2023-08-10 09:06:00 +00:00
|
|
|
// Copyright 2023 Woodpecker Authors
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
2017-03-05 07:56:08 +00:00
|
|
|
package compiler
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2023-10-09 07:11:08 +00:00
|
|
|
"maps"
|
2017-03-05 07:56:08 +00:00
|
|
|
"path"
|
2024-01-12 22:57:24 +00:00
|
|
|
"strconv"
|
2017-04-10 10:39:50 +00:00
|
|
|
"strings"
|
2017-03-05 07:56:08 +00:00
|
|
|
|
2023-12-21 19:23:51 +00:00
|
|
|
"github.com/oklog/ulid/v2"
|
2021-11-23 14:36:52 +00:00
|
|
|
|
2023-12-08 07:15:08 +00:00
|
|
|
backend_types "go.woodpecker-ci.org/woodpecker/v2/pipeline/backend/types"
|
|
|
|
"go.woodpecker-ci.org/woodpecker/v2/pipeline/frontend/metadata"
|
|
|
|
"go.woodpecker-ci.org/woodpecker/v2/pipeline/frontend/yaml/compiler/settings"
|
|
|
|
yaml_types "go.woodpecker-ci.org/woodpecker/v2/pipeline/frontend/yaml/types"
|
|
|
|
"go.woodpecker-ci.org/woodpecker/v2/pipeline/frontend/yaml/utils"
|
2017-03-05 07:56:08 +00:00
|
|
|
)
|
|
|
|
|
2024-07-18 20:52:22 +00:00
|
|
|
const (
|
|
|
|
// The pluginWorkspaceBase should not be changed, only if you are sure what you do.
|
|
|
|
pluginWorkspaceBase = "/woodpecker"
|
|
|
|
// DefaultWorkspaceBase is set if not altered by the user.
|
|
|
|
DefaultWorkspaceBase = pluginWorkspaceBase
|
|
|
|
)
|
|
|
|
|
2024-01-09 14:22:59 +00:00
|
|
|
func (c *Compiler) createProcess(container *yaml_types.Container, stepType backend_types.StepType) (*backend_types.Step, error) {
|
2017-03-05 07:56:08 +00:00
|
|
|
var (
|
2023-12-21 19:23:51 +00:00
|
|
|
uuid = ulid.Make()
|
2023-06-06 07:52:08 +00:00
|
|
|
|
2017-03-05 07:56:08 +00:00
|
|
|
detached bool
|
2024-01-27 19:59:44 +00:00
|
|
|
workingDir string
|
2017-03-05 07:56:08 +00:00
|
|
|
|
2021-12-01 13:22:06 +00:00
|
|
|
privileged = container.Privileged
|
|
|
|
networkMode = container.NetworkMode
|
2017-03-05 07:56:08 +00:00
|
|
|
)
|
|
|
|
|
2024-07-18 20:52:22 +00:00
|
|
|
workspaceBase := c.workspaceBase
|
|
|
|
if container.IsPlugin() {
|
|
|
|
// plugins have a predefined workspace base to not tamper with entrypoint executables
|
|
|
|
workspaceBase = pluginWorkspaceBase
|
|
|
|
}
|
|
|
|
workspaceVolume := fmt.Sprintf("%s_default:%s", c.prefix, workspaceBase)
|
|
|
|
|
2023-06-06 07:14:21 +00:00
|
|
|
networks := []backend_types.Conn{
|
2021-10-12 07:25:13 +00:00
|
|
|
{
|
2017-03-05 07:56:08 +00:00
|
|
|
Name: fmt.Sprintf("%s_default", c.prefix),
|
2017-05-16 10:50:06 +00:00
|
|
|
Aliases: []string{container.Name},
|
2017-03-05 07:56:08 +00:00
|
|
|
},
|
|
|
|
}
|
2017-04-10 16:27:34 +00:00
|
|
|
for _, network := range c.networks {
|
2023-06-06 07:14:21 +00:00
|
|
|
networks = append(networks, backend_types.Conn{
|
2017-04-10 16:27:34 +00:00
|
|
|
Name: network,
|
|
|
|
})
|
|
|
|
}
|
2017-03-05 07:56:08 +00:00
|
|
|
|
2023-12-22 23:42:30 +00:00
|
|
|
extraHosts := make([]backend_types.HostAlias, len(container.ExtraHosts))
|
|
|
|
for i, extraHost := range container.ExtraHosts {
|
|
|
|
name, ip, ok := strings.Cut(extraHost, ":")
|
|
|
|
if !ok {
|
|
|
|
return nil, &ErrExtraHostFormat{host: extraHost}
|
|
|
|
}
|
|
|
|
extraHosts[i].Name = name
|
|
|
|
extraHosts[i].IP = ip
|
|
|
|
}
|
|
|
|
|
2017-03-19 09:07:21 +00:00
|
|
|
var volumes []string
|
|
|
|
if !c.local {
|
2024-07-18 20:52:22 +00:00
|
|
|
volumes = append(volumes, workspaceVolume)
|
2017-03-05 07:56:08 +00:00
|
|
|
}
|
2017-03-19 09:07:21 +00:00
|
|
|
volumes = append(volumes, c.volumes...)
