Update to the latest catalog.

Build using nix.
2026-05-02 18:43:52 -04:00 · 2026-05-02 17:05:19 -04:00
9 changed files with 136 additions and 61 deletions
--- a/.webhook_bridge/pipeline-build-semver.yaml
+++ b/.webhook_bridge/pipeline-build-semver.yaml
@@ -63,7 +63,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -88,7 +88,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/git-clone/0.9/git-clone.yaml
        workspaces:
@@ -181,7 +181,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -210,7 +210,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
--- a/.webhook_bridge/pipeline-format.yaml
+++ b/.webhook_bridge/pipeline-format.yaml
@@ -31,7 +31,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -56,7 +56,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/git-clone/0.9/git-clone.yaml
        workspaces:
@@ -184,7 +184,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/git-cli/0.4/git-cli.yaml
        params:
@@ -220,7 +220,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -249,7 +249,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
--- a/.webhook_bridge/pipeline-rust-clippy.yaml
+++ b/.webhook_bridge/pipeline-rust-clippy.yaml
@@ -31,7 +31,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -56,7 +56,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/git-clone/0.9/git-clone.yaml
        workspaces:
@@ -199,7 +199,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -228,7 +228,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
--- a/.webhook_bridge/pipeline-rust-test.yaml
+++ b/.webhook_bridge/pipeline-rust-test.yaml
@@ -31,7 +31,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -56,7 +56,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/git-clone/0.9/git-clone.yaml
        workspaces:
@@ -189,7 +189,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -218,7 +218,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
--- a/.webhook_bridge/pipeline-semver.yaml
+++ b/.webhook_bridge/pipeline-semver.yaml
@@ -74,7 +74,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -99,7 +99,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/git-clone/0.9/git-clone.yaml
        workspaces:
@@ -124,7 +124,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
@@ -153,7 +153,7 @@ spec:
            - name: url
              value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
            - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
            - name: pathInRepo
              value: task/gitea-set-status/0.1/gitea-set-status.yaml
        params:
--- a/docker/webhook_bridge/Dockerfile
+++ b/docker/webhook_bridge/Dockerfile
@@ -1,18 +1,36 @@
-# syntax=docker/dockerfile:1
-ARG ALPINE_VERSION="3.20"
+#
+# Builder
+#

-FROM rustlang/rust:nightly-alpine$ALPINE_VERSION AS builder
+FROM nixos/nix:latest AS builder

-RUN apk add --no-cache musl-dev pkgconfig libressl-dev
+COPY . /tmp/build
+WORKDIR /tmp/build

-RUN mkdir /source
-WORKDIR /source
-COPY --link . .
-# TODO: Add static build, which currently errors due to proc_macro. RUSTFLAGS="-C target-feature=+crt-static"
-RUN --mount=type=tmpfs,target=/tmp --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked CARGO_TARGET_DIR=/target cargo build --profile release-lto --bin webhook_bridge
+RUN nix \
+    --extra-experimental-features "nix-command flakes" \
+    --option filter-syscalls false \
+    build '.#docker_env'

-FROM alpine:$ALPINE_VERSION AS runner
+# Export the built closure to a folder
+RUN mkdir /tmp/nix-store-closure
+RUN cp -R $(nix-store -qR result/) /tmp/nix-store-closure
+RUN ln -s $(readlink -f /tmp/build/result/bin/sh) /tmp/sh

