Update the build pipelines.

Add better logging.
Update to the latest catalog.
2026-05-02 23:04:49 -04:00 · 2026-05-02 21:54:24 -04:00 · 2026-05-02 21:14:51 -04:00 · 2026-05-02 21:14:51 -04:00 · 2026-05-02 16:35:31 -04:00 · 2025-09-23 21:09:24 -04:00
18 changed files with 307 additions and 178 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -2,3 +2,4 @@
 target/
 docker/
 .dockerignore
+*.bash
--- a/.webhook_bridge/pipeline-build-semver.yaml
+++ b/.webhook_bridge/pipeline-build-semver.yaml
@@ -63,7 +63,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -88,7 +88,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/git-clone/0.9/git-clone.yaml
        workspaces:
@@ -133,7 +133,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git
            - name: revision
-              value: 7ee31a185243ee6da13dcd26a592c585b64c80e5
+              value: af22c87d0db59dece97d03e6b6a796d84010158f
            - name: pathInRepo
              value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
        params:
@@ -146,6 +146,8 @@ spec:
            value: $(params.path-to-dockerfile)
          - name: EXTRA_ARGS
            value:
+              - "--opt"
+              - "target=$(params.target-name)"
              - --import-cache
              - "type=registry,ref=$(params.image-name):buildcache"
              - --export-cache
@@ -179,7 +181,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -208,7 +210,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -233,7 +235,7 @@ spec:
    - name: git-source
      volumeClaimTemplate:
        spec:
-          storageClassName: "nfs-client"
+          storageClassName: "local-path"
          accessModes:
            - ReadWriteOnce
          resources:
--- a/.webhook_bridge/pipeline-format.yaml
+++ b/.webhook_bridge/pipeline-format.yaml
@@ -31,7 +31,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -56,7 +56,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/git-clone/0.9/git-clone.yaml
        workspaces:
@@ -101,7 +101,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git
            - name: revision
-              value: 7ee31a185243ee6da13dcd26a592c585b64c80e5
+              value: af22c87d0db59dece97d03e6b6a796d84010158f
            - name: pathInRepo
              value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
        params:
@@ -114,6 +114,8 @@ spec:
            value: $(params.path-to-dockerfile)
          - name: EXTRA_ARGS
            value:
+              - "--opt"
+              - "target=$(params.target-name)"
              - --import-cache
              - "type=registry,ref=$(params.image-name):buildcache"
              - --export-cache
@@ -182,7 +184,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/git-cli/0.4/git-cli.yaml
        params:
@@ -218,7 +220,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -247,7 +249,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -308,7 +310,7 @@ spec:
    - name: git-source
      volumeClaimTemplate:
        spec:
-          storageClassName: "nfs-client"
+          storageClassName: "local-path"
          accessModes:
            - ReadWriteOnce
          resources:
--- a/.webhook_bridge/pipeline-rust-clippy.yaml
+++ b/.webhook_bridge/pipeline-rust-clippy.yaml
@@ -31,7 +31,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -56,7 +56,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/git-clone/0.9/git-clone.yaml
        workspaces:
@@ -101,7 +101,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git
            - name: revision
-              value: 7ee31a185243ee6da13dcd26a592c585b64c80e5
+              value: af22c87d0db59dece97d03e6b6a796d84010158f
            - name: pathInRepo
              value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
        params:
@@ -114,6 +114,8 @@ spec:
            value: $(params.path-to-dockerfile)
          - name: EXTRA_ARGS
            value:
+              - "--opt"
+              - "target=$(params.target-name)"
              - --import-cache
              - "type=registry,ref=$(params.image-name):buildcache"
              - --export-cache
@@ -197,7 +199,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -226,7 +228,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -287,7 +289,7 @@ spec:
    - name: git-source
      volumeClaimTemplate:
        spec:
-          storageClassName: "nfs-client"
+          storageClassName: "local-path"
          accessModes:
            - ReadWriteOnce
          resources:
--- a/.webhook_bridge/pipeline-rust-test.yaml
+++ b/.webhook_bridge/pipeline-rust-test.yaml
@@ -31,7 +31,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -56,7 +56,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/git-clone/0.9/git-clone.yaml
        workspaces:
@@ -101,7 +101,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git
            - name: revision
-              value: 7ee31a185243ee6da13dcd26a592c585b64c80e5
+              value: af22c87d0db59dece97d03e6b6a796d84010158f
            - name: pathInRepo
              value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
        params:
@@ -114,6 +114,8 @@ spec:
            value: $(params.path-to-dockerfile)
          - name: EXTRA_ARGS
            value:
+              - "--opt"
+              - "target=$(params.target-name)"
              - --import-cache
              - "type=registry,ref=$(params.image-name):buildcache"
              - --export-cache
@@ -187,7 +189,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -216,7 +218,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -277,7 +279,7 @@ spec:
    - name: git-source
      volumeClaimTemplate:
        spec:
-          storageClassName: "nfs-client"
+          storageClassName: "local-path"
          accessModes:
            - ReadWriteOnce
          resources:
--- a/.webhook_bridge/pipeline-semver.yaml
+++ b/.webhook_bridge/pipeline-semver.yaml
@@ -74,7 +74,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -99,7 +99,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/git-clone/0.9/git-clone.yaml
        workspaces:
@@ -124,7 +124,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -153,7 +153,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -177,7 +177,7 @@ spec:
    - name: git-source
      volumeClaimTemplate:
        spec:
-          storageClassName: "nfs-client"
+          storageClassName: "local-path"
          accessModes:
            - ReadWriteOnce
          resources:
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4

