|
@ -48,6 +48,7 @@ steps:
|
|||
forge_url: "https://github.com"
|
||||
forge_repo_token:
|
||||
from_secret: GITHUB_TOKEN_SURGE
|
||||
failure: ignore
|
||||
when:
|
||||
event: pull_request
|
||||
path: *when_path
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Changelog
|
||||
|
||||
## [1.0.0-rc1](https://github.com/woodpecker-ci/woodpecker/releases/tag/1.0.0-rc1) - 2023-07-21
|
||||
## [1.0.0-rc1](https://github.com/woodpecker-ci/woodpecker/releases/tag/1.0.0-rc1) - 2023-07-25
|
||||
|
||||
* BREAKING
|
||||
* Use IDs to access organizations (#1873)
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
# Welcome to Woodpecker
|
||||
|
||||
Woodpecker is a simple CI engine with great extensibility. It runs your pipelines inside [containers](https://opencontainers.org/), so if you are already using them in your daily workflow, you'll love Woodpecker for sure.
|
||||
Woodpecker is a simple CI engine with great extensibility. It focuses on executing pipelines inside [containers](https://opencontainers.org/).
|
||||
If you are already using containers in your daily workflow, you'll for sure love Woodpecker.
|
||||
|
||||
![woodpecker](woodpecker.png)
|
||||
|
||||
|
@ -26,9 +27,9 @@ steps:
|
|||
### Steps are containers
|
||||
|
||||
- Define any container image as context
|
||||
- either use your own and install the needed tools in custom image or
|
||||
- search for available images that are already tailored for your needs on container registries like [Docker Hub](https://hub.docker.com/search?type=image)
|
||||
- List the commands that should be executed in your container, in order to build or test your application
|
||||
- either use your own and install the needed tools in a custom image
|
||||
- or search for available images that are already tailored for your needs in image registries like [Docker Hub](https://hub.docker.com/search?type=image)
|
||||
- List the commands that should be executed in the container
|
||||
|
||||
```diff
|
||||
steps:
|
||||
|
@ -42,7 +43,7 @@ steps:
|
|||
### File changes are incremental
|
||||
|
||||
- Woodpecker clones the source code in the beginning
|
||||
- Changes to files are persisted through steps as the same volume is mounted to all steps
|
||||
- File changes are persisted throughout individual steps as the same volume is being mounted in all steps
|
||||
|
||||
```yaml
|
||||
# .woodpecker.yml
|
||||
|
|
|
@ -2,9 +2,9 @@
|
|||
|
||||
## Repository Activation
|
||||
|
||||
To activate your project navigate to your account settings. You will see a list of repositories which can be activated with a simple toggle. When you activate your repository, Woodpecker automatically adds webhooks to your forge (e.g. GitHub).
|
||||
To activate your project navigate to your account settings. You will see a list of repositories which can be activated with a simple toggle. When you activate your repository, Woodpecker automatically adds webhooks to your forge (e.g. GitHub, Gitea, ...).
|
||||
|
||||
Webhooks are used to trigger pipeline executions. When you push code to your repository, open a pull request, or create a tag, your forge will automatically send a webhook to Woodpecker which will in turn trigger pipeline execution.
|
||||
Webhooks are used to trigger pipeline executions. When you push code to your repository, open a pull request, or create a tag, your forge will automatically send a webhook to Woodpecker which will in turn trigger the pipeline execution.
|
||||
|
||||
![repository list](repo-list.png)
|
||||
|
||||
|
@ -22,7 +22,7 @@ Webhooks are used to trigger pipeline executions. When you push code to your rep
|
|||
|
||||
## Configuration
|
||||
|
||||
To configure your pipeline you should place a `.woodpecker.yml` file in the root of your repository. The .woodpecker.yml file is used to define your pipeline steps. It is a superset of the widely used docker-compose file format.
|
||||
To configure your pipeline you must create a `.woodpecker.yml` file in the root of your repository. The `.woodpecker.yml` file is used to define your pipeline steps.
|
||||
|
||||
:::note
|
||||
We support most of YAML 1.2, but preserve some behavior from 1.1 for backward compatibility.
