From 3a3f23aeebbb9e6ce40d4562147b4867a3ab2ae6 Mon Sep 17 00:00:00 2001 From: Jordan Doyle Date: Sat, 28 Sep 2024 14:47:15 +0400 Subject: [PATCH] Move to crane --- Cargo.lock | 204 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------ Cargo.toml | 34 ++++++++++++++++++---------------- flake.lock | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------- flake.nix | 211 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------- taplo.toml | 9 +++++++++ treefmt.nix | 12 ++++++++++++ src/git.rs | 27 +++++++++++++-------------- src/unified_diff_builder.rs | 9 +++++---- scripts/docker/entrypoint.sh | 4 ++-- src/database/indexer.rs | 4 +--- src/database/schema/commit.rs | 4 +--- src/methods/repo/diff.rs | 22 +++++++++++----------- 12 files changed, 312 insertions(+), 302 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8050c6d..dc531da 100644 --- a/Cargo.lock +++ a/Cargo.lock @@ -210,38 +210,16 @@ ] [[package]] -name = "autocfg" -version = "1.4.0" +name = "atomic-waker" +version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" +checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" [[package]] -name = "axum" -version = "0.6.20" +name = "autocfg" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b829e4e32b91e643de6eafe82b1d90675f5874230191a4ffbc1b336dec4d6bf" -dependencies = [ - "async-trait", - "axum-core 0.3.4", - "bitflags 1.3.2", - "bytes", - "futures-util", - "http 0.2.12", - "http-body 0.4.6", - "hyper 0.14.30", - "itoa", - "matchit", - "memchr", - "mime", - "percent-encoding", - "pin-project-lite", - "rustversion", - "serde", - "sync_wrapper 0.1.2", - "tower 0.4.13", - "tower-layer", - "tower-service", -] +checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" [[package]] name = "axum" @@ -250,14 +228,14 @@ checksum = "504e3947307ac8326a5437504c517c4b56716c9d98fac0028c2acc7ca47d70ae" dependencies = [ "async-trait", - "axum-core 0.4.5", + "axum-core", "axum-macros", "bytes", "futures-util", - "http 1.1.0", - "http-body 1.0.1", + "http", + "http-body", "http-body-util", - "hyper 1.4.1", + "hyper", "hyper-util", "itoa", "matchit", @@ -276,23 +254,6 @@ "tower-layer", "tower-service", "tracing", -] - -[[package]] -name = "axum-core" -version = "0.3.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "759fa577a247914fd3f7f76d62972792636412fbfd634cd452f6a385a74d2d2c" -dependencies = [ - "async-trait", - "bytes", - "futures-util", - "http 0.2.12", - "http-body 0.4.6", - "mime", - "rustversion", - "tower-layer", - "tower-service", ] [[package]] @@ -304,8 +265,8 @@ "async-trait", "bytes", "futures-util", - "http 1.1.0", - "http-body 1.0.1", + "http", + "http-body", "http-body-util", "mime", "pin-project-lite", @@ -667,9 +628,9 @@ [[package]] name = "console-api" -version = "0.6.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd326812b3fd01da5bb1af7d340d0d555fd3d4b641e7f1dfcf5962a902952787" +checksum = "86ed14aa9c9f927213c6e4f3ef75faaad3406134efe84ba2cb7983431d5f0931" dependencies = [ "futures-core", "prost", @@ -680,9 +641,9 @@ [[package]] name = "console-subscriber" -version = "0.2.