 [[package]]
 name = "addr2line"
@@ -1039,11 +1039,11 @@ checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24"

 [[package]]
 name = "matchers"
-version = "0.1.0"
+version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558"
+checksum = "d1525a2a28c7f4fa0fc98bb91ae755d1e2d1505079e05539e35bc876b5d65ae9"
 dependencies = [
- "regex-automata 0.1.10",
+ "regex-automata",
 ]

 [[package]]
@@ -1101,16 +1101,6 @@ dependencies = [
 "tempfile",
 ]

-[[package]]
-name = "nu-ansi-term"
-version = "0.46.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84"
-dependencies = [
- "overload",
- "winapi",
-]
-
 [[package]]
 name = "num-traits"
 version = "0.2.19"
@@ -1198,12 +1188,6 @@ dependencies = [
 "num-traits",
 ]

-[[package]]
-name = "overload"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
-
 [[package]]
 name = "parking"
 version = "2.2.0"
@@ -1403,17 +1387,8 @@ checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619"
 dependencies = [
 "aho-corasick",
 "memchr",
- "regex-automata 0.4.7",
- "regex-syntax 0.8.4",
-]
-
-[[package]]
-name = "regex-automata"
-version = "0.1.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
-dependencies = [
- "regex-syntax 0.6.29",
+ "regex-automata",
+ "regex-syntax",
 ]

 [[package]]
@@ -1424,15 +1399,9 @@ checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df"
 dependencies = [
 "aho-corasick",
 "memchr",
- "regex-syntax 0.8.4",
+ "regex-syntax",
 ]

-[[package]]
-name = "regex-syntax"
-version = "0.6.29"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
-
 [[package]]
 name = "regex-syntax"
 version = "0.8.4"
@@ -2095,9 +2064,9 @@ checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52"

 [[package]]
 name = "tracing"
-version = "0.1.40"
+version = "0.1.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef"
+checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100"
 dependencies = [
 "log",
 "pin-project-lite",
@@ -2107,9 +2076,9 @@ dependencies = [

 [[package]]
 name = "tracing-attributes"
-version = "0.1.27"
+version = "0.1.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
+checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -2118,41 +2087,26 @@ dependencies = [

 [[package]]
 name = "tracing-core"
-version = "0.1.32"
+version = "0.1.36"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54"
+checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a"
 dependencies = [
 "once_cell",
- "valuable",
-]
-
-[[package]]
-name = "tracing-log"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3"
-dependencies = [
- "log",
- "once_cell",
- "tracing-core",
 ]

 [[package]]
 name = "tracing-subscriber"
-version = "0.3.18"
+version = "0.3.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ad0f048c97dbd9faa9b7df56362b8ebcaa52adb06b498c050d2f4e32f90a7a8b"
+checksum = "cb7f578e5945fb242538965c2d0b04418d38ec25c79d160cd279bf0731c8d319"
 dependencies = [
 "matchers",
- "nu-ansi-term",
 "once_cell",
- "regex",
+ "regex-automata",
 "sharded-slab",
- "smallvec",
 "thread_local",
 "tracing",
 "tracing-core",
- "tracing-log",
 ]

