Update to the latest catalog.

.webhook_bridge/pipeline-build-semver.yaml

@@ -63,7 +63,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         params:
@@ -88,7 +88,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/git-clone/0.9/git-clone.yaml
         workspaces:
@@ -181,7 +181,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         params:
@@ -210,7 +210,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         params:

.webhook_bridge/pipeline-format.yaml

@@ -31,7 +31,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         params:
@@ -56,7 +56,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/git-clone/0.9/git-clone.yaml
         workspaces:
@@ -184,7 +184,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/git-cli/0.4/git-cli.yaml
         params:
@@ -220,7 +220,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         params:
@@ -249,7 +249,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         params:

.webhook_bridge/pipeline-rust-clippy.yaml

@@ -31,7 +31,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         params:
@@ -56,7 +56,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/git-clone/0.9/git-clone.yaml
         workspaces:
@@ -199,7 +199,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         params:
@@ -228,7 +228,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         params:

.webhook_bridge/pipeline-rust-test.yaml

@@ -31,7 +31,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         params:
@@ -56,7 +56,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/git-clone/0.9/git-clone.yaml
         workspaces:
@@ -189,7 +189,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         params:
@@ -218,7 +218,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         params:

.webhook_bridge/pipeline-semver.yaml

@@ -74,7 +74,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         params:
@@ -99,7 +99,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/git-clone/0.9/git-clone.yaml
         workspaces:
@@ -124,7 +124,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         params:
@@ -153,7 +153,7 @@ spec:
             - name: url
               value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
             - name: revision
-              value: df36b3853a5657fd883015cdbf07ad6466918acf
+              value: f914437a46978b95f325f68d791dcf1a35738f60
             - name: pathInRepo
               value: task/gitea-set-status/0.1/gitea-set-status.yaml
         params:

docker/webhook_bridge/Dockerfile

@@ -1,18 +1,36 @@
-# syntax=docker/dockerfile:1
+#
-ARG ALPINE_VERSION="3.20"
+# Builder
+#
 
-FROM rustlang/rust:nightly-alpine$ALPINE_VERSION AS builder
+FROM nixos/nix:latest AS builder
 
-RUN apk add --no-cache musl-dev pkgconfig libressl-dev
+COPY . /tmp/build
+WORKDIR /tmp/build
 
-RUN mkdir /source
+RUN nix \
-WORKDIR /source
+    --extra-experimental-features "nix-command flakes" \
-COPY --link . .
+    --option filter-syscalls false \
-# TODO: Add static build, which currently errors due to proc_macro. RUSTFLAGS="-C target-feature=+crt-static"
+    build '.#docker_env'
-RUN --mount=type=tmpfs,target=/tmp --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked CARGO_TARGET_DIR=/target cargo build --profile release-lto --bin webhook_bridge
 
-FROM alpine:$ALPINE_VERSION AS runner
+# Export the built closure to a folder
+RUN mkdir /tmp/nix-store-closure
+RUN cp -R $(nix-store -qR result/) /tmp/nix-store-closure
+RUN ln -s $(readlink -f /tmp/build/result/bin/sh) /tmp/sh
 
-COPY --link --from=builder /target/release-lto/webhook_bridge /usr/bin/
 
-ENTRYPOINT ["/usr/bin/webhook_bridge"]
+
+#
+# Runner
+#
+
+FROM scratch
+
+WORKDIR /app
+
+ENV PATH="$PATH:/app/bin"
+
+COPY --from=builder /tmp/nix-store-closure /nix/store
+COPY --from=builder /tmp/build/result /app
+COPY --from=builder /tmp/sh /bin/sh
+EXPOSE 9988
+CMD ["/app/bin/webhook_bridge"]