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7481d4c57092cd1c19dd541b92bdce883de840df30aa5d03fd48a3935c01842e" +checksum = "e2e3a111a37f3333946ebf9da370ba5c5577b18eb342ec683eb488dd21980302" dependencies = [ "console-api", "crossbeam-channel", @@ -690,7 +651,9 @@ "futures-task", "hdrhistogram", "humantime", + "hyper-util", "parking_lot", + "prost", "prost-types", "serde", "serde_json", @@ -1974,16 +1937,16 @@ [[package]] name = "h2" -version = "0.3.26" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" +checksum = "524e8ac6999421f49a846c2d4411f337e53497d8ec55d67753beffa43c5d9205" dependencies = [ + "atomic-waker", "bytes", "fnv", "futures-core", "futures-sink", - "futures-util", - "http 0.2.12", + "http", "indexmap 2.5.0", "slab", "tokio", @@ -2045,17 +2008,6 @@ checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" dependencies = [ "windows-sys 0.52.0", -] - -[[package]] -name = "http" -version = "0.2.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1" -dependencies = [ - "bytes", - "fnv", - "itoa", ] [[package]] @@ -2067,17 +2019,6 @@ "bytes", "fnv", "itoa", -] - -[[package]] -name = "http-body" -version = "0.4.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2" -dependencies = [ - "bytes", - "http 0.2.12", - "pin-project-lite", ] [[package]] @@ -2087,7 +2028,7 @@ checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" dependencies = [ "bytes", - "http 1.1.0", + "http", ] [[package]] @@ -2098,8 +2039,8 @@ dependencies = [ "bytes", "futures-util", - "http 1.1.0", - "http-body 1.0.1", + "http", + "http-body", "pin-project-lite", ] @@ -2135,30 +2076,6 @@ version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" - -[[package]] -name = "hyper" -version = "0.14.30" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a152ddd61dfaec7273fe8419ab357f33aee0d914c5f4efbf0d96fa749eea5ec9" -dependencies = [ - "bytes", - "futures-channel", - "futures-core", - "futures-util", - "h2", - "http 0.2.12", - "http-body 0.4.6", - "httparse", - "httpdate", - "itoa", - "pin-project-lite", - "socket2", - "tokio", - "tower-service", - "tracing", - "want", -] [[package]] name = "hyper" @@ -2169,26 +2086,29 @@ "bytes", "futures-channel", "futures-util", - "http 1.1.0", - "http-body 1.0.1", + "h2", + "http", + "http-body", "httparse", "httpdate", "itoa", "pin-project-lite", "smallvec", "tokio", + "want", ] [[package]] name = "hyper-timeout" -version = "0.4.1" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbb958482e8c7be4bc3cf272a766a2b0bf1a6755e7a6ae777f017a31d11b13b1" +checksum = "3203a961e5c83b6f5498933e78b6b263e208c197b63e9c6c53cc82ffd3f63793" dependencies = [ - "hyper 0.14.30", + "hyper", + "hyper-util", "pin-project-lite", "tokio", - "tokio-io-timeout", + "tower-service", ] [[package]] @@ -2198,13 +2118,16 @@ checksum = "41296eb09f183ac68eec06e03cdbea2e759633d4067b2f6552fc2e009bcad08b" dependencies = [ "bytes", + "futures-channel", "futures-util", - "http 1.1.0", - "http-body 1.0.1", - "hyper 1.4.1", + "http", + "http-body", + "hyper", "pin-project-lite", + "socket2", "tokio", "tower-service", + "tracing", ] [[package]] @@ -2816,9 +2739,9 @@ [[package]] name = "prost" -version = "0.12.6" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "deb1435c188b76130da55f17a466d252ff7b1418b2ad3e037d127b94e3411f29" +checksum = "7b0487d90e047de87f984913713b85c601c05609aad5b0df4b4573fbf69aa13f" dependencies = [ "bytes", "prost-derive", @@ -2826,12 +2749,12 @@ [[package]] name = "prost-derive" -version = "0.12.6" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81bddcdb20abf9501610992b6759a4c888aef7d1a7247ef75e2404275ac24af1" +checksum = "e9552f850d5f0964a4e4d0bf306459ac29323ddfbae05e35a7c0d35cb0803cc5" dependencies = [ "anyhow", - "itertools 