8cb81fae6072c139f1f3f3123493a5b87",
+  "compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/0000000000000000000000000000000000000000...3f2bdda8cb81fae6072c139f1f3f3123493a5b87",
+  "commits": [],
+  "total_commits": 0,
   "head_commit": {
-    "id": "c83b8afd7910f25eb94d90325f3765b5d19900e4",
-    "message": "Delete images after 24 hours of being unused.\n",
-    "url": "https://code.fizz.buzz/talexander/machine_setup/commit/c83b8afd7910f25eb94d90325f3765b5d19900e4",
+    "id": "3f2bdda8cb81fae6072c139f1f3f3123493a5b87",
+    "message": "Add support for new fields in payload.\n",
+    "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/3f2bdda8cb81fae6072c139f1f3f3123493a5b87",
     "author": {
       "name": "Tom Alexander",
       "email": "tom@fizz.buzz",
@@ -43,15 +20,18 @@
       "username": ""
     },
     "verification": null,
-    "timestamp": "2026-05-02T15:53:35-04:00",
-    "added": [],
+    "timestamp": "2025-02-08T20:58:55-05:00",
+    "added": [
+      "rust-toolchain.toml"
+    ],
     "removed": [],
     "modified": [
-      "nix/kubernetes/roles/kubelet/default.nix"
+      "run.bash",
+      "src/hook_push.rs"
     ]
   },
   "repository": {
-    "id": 5,
+    "id": 21,
     "owner": {
       "id": 1,
       "login": "talexander",
@@ -77,22 +57,23 @@
       "starred_repos_count": 0,
       "username": "talexander"
     },
-    "name": "machine_setup",
-    "full_name": "talexander/machine_setup",
-    "description": "",
+    "name": "webhook_bridge",
+    "full_name": "talexander/webhook_bridge",
+    "description": "A server that receives webhooks from gitea and fires off Tekton jobs in response.",
     "empty": false,
     "private": false,
     "fork": false,
     "template": false,
+    "parent": null,
     "mirror": false,
-    "size": 9940,
+    "size": 168,
     "language": "",
-    "languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/machine_setup/languages",
-    "html_url": "https://code.fizz.buzz/talexander/machine_setup",
-    "url": "https://code.fizz.buzz/api/v1/repos/talexander/machine_setup",
+    "languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages",
+    "html_url": "https://code.fizz.buzz/talexander/webhook_bridge",
+    "url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge",
     "link": "",
-    "ssh_url": "git@git.example.com:talexander/machine_setup.git",
-    "clone_url": "https://code.fizz.buzz/talexander/machine_setup.git",
+    "ssh_url": "git@code.fizz.buzz:talexander/webhook_bridge.git",
+    "clone_url": "https://code.fizz.buzz/talexander/webhook_bridge.git",
     "original_url": "",
     "website": "",
     "stars_count": 0,
@@ -103,15 +84,14 @@
     "release_counter": 0,
     "default_branch": "main",
     "archived": false,
-    "created_at": "2023-07-05T22:53:26Z",
-    "updated_at": "2026-05-02T19:53:11Z",
+    "created_at": "2024-07-14T18:48:52Z",
+    "updated_at": "2025-02-09T02:12:22Z",
     "archived_at": "1970-01-01T00:00:00Z",
     "permissions": {
       "admin": true,
       "push": true,
       "pull": true
     },
-    "has_code": true,
     "has_issues": true,
     "internal_tracker": {
       "enable_time_tracker": true,
@@ -132,8 +112,6 @@
     "allow_squash_merge": true,
     "allow_fast_forward_only_merge": false,
     "allow_rebase_update": true,
-    "allow_manual_merge": false,
-    "autodetect_manual_merge": false,
     "default_delete_branch_after_merge": false,
     "default_merge_style": "merge",
     "default_allow_maintainer_edit": false,
@@ -142,57 +120,58 @@
     "mirror_interval": "",
     "object_format_name": "sha1",
     "mirror_updated": "0001-01-01T00:00:00Z",
-    "topics": [],
-    "licenses": []
+    "repo_transfer": null,
+    "topics": null,
+    "licenses": null
   },
   "pusher": {
-    "id": 1,
-    "login": "talexander",
+    "id": 2,
+    "login": "build-bot",
     "login_name": "",
     "source_id": 0,
     "full_name": "",
-    "email": "talexander@noreply.code.fizz.buzz",
-    "avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
-    "html_url": "https://code.fizz.buzz/talexander",
+    "email": "build-bot@noreply.code.fizz.buzz",
+    "avatar_url": "https://code.fizz.buzz/avatars/e39ef2faba8a3dfb3dcb4d8275a532d4",
+    "html_url": "https://code.fizz.buzz/build-bot",
     "language": "",
     "is_admin": false,
     "last_login": "0001-01-01T00:00:00Z",
-    "created": "2023-07-05T22:03:28Z",
+    "created": "2023-07-09T04:25:44Z",
     "restricted": false,
     "active": false,
     "prohibit_login": false,
     "location": "",
     "website": "",
     "description": "",
-    "visibility": "public",
+    "visibility": "private",
     "followers_count": 0,
     "following_count": 0,
     "starred_repos_count": 0,
-    "username": "talexander"
+    "username": "build-bot"
   },
   "sender": {
-    "id": 1,
-    "login": "talexander",
+    "id": 2,
+    "login": "build-bot",
     "login_name": "",
     "source_id": 0,
     "full_name": "",
-    "email": "talexander@noreply.code.fizz.buzz",
-    "avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
-    "html_url": "https://code.fizz.buzz/talexander",
+    "email": "build-bot@noreply.code.fizz.buzz",
+    "avatar_url": "https://code.fizz.buzz/avatars/e39ef2faba8a3dfb3dcb4d8275a532d4",
+    "html_url": "https://code.fizz.buzz/build-bot",
     "language": "",
     "is_admin": false,
     "last_login": "0001-01-01T00:00:00Z",
-    "created": "2023-07-05T22:03:28Z",
+    "created": "2023-07-09T04:25:44Z",
     "restricted": false,
     "active": false,
     "prohibit_login": false,
     "location": "",
     "website": "",
     "description": "",
-    "visibility": "public",
+    "visibility": "private",
     "followers_count": 0,
     "following_count": 0,
     "starred_repos_count": 0,
-    "username": "talexander"
+    "username": "build-bot"
   }
 }