 [[package]]
@@ -2217,12 +2171,6 @@ dependencies = [
 "percent-encoding",
 ]

-[[package]]
-name = "valuable"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
-
 [[package]]
 name = "vcpkg"
 version = "0.2.15"
@@ -2350,28 +2298,6 @@ dependencies = [
 "tracing-subscriber",
 ]

-[[package]]
-name = "winapi"
-version = "0.3.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
-dependencies = [
- "winapi-i686-pc-windows-gnu",
- "winapi-x86_64-pc-windows-gnu",
-]
-
-[[package]]
-name = "winapi-i686-pc-windows-gnu"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
-
-[[package]]
-name = "winapi-x86_64-pc-windows-gnu"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
-
 [[package]]
 name = "windows-sys"
 version = "0.48.0"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -52,8 +52,8 @@ sha2 = "0.10.8"
 tokio = { version = "1.38.0", default-features = false, features = ["macros", "process", "rt-multi-thread", "signal"] }
 toml = { version = "0.8.19", default-features = false, features = ["display", "parse"] }
 tower-http = { version = "0.5.2", default-features = false, features = ["trace", "timeout"] }
-tracing = { version = "0.1.40", default-features = false, features = ["attributes", "std", "tracing-attributes", "async-await"] }
-tracing-subscriber = { version = "0.3.18", default-features = false, features = ["alloc", "ansi", "fmt", "nu-ansi-term", "registry", "sharded-slab", "smallvec", "std", "thread_local", "tracing-log", "env-filter"] }
+tracing = { version = "0.1.44", default-features = false, features = [] }
+tracing-subscriber = { version = "0.3.23", default-features = false, features = ["env-filter", "fmt"] }

 [profile.release-lto]
 inherits = "release"
--- a/docker/webhook_bridge/Dockerfile
+++ b/docker/webhook_bridge/Dockerfile
@@ -1,18 +1,42 @@
-# syntax=docker/dockerfile:1
-ARG ALPINE_VERSION="3.20"
+#
+# Builder
+#

-FROM rustlang/rust:nightly-alpine$ALPINE_VERSION AS builder
+FROM nixos/nix:latest AS builder

-RUN apk add --no-cache musl-dev pkgconfig libressl-dev
+RUN cp "$(nix --extra-experimental-features "nix-command flakes" --option filter-syscalls false build nixpkgs#cacert --print-out-paths)/etc/ssl/certs/ca-bundle.crt" /tmp/ca-bundle.crt

-RUN mkdir /source
-WORKDIR /source
-COPY . .
-# TODO: Add static build, which currently errors due to proc_macro. RUSTFLAGS="-C target-feature=+crt-static"
-RUN --mount=type=tmpfs,target=/tmp --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked CARGO_TARGET_DIR=/target cargo build --profile release-lto --bin webhook_bridge
+COPY . /tmp/build
+WORKDIR /tmp/build

-FROM alpine:$ALPINE_VERSION AS runner
+RUN nix \
+    --extra-experimental-features "nix-command flakes" \
+    --option filter-syscalls false \
+    build '.#docker_env'

-COPY --from=builder /target/release-lto/webhook_bridge /usr/bin/
+# Export the built closure to a folder
+RUN mkdir /tmp/nix-store-closure
+RUN cp -R $(nix-store -qR result/) /tmp/nix-store-closure
+RUN ln -s $(readlink -f /tmp/build/result/bin/sh) /tmp/sh