0.12.1", + "itertools 0.13.0", "proc-macro2", "quote", "syn", @@ -2839,9 +2762,9 @@ [[package]] name = "prost-types" -version = "0.12.6" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9091c90b0a32608e984ff2fa4091273cbdd755d54935c51d520887f4a1dbd5b0" +checksum = "4759aa0d3a6232fb8dbdb97b61de2c20047c68aca932c7ed76da9d788508d670" dependencies = [ "prost", ] @@ -2986,7 +2909,7 @@ dependencies = [ "anyhow", "askama", - "axum 0.7.7", + "axum", "axum-macros", "bat", "bincode", @@ -3527,16 +3450,6 @@ ] [[package]] -name = "tokio-io-timeout" -version = "1.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "30b74022ada614a1b4834de765f9bb43877f910cc8ce4be40e89042c9223a8bf" -dependencies = [ - "pin-project-lite", - "tokio", -] - -[[package]] name = "tokio-macros" version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -3573,23 +3486,26 @@ [[package]] name = "tonic" -version = "0.10.2" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d560933a0de61cf715926b9cac824d4c883c2c43142f787595e48280c40a1d0e" +checksum = "877c5b330756d856ffcc4553ab34a5684481ade925ecc54bcd1bf02b1d0d4d52" dependencies = [ "async-stream", "async-trait", - "axum 0.6.20", - "base64 0.21.7", + "axum", + "base64 0.22.1", "bytes", "h2", - "http 0.2.12", - "http-body 0.4.6", - "hyper 0.14.30", + "http", + "http-body", + "http-body-util", + "hyper", "hyper-timeout", + "hyper-util", "percent-encoding", "pin-project", "prost", + "socket2", "tokio", "tokio-stream", "tower 0.4.13", @@ -3642,8 +3558,8 @@ dependencies = [ "bitflags 2.6.0", "bytes", - "http 1.1.0", - "http-body 1.0.1", + "http", + "http-body", "pin-project-lite", "tokio", "tower-layer", diff --git a/Cargo.toml b/Cargo.toml index 5e7132a..6eeb66b 100644 --- a/Cargo.toml +++ a/Cargo.toml @@ -1,58 +1,60 @@ [package] name = "rgit" description = "A gitweb/cgit-like interface" version = "0.1.3" edition = "2021" -authors = [ "Jordan Doyle " ] +authors = ["Jordan Doyle "] license = "WTFPL" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -askama = "0.12.0" anyhow = "1.0" +askama = "0.12.0" axum = { version = "0.7", features = ["macros"] } axum-macros = "0.4.1" -bat = { version = "0.24.0", default-features = false, features = ["build-assets"] } -bytes = "1.5" +bat = { version = "0.24.0", default-features = false, features = [ + "build-assets", +] } bincode = "1.3" -console-subscriber = { version = "0.2", features = ["parking_lot"] } -comrak = "0.28.0" +bytes = "1.5" clap = { version = "4.4.10", features = ["cargo", "derive"] } +comrak = "0.28.0" +console-subscriber = { version = "0.4", features = ["parking_lot"] } +flate2 = "1.0" futures = "0.3" gix = "0.66" hex = "0.4" +httparse = "1.7" humantime = "2.1" itertools = "0.13.0" -rust-ini = "0.21.1" -nom = "7.1" md5 = "0.7" moka = { version = "0.12.0", features = ["future"] } +nom = "7.1" once_cell = "1.18" -path-clean = "1.0.1" parking_lot = "0.12" +path-clean = "1.0.1" +rand = "0.8.5" +rocksdb = { version = "0.22", default-features = false, features = ["snappy"] } +rust-ini = "0.21.1" serde = { version = "1.0", features = ["derive", "rc"] } sha2 = "0.10" syntect = "5" -rocksdb = { version = "0.22", default-features = false, features = ["snappy"] } tar = "0.4" -flate2 = "1.0" time = { version = "0.3", features = ["serde"] } timeago = { version = "0.4.2", default-features = false } tokio = { version = "1.19", features = ["full", "tracing"] } -tokio-util = { version = "0.7.10", features = ["io"] } tokio-stream = "0.1" +tokio-util = { version = "0.7.10", features = ["io"] } tower = "0.5" -tower-service = "0.3" -tower-layer = "0.3" tower-http = { version = "0.6", features = ["cors", "timeout"] } +tower-layer = "0.3" +tower-service = "0.3" tracing = "0.1" tracing-subscriber = { version = "0.3", features = ["env-filter"] } unix_mode = "0.1" uuid = { version = "1.7", features = ["v4"] } -httparse = "1.7" yoke = { version = "0.7.1", features = ["derive"] } -rand = "0.8.5" [build-dependencies] anyhow = "1.0" diff --git a/flake.lock b/flake.lock index 1721954..4041d5d 100644 --- a/flake.lock +++ a/flake.lock @@ -1,31 +1,43 @@ { "nodes": { - "naersk": { - "inputs": { - "nixpkgs": "nixpkgs" + "advisory-db": { + "flake": false, + "locked": { + "lastModified": 1727353582, + "narHash": "sha256-2csMEEOZhvowVKZNBHk1kMJqk72ZMrPj9LQYCzP6EKs=", + "owner": "rustsec", + "repo": "advisory-db", + "rev": "cb905e6e405834bdff1eb1e20c9b10edb5403889", + "type": "github" }, + "original": { + "owner": "rustsec", + "repo": "advisory-db", + "type": "github" + } + }, + "crane": { "locked": { - "lastModified": 1713520724, - "narHash": "sha256-CO8MmVDmqZX2FovL75pu5BvwhW+Vugc7Q6ze7Hj8heI=", - "owner": "nix-community", - "repo": "naersk", - "rev": "c5037590290c6c7dae2e42e7da1e247e54ed2d49", + "lastModified": 1727316705, + "narHash": "sha256-/mumx8AQ5xFuCJqxCIOFCHTVlxHkMT21idpbgbm/TIE=", + "owner": "ipetkov", + "repo": "crane", + "rev": "5b03654ce046b5167e7b0bccbd8244cb56c16f0e", "type": "github" }, "original": { - "owner": "nix-community", - "ref": "master", - "repo": "naersk", + "owner": "ipetkov", + "repo": "crane", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1715413075, - "narHash": "sha256-FCi3R1MeS5bVp0M0xTheveP6hhcCYfW/aghSTPebYL4=", + "lastModified": 1727335715, + "narHash": "sha256-1uw3y94dA4l22LkqHRIsb7qr3rV5XdxQFqctINfx8Cc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4e7a43a9db7e22613accfeb1005cca1b2b1ee0d", + "rev": "28b5b8af91ffd2623e995e20aee56510db49001a", "type": "github" }, "original": { @@ -35,15 +47,15 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1715413075, - "narHash": "sha256-FCi3R1MeS5bVp0M0xTheveP6hhcCYfW/aghSTPebYL4=", - "owner": "NixOS", + "lastModified": 1726871744, + "narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "e4e7a43a9db7e22613accfeb1005cca1b2b1ee0d", + "rev": "a1d92660c6b3b7c26fb883500a80ea9d33321be2", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" @@ -51,8 +63,10 @@ }, "root": { "inputs": { - "naersk": "naersk", - "nixpkgs": "nixpkgs_2", + "advisory-db": "advisory-db", + "crane": "crane", + "nixpkgs": "nixpkgs", + "treefmt-nix": "treefmt-nix", "utils": "utils" } }, @@ -68,6 +82,24 @@ "original": { "owner": "nix-systems", "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1727431250, + "narHash": "sha256-uGRlRT47ecicF9iLD1G3g43jn2e+b5KaMptb59LHnvM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "879b29ae9a0378904fbbefe0dadaed43c8905754", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", "type": "github" } }, diff --git a/flake.nix b/flake.nix index 806e941..81ef934 100644 --- a/flake.nix +++ a/flake.nix @@ -1,106 +1,149 @@ { inputs = { - naersk.url = "github:nix-community/naersk/master"; - nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + crane.url = "github:ipetkov/crane"; utils.url = "github:numtide/flake-utils"; + treefmt-nix.url = "github:numtide/treefmt-nix"; + + advisory-db = { + url = "github:rustsec/advisory-db"; + flake = false; + }; }; - outputs = { self, nixpkgs, utils, naersk }: + outputs = { self, nixpkgs, utils, crane, advisory-db, treefmt-nix }: utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { inherit system; }; - naersk-lib = pkgs.callPackage naersk { }; - in - { - defaultPackage = naersk-lib.buildPackage { - root = ./.; - nativeBuildInputs = with pkgs; [ pkg-config clang ]; - buildInputs = with pkgs; [ ]; + craneLib = crane.mkLib pkgs; + src = craneLib.cleanCargoSource ./.; + commonArgs = { + inherit src; + strictDeps = true; + buildInputs = pkgs.lib.optionals pkgs.stdenv.isDarwin [ pkgs.libiconv ]; LIBCLANG_PATH = "${pkgs.clang.cc.lib}/lib"; ROCKSDB_LIB_DIR = "${pkgs.rocksdb}/lib"; + }; + cargoArtifacts = craneLib.buildDepsOnly commonArgs; + rgit = craneLib.buildPackage (commonArgs // { + inherit cargoArtifacts; + doCheck = false; + src = pkgs.lib.fileset.toSource { + root = ./.; + fileset = pkgs.lib.fileset.unions [ + ./Cargo.toml + ./Cargo.lock + ./src + ./statics + ./templates + ./build.rs + ]; + }; + }); + treefmt = treefmt-nix.lib.evalModule pkgs ./treefmt.nix; + in + { + checks = { + inherit rgit; + rgit-clippy = craneLib.cargoClippy (commonArgs // { + inherit cargoArtifacts; + cargoClippyExtraArgs = "--all --all-targets --all-features"; + }); + rgit-doc = craneLib.cargoDoc (commonArgs // { inherit cargoArtifacts; }); + rgit-audit = craneLib.cargoAudit { inherit src advisory-db; }; + rgit-test = craneLib.cargoNextest (commonArgs // { + inherit cargoArtifacts; + partitions = 1; + partitionType = "count"; + }); + formatting = treefmt.config.build.check self; }; - devShell = with pkgs; mkShell { - buildInputs = [ cargo rustc rustfmt pre-commit rustPackages.clippy ]; - RUST_SRC_PATH = rustPlatform.rustLibSrc; + + formatter = treefmt.config.build.wrapper; + + packages.default = rgit; + apps.default = utils.lib.mkApp { drv = rgit; }; + + devShells.default = craneLib.devShell { + checks = self.checks.${system}; }; nixosModules.default = { config, lib, pkgs, ... }: - with lib; - let - cfg = config.services.rgit; - in - { - options.services.rgit = { - enable = mkEnableOption "rgit"; - bindAddress = mkOption { - default = "[::]:8333"; - description = "Address and port to listen on"; - type = types.str; - }; - dbStorePath = mkOption { - default = "/tmp/rgit.db"; - description = "Path to store the temporary cache"; - type = types.path; - }; - repositoryStorePath = mkOption { - default = "/git"; - description = "Path to repositories"; - type = types.path; - }; - requestTimeout = mkOption { - default = "10s"; - description = "Timeout for incoming HTTP requests"; - type = types.str; + with lib; + let + cfg = config.services.rgit; + in + { + options.services.rgit = { + enable = mkEnableOption "rgit"; + bindAddress = mkOption { + default = "[::]:8333"; + description = "Address and port to listen on"; + type = types.str; + }; + dbStorePath = mkOption { + default = "/tmp/rgit.db"; + description = "Path to store the temporary cache"; + type = types.path; + }; + repositoryStorePath = mkOption { + default = "/git"; + description = "Path to repositories"; + type = types.path; + }; + requestTimeout = mkOption { + default = "10s"; + description = "Timeout for incoming HTTP requests"; + type = types.str; + }; }; - }; - config = mkIf cfg.enable { - users.groups.rgit = { }; - users.users.rgit = { - description = "RGit service user"; - group = "rgit"; - isSystemUser = true; - home = "/git"; - }; + config = mkIf cfg.enable { + users.groups.rgit = { }; + users.users.rgit = { + description = "RGit service user"; + group = "rgit"; + isSystemUser = true; + home = "/git"; + }; - systemd.services.rgit = { - enable = true; - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - path = [ pkgs.git ]; - serviceConfig = { - Type = "exec"; - ExecStart = "${self.defaultPackage."${system}"}/bin/rgit --request-timeout ${cfg.requestTimeout} --db-store ${cfg.dbStorePath} ${cfg.bindAddress} ${cfg.repositoryStorePath}"; - Restart = "on-failure"; - - User = "rgit"; - Group = "rgit"; - - CapabilityBoundingSet = ""; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - PrivateMounts = true; - ProtectHome = true; - ProtectClock = true; - ProtectProc = "noaccess"; - ProcSubset = "pid"; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectHostname = true; - RestrictSUIDSGID = true; - RestrictRealtime = true; - RestrictNamespaces = true; - LockPersonality = true; - RemoveIPC = true; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; - SystemCallFilter = [ "@system-service" "~@privileged" ]; + systemd.services.rgit = { + enable = true; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + path = [ pkgs.git ]; + serviceConfig = { + Type = "exec"; + ExecStart = "${self.packages.default."${system}"}/bin/rgit --request-timeout ${cfg.requestTimeout} --db-store ${cfg.dbStorePath} ${cfg.bindAddress} ${cfg.repositoryStorePath}"; + Restart = "on-failure"; + + User = "rgit"; + Group = "rgit"; + + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = true; + PrivateMounts = true; + ProtectHome = true; + ProtectClock = true; + ProtectProc = "noaccess"; + ProcSubset = "pid"; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectHostname = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + RestrictNamespaces = true; + LockPersonality = true; + RemoveIPC = true; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + SystemCallFilter = [ "@system-service" "~@privileged" ]; + }; }; }; }; - }; }); } diff --git a/taplo.toml b/taplo.toml new file mode 100644 index 0000000..d4e1032 100644 --- /dev/null +++ a/taplo.toml @@ -1,0 +1,9 @@ +[formatting] +reorder_keys = false + +[[rule]] +include = ["**/Cargo.toml"] +keys = ["dependencies"] + +[rule.formatting] +reorder_keys = true diff --git a/treefmt.nix b/treefmt.nix new file mode 100644 index 0000000..9484674 100644 --- /dev/null +++ a/treefmt.nix @@ -1,0 +1,12 @@ +{ pkgs, ... }: +{ + projectRootFile = "flake.nix"; + + programs = { + nixpkgs-fmt.enable = true; + statix.enable = true; + rustfmt.enable = true; + taplo.enable = true; + shellcheck.enable = true; + }; +} diff --git a/src/git.rs b/src/git.rs index fb72ffa..6980140 100644 --- a/src/git.rs +++ a/src/git.rs @@ -1,7 +1,17 @@ +use std::{ + borrow::Cow, + collections::{BTreeMap, VecDeque}, + ffi::OsStr, + fmt::{self, Arguments, Write}, + path::{Path, PathBuf}, + str::FromStr, + sync::Arc, + time::Duration, +}; + use anyhow::{anyhow, Context, Result}; use axum::response::IntoResponse; -use bytes::buf::Writer; -use bytes::{BufMut, Bytes, BytesMut}; +use bytes::{buf::Writer, BufMut, Bytes, BytesMut}; use comrak::{ComrakPlugins, Options}; use flate2::write::GzEncoder; use gix::{ @@ -16,19 +26,8 @@ }; use moka::future::Cache; use