|
2017-03-05 07:56:08 +00:00
|
|
|
for _, volume := range container.Volumes.Volumes {
|
|
|
|
volumes = append(volumes, volume.String())
|
|
|
|
}
|
|
|
|
|
|
|
|
// append default environment variables
|
|
|
|
environment := map[string]string{}
|
2023-07-02 17:14:59 +00:00
|
|
|
maps.Copy(environment, c.env)
|
2017-03-05 07:56:08 +00:00
|
|
|
|
2024-07-18 20:52:22 +00:00
|
|
|
environment["CI_WORKSPACE"] = path.Join(workspaceBase, c.workspacePath)
|
2017-03-05 07:56:08 +00:00
|
|
|
|
2023-07-11 13:53:05 +00:00
|
|
|
if stepType == backend_types.StepTypeService || container.Detached {
|
2017-07-21 21:52:52 +00:00
|
|
|
detached = true
|
2017-03-05 07:56:08 +00:00
|
|
|
}
|
|
|
|
|
2024-07-17 23:02:38 +00:00
|
|
|
workingDir = c.stepWorkingDir(container)
|
2017-03-05 07:56:08 +00:00
|
|
|
|
2024-01-27 19:59:44 +00:00
|
|
|
getSecretValue := func(name string) (string, error) {
|
|
|
|
name = strings.ToLower(name)
|
|
|
|
secret, ok := c.secrets[name]
|
|
|
|
if !ok {
|
|
|
|
return "", fmt.Errorf("secret %q not found", name)
|
|
|
|
}
|
|
|
|
|
|
|
|
event := c.metadata.Curr.Event
|
|
|
|
err := secret.Available(event, container)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
return secret.Value, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO: why don't we pass secrets to detached steps?
|
2021-11-23 14:36:52 +00:00
|
|
|
if !detached {
|
2024-03-20 14:53:33 +00:00
|
|
|
if err := settings.ParamsToEnv(container.Settings, environment, "PLUGIN_", true, getSecretValue); err != nil {
|
2024-01-27 19:59:44 +00:00
|
|
|
return nil, err
|
2022-10-27 02:21:07 +00:00
|
|
|
}
|
2024-01-27 19:59:44 +00:00
|
|
|
}
|
2022-10-27 02:21:07 +00:00
|
|
|
|
2024-03-20 14:53:33 +00:00
|
|
|
if err := settings.ParamsToEnv(container.Environment, environment, "", false, getSecretValue); err != nil {
|
2024-02-22 17:25:57 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2024-08-15 16:58:51 +00:00
|
|
|
for _, requested := range container.Secrets {
|
|
|
|
secretValue, err := getSecretValue(requested)
|
2024-01-27 19:59:44 +00:00
|
|
|
if err != nil {
|
2023-11-05 11:47:42 +00:00
|
|
|
return nil, err
|
2021-11-23 14:36:52 +00:00
|
|
|
}
|
2024-01-27 19:59:44 +00:00
|
|
|
|
2024-08-15 16:58:51 +00:00
|
|
|
if !environmentAllowed(requested, stepType) {
|
2024-07-18 20:54:29 +00:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2024-08-15 16:58:51 +00:00
|
|
|
environment[requested] = secretValue
|
2017-03-05 07:56:08 +00:00
|
|
|
}
|
|
|
|
|
2024-09-01 19:27:12 +00:00
|
|
|
if utils.MatchImageDynamic(container.Image, c.escalated...) && container.IsPlugin() {
|
2017-07-21 21:52:52 +00:00
|
|
|
privileged = true
|
|
|
|
}
|
|
|
|
|
2023-06-06 07:14:21 +00:00
|
|
|
authConfig := backend_types.Auth{}
|
2017-04-06 16:04:25 +00:00
|
|
|
for _, registry := range c.registries {
|
2023-07-09 21:41:13 +00:00
|
|
|
if utils.MatchHostname(container.Image, registry.Hostname) {
|
2017-04-06 16:04:25 +00:00
|
|
|
authConfig.Username = registry.Username
|
|
|
|
authConfig.Password = registry.Password
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-01-12 22:57:24 +00:00
|
|
|
var ports []backend_types.Port
|
|
|
|
for _, portDef := range container.Ports {
|
|
|
|
port, err := convertPort(portDef)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
ports = append(ports, port)
|
2023-11-02 03:12:41 +00:00
|
|
|
}
|
|
|
|
|
2023-01-02 05:36:57 +00:00
|
|
|
// at least one constraint contain status success, or all constraints have no status set
|
|
|
|
onSuccess := container.When.IncludesStatusSuccess()
|
2022-08-14 17:32:49 +00:00
|
|
|
// at least one constraint must include the status failure.
