woodpecker/cmd/server/server.go

359 lines
12 KiB
Go
Raw Normal View History

2018-02-19 22:24:10 +00:00
// Copyright 2018 Drone.IO Inc.
2018-03-21 13:02:17 +00:00
//
2018-02-19 22:24:10 +00:00
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
2018-03-21 13:02:17 +00:00
//
2018-02-19 22:24:10 +00:00
// http://www.apache.org/licenses/LICENSE-2.0
2018-03-21 13:02:17 +00:00
//
2018-02-19 22:24:10 +00:00
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
2017-06-29 22:51:22 +00:00
package main
import (
2017-07-24 23:15:25 +00:00
"crypto/tls"
"errors"
"fmt"
2017-06-29 22:51:22 +00:00
"net"
"net/http"
"net/http/httputil"
2017-06-29 22:51:22 +00:00
"net/url"
"strings"
"time"
"github.com/caddyserver/certmagic"
"github.com/gin-gonic/gin"
prometheus_http "github.com/prometheus/client_golang/prometheus/promhttp"
"github.com/rs/zerolog"
"github.com/rs/zerolog/log"
"github.com/urfave/cli/v2"
"golang.org/x/sync/errgroup"
2017-06-29 22:51:22 +00:00
"google.golang.org/grpc"
"google.golang.org/grpc/keepalive"
2017-06-29 22:51:22 +00:00
"go.woodpecker-ci.org/woodpecker/v2/pipeline/rpc/proto"
"go.woodpecker-ci.org/woodpecker/v2/server"
"go.woodpecker-ci.org/woodpecker/v2/server/cron"
"go.woodpecker-ci.org/woodpecker/v2/server/forge/setup"
woodpeckerGrpcServer "go.woodpecker-ci.org/woodpecker/v2/server/grpc"
"go.woodpecker-ci.org/woodpecker/v2/server/logging"
"go.woodpecker-ci.org/woodpecker/v2/server/model"
"go.woodpecker-ci.org/woodpecker/v2/server/pubsub"
"go.woodpecker-ci.org/woodpecker/v2/server/router"
"go.woodpecker-ci.org/woodpecker/v2/server/router/middleware"
2024-02-11 17:42:33 +00:00
"go.woodpecker-ci.org/woodpecker/v2/server/services"
"go.woodpecker-ci.org/woodpecker/v2/server/services/permissions"
"go.woodpecker-ci.org/woodpecker/v2/server/store"
"go.woodpecker-ci.org/woodpecker/v2/server/web"
"go.woodpecker-ci.org/woodpecker/v2/shared/constant"
2023-12-31 22:29:56 +00:00
"go.woodpecker-ci.org/woodpecker/v2/shared/logger"
"go.woodpecker-ci.org/woodpecker/v2/version"
2017-06-29 22:51:22 +00:00
)
func run(c *cli.Context) error {
if err := logger.SetupGlobalLogger(c, true); err != nil {
return err
}
2017-06-29 22:51:22 +00:00
// set gin mode based on log level
if zerolog.GlobalLevel() > zerolog.DebugLevel {
gin.SetMode(gin.ReleaseMode)
}
2017-07-12 18:48:56 +00:00
if c.String("server-host") == "" {
return fmt.Errorf("WOODPECKER_HOST is not properly configured")
2017-07-12 18:48:56 +00:00
}
if !strings.Contains(c.String("server-host"), "://") {
return fmt.Errorf("WOODPECKER_HOST must be <scheme>://<hostname> format")
}
if _, err := url.Parse(c.String("server-host")); err != nil {
return fmt.Errorf("could not parse WOODPECKER_HOST: %w", err)
}
if strings.Contains(c.String("server-host"), "://localhost") {
log.Warn().Msg(
"WOODPECKER_HOST should probably be publicly accessible (not localhost)",
)
}
_store, err := setupStore(c)
if err != nil {
return fmt.Errorf("can't setup store: %w", err)
}
defer func() {
if err := _store.Close(); err != nil {
log.Error().Err(err).Msg("could not close store")
}
}()
err = setupEvilGlobals(c, _store)
if err != nil {
return fmt.Errorf("can't setup globals: %w", err)
}
2017-06-29 22:51:22 +00:00
var g errgroup.Group
2017-07-31 19:15:05 +00:00
setupMetrics(&g, _store)
2017-06-29 22:51:22 +00:00
g.Go(func() error {
return cron.Start(c.Context, _store)
})
2017-06-29 22:51:22 +00:00
// start the grpc server
g.Go(func() error {
lis, err := net.Listen("tcp", c.String("grpc-addr"))
2017-06-29 22:51:22 +00:00
if err != nil {
log.Fatal().Err(err).Msg("failed to listen on grpc-addr") //nolint:forbidigo
2017-06-29 22:51:22 +00:00
}
jwtSecret := c.String("grpc-secret")
jwtManager := woodpeckerGrpcServer.NewJWTManager(jwtSecret)
authorizer := woodpeckerGrpcServer.NewAuthorizer(jwtManager)
2019-06-28 12:23:52 +00:00
grpcServer := grpc.NewServer(
grpc.StreamInterceptor(authorizer.StreamInterceptor),
grpc.UnaryInterceptor(authorizer.UnaryInterceptor),
grpc.KeepaliveEnforcementPolicy(keepalive.EnforcementPolicy{
MinTime: c.Duration("keepalive-min-time"),
}),
2017-06-29 23:35:38 +00:00
)
woodpeckerServer := woodpeckerGrpcServer.NewWoodpeckerServer(
server.Config.Services.Queue,
server.Config.Services.Logs,
server.Config.Services.Pubsub,
_store,
)
proto.RegisterWoodpeckerServer(grpcServer, woodpeckerServer)
2017-06-29 22:51:22 +00:00
woodpeckerAuthServer := woodpeckerGrpcServer.NewWoodpeckerAuthServer(
jwtManager,