-COPY --link --from=builder /target/release-lto/webhook_bridge /usr/bin/

-ENTRYPOINT ["/usr/bin/webhook_bridge"]
+
+#
+# Runner
+#
+
+FROM scratch
+
+WORKDIR /app
+
+ENV PATH="$PATH:/app/bin"
+
+COPY --from=builder /tmp/nix-store-closure /nix/store
+COPY --from=builder /tmp/build/result /app
+COPY --from=builder /tmp/sh /bin/sh
+EXPOSE 9988
+CMD ["/app/bin/webhook_bridge"]
--- a/flake.nix
+++ b/flake.nix
@@ -51,5 +51,42 @@
          };
        }
      );
+      packages = forAllSystems (
+        system:
+        let
+          overlays = [ (import rust-overlay) ];
+          pkgs = import nixpkgs {
+            inherit system overlays;
+          };
+          rustToolchain = pkgs.pkgsBuildHost.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
+        in
+        rec {
+          app = pkgs.rustPlatform.buildRustPackage {
+            pname = "webhook-bridge";
+            version = "0.0.0";
+            src = ./.;
+
+            # If you have a Cargo.lock file, use this:
+            cargoLock.lockFile = ./Cargo.lock;
+
+            nativeBuildInputs = [
+              pkgs.pkg-config
+            ];
+            buildInputs = [
+              pkgs.openssl
+            ];
+          };
+          docker_env = pkgs.buildEnv {
+            name = "webhook-bridge";
+            paths = with pkgs; [
+              app
+              bash
+              uutils-coreutils-noprefix
+              # toybox # Smaller than uutils-coreutils?
+            ];
+          };
+          default = app;
+        }
+      );
    };
 }
--- a/local_payload.json
+++ b/local_payload.json
@@ -1,13 +1,13 @@
 {
-  "ref": "refs/heads/kubernetes",
-  "before": "e767de378a478fa41615cee71a9ba04830520d7d",
-  "after": "c83b8afd7910f25eb94d90325f3765b5d19900e4",
-  "compare_url": "https://code.fizz.buzz/talexander/machine_setup/compare/e767de378a478fa41615cee71a9ba04830520d7d...c83b8afd7910f25eb94d90325f3765b5d19900e4",
+  "ref": "refs/heads/main",
+  "before": "6eac598600c436d33de295d5b5f05b444beb2d3d",
+  "after": "1f52dd8995987337a3a33ce675625647545490c2",
+  "compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/6eac598600c436d33de295d5b5f05b444beb2d3d...1f52dd8995987337a3a33ce675625647545490c2",
  "commits": [
    {
-      "id": "c83b8afd7910f25eb94d90325f3765b5d19900e4",
-      "message": "Delete images after 24 hours of being unused.\n",
-      "url": "https://code.fizz.buzz/talexander/machine_setup/commit/c83b8afd7910f25eb94d90325f3765b5d19900e4",
+      "id": "1f52dd8995987337a3a33ce675625647545490c2",
+      "message": "Update to the latest catalog.\n",
+      "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/1f52dd8995987337a3a33ce675625647545490c2",
      "author": {
        "name": "Tom Alexander",
        "email": "tom@fizz.buzz",
@@ -19,19 +19,24 @@
        "username": ""
      },
      "verification": null,
-      "timestamp": "2026-05-02T15:53:35-04:00",
+      "timestamp": "2026-05-02T17:50:49-04:00",
      "added": [],
      "removed": [],
      "modified": [
-        "nix/kubernetes/roles/kubelet/default.nix"
+        ".webhook_bridge/pipeline-build-semver.yaml",
+        ".webhook_bridge/pipeline-format.yaml",
+        ".webhook_bridge/pipeline-rust-clippy.yaml",
+        ".webhook_bridge/pipeline-rust-test.yaml",
+        ".webhook_bridge/pipeline-semver.yaml",
+        "local_payload.json"
      ]
    }
  ],
  "total_commits": 1,
  "head_commit": {
-    "id": "c83b8afd7910f25eb94d90325f3765b5d19900e4",
-    "message": "Delete images after 24 hours of being unused.\n",
-    "url": "https://code.fizz.buzz/talexander/machine_setup/commit/c83b8afd7910f25eb94d90325f3765b5d19900e4",
+    "id": "1f52dd8995987337a3a33ce675625647545490c2",
+    "message": "Update to the latest catalog.\n",
+    "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/1f52dd8995987337a3a33ce675625647545490c2",
    "author": {
      "name": "Tom Alexander",
      "email": "tom@fizz.buzz",
@@ -43,15 +48,20 @@
      "username": ""
    },
    "verification": null,
-    "timestamp": "2026-05-02T15:53:35-04:00",
+    "timestamp": "2026-05-02T17:50:49-04:00",
    "added": [],
    "removed": [],
    "modified": [
-      "nix/kubernetes/roles/kubelet/default.nix"
+      ".webhook_bridge/pipeline-build-semver.yaml",
+      ".webhook_bridge/pipeline-format.yaml",
+      ".webhook_bridge/pipeline-rust-clippy.yaml",
+      ".webhook_bridge/pipeline-rust-test.yaml",
+      ".webhook_bridge/pipeline-semver.yaml",
+      "local_payload.json"
    ]
  },
  "repository": {
-    "id": 5,
+    "id": 21,
    "owner": {
      "id": 1,
      "login": "talexander",
@@ -77,22 +87,22 @@
      "starred_repos_count": 0,
      "username": "talexander"
    },
-    "name": "machine_setup",
-    "full_name": "talexander/machine_setup",
-    "description": "",
+    "name": "webhook_bridge",
+    "full_name": "talexander/webhook_bridge",
+    "description": "A server that receives webhooks from gitea and fires off Tekton jobs in response.",
    "empty": false,
    "private": false,
    "fork": false,
    "template": false,
    "mirror": false,
-    "size": 9940,
+    "size": 179,
    "language": "",
-    "languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/machine_setup/languages",
-    "html_url": "https://code.fizz.buzz/talexander/machine_setup",
-    "url": "https://code.fizz.buzz/api/v1/repos/talexander/machine_setup",
+    "languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages",
+    "html_url": "https://code.fizz.buzz/talexander/webhook_bridge",
+    "url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge",
    "link": "",
-    "ssh_url": "git@git.example.com:talexander/machine_setup.git",
-    "clone_url": "https://code.fizz.buzz/talexander/machine_setup.git",
+    "ssh_url": "git@git.example.com:talexander/webhook_bridge.git",
+    "clone_url": "https://code.fizz.buzz/talexander/webhook_bridge.git",
    "original_url": "",
    "website": "",
    "stars_count": 0,
@@ -103,8 +113,8 @@
    "release_counter": 0,
    "default_branch": "main",
    "archived": false,
-    "created_at": "2023-07-05T22:53:26Z",
-    "updated_at": "2026-05-02T19:53:11Z",
+    "created_at": "2024-07-14T18:48:52Z",
+    "updated_at": "2026-05-02T21:52:29Z",
    "archived_at": "1970-01-01T00:00:00Z",
    "permissions": {
      "admin": true,
@@ -143,7 +153,9 @@
    "object_format_name": "sha1",
    "mirror_updated": "0001-01-01T00:00:00Z",
    "topics": [],
-    "licenses": []
+    "licenses": [
+      "0BSD"
+    ]
  },
  "pusher": {
    "id": 1,
--- a/run.bash
+++ b/run.bash
@@ -4,4 +4,12 @@ set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