-ENTRYPOINT ["/usr/bin/webhook_bridge"]
+
+
+#
+# Runner
+#
+
+FROM scratch
+
+WORKDIR /app
+
+ENV PATH="$PATH:/app/bin"
+
+ENV SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
+ENV NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
+COPY --from=builder /tmp/ca-bundle.crt /etc/ssl/certs/ca-bundle.crt
+
+COPY --from=builder /tmp/nix-store-closure /nix/store
+COPY --from=builder /tmp/build/result /app
+COPY --from=builder /tmp/sh /bin/sh
+EXPOSE 9988
+CMD ["/app/bin/webhook_bridge"]
--- a/flake.lock
+++ b/flake.lock
@@ -0,0 +1,48 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1777578337,
+        "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "15f4ee454b1dce334612fa6843b3e05cf546efab",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "rust-overlay": "rust-overlay"
+      }
+    },
+    "rust-overlay": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1777691680,
+        "narHash": "sha256-sdCAzrPAaKu+yo7L2pWddy5PN6U9bO++WEWc1zcr7aQ=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "4757db4358c77c1cbe878fa5990e6ea88d82f6b5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@@ -0,0 +1,92 @@
+{
+  description = "webhook-bridge development environment";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    rust-overlay = {
+      url = "github:oxalica/rust-overlay";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+      };
+    };
+  };
+
+  outputs =
+    {
+      self,
+      nixpkgs,
+      rust-overlay,
+    }:
+    let
+      forAllSystems =
+        func:
+        builtins.listToAttrs (
+          map (system: {
+            name = system;
+            value = func system;
+          }) nixpkgs.lib.systems.flakeExposed
+        );
+    in
+    {
+      devShells = forAllSystems (
+        system:
+        let
+          overlays = [ (import rust-overlay) ];
+          pkgs = import nixpkgs {
+            inherit system overlays;
+          };
+          rustToolchain = pkgs.pkgsBuildHost.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
+        in
+        {
+          default = pkgs.mkShell {
+            nativeBuildInputs = [
+              pkgs.pkg-config
+              rustToolchain
+              pkgs.openssl
+            ];
+            buildInputs = with pkgs; [
+              # sqlx-cli # For sqlx CLI to manage migrations
+              # sqlite # To access the database (sqlite is bundled into the together_alone binary but this is for manually accessing the db).
+            ];
+          };
+        }
+      );
+      packages = forAllSystems (
+        system:
+        let
+          overlays = [ (import rust-overlay) ];
+          pkgs = import nixpkgs {
+            inherit system overlays;
+          };
+          rustToolchain = pkgs.pkgsBuildHost.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
+        in
+        rec {
+          app = pkgs.rustPlatform.buildRustPackage {
+            pname = "webhook-bridge";
+            version = "0.0.0";
+            src = ./.;
+
+            # If you have a Cargo.lock file, use this:
+            cargoLock.lockFile = ./Cargo.lock;
+
+            nativeBuildInputs = [
+              pkgs.pkg-config
+            ];
+            buildInputs = [
+              pkgs.openssl
+            ];
+          };
+          docker_env = pkgs.buildEnv {
+            name = "webhook-bridge";
+            paths = with pkgs; [
+              app
+              bash
+              uutils-coreutils-noprefix
+              # toybox # Smaller than uutils-coreutils?
+            ];
+          };
+          default = app;
+        }
+      );
+    };
+}
--- a/local_payload.json
+++ b/local_payload.json
@@ -1,13 +1,13 @@
 {
  "ref": "refs/heads/main",
-  "before": "f3b00c46ea57d5314063ad6fbfcaf9e38712cafe",
-  "after": "e991b259f2bdf3f24a2cba309a93d81f32ab7f50",
-  "compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/f3b00c46ea57d5314063ad6fbfcaf9e38712cafe...e991b259f2bdf3f24a2cba309a93d81f32ab7f50",
+  "before": "1f52dd8995987337a3a33ce675625647545490c2",
+  "after": "f55834712245bd546a5ca982d95ecf47669ba4ab",
+  "compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/1f52dd8995987337a3a33ce675625647545490c2...f55834712245bd546a5ca982d95ecf47669ba4ab",
  "commits": [
    {
-      "id": "e991b259f2bdf3f24a2cba309a93d81f32ab7f50",
-      "message": "Add source_id to HookUser.\n\nThis must be a new field that gitea added in an update.\n",
-      "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/e991b259f2bdf3f24a2cba309a93d81f32ab7f50",
+      "id": "f55834712245bd546a5ca982d95ecf47669ba4ab",
+      "message": "Update to the latest catalog.\n",
+      "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/f55834712245bd546a5ca982d95ecf47669ba4ab",
      "author": {
        "name": "Tom Alexander",
        "email": "tom@fizz.buzz",
@@ -19,7 +19,7 @@
        "username": ""
      },
      "verification": null,
-      "timestamp": "2024-10-18T19:41:56-04:00",
+      "timestamp": "2026-05-02T17:50:49-04:00",
      "added": [],
      "removed": [],
      "modified": [
@@ -28,15 +28,16 @@
        ".webhook_bridge/pipeline-rust-clippy.yaml",
        ".webhook_bridge/pipeline-rust-test.yaml",
        ".webhook_bridge/pipeline-semver.yaml",
-        "src/hook_push.rs"
+        "local_payload.json",
+        "run.bash"
      ]
    }
  ],
  "total_commits": 1,
  "head_commit": {
-    "id": "e991b259f2bdf3f24a2cba309a93d81f32ab7f50",
-    "message": "Add source_id to HookUser.\n\nThis must be a new field that gitea added in an update.\n",
-    "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/e991b259f2bdf3f24a2cba309a93d81f32ab7f50",
+    "id": "f55834712245bd546a5ca982d95ecf47669ba4ab",
+    "message": "Update to the latest catalog.\n",
+    "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/f55834712245bd546a5ca982d95ecf47669ba4ab",
    "author": {
      "name": "Tom Alexander",
      "email": "tom@fizz.buzz",
@@ -48,7 +49,7 @@
      "username": ""
    },
    "verification": null,
-    "timestamp": "2024-10-18T19:41:56-04:00",
+    "timestamp": "2026-05-02T17:50:49-04:00",
    "added": [],
    "removed": [],
    "modified": [
@@ -57,7 +58,8 @@
      ".webhook_bridge/pipeline-rust-clippy.yaml",
      ".webhook_bridge/pipeline-rust-test.yaml",
      ".webhook_bridge/pipeline-semver.yaml",
-      "src/hook_push.rs"
+      "local_payload.json",
+      "run.bash"
    ]
  },
  "repository": {
@@ -94,15 +96,14 @@
    "private": false,
    "fork": false,
    "template": false,
-    "parent": null,
    "mirror": false,
-    "size": 151,
+    "size": 193,
    "language": "",
    "languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages",
    "html_url": "https://code.fizz.buzz/talexander/webhook_bridge",
    "url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge",
    "link": "",
-    "ssh_url": "git@code.fizz.buzz:talexander/webhook_bridge.git",
+    "ssh_url": "git@git.example.com:talexander/webhook_bridge.git",
    "clone_url": "https://code.fizz.buzz/talexander/webhook_bridge.git",
    "original_url": "",
    "website": "",
@@ -115,13 +116,14 @@
    "default_branch": "main",
    "archived": false,
    "created_at": "2024-07-14T18:48:52Z",
-    "updated_at": "2024-09-30T04:41:20Z",
+    "updated_at": "2026-05-02T22:11:33Z",
    "archived_at": "1970-01-01T00:00:00Z",
    "permissions": {
      "admin": true,
      "push": true,
      "pull": true
    },
+    "has_code": true,
    "has_issues": true,
    "internal_tracker": {
      "enable_time_tracker": true,
@@ -142,6 +144,8 @@
    "allow_squash_merge": true,
    "allow_fast_forward_only_merge": false,
    "allow_rebase_update": true,
+    "allow_manual_merge": false,
+    "autodetect_manual_merge": false,
    "default_delete_branch_after_merge": false,
    "default_merge_style": "merge",
    "default_allow_maintainer_edit": false,
@@ -150,7 +154,10 @@
    "mirror_interval": "",
    "object_format_name": "sha1",
    "mirror_updated": "0001-01-01T00:00:00Z",
-    "repo_transfer": null
+    "topics": [],
+    "licenses": [
+      "0BSD"
+    ]
  },
  "pusher": {
    "id": 1,
--- a/run.bash
+++ b/run.bash
@@ -4,4 +4,13 @@ set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