|
||||
|
|
|
@ -2,7 +2,11 @@
|
|||
|
||||
Some versions need some changes to the server configuration or the pipeline configuration files.
|
||||
|
||||
## 1.0.0 (next)
|
||||
## next
|
||||
|
||||
No breaking changes
|
||||
|
||||
## 1.0.0
|
||||
|
||||
- The signature used to verify extensions calls (like those used for the [config-extension](./30-administration/100-external-configuration-api.md)) done by the Woodpecker server switched from using a shared-secret HMac to an ed25519 key-pair. Read more about it at the [config-extensions](./30-administration/100-external-configuration-api.md) documentation.
|
||||
- Refactored support of old agent filter labels and expression. Learn how to use the new [filter](./20-usage/20-pipeline-syntax.md#labels)
|
||||
|
|
|
@ -214,11 +214,15 @@ module.exports = {
|
|||
includeCurrentVersion: true,
|
||||
lastVersion: '0.15',
|
||||
versions: {
|
||||
current: {
|
||||
'current': {
|
||||
label: 'Next',
|
||||
banner: 'unreleased',
|
||||
},
|
||||
0.15: {
|
||||
'1.0': {
|
||||
label: '1.0.x',
|
||||
banner: 'unreleased',
|
||||
},
|
||||
'0.15': {
|
||||
label: '0.15.x',
|
||||
banner: 'none',
|
||||
},
|
||||
|
|
94
docs/versioned_docs/version-1.0/10-intro.md
Normal file
|
@ -0,0 +1,94 @@
|
|||
# Welcome to Woodpecker
|
||||
|
||||
Woodpecker is a simple CI engine with great extensibility. It focuses on executing pipelines inside [containers](https://opencontainers.org/).
|
||||
If you are already using containers in your daily workflow, you'll for sure love Woodpecker.
|
||||
|
||||
![woodpecker](woodpecker.png)
|
||||
|
||||
## .woodpecker.yml
|
||||
|
||||
- Place your pipeline in a file named `.woodpecker.yml` in your repository
|
||||
- Pipeline steps can be named as you like
|
||||
- Run any command in the commands section
|
||||
|
||||
```yaml
|
||||
# .woodpecker.yml
|
||||
steps:
|
||||
build:
|
||||
image: debian
|
||||
commands:
|
||||
- echo "This is the build step"
|
||||
a-test-step:
|
||||
image: debian
|
||||
commands:
|
||||
- echo "Testing.."
|
||||
```
|
||||
|
||||
### Steps are containers
|
||||
|
||||
- Define any container image as context
|
||||
- either use your own and install the needed tools in a custom image
|
||||
- or search for available images that are already tailored for your needs in image registries like [Docker Hub](https://hub.docker.com/search?type=image)
|
||||
- List the commands that should be executed in the container
|
||||
|
||||
```diff
|
||||
steps:
|
||||
build:
|
||||
- image: debian
|
||||
+ image: mycompany/image-with-awscli
|
||||
commands:
|
||||
- aws help
|
||||
```
|
||||
|
||||
### File changes are incremental
|
||||
|
||||
- Woodpecker clones the source code in the beginning
|
||||
- File changes are persisted throughout individual steps as the same volume is being mounted in all steps
|
||||
|
||||
```yaml
|
||||
# .woodpecker.yml
|
||||
steps:
|
||||
build:
|
||||
image: debian
|
||||
commands:
|
||||
- touch myfile
|
||||
a-test-step:
|
||||
image: debian
|
||||
commands:
|
||||
- cat myfile
|
||||
```
|
||||
|
||||
## Plugins are straightforward
|
||||
|
||||
- If you copy the same shell script from project to project
|
||||
- Pack it into a plugin instead
|
||||
- And make the yaml declarative
|
||||
- Plugins are Docker images with your script as an entrypoint
|
||||
|
||||
```Dockerfile
|
||||
# Dockerfile
|
||||
FROM laszlocloud/kubectl
|
||||
COPY deploy /usr/local/deploy
|
||||
ENTRYPOINT ["/usr/local/deploy"]
|
||||
```
|
||||
|
||||
```bash
|
||||
# deploy
|
||||
kubectl apply -f $PLUGIN_TEMPLATE
|
||||
```
|
||||
|
||||
```yaml
|
||||
# .woodpecker.yml
|
||||
steps:
|
||||
deploy-to-k8s:
|
||||
image: laszlocloud/my-k8s-plugin
|
||||
settings:
|
||||
template: config/k8s/service.yml
|
||||
```
|
||||
|
||||
See [plugin docs](./20-usage/51-plugins/10-plugins.md).
