torjus/homelab-deploy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
37 Commits 2 Branches 0 Tags
2d26de50559d8acb82ea803764e138325d95572c
Commit Graph

5 Commits

Author SHA1 Message Date
Torjus Håkestad
3ac5d9777f feat(builder): log build failure output as separate lines 
Log each line of build failure output as a separate structured log entry
at WARN level, making output readable and queryable in Loki/Grafana.
Add repo and rev fields to all build-related log entries. Add
truncateOutputLines helper that returns a []string for per-line logging.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-13 18:34:21 +01:00
Torjus Håkestad
1a23847d31 fix(builder): separate build output from error to preserve timeout messages 
When a build timed out, the timeout error was silently replaced by
truncated stderr output. Split into separate Error and Output fields
on BuildHostResult so the cause (e.g. "build timed out after 30m0s")
is always visible in logs and CLI output.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-12 13:24:04 +01:00
Torjus Håkestad
c13914bf5a fix(builder): truncate large error output to prevent log overflow 
Build errors from nix can be very large (100k+ chars). This truncates
error output to the first 50 and last 50 lines when it exceeds 100
lines, preventing journal and NATS message overflow.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-11 00:42:13 +01:00
Torjus Håkestad
08f1fcc6ac fix: validate target and hostname inputs to prevent injection 
Add input validation to address security concerns:

- Validate Target field in BuildRequest against safe character pattern
  (must be "all" or match alphanumeric/dash/underscore/dot pattern)
- Filter hostnames discovered from nix flake show output, skipping any
  with invalid characters before using them in build commands

This prevents potential command injection via crafted NATS messages or
malicious flake configurations.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-10 22:07:26 +01:00
Torjus Håkestad
14f5b31faf feat: add builder mode for centralized Nix builds 
Add a new "builder" capability to trigger Nix builds on a dedicated
build host via NATS messaging. This allows pre-building NixOS
configurations before deployment.

New components:
- Builder mode: subscribes to build.<repo>.* subjects, executes nix build
- Build CLI command: triggers builds with progress tracking
- MCP build tool: available with --enable-builds flag
- Builder metrics: tracks build success/failure per repo and host
- NixOS module: services.homelab-deploy.builder

The builder uses a YAML config file to define allowed repositories
with their URLs and default branches. Builds can target all hosts
or specific hosts, with real-time progress updates.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-10 22:03:14 +01:00