server.Config.Server.AgentToken,
_store,
)
proto.RegisterWoodpeckerAuthServer(grpcServer, woodpeckerAuthServer)
2019-06-28 12:23:52 +00:00
err = grpcServer.Serve(lis)
2017-06-29 22:51:22 +00:00
if err != nil {
log.Fatal().Err(err).Msg("failed to serve grpc server") //nolint:forbidigo
2017-06-29 22:51:22 +00:00
}
return nil
})
proxyWebUI := c.String("www-proxy")
var webUIServe func(w http.ResponseWriter, r *http.Request)
2019-05-30 10:15:29 +00:00
if proxyWebUI == "" {
webEngine, err := web.New()
if err != nil {
log.Error().Err(err).Msg("failed to create web engine")
return err
}
webUIServe = webEngine.ServeHTTP
} else {
origin, _ := url.Parse(proxyWebUI)
director := func(req *http.Request) {
req.Header.Add("X-Forwarded-Host", req.Host)
req.Header.Add("X-Origin-Host", origin.Host)
req.URL.Scheme = origin.Scheme
req.URL.Host = origin.Host
}
proxy := &httputil.ReverseProxy{Director: director}
webUIServe = proxy.ServeHTTP
}
// setup the server and start the listener
handler := router.Load(
webUIServe,
middleware.Logger(time.RFC3339, true),
middleware.Version,
2024-01-19 15:20:35 +00:00
middleware.Store(_store),
)
switch {
case c.String("server-cert") != "":
// start the server with tls enabled
g.Go(func() error {
serve := &http.Server{
Addr: server.Config.Server.PortTLS,
Handler: handler,
TLSConfig: &tls.Config{
NextProtos: []string{"h2", "http/1.1"},
},
}
err = serve.ListenAndServeTLS(
c.String("server-cert"),
c.String("server-key"),
)
if err != nil && !errors.Is(err, http.ErrServerClosed) {
log.Fatal().Err(err).Msg("failed to start server with tls") //nolint:forbidigo
}
return err
})
2017-06-29 22:51:22 +00:00
// http to https redirect
redirect := func(w http.ResponseWriter, req *http.Request) {
serverURL, _ := url.Parse(server.Config.Server.Host)
req.URL.Scheme = "https"
req.URL.Host = serverURL.Host
w.Header().Set("Strict-Transport-Security", "max-age=31536000")
http.Redirect(w, req, req.URL.String(), http.StatusMovedPermanently)
}
g.Go(func() error {
err := http.ListenAndServe(server.Config.Server.Port, http.HandlerFunc(redirect))
if err != nil && !errors.Is(err, http.ErrServerClosed) {
log.Fatal().Err(err).Msg("unable to start server to redirect from http to https") //nolint:forbidigo
}
return err
})
case c.Bool("lets-encrypt"):
// start the server with lets-encrypt
certmagic.DefaultACME.Email = c.String("lets-encrypt-email")
certmagic.DefaultACME.Agreed = true
address, err := url.Parse(strings.TrimSuffix(c.String("server-host"), "/"))
if err != nil {
return err
}
2017-06-29 22:51:22 +00:00
g.Go(func() error {
if err := certmagic.HTTPS([]string{address.Host}, handler); err != nil {
log.Fatal().Err(err).Msg("certmagic does not work") //nolint:forbidigo
}
return nil
})
default:
// start the server without tls
g.Go(func() error {
err := http.ListenAndServe(
c.String("server-addr"),
handler,
)
if err != nil && !errors.Is(err, http.ErrServerClosed) {
log.Fatal().Err(err).Msg("could not start server") //nolint:forbidigo
}
return err
})
}
if metricsServerAddr := c.String("metrics-server-addr"); metricsServerAddr != "" {
g.Go(func() error {
metricsRouter := gin.New()
metricsRouter.GET("/metrics", gin.WrapH(prometheus_http.Handler()))
err := http.ListenAndServe(metricsServerAddr, metricsRouter)
if err != nil && !errors.Is(err, http.ErrServerClosed) {
log.Fatal().Err(err).Msg("could not start metrics server") //nolint:forbidigo
}
return err
})
}
log.Info().Msgf("starting Woodpecker server with version '%s'", version.String())
2017-06-29 22:51:22 +00:00
return g.Wait()
}
func setupEvilGlobals(c *cli.Context, s store.Store) error {
2017-06-29 22:51:22 +00:00
// services
2024-02-11 17:42:33 +00:00
server.Config.Services.Queue = setupQueue(c, s)
server.Config.Services.Logs = logging.New()
server.Config.Services.Pubsub = pubsub.New()
server.Config.Services.Membership = setupMembershipService(c, s)
serviceManager, err := services.NewManager(c, s, setup.Forge)
if err != nil {
2024-02-11 17:42:33 +00:00
return fmt.Errorf("could not setup service manager: %w", err)