run.bash

@@ -4,4 +4,4 @@ set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
-exec env RUST_LOG=webhook_bridge=DEBUG WEBHOOK_BRIDGE_API_ROOT="https://code.fizz.buzz/api" WEBHOOK_BRIDGE_HMAC_SECRET=$(cat /bridge/git/mrmanager/k8s/webhook_bridge/secrets/webhook-bridge/webhook-bridge/HMAC_TOKEN) WEBHOOK_BRIDGE_OAUTH_TOKEN=$(cat /bridge/git/mrmanager/k8s/webhook_bridge/secrets/webhook-bridge/webhook-bridge/OAUTH_TOKEN) WEBHOOK_BRIDGE_REPO_WHITELIST="talexander/webhook_bridge,talexander/homepage,talexander/natter,talexander/poudboot,talexander/ta_waybar_pipewire,talexander/organic" cargo run "${@}"
+RUST_LOG=webhook_bridge=DEBUG WEBHOOK_BRIDGE_API_ROOT="https://code.fizz.buzz/api" WEBHOOK_BRIDGE_HMAC_SECRET=$(cat /bridge/git/mrmanager/k8s/webhook_bridge/secrets/webhook-bridge/webhook-bridge/HMAC_TOKEN) WEBHOOK_BRIDGE_OAUTH_TOKEN=$(cat /bridge/git/mrmanager/k8s/webhook_bridge/secrets/webhook-bridge/webhook-bridge/OAUTH_TOKEN) WEBHOOK_BRIDGE_REPO_WHITELIST="talexander/webhook_bridge,talexander/homepage,talexander/natter,talexander/poudboot,talexander/ta_waybar_pipewire,talexander/organic" cargo run

src/hook_push.rs

@@ -6,6 +6,7 @@ use serde_json::Value;
 
 #[allow(dead_code)]
 #[derive(Debug, Deserialize)]
+#[serde(deny_unknown_fields)]
 pub(crate) struct HookPush {
     #[serde(rename = "ref")]
     pub(crate) ref_field: String,
@@ -22,6 +23,7 @@ pub(crate) struct HookPush {
 
 #[allow(dead_code)]
 #[derive(Debug, Deserialize)]
+#[serde(deny_unknown_fields)]
 pub(crate) struct HookUser {
     id: u64,
     login: String,
@@ -51,6 +53,7 @@ pub(crate) struct HookUser {
 
 #[allow(dead_code)]
 #[derive(Debug, Deserialize)]
+#[serde(deny_unknown_fields)]
 pub(crate) struct HookRepository {
     id: u64,
     owner: HookUser,
@@ -61,6 +64,7 @@ pub(crate) struct HookRepository {
     private: bool,
     fork: bool,
     template: bool,
+    parent: Value, // Was null in test hook
     mirror: bool,
     size: u64,
     language: String,
@@ -85,8 +89,7 @@ pub(crate) struct HookRepository {
     archived_at: String, // TODO: parse to datetime
     permissions: HookRepositoryPermissions,
     has_issues: bool,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    internal_tracker: Option<HookRepositoryInternalTracker>,
+    internal_tracker: HookRepositoryInternalTracker,
     has_wiki: bool,
     has_pull_requests: bool,
     has_projects: bool,
@@ -109,10 +112,14 @@ pub(crate) struct HookRepository {
     mirror_interval: String,
     object_format_name: String,
     mirror_updated: String, // TODO: parse to datetime
+    repo_transfer: Value,   // Was null in test hook
+    topics: Value,          // Was null in test hook
+    licenses: Value,        // Was null in test hook
 }
 
 #[allow(dead_code)]
 #[derive(Debug, Deserialize)]
+#[serde(deny_unknown_fields)]
 pub(crate) struct HookRepositoryPermissions {
     admin: bool,
     push: bool,
@@ -121,6 +128,7 @@ pub(crate) struct HookRepositoryPermissions {
 
 #[allow(dead_code)]
 #[derive(Debug, Deserialize)]
+#[serde(deny_unknown_fields)]
 pub(crate) struct HookRepositoryInternalTracker {
     enable_time_tracker: bool,
     allow_only_contributors_to_track_time: bool,
@@ -129,6 +137,7 @@ pub(crate) struct HookRepositoryInternalTracker {
 
 #[allow(dead_code)]
 #[derive(Debug, Deserialize)]
+#[serde(deny_unknown_fields)]
 pub(crate) struct HookCommit {
     id: String,
     message: String,
@@ -144,6 +153,7 @@ pub(crate) struct HookCommit {
 
 #[allow(dead_code)]
 #[derive(Debug, Deserialize)]
+#[serde(deny_unknown_fields)]
 pub(crate) struct HookGitUser {
     name: String,
     email: String,