parking_lot::Mutex; -use std::{ - borrow::Cow, - collections::{BTreeMap, VecDeque}, - ffi::OsStr, - fmt::{self, Arguments, Write}, - path::{Path, PathBuf}, - str::FromStr, - sync::Arc, - time::Duration, -}; use syntect::{ - parsing::SyntaxSet, - parsing::{BasicScopeStackOp, ParseState, Scope, ScopeStack, SCOPE_REPO}, + parsing::{BasicScopeStackOp, ParseState, Scope, ScopeStack, SyntaxSet, SCOPE_REPO}, util::LinesWithEndings, }; use tar::Builder; diff --git a/src/unified_diff_builder.rs b/src/unified_diff_builder.rs index f6f52ab..38094ab 100644 --- a/src/unified_diff_builder.rs +++ a/src/unified_diff_builder.rs @@ -1,11 +1,12 @@ //! Heavily based on [`gix::diff::blob::UnifiedDiffBuilder`] but provides //! a callback that can be used for styling the diffs. -use std::fmt::Write; -use std::ops::Range; +use std::{fmt::Write, ops::Range}; -use gix::diff::blob::intern::{InternedInput, Interner, Token}; -use gix::diff::blob::Sink; +use gix::diff::blob::{ + intern::{InternedInput, Interner, Token}, + Sink, +}; pub(crate) trait Callback { fn addition(&mut self, data: &str, dst: &mut String); diff --git a/scripts/docker/entrypoint.sh b/scripts/docker/entrypoint.sh index dc4eac4..19c8208 100755 --- a/scripts/docker/entrypoint.sh +++ a/scripts/docker/entrypoint.sh @@ -1,8 +1,8 @@ #!/usr/bin/env bash if [ -z ${REFRESH_INTERVAL+x} ]; then - ./rgit [::]:8000 /git -d /tmp/rgit-cache.db; + ./rgit "[::]:8000" /git -d /tmp/rgit-cache.db; else - ./rgit [::]:8000 /git -d /tmp/rgit-cache.db --refresh-interval $REFRESH_INTERVAL; + ./rgit "[::]:8000" /git -d /tmp/rgit-cache.db --refresh-interval "$REFRESH_INTERVAL"; fi diff --git a/src/database/indexer.rs b/src/database/indexer.rs index 8ed543a..8a480ed 100644 --- a/src/database/indexer.rs +++ a/src/database/indexer.rs @@ -8,9 +8,7 @@ }; use anyhow::Context; -use gix::bstr::ByteSlice; -use gix::refs::Category; -use gix::Reference; +use gix::{bstr::ByteSlice, refs::Category, Reference}; use ini::Ini; use itertools::Itertools; use rocksdb::WriteBatch; diff --git a/src/database/schema/commit.rs b/src/database/schema/commit.rs index 87b065e..a3ff620 100644 --- a/src/database/schema/commit.rs +++ a/src/database/schema/commit.rs @@ -1,9 +1,7 @@ use std::{borrow::Cow, ops::Deref, sync::Arc}; use anyhow::Context; -use gix::actor::SignatureRef; -use gix::bstr::ByteSlice; -use gix::ObjectId; +use gix::{actor::SignatureRef, bstr::ByteSlice, ObjectId}; use rocksdb::{IteratorMode, ReadOptions, WriteBatch}; use serde::{Deserialize, Deserializer, Serialize, Serializer}; use time::{OffsetDateTime, UtcOffset}; diff --git a/src/methods/repo/diff.rs b/src/methods/repo/diff.rs index 708f95d..ed1ee87 100644 --- a/src/methods/repo/diff.rs +++ a/src/methods/repo/diff.rs @@ -1,14 +1,5 @@ -use std::sync::Arc; +use std::{fmt::Write, sync::Arc}; -use crate::{ - git::Commit, - http, into_response, - methods::{ - filters, - repo::{commit::UriQuery, Repository, RepositoryPath, Result}, - }, - Git, -}; use askama::Template; use axum::{ extract::Query, @@ -18,8 +9,17 @@ }; use bytes::{BufMut, BytesMut}; use clap::crate_version; -use std::fmt::Write; use time::format_description::well_known::Rfc2822; + +use crate::{ + git::Commit, + http, into_response, + methods::{ + filters, + repo::{commit::UriQuery, Repository, RepositoryPath, Result}, + }, + Git, +}; #[derive(Template)] #[template(path = "repo/diff.html")] -- rgit 0.1.3