Add support for pipeline configuration service (#804) * Add configuration extension flags to server Add httpsignatures dependency Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Add http fetching to config fetcher Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Refetch config on rebuild Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * - Ensure multipipeline compatiblity - Send original config in http request Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Basic tests of config api Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Simple docs page Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Better flag naming Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Rename usages of the term yaml Rename ConfigAPI struct Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Doc adjustments Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * More docs touchups Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Fix env vars in docs Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * fix json tags for api calls Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Add example config service Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Consistent naming for configService Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Docs: Change example repository location Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Fix tests after response field rename Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Revert accidential unrelated change in api hook Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Update server flag descriptions Co-authored-by: Anbraten <anton@ju60.de> Co-authored-by: Anbraten <anton@ju60.de>
2022-02-28 09:56:23 +00:00
}
server.Config.Services.Manager = serviceManager
Add support for pipeline configuration service (#804) * Add configuration extension flags to server Add httpsignatures dependency Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Add http fetching to config fetcher Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Refetch config on rebuild Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * - Ensure multipipeline compatiblity - Send original config in http request Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Basic tests of config api Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Simple docs page Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Better flag naming Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Rename usages of the term yaml Rename ConfigAPI struct Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Doc adjustments Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * More docs touchups Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Fix env vars in docs Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * fix json tags for api calls Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Add example config service Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Consistent naming for configService Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Docs: Change example repository location Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Fix tests after response field rename Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Revert accidential unrelated change in api hook Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at> * Update server flag descriptions Co-authored-by: Anbraten <anton@ju60.de> Co-authored-by: Anbraten <anton@ju60.de>
2022-02-28 09:56:23 +00:00
server.Config.Services.LogStore, err = setupLogStore(c, s)
if err != nil {
return fmt.Errorf("could not setup log store: %w", err)
}
// authentication
server.Config.Pipeline.AuthenticatePublicRepos = c.Bool("authenticate-public-repos")
// Cloning
server.Config.Pipeline.DefaultCloneImage = c.String("default-clone-image")
constant.TrustedCloneImages = append(constant.TrustedCloneImages, server.Config.Pipeline.DefaultCloneImage)
// Execution
_events := c.StringSlice("default-cancel-previous-pipeline-events")
events := make([]model.WebhookEvent, 0, len(_events))
for _, v := range _events {
events = append(events, model.WebhookEvent(v))
}
server.Config.Pipeline.DefaultCancelPreviousPipelineEvents = events
server.Config.Pipeline.DefaultTimeout = c.Int64("default-pipeline-timeout")
server.Config.Pipeline.MaxTimeout = c.Int64("max-pipeline-timeout")
2017-06-29 22:51:22 +00:00
// limits
server.Config.Pipeline.Limits.MemSwapLimit = c.Int64("limit-mem-swap")
server.Config.Pipeline.Limits.MemLimit = c.Int64("limit-mem")
server.Config.Pipeline.Limits.ShmSize = c.Int64("limit-shm-size")
server.Config.Pipeline.Limits.CPUQuota = c.Int64("limit-cpu-quota")
server.Config.Pipeline.Limits.CPUShares = c.Int64("limit-cpu-shares")
server.Config.Pipeline.Limits.CPUSet = c.String("limit-cpu-set")
2017-06-29 22:51:22 +00:00
// backend options for pipeline compiler