|
||||
|
||||
## Continue reading
|
||||
|
||||
- [Create a Woodpecker pipeline for your repository](./20-usage/10-intro.md)
|
||||
- [Setup your own Woodpecker instance](./30-administration/00-setup.md)
|
75
docs/versioned_docs/version-1.0/20-usage/10-intro.md
Normal file
|
@ -0,0 +1,75 @@
|
|||
# Getting started
|
||||
|
||||
## Repository Activation
|
||||
|
||||
To activate your project navigate to your account settings. You will see a list of repositories which can be activated with a simple toggle. When you activate your repository, Woodpecker automatically adds webhooks to your forge (e.g. GitHub, Gitea, ...).
|
||||
|
||||
Webhooks are used to trigger pipeline executions. When you push code to your repository, open a pull request, or create a tag, your forge will automatically send a webhook to Woodpecker which will in turn trigger the pipeline execution.
|
||||
|
||||
![repository list](repo-list.png)
|
||||
|
||||
> Required Permissions
|
||||
>
|
||||
>The user who enables a repo in Woodpecker must have `Admin` rights on that repo, so that Woodpecker can add the webhook.
|
||||
>
|
||||
> Note that manually creating webhooks yourself is not possible. This is because webhooks are signed using a per-repository secret key which is not exposed to end users.
|
||||
|
||||
# Webhooks
|
||||
|
||||
When you activate your repository Woodpecker automatically add webhooks to your forge (e.g. GitHub). There is no manual configuration required.
|
||||
|
||||
Webhooks are used to trigger pipeline executions. When you push code to your repository, open a pull request, or create a tag, your forge will automatically send a webhook to Woodpecker which will in turn trigger pipeline execution.
|
||||
|
||||
## Configuration
|
||||
|
||||
To configure your pipeline you must create a `.woodpecker.yml` file in the root of your repository. The `.woodpecker.yml` file is used to define your pipeline steps.
|
||||
|
||||
:::note
|
||||
We support most of YAML 1.2, but preserve some behavior from 1.1 for backward compatibility.
|
||||
Read more at: [https://github.com/go-yaml/yaml](https://github.com/go-yaml/yaml/tree/v3)
|
||||
:::
|
||||
|
||||
Example pipeline configuration:
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
build:
|
||||
image: golang
|
||||
commands:
|
||||
- go get
|
||||
- go build
|
||||
- go test
|
||||
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:9.4.5
|
||||
environment:
|
||||
- POSTGRES_USER=myapp
|
||||
```
|
||||
|
||||
Example pipeline configuration with multiple, serial steps:
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
backend:
|
||||
image: golang
|
||||
commands:
|
||||
- go get
|
||||
- go build
|
||||
- go test
|
||||
|
||||
frontend:
|
||||
image: node:6
|
||||
commands:
|
||||
- npm install
|
||||
- npm test
|
||||
|
||||
notify:
|
||||
image: plugins/slack
|
||||
channel: developers
|
||||
username: woodpecker
|
||||
```
|
||||
|
||||
## Execution
|
||||
|
||||
To trigger your first pipeline execution you can push code to your repository, open a pull request, or push a tag. Any of these events triggers a webhook from your forge and execute your pipeline.
|
42
docs/versioned_docs/version-1.0/20-usage/15-terminology.md
Normal file
|
@ -0,0 +1,42 @@
|
|||
# Terminology
|
||||
|
||||
## Glossary
|
||||
|
||||
- **Woodpecker CI**: The project name around Woodpecker.
|
||||
- **Woodpecker**: An open-source tool that executes [pipelines][Pipeline] on your code.
|
||||
- **Server**: The component of Woodpecker that handles webhooks from forges, orchestrates agents, and sends status back. It also serves the API and web UI for administration and configuration.