|
2023-01-02 05:36:57 +00:00
|
|
|
onFailure := container.When.IncludesStatusFailure()
|
2022-08-14 17:32:49 +00:00
|
|
|
|
2022-11-15 18:47:27 +00:00
|
|
|
failure := container.Failure
|
|
|
|
if container.Failure == "" {
|
2023-06-04 22:15:07 +00:00
|
|
|
failure = metadata.FailureFail
|
2022-11-15 18:47:27 +00:00
|
|
|
}
|
|
|
|
|
2023-06-06 07:14:21 +00:00
|
|
|
return &backend_types.Step{
|
2024-01-09 14:22:59 +00:00
|
|
|
Name: container.Name,
|
2023-06-06 07:52:08 +00:00
|
|
|
UUID: uuid.String(),
|
2023-07-11 13:53:05 +00:00
|
|
|
Type: stepType,
|
2023-06-03 22:50:08 +00:00
|
|
|
Image: container.Image,
|
|
|
|
Pull: container.Pull,
|
|
|
|
Detached: detached,
|
|
|
|
Privileged: privileged,
|
2024-01-27 19:59:44 +00:00
|
|
|
WorkingDir: workingDir,
|
2024-11-02 17:07:27 +00:00
|
|
|
WorkspaceBase: workspaceBase,
|
2023-06-03 22:50:08 +00:00
|
|
|
Environment: environment,
|
|
|
|
Commands: container.Commands,
|
2024-01-19 04:34:02 +00:00
|
|
|
Entrypoint: container.Entrypoint,
|
2023-12-22 23:42:30 +00:00
|
|
|
ExtraHosts: extraHosts,
|
2023-06-03 22:50:08 +00:00
|
|
|
Volumes: volumes,
|
|
|
|
Tmpfs: container.Tmpfs,
|
|
|
|
Devices: container.Devices,
|
|
|
|
Networks: networks,
|
|
|
|
DNS: container.DNS,
|
|
|
|
DNSSearch: container.DNSSearch,
|
|
|
|
AuthConfig: authConfig,
|
|
|
|
OnSuccess: onSuccess,
|
|
|
|
OnFailure: onFailure,
|
|
|
|
Failure: failure,
|
|
|
|
NetworkMode: networkMode,
|
2023-11-02 03:12:41 +00:00
|
|
|
Ports: ports,
|
2024-02-08 17:39:32 +00:00
|
|
|
BackendOptions: container.BackendOptions,
|
2023-11-05 11:47:42 +00:00
|
|
|
}, nil
|
2017-03-05 07:56:08 +00:00
|
|
|
}
|
2022-10-24 14:31:06 +00:00
|
|
|
|
2024-01-27 19:59:44 +00:00
|
|
|
func (c *Compiler) stepWorkingDir(container *yaml_types.Container) string {
|
2023-11-01 10:29:44 +00:00
|
|
|
if path.IsAbs(container.Directory) {
|
2022-10-24 14:31:06 +00:00
|
|
|
return container.Directory
|
|
|
|
}
|
2024-07-18 20:52:22 +00:00
|
|
|
base := c.workspaceBase
|
|
|
|
if container.IsPlugin() {
|
|
|
|
base = pluginWorkspaceBase
|
|
|
|
}
|
|
|
|
return path.Join(base, c.workspacePath, container.Directory)
|
2022-10-24 14:31:06 +00:00
|
|
|
}
|
2023-11-26 07:46:06 +00:00
|
|
|
|
2024-01-12 22:57:24 +00:00
|
|
|
func convertPort(portDef string) (backend_types.Port, error) {
|
|
|
|
var err error
|
|
|
|
var port backend_types.Port
|
|
|
|
|
|
|
|
number, protocol, _ := strings.Cut(portDef, "/")
|
|
|
|
port.Protocol = protocol
|
|
|
|
|
|
|
|
portNumber, err := strconv.ParseUint(number, 10, 16)
|
|
|
|
if err != nil {
|
|
|
|
return port, err
|
|
|
|
}
|
|
|
|
port.Number = uint16(portNumber)
|
|
|
|
|
|
|
|
return port, nil
|
|
|
|
}
|