server.Config.Pipeline.Proxy.No = c.String("backend-no-proxy")
server.Config.Pipeline.Proxy.HTTP = c.String("backend-http-proxy")
server.Config.Pipeline.Proxy.HTTPS = c.String("backend-https-proxy")
2017-06-29 22:51:22 +00:00
// server configuration
server.Config.Server.Cert = c.String("server-cert")
server.Config.Server.Key = c.String("server-key")
server.Config.Server.AgentToken = c.String("agent-secret")
serverHost := strings.TrimSuffix(c.String("server-host"), "/")
server.Config.Server.Host = serverHost
if c.IsSet("server-webhook-host") {
server.Config.Server.WebhookHost = c.String("server-webhook-host")
} else {
server.Config.Server.WebhookHost = serverHost
}
if c.IsSet("server-dev-oauth-host-deprecated") {
server.Config.Server.OAuthHost = c.String("server-dev-oauth-host-deprecated")
} else {
server.Config.Server.OAuthHost = serverHost
}
server.Config.Server.Port = c.String("server-addr")
server.Config.Server.PortTLS = c.String("server-addr-tls")
server.Config.Server.StatusContext = c.String("status-context")
server.Config.Server.StatusContextFormat = c.String("status-context-format")
server.Config.Server.SessionExpires = c.Duration("session-expires")
u, _ := url.Parse(server.Config.Server.Host)
rootPath := strings.TrimSuffix(u.Path, "/")
if rootPath != "" && !strings.HasPrefix(rootPath, "/") {
rootPath = "/" + rootPath
}
server.Config.Server.RootPath = rootPath
support custom .JS and .CSS files for custom banner messages (white-labeling) (#1781) This PR introduces two new server configuration options, for providing a custom .JS and .CSS file. These can be used to show custom banner messages, add environment-dependent signals, or simply a corporate logo. ### Motivation (what problem I try to solve) I'm operating Woodpecker in multiple k8s clusters for different environments. When having multiple browser tabs open, I prefer strong indicators for each environment. E.g. a red "PROD" banner, or just a blue "QA" banner. Also, we sometimes need to have the chance for maintenance, and instead of broadcasting emails, I prefer a banner message, stating something like: "Heads-up: there's a planned downtime, next Friday, blabla...". Also, I like to have the firm's logo visible, which makes Woodpecker look more like an integral part of our platform. ### Implementation notes * Two new config options are introduced ```WOODPECKER_CUSTOM_CSS_FILE``` and ```WOODPECKER_CUSTOM_JS_FILE``` * I've piggy-bagged the existing handler for assets, as it seemed to me a minimally invasive approach * the option along with an example is documented * a simple unit test for the Gin-handler ensures some regression safety * no extra dependencies are introduced ### Visual example The documented example will look like this. ![Screenshot 2023-05-27 at 17 00 44](https://github.com/woodpecker-ci/woodpecker/assets/1189394/8940392e-463c-4651-a1eb-f017cd3cd64d) ### Areas of uncertainty This is my first contribution to Woodpecker and I tried my best to align with your conventions. That said, I found myself uncertain about these things and would be glad about getting feedback. * The handler tests are somewhat different than the other ones because I wanted to keep them simple - I hope that still matches your coding guidelines * caching the page sometimes will let the browser not recognize changes and a user must reload. I'm not fully into the details of how caching is implemented and neither can judge if it's a real problem. Another pair of eyes would be good.
2023-07-10 10:46:35 +00:00
server.Config.Server.CustomCSSFile = strings.TrimSpace(c.String("custom-css-file"))
server.Config.Server.CustomJsFile = strings.TrimSpace(c.String("custom-js-file"))
server.Config.Pipeline.Networks = c.StringSlice("network")
server.Config.Pipeline.Volumes = c.StringSlice("volume")
server.Config.Pipeline.Privileged = c.StringSlice("escalate")
server.Config.WebUI.EnableSwagger = c.Bool("enable-swagger")
server.Config.WebUI.SkipVersionCheck = c.Bool("skip-version-check")
// prometheus
server.Config.Prometheus.AuthToken = c.String("prometheus-auth-token")
// permissions
server.Config.Permissions.Open = c.Bool("open")
server.Config.Permissions.Admins = permissions.NewAdmins(c.StringSlice("admin"))
server.Config.Permissions.Orgs = permissions.NewOrgs(c.StringSlice("orgs"))
server.Config.Permissions.OwnersAllowlist = permissions.NewOwnersAllowlist(c.StringSlice("repo-owners"))
return nil
2017-06-29 22:51:22 +00:00
}