-RUST_LOG=webhook_bridge=DEBUG WEBHOOK_BRIDGE_API_ROOT="https://code.fizz.buzz/api" WEBHOOK_BRIDGE_HMAC_SECRET=$(cat /bridge/git/mrmanager/k8s/webhook-bridge/secrets/webhook-bridge/webhook-bridge/HMAC_TOKEN) WEBHOOK_BRIDGE_OAUTH_TOKEN=$(cat /bridge/git/mrmanager/k8s/webhook-bridge/secrets/webhook-bridge/webhook-bridge/OAUTH_TOKEN) cargo run
+function main {
+    exec env RUST_LOG=webhookbridge=DEBUG WEBHOOK_BRIDGE_API_ROOT="https://code.fizz.buzz/api" WEBHOOK_BRIDGE_HMAC_SECRET="$(decrypt_k8s_secret -n webhook-bridge webhook-bridge | jq -r '.HMAC_TOKEN')" WEBHOOK_BRIDGE_OAUTH_TOKEN="$(decrypt_k8s_secret -n webhook-bridge webhook-bridge | jq -r '.OAUTH_TOKEN')" WEBHOOK_BRIDGE_REPO_WHITELIST="talexander/webhook_bridge,talexander/homepage,talexander/natter,talexander/poudboot,talexander/ta_waybar_pipewire,talexander/organic" cargo run "${@}"
+    #"${@}"
+}
+
+function decrypt_k8s_secret {
+    kubectl get secret -o json "${@}" | jq '.data[] |= @base64d | .data'
+}
+
+main "${@}"
--- a/run_docker.bash
+++ b/run_docker.bash
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+#
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+function main {
+    make -C docker/webhook_bridge build
+    docker run --rm -i -t -p 9988:9988 -e RUST_LOG=webhookbridge=DEBUG -e WEBHOOK_BRIDGE_API_ROOT="https://code.fizz.buzz/api" -e WEBHOOK_BRIDGE_HMAC_SECRET="$(decrypt_k8s_secret -n webhook-bridge webhook-bridge | jq -r '.HMAC_TOKEN')" -e WEBHOOK_BRIDGE_OAUTH_TOKEN="$(decrypt_k8s_secret -n webhook-bridge webhook-bridge | jq -r '.OAUTH_TOKEN')" -e WEBHOOK_BRIDGE_REPO_WHITELIST="talexander/webhook_bridge,talexander/homepage,talexander/natter,talexander/poudboot,talexander/ta_waybar_pipewire,talexander/organic" webhook-bridge:latest
+}
+
+function decrypt_k8s_secret {
+    kubectl get secret -o json "${@}" | jq '.data[] |= @base64d | .data'
+}
+
+main "${@}"
--- a/rust-toolchain.toml
+++ b/rust-toolchain.toml
@@ -0,0 +1,4 @@
+[toolchain]
+channel = "nightly"
+profile = "default"
+components = ["clippy", "rustfmt"]
--- a/src/hook_push.rs
+++ b/src/hook_push.rs
@@ -6,7 +6,6 @@ use serde_json::Value;