|
||||
- **Agent**: A component of Woodpecker that executes [pipelines][Pipeline] (specifically one or more [workflows][Workflow]) with a specific backend (e.g. [Docker][], Kubernetes, [local][Local]). It connects to the server via GRPC.
|
||||
- **CLI**: The Woodpecker command-line interface (CLI) is a terminal tool used to administer the server, to execute pipelines locally for debugging / testing purposes, and to perform tasks like linting pipelines.
|
||||
- **Pipeline**: A sequence of [workflows][Workflow] that are executed on the code. [Pipelines][Pipeline] are triggered by events.
|
||||
- **Workflow**: A sequence of steps and services that are executed as part of a [pipeline][Pipeline]. Workflows are represented by YAML files. Each [workflow][Workflow] has its own isolated [workspace][Workspace], and often additional resources like a shared network (docker).
|
||||
- **Steps**: Individual commands, actions or tasks within a [workflow][Workflow].
|
||||
- **Code**: Refers to the files tracked by the version control system used by the [forge][Forge].
|
||||
- **Repos**: Short for repositories, these are storage locations where code is stored.
|
||||
- **Forge**: The hosting platform or service where the repositories are hosted.
|
||||
- **Workspace**: A folder shared between all steps of a [workflow][Workflow] containing the repository and all the generated data from previous steps.
|
||||
- **Event**: Triggers the execution of a [pipeline][Pipeline], such as a [forge][Forge] event like `push`, or `manual` triggered manually from the UI.
|
||||
- **Commit**: A defined state of the code, usually associated with a version control system like Git.
|
||||
- **Matrix**: A configuration option that allows the execution of [workflows][Workflow] for each value in the [matrix][Matrix].
|
||||
- **Service**: A service is a step that is executed from the start of a [workflow][Workflow] until its end. It can be accessed by name via the network from other steps within the same [workflow][Workflow].
|
||||
- **Plugins**: [Plugins][Plugin] are extensions that provide pre-defined actions or commands for a step in a [workflow][Workflow]. They can be configured via settings.
|
||||
- **Container**: A lightweight and isolated environment where commands are executed.
|
||||
- **YAML File**: A file format used to define and configure [workflows][Workflow].
|
||||
- **Dependency**: [Workflows][Workflow] can depend on each other, and if possible, they are executed in parallel.
|
||||
- **Status**: Status refers to the outcome of a step or [workflow][Workflow] after it has been executed, determined by the internal command exit code. At the end of a [workflow][Workflow], its status is sent to the [forge][Forge].
|
||||
|
||||
## Terms
|
||||
|
||||
Sometimes there exist multiple terms that can be used for a thing, we try to define it here once and stick to it.
|
||||
|
||||
- environment variables `*_LINK` should be `*_URL`, also in code, use `URL()` instead of `Link` ([Vote](https://framadate.org/jVSQHwIGfJYy82IL))
|
||||
- **Pipelines** were previously called **builds**
|
||||
- **Steps** were previously called **jobs**
|
||||
|
||||
[Pipeline]: ./20-pipeline-syntax.md
|
||||
[Workflow]: ./25-workflows.md
|
||||
[Forge]: ../30-administration/11-forges/10-overview.md
|
||||
[Plugin]: ./51-plugins/10-plugins.md
|
||||
[Workspace]: ./20-pipeline-syntax.md#workspace
|
||||
[Matrix]: ./30-matrix-workflows.md
|
||||
[Docker]: ../30-administration/22-backends/10-docker.md
|
||||
[Local]: ../30-administration/22-backends/20-local.md
|
913
docs/versioned_docs/version-1.0/20-usage/20-pipeline-syntax.md
Normal file
|
@ -0,0 +1,913 @@
|
|||
# Pipeline syntax
|
||||
|
||||
The pipeline section defines a list of steps to build, test and deploy your code. Pipeline steps are executed serially, in the order in which they are defined. If a step returns a non-zero exit code, the pipeline immediately aborts and returns a failure status.