flake.nix

@@ -51,5 +51,42 @@
           };
         }
       );
+      packages = forAllSystems (
+        system:
+        let
+          overlays = [ (import rust-overlay) ];
+          pkgs = import nixpkgs {
+            inherit system overlays;
+          };
+          rustToolchain = pkgs.pkgsBuildHost.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
+        in
+        rec {
+          app = pkgs.rustPlatform.buildRustPackage {
+            pname = "webhook-bridge";
+            version = "0.0.0";
+            src = ./.;
+
+            # If you have a Cargo.lock file, use this:
+            cargoLock.lockFile = ./Cargo.lock;
+
+            nativeBuildInputs = [
+              pkgs.pkg-config
+            ];
+            buildInputs = [
+              pkgs.openssl
+            ];
+          };
+          docker_env = pkgs.buildEnv {
+            name = "webhook-bridge";
+            paths = with pkgs; [
+              app
+              bash
+              uutils-coreutils-noprefix
+              # toybox # Smaller than uutils-coreutils?
+            ];
+          };
+          default = app;
+        }
+      );
     };
 }

local_payload.json

@@ -1,13 +1,13 @@
 {
-  "ref": "refs/heads/kubernetes",
+  "ref": "refs/heads/main",
-  "before": "e767de378a478fa41615cee71a9ba04830520d7d",
+  "before": "6eac598600c436d33de295d5b5f05b444beb2d3d",
-  "after": "c83b8afd7910f25eb94d90325f3765b5d19900e4",
+  "after": "1f52dd8995987337a3a33ce675625647545490c2",
-  "compare_url": "https://code.fizz.buzz/talexander/machine_setup/compare/e767de378a478fa41615cee71a9ba04830520d7d...c83b8afd7910f25eb94d90325f3765b5d19900e4",
+  "compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/6eac598600c436d33de295d5b5f05b444beb2d3d...1f52dd8995987337a3a33ce675625647545490c2",
   "commits": [
     {
-      "id": "c83b8afd7910f25eb94d90325f3765b5d19900e4",
+      "id": "1f52dd8995987337a3a33ce675625647545490c2",
-      "message": "Delete images after 24 hours of being unused.\n",
+      "message": "Update to the latest catalog.\n",
-      "url": "https://code.fizz.buzz/talexander/machine_setup/commit/c83b8afd7910f25eb94d90325f3765b5d19900e4",
+      "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/1f52dd8995987337a3a33ce675625647545490c2",
       "author": {
         "name": "Tom Alexander",
         "email": "tom@fizz.buzz",
@@ -19,19 +19,24 @@
         "username": ""
       },
       "verification": null,
-      "timestamp": "2026-05-02T15:53:35-04:00",
+      "timestamp": "2026-05-02T17:50:49-04:00",
       "added": [],
       "removed": [],
       "modified": [
-        "nix/kubernetes/roles/kubelet/default.nix"
+        ".webhook_bridge/pipeline-build-semver.yaml",
+        ".webhook_bridge/pipeline-format.yaml",
+        ".webhook_bridge/pipeline-rust-clippy.yaml",
+        ".webhook_bridge/pipeline-rust-test.yaml",
+        ".webhook_bridge/pipeline-semver.yaml",
+        "local_payload.json"
       ]
     }
   ],
   "total_commits": 1,
   "head_commit": {
-    "id": "c83b8afd7910f25eb94d90325f3765b5d19900e4",
+    "id": "1f52dd8995987337a3a33ce675625647545490c2",
-    "message": "Delete images after 24 hours of being unused.\n",
+    "message": "Update to the latest catalog.\n",
-    "url": "https://code.fizz.buzz/talexander/machine_setup/commit/c83b8afd7910f25eb94d90325f3765b5d19900e4",
+    "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/1f52dd8995987337a3a33ce675625647545490c2",
     "author": {
       "name": "Tom Alexander",
       "email": "tom@fizz.buzz",
@@ -43,15 +48,20 @@
       "username": ""
     },
     "verification": null,
-    "timestamp": "2026-05-02T15:53:35-04:00",
+    "timestamp": "2026-05-02T17:50:49-04:00",
     "added": [],
     "removed": [],
     "modified": [
-      "nix/kubernetes/roles/kubelet/default.nix"
+      ".webhook_bridge/pipeline-build-semver.yaml",
+      ".webhook_bridge/pipeline-format.yaml",
+      ".webhook_bridge/pipeline-rust-clippy.yaml",
+      ".webhook_bridge/pipeline-rust-test.yaml",
+      ".webhook_bridge/pipeline-semver.yaml",
+      "local_payload.json"
     ]
   },
   "repository": {
-    "id": 5,
+    "id": 21,
     "owner": {
       "id": 1,
       "login": "talexander",
@@ -77,22 +87,22 @@
       "starred_repos_count": 0,
       "username": "talexander"
     },
-    "name": "machine_setup",
+    "name": "webhook_bridge",
-    "full_name": "talexander/machine_setup",
+    "full_name": "talexander/webhook_bridge",
-    "description": "",
+    "description": "A server that receives webhooks from gitea and fires off Tekton jobs in response.",
     "empty": false,
     "private": false,
     "fork": false,
     "template": false,
     "mirror": false,
-    "size": 9940,
+    "size": 179,
     "language": "",
-    "languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/machine_setup/languages",
+    "languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages",
-    "html_url": "https://code.fizz.buzz/talexander/machine_setup",
+    "html_url": "https://code.fizz.buzz/talexander/webhook_bridge",
-    "url": "https://code.fizz.buzz/api/v1/repos/talexander/machine_setup",
+    "url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge",
     "link": "",
-    "ssh_url": "git@git.example.com:talexander/machine_setup.git",
+    "ssh_url": "git@git.example.com:talexander/webhook_bridge.git",
-    "clone_url": "https://code.fizz.buzz/talexander/machine_setup.git",
+    "clone_url": "https://code.fizz.buzz/talexander/webhook_bridge.git",
     "original_url": "",
     "website": "",
     "stars_count": 0,
@@ -103,8 +113,8 @@
     "release_counter": 0,
     "default_branch": "main",
     "archived": false,
-    "created_at": "2023-07-05T22:53:26Z",
+    "created_at": "2024-07-14T18:48:52Z",
-    "updated_at": "2026-05-02T19:53:11Z",
+    "updated_at": "2026-05-02T21:52:29Z",
     "archived_at": "1970-01-01T00:00:00Z",
     "permissions": {
       "admin": true,
@@ -143,7 +153,9 @@
     "object_format_name": "sha1",
     "mirror_updated": "0001-01-01T00:00:00Z",
     "topics": [],
-    "licenses": []
+    "licenses": [
+      "0BSD"
+    ]
   },
   "pusher": {
     "id": 1,