 #[allow(dead_code)]
 #[derive(Debug, Deserialize)]
-#[serde(deny_unknown_fields)]
 pub(crate) struct HookPush {
    #[serde(rename = "ref")]
    pub(crate) ref_field: String,
@@ -23,7 +22,6 @@ pub(crate) struct HookPush {

 #[allow(dead_code)]
 #[derive(Debug, Deserialize)]
-#[serde(deny_unknown_fields)]
 pub(crate) struct HookUser {
    id: u64,
    login: String,
@@ -53,7 +51,6 @@ pub(crate) struct HookUser {

 #[allow(dead_code)]
 #[derive(Debug, Deserialize)]
-#[serde(deny_unknown_fields)]
 pub(crate) struct HookRepository {
    id: u64,
    owner: HookUser,
@@ -64,7 +61,6 @@ pub(crate) struct HookRepository {
    private: bool,
    fork: bool,
    template: bool,
-    parent: Value, // Was null in test hook
    mirror: bool,
    size: u64,
    language: String,
@@ -89,7 +85,8 @@ pub(crate) struct HookRepository {
    archived_at: String, // TODO: parse to datetime
    permissions: HookRepositoryPermissions,
    has_issues: bool,
-    internal_tracker: HookRepositoryInternalTracker,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    internal_tracker: Option<HookRepositoryInternalTracker>,
    has_wiki: bool,
    has_pull_requests: bool,
    has_projects: bool,
@@ -112,12 +109,10 @@ pub(crate) struct HookRepository {
    mirror_interval: String,
    object_format_name: String,
    mirror_updated: String, // TODO: parse to datetime
-    repo_transfer: Value,   // Was null in test hook
 }

