Commits
Signed-off-by: Seongmin Lee <git@boltless.me>
indigo's `lexutil.Client` doesn't support subscription xrpc methods. New
`extlexutil.Client` extends the `LexDo` method to support subscription.
It won't perform redialing since we don't know which param is cursor and
which property is event sequence.
since lexgen doesn't generate code subscription xrpc methods, we hand
write it. `api/tangled/*_ext.go` files will be treated as non-generated
code.
Signed-off-by: Seongmin Lee <git@boltless.me>
Using `sh.tangled.ci.*` instead of `sh.tangled.pipeline.*` following
lexicon style guidelines. Since we need both 'pipeline' and 'workflow'
objects, we use different group namespace 'ci'.
I would prefer `ci.temp.*` to be more explicit, but that's not possible
with current lexgen's behavior. It sets filename using last two words
which allows duplicates.
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
`sh.tangled.pipeline` events are now completely generated & streamed
from spindle
Signed-off-by: Seongmin Lee <git@boltless.me>
spindle will emit `sh.tangled.pipeline` event on:
- `sh.tangled.git.refUpdate` events from knot stream
- live create/update events of `sh.tangled.repo.pull` records
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Spindle will sync git repo when new repo is registered
Spindle will listen to `sh.tangled.git.refUpdate` event from knot
stream and sync its local git repo instead. Spindle's git repo will
sparse-checkout only `/.tangled/workflows` directory.
Spindle now requires git version >=2.49 for `--revision` flag in `git
clone` command.
References:
- <https://stackoverflow.com/q/47541033/13150270>
- <https://stackoverflow.com/q/600079/13150270>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: dawn <dawn@tangled.org>
slirp4netns has a bug where it will break host devices on root user
if this is enabled. so to avoid this, let's disable it. the sandboxing
doesn't matter here because slirp4netns runs next to spindle anyway
so if slirp is compromised you have bigger issues, and seccomp is still
enabled, and if you really care your spindle should be a hardened
systemd service anyway.
Signed-off-by: dawn <dawn@tangled.org>
Signed-off-by: dawn <dawn@tangled.org>
Signed-off-by: dawn <dawn@tangled.org>
Signed-off-by: dawn <dawn@tangled.org>
Signed-off-by: dawn <dawn@tangled.org>
We can't trust `content-length` since blob might be gzipped. use `size`
from `getEntry` output instead.
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
Signed-off-by: Seongmin Lee <git@boltless.me>
spindle,shuttle,nix: add an alpine microvm image
spindle/microvm: allow user defined binary caches in workflows
shuttle,nix/microvm: get rid of the hacky nix config parsing / rendering, use nix directly so we can access module options
spindle/engine: generalize scheduler out of microvm, make it work-conserving with aging and per-user fairness
spindle/microvm: add resource budget limits and optional cgroup enforcement
Signed-off-by: dawn <dawn@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Signed-off-by: Anirudh Oppiliappan <x@icyphox.sh>
Signed-off-by: eti <eti@eti.tf>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Signed-off-by: Seongmin Lee <git@boltless.me>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Signed-off-by: oppiliappan <me@oppi.li>
- move pages.ParseWith to blog.parseLayout
- blog now builds against a new layouts/blogbase instead of inheriting
appview's base layout
Signed-off-by: oppiliappan <me@oppi.li>
- Add unit and integration tests for sandbox and path behavior
- Define a RuleSpec to construct Landlock ruleset
- Enforce $HOME/.config/git/config for git config (was previously
granting the entirety of $HOME)
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
Lewis: May this revision serve well! <lewis@tangled.org>
the target URL for a notif was previously calculated in the template, we
now have this in models.NotificationWithEntity.
Signed-off-by: oppiliappan <me@oppi.li>
- /focus/begin: begin focus mode
- /focus/end: end focus mode
- /focus/next: mark read & move to next focus item
Signed-off-by: oppiliappan <me@oppi.li>
notifications are marked as read when the underlying URL is visited.
this now happens only when *outside* focus mode. when inside focus mode,
the notif is only marked as read on hitting the `next` button on the
focus pill.
Signed-off-by: oppiliappan <me@oppi.li>
Signed-off-by: Seongmin Lee <git@boltless.me>
indigo's `lexutil.Client` doesn't support subscription xrpc methods. New
`extlexutil.Client` extends the `LexDo` method to support subscription.
It won't perform redialing since we don't know which param is cursor and
which property is event sequence.
since lexgen doesn't generate code subscription xrpc methods, we hand
write it. `api/tangled/*_ext.go` files will be treated as non-generated
code.
Signed-off-by: Seongmin Lee <git@boltless.me>
Using `sh.tangled.ci.*` instead of `sh.tangled.pipeline.*` following
lexicon style guidelines. Since we need both 'pipeline' and 'workflow'
objects, we use different group namespace 'ci'.
I would prefer `ci.temp.*` to be more explicit, but that's not possible
with current lexgen's behavior. It sets filename using last two words
which allows duplicates.
Signed-off-by: Seongmin Lee <git@boltless.me>
Spindle will sync git repo when new repo is registered
Spindle will listen to `sh.tangled.git.refUpdate` event from knot
stream and sync its local git repo instead. Spindle's git repo will
sparse-checkout only `/.tangled/workflows` directory.
Spindle now requires git version >=2.49 for `--revision` flag in `git
clone` command.
References:
- <https://stackoverflow.com/q/47541033/13150270>
- <https://stackoverflow.com/q/600079/13150270>
Signed-off-by: Seongmin Lee <git@boltless.me>
slirp4netns has a bug where it will break host devices on root user
if this is enabled. so to avoid this, let's disable it. the sandboxing
doesn't matter here because slirp4netns runs next to spindle anyway
so if slirp is compromised you have bigger issues, and seccomp is still
enabled, and if you really care your spindle should be a hardened
systemd service anyway.
Signed-off-by: dawn <dawn@tangled.org>
spindle,shuttle,nix: add an alpine microvm image
spindle/microvm: allow user defined binary caches in workflows
shuttle,nix/microvm: get rid of the hacky nix config parsing / rendering, use nix directly so we can access module options
spindle/engine: generalize scheduler out of microvm, make it work-conserving with aging and per-user fairness
spindle/microvm: add resource budget limits and optional cgroup enforcement
Signed-off-by: dawn <dawn@tangled.org>
Signed-off-by: Seongmin Lee <git@boltless.me>
Lewis: May this revision serve well! <lewis@tangled.org>