run.bash

@@ -4,4 +4,12 @@ set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
-exec env RUST_LOG=webhook_bridge=DEBUG WEBHOOK_BRIDGE_API_ROOT="https://code.fizz.buzz/api" WEBHOOK_BRIDGE_HMAC_SECRET=$(cat /bridge/git/mrmanager/k8s/webhook_bridge/secrets/webhook-bridge/webhook-bridge/HMAC_TOKEN) WEBHOOK_BRIDGE_OAUTH_TOKEN=$(cat /bridge/git/mrmanager/k8s/webhook_bridge/secrets/webhook-bridge/webhook-bridge/OAUTH_TOKEN) WEBHOOK_BRIDGE_REPO_WHITELIST="talexander/webhook_bridge,talexander/homepage,talexander/natter,talexander/poudboot,talexander/ta_waybar_pipewire,talexander/organic" cargo run "${@}"
+function main {
+    exec env RUST_LOG=webhook_bridge=DEBUG WEBHOOK_BRIDGE_API_ROOT="https://code.fizz.buzz/api" WEBHOOK_BRIDGE_HMAC_SECRET="$(decrypt_k8s_secret -n webhook-bridge webhook-bridge | jq -r '.HMAC_TOKEN')" WEBHOOK_BRIDGE_OAUTH_TOKEN="$(decrypt_k8s_secret -n webhook-bridge webhook-bridge | jq -r '.OAUTH_TOKEN')" WEBHOOK_BRIDGE_REPO_WHITELIST="talexander/webhook_bridge,talexander/homepage,talexander/natter,talexander/poudboot,talexander/ta_waybar_pipewire,talexander/organic" cargo run "${@}"
+}
+
+function decrypt_k8s_secret {
+    kubectl get secret -o json "${@}" | jq '.data[] |= @base64d | .data'
+}
+
+main "${@}"