 #[allow(dead_code)]
 #[derive(Debug, Deserialize)]
-#[serde(deny_unknown_fields)]
 pub(crate) struct HookRepositoryPermissions {
    admin: bool,
    push: bool,
@@ -126,7 +121,6 @@ pub(crate) struct HookRepositoryPermissions {

 #[allow(dead_code)]
 #[derive(Debug, Deserialize)]
-#[serde(deny_unknown_fields)]
 pub(crate) struct HookRepositoryInternalTracker {
    enable_time_tracker: bool,
    allow_only_contributors_to_track_time: bool,
@@ -135,7 +129,6 @@ pub(crate) struct HookRepositoryInternalTracker {

 #[allow(dead_code)]
 #[derive(Debug, Deserialize)]
-#[serde(deny_unknown_fields)]
 pub(crate) struct HookCommit {
    id: String,
    message: String,
@@ -151,7 +144,6 @@ pub(crate) struct HookCommit {

 #[allow(dead_code)]
 #[derive(Debug, Deserialize)]
-#[serde(deny_unknown_fields)]
 pub(crate) struct HookGitUser {
    name: String,
    email: String,
--- a/src/webhook.rs
+++ b/src/webhook.rs
@@ -77,14 +77,17 @@ pub(crate) async fn hook(
                        message: None,
                    }),
                ),
-                Err(_) => (
-                    // StatusCode::INTERNAL_SERVER_ERROR,
-                    StatusCode::OK,
-                    Json(HookResponse {
-                        ok: false,
-                        message: Some("Failed to handle push event.".to_string()),
-                    }),
-                ),
+                Err(e) => {
+                    tracing::error!("Failed to handle push event: {}", e);
+                    (
+                        // StatusCode::INTERNAL_SERVER_ERROR,
+                        StatusCode::OK,
+                        Json(HookResponse {
+                            ok: false,
+                            message: Some("Failed to handle push event.".to_string()),
+                        }),
+                    )
+                }
            }
        }
        HookRequest::Unrecognized(payload) => (
--- a/test_webhook.bash
+++ b/test_webhook.bash
Author	SHA1	Message	Date
Tom Alexander	271d18fe2a	Update the build pipelines. Some checks failed semver Build semver has succeeded Details build Build build has started Details format Build format has succeeded Details clippy Build clippy has failed Details rust-test Build rust-test has succeeded Details	2026-05-02 23:04:49 -04:00
Tom Alexander	9e92c5c49f	Add better logging. Some checks failed format Build format has failed Details rust-test Build rust-test has failed Details build Build build has failed Details semver Build semver has succeeded Details clippy Build clippy has failed Details	2026-05-02 21:54:24 -04:00
Tom Alexander	cedf2eef54	Update to the latest catalog.	2026-05-02 21:14:51 -04:00
Tom Alexander	e5aff59cd2	Build using nix.	2026-05-02 21:14:51 -04:00
Tom Alexander	6e209bdcef	Update for the latest gitea.	2026-05-02 16:35:31 -04:00
Tom Alexander	5fb1982930	Mark internal_tracker as optional. Some checks failed semver Build semver has succeeded Details format Build format has succeeded Details clippy Build clippy has failed Details build Build build has succeeded Details rust-test Build rust-test has succeeded Details	2025-09-23 21:09:24 -04:00
Tom Alexander	ac3c23e65a	Switch to local-path-provisioner. Some checks failed format Build format has succeeded Details clippy Build clippy has failed Details rust-test Build rust-test has succeeded Details semver Build semver has succeeded Details build Build build has succeeded Details	2025-08-31 18:35:48 -04:00
Tom Alexander	3f2bdda8cb	Add support for new fields in payload. All checks were successful semver Build semver has succeeded Details format Build format has succeeded Details clippy Build clippy has succeeded Details rust-test Build rust-test has succeeded Details build Build build has succeeded Details	2025-02-08 21:11:23 -05:00
Tom Alexander	e7eeeefa53	Add back in docker targets. All checks were successful semver Build semver has succeeded Details format Build format has succeeded Details build Build build has succeeded Details clippy Build clippy has succeeded Details rust-test Build rust-test has succeeded Details	2024-10-20 23:12:52 -04:00
Tom Alexander	a17f6502c0	Use linked copy.	2024-10-20 23:03:40 -04:00