|
||||
|
||||
Example steps:
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
backend:
|
||||
image: golang
|
||||
commands:
|
||||
- go build
|
||||
- go test
|
||||
frontend:
|
||||
image: node
|
||||
commands:
|
||||
- npm install
|
||||
- npm run test
|
||||
- npm run build
|
||||
```
|
||||
|
||||
In the above example we define two pipeline steps, `frontend` and `backend`. The names of these steps are completely arbitrary.
|
||||
|
||||
Another way to name a step is by using the name keyword:
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
- name: backend
|
||||
image: golang
|
||||
commands:
|
||||
- go build
|
||||
- go test
|
||||
- name: frontend
|
||||
image: node
|
||||
commands:
|
||||
- npm install
|
||||
- npm run test
|
||||
- npm run build
|
||||
```
|
||||
|
||||
Keep in mind the name is optional, if not added the steps will be numerated.
|
||||
|
||||
### Skip Commits
|
||||
|
||||
Woodpecker gives the ability to skip individual commits by adding `[CI SKIP]` to the commit message. Note this is case-insensitive.
|
||||
|
||||
```sh
|
||||
git commit -m "updated README [CI SKIP]"
|
||||
```
|
||||
|
||||
## Steps
|
||||
|
||||
Every step of your pipeline executes arbitrary commands inside a specified container. The defined commands are executed serially.
|
||||
The associated commit of a current pipeline run is checked out with git to a workspace which is mounted to every step of the pipeline as the working directory.
|
||||
|
||||
```diff
|
||||
steps:
|
||||
backend:
|
||||
image: golang
|
||||
commands:
|
||||
+ - go build
|
||||
+ - go test
|
||||
```
|
||||
|
||||
### File changes are incremental
|
||||
|
||||
- Woodpecker clones the source code in the beginning pipeline
|
||||
- Changes to files are persisted through steps as the same volume is mounted to all steps
|
||||
|
||||
```yaml
|
||||
# .woodpecker.yml
|
||||
steps:
|
||||
build:
|
||||
image: debian
|
||||
commands:
|
||||
- echo "test content" > myfile
|
||||
a-test-step:
|
||||
image: debian
|
||||
commands:
|
||||
- cat myfile
|
||||
```
|
||||
|
||||
### `image`
|
||||
|
||||
Woodpecker pulls the defined image and uses it as environment to execute the pipeline step commands, for plugins and for service containers.
|
||||
|
||||
When using the `local` backend, the `image` entry is used to specify the shell, such as Bash or Fish, that is used to run the commands.
|
||||
|
||||
```diff
|
||||
steps:
|
||||
build:
|
||||
+ image: golang:1.6
|
||||
commands:
|
||||
- go build
|
||||
- go test
|
||||
|
||||
publish:
|
||||
+ image: plugins/docker
|
||||
repo: foo/bar
|
||||
|
||||
services:
|
||||
database:
|
||||
+ image: mysql
|
||||
```
|
||||
|
||||
Woodpecker supports any valid Docker image from any Docker registry:
|
||||
|
||||
```text
|
||||
image: golang
|
||||
image: golang:1.7
|
||||
image: library/golang:1.7
|
||||
image: index.docker.io/library/golang
|
||||
image: index.docker.io/library/golang:1.7
|
||||
```
|
||||
|
||||
Woodpecker does not automatically upgrade container images. Example configuration to always pull the latest image when updates are available:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
build:
|
||||
image: golang:latest
|
||||
+ pull: true
|
||||
```
|
||||
|
||||
##### Images from private registries
|
||||
|
||||
You must provide registry credentials on the UI in order to pull private pipeline images defined in your YAML configuration file.
|
||||
|
||||
These credentials are never exposed to your pipeline, which means they cannot be used to push, and are safe to use with pull requests, for example. Pushing to a registry still require setting credentials for the appropriate plugin.
|
||||
|
||||
Example configuration using a private image:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
build:
|
||||
+ image: gcr.io/custom/golang
|
||||
commands:
|
||||
- go build
|
||||
- go test
|
||||
```
|
||||
|
||||
Woodpecker matches the registry hostname to each image in your YAML. If the hostnames match, the registry credentials are used to authenticate to your registry and pull the image. Note that registry credentials are used by the Woodpecker agent and are never exposed to your build containers.
|
||||
|
||||
Example registry hostnames:
|
||||
|
||||
- Image `gcr.io/foo/bar` has hostname `gcr.io`
|
||||
- Image `foo/bar` has hostname `docker.io`
|
||||
- Image `qux.com:8000/foo/bar` has hostname `qux.com:8000`
|
||||
|
||||
Example registry hostname matching logic:
|
||||
|
||||
- Hostname `gcr.io` matches image `gcr.io/foo/bar`
|
||||
- Hostname `docker.io` matches `golang`
|
||||
- Hostname `docker.io` matches `library/golang`
|
||||
- Hostname `docker.io` matches `bradyrydzewski/golang`
|
||||
- Hostname `docker.io` matches `bradyrydzewski/golang:latest`
|
||||
|
||||
##### Global registry support
|
||||
|
||||
To make a private registry globally available check the [server configuration docs](../30-administration/10-server-config.md#global-registry-setting).
|
||||
|
||||
##### GCR registry support
|
||||
|
||||
For specific details on configuring access to Google Container Registry, please view the docs [here](https://cloud.google.com/container-registry/docs/advanced-authentication#using_a_json_key_file).
|
||||
|
||||
### `commands`
|
||||
|
||||
Commands of every pipeline step are executed serially as if you would enter them into your local shell.
|
||||
|
||||
```diff
|
||||
steps:
|
||||
backend:
|
||||
image: golang
|
||||
commands:
|
||||
+ - go build
|
||||
+ - go test
|
||||
```
|
||||
|
||||
There is no magic here. The above commands are converted to a simple shell script. The commands in the above example are roughly converted to the below script:
|
||||
|
||||
```sh
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
go build
|
||||
go test
|
||||
```
|
||||
|
||||
The above shell script is then executed as the container entrypoint. The below docker command is an (incomplete) example of how the script is executed:
|
||||
|
||||
```sh
|
||||
docker run --entrypoint=build.sh golang
|
||||
```
|
||||
|
||||
> Please note that only build steps can define commands. You cannot use commands with plugins or services.
|
||||
|
||||
### `environment`
|
||||
|
||||
Woodpecker provides the ability to pass environment variables to individual pipeline steps.
|
||||
|
||||
For more details check the [environment docs](./50-environment.md).
|
||||
|
||||
### `secrets`
|
||||
|
||||
Woodpecker provides the ability to store named parameters external to the YAML configuration file, in a central secret store. These secrets can be passed to individual steps of the pipeline at runtime.
|
||||
|
||||
For more details check the [secrets docs](./40-secrets.md).
|
||||
|
||||
### `failure`
|
||||
|
||||
Some of the pipeline steps may be allowed to fail without causing the whole pipeline to report a failure (e.g., a step executing a linting check). To enable this, add `failure: ignore` to your pipeline step. If Woodpecker encounters an error while executing the step, it will report it as failed but still execute the next steps of the pipeline, if any, without affecting the status of the pipeline.
|
||||
|
||||
```diff
|
||||
steps:
|
||||
backend:
|
||||
image: golang
|
||||
commands:
|
||||
- go build
|
||||
- go test
|
||||
+ failure: ignore
|
||||
```
|
||||
|
||||
### `when` - Conditional Execution
|
||||
|
||||
Woodpecker supports defining a list of conditions for a pipeline step by using a `when` block. If at least one of the conditions in the `when` block evaluate to true the step is executed, otherwise it is skipped. A condition can be a check like:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
slack:
|
||||
image: plugins/slack
|
||||
settings:
|
||||
channel: dev
|
||||
+ when:
|
||||
+ - event: pull_request
|
||||
+ repo: test/test
|
||||
+ - event: push
|
||||
+ branch: main
|
||||
```
|
||||
|
||||
#### `repo`
|
||||
|
||||
Example conditional execution by repository:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
slack:
|
||||
image: plugins/slack
|
||||
settings:
|
||||
channel: dev
|
||||
+ when:
|
||||
+ - repo: test/test
|
||||
```
|
||||
|
||||
#### `branch`
|
||||
|
||||
:::note
|
||||
Branch conditions are not applied to tags.