-exec env RUST_LOG=webhook_bridge=DEBUG WEBHOOK_BRIDGE_API_ROOT="https://code.fizz.buzz/api" WEBHOOK_BRIDGE_HMAC_SECRET=$(cat /bridge/git/mrmanager/k8s/webhook_bridge/secrets/webhook-bridge/webhook-bridge/HMAC_TOKEN) WEBHOOK_BRIDGE_OAUTH_TOKEN=$(cat /bridge/git/mrmanager/k8s/webhook_bridge/secrets/webhook-bridge/webhook-bridge/OAUTH_TOKEN) WEBHOOK_BRIDGE_REPO_WHITELIST="talexander/webhook_bridge,talexander/homepage,talexander/natter,talexander/poudboot,talexander/ta_waybar_pipewire,talexander/organic" cargo run "${@}"
+function main {
+    exec env RUST_LOG=webhook_bridge=DEBUG WEBHOOK_BRIDGE_API_ROOT="https://code.fizz.buzz/api" WEBHOOK_BRIDGE_HMAC_SECRET="$(decrypt_k8s_secret -n webhook-bridge webhook-bridge | jq -r '.HMAC_TOKEN')" WEBHOOK_BRIDGE_OAUTH_TOKEN="$(decrypt_k8s_secret -n webhook-bridge webhook-bridge | jq -r '.OAUTH_TOKEN')" WEBHOOK_BRIDGE_REPO_WHITELIST="talexander/webhook_bridge,talexander/homepage,talexander/natter,talexander/poudboot,talexander/ta_waybar_pipewire,talexander/organic" cargo run "${@}"
+}
+
+function decrypt_k8s_secret {
+    kubectl get secret -o json "${@}" | jq '.data[] |= @base64d | .data'
+}
+
+main "${@}"
Author	SHA1	Message	Date
Tom Alexander	f558347122	Update to the latest catalog. Some checks failed clippy Build clippy has started Details semver Build semver has succeeded Details format Build format has failed Details rust-test Build rust-test has failed Details	2026-05-02 18:43:52 -04:00
Tom Alexander	444c13376b	Build using nix.	2026-05-02 17:05:19 -04:00