|
||||
:::
|
||||
|
||||
Example conditional execution by branch:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
slack:
|
||||
image: plugins/slack
|
||||
settings:
|
||||
channel: dev
|
||||
+ when:
|
||||
+ - branch: master
|
||||
```
|
||||
|
||||
> The step now triggers on master, but also if the target branch of a pull request is `master`. Add an event condition to limit it further to pushes on master only.
|
||||
|
||||
Execute a step if the branch is `master` or `develop`:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- branch: [master, develop]
|
||||
```
|
||||
|
||||
Execute a step if the branch starts with `prefix/*`:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- branch: prefix/*
|
||||
```
|
||||
|
||||
The branch matching is done using [doublestar](https://github.com/bmatcuk/doublestar/#usage), note that a pattern starting with `*` should be put between quotes and a literal `/` needs to be escaped. A few examples:
|
||||
|
||||
- `*\\/*` to match patterns with exactly 1 `/`
|
||||
- `*\\/**` to match patters with at least 1 `/`
|
||||
- `*` to match patterns without `/`
|
||||
- `**` to match everything
|
||||
|
||||
Execute a step using custom include and exclude logic:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- branch:
|
||||
include: [ master, release/* ]
|
||||
exclude: [ release/1.0.0, release/1.1.* ]
|
||||
```
|
||||
|
||||
#### `event`
|
||||
|
||||
Available events: `push`, `pull_request`, `tag`, `deployment`, `cron`, `manual`
|
||||
|
||||
Execute a step if the build event is a `tag`:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- event: tag
|
||||
```
|
||||
|
||||
Execute a step if the pipeline event is a `push` to a specified branch:
|
||||
|
||||
```diff
|
||||
when:
|
||||
- event: push
|
||||
+ branch: main
|
||||
```
|
||||
|
||||
Execute a step for multiple events:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- event: [push, tag, deployment]
|
||||
```
|
||||
|
||||
#### `cron`
|
||||
|
||||
This filter **only** applies to cron events and filters based on the name of a cron job.
|
||||
|
||||
Make sure to have a `event: cron` condition in the `when`-filters as well.
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- event: cron
|
||||
cron: sync_* # name of your cron job
|
||||
```
|
||||
|
||||
[Read more about cron](./45-cron.md)
|
||||
|
||||
#### `ref`
|
||||
|
||||
The `ref` filter compares the git reference against which the pipeline is executed.
|
||||
This allows you to filter, for example, tags that must start with **v**:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
event: tag
|
||||
ref: refs/tags/v*
|
||||
```
|
||||
|
||||
#### `status`
|
||||
|
||||
There are use cases for executing pipeline steps on failure, such as sending notifications for failed pipelines. Use the status constraint to execute steps even when the pipeline fails:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
slack:
|
||||
image: plugins/slack
|
||||
settings:
|
||||
channel: dev
|
||||
+ when:
|
||||
+ - status: [ success, failure ]
|
||||
```
|
||||
|
||||
#### `platform`
|
||||
|
||||
:::note
|
||||
This condition should be used in conjunction with a [matrix](./30-matrix-workflows.md#example-matrix-pipeline-using-multiple-platforms) pipeline as a regular pipeline will only executed by a single agent which only has one arch.
|
||||
:::
|
||||
|
||||
Execute a step for a specific platform:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- platform: linux/amd64
|
||||
```
|
||||
|
||||
Execute a step for a specific platform using wildcards:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- platform: [ linux/*, windows/amd64 ]
|
||||
```
|
||||
|
||||
#### `environment`
|
||||
|
||||
Execute a step for deployment events matching the target deployment environment:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- environment: production
|
||||
- event: deployment
|
||||
```
|
||||
|
||||
#### `matrix`
|
||||
|
||||
Execute a step for a single matrix permutation:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- matrix:
|
||||
GO_VERSION: 1.5
|
||||
REDIS_VERSION: 2.8
|
||||
```
|
||||
|
||||
#### `instance`
|
||||
|
||||
Execute a step only on a certain Woodpecker instance matching the specified hostname:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- instance: stage.woodpecker.company.com
|
||||
```
|
||||
|
||||
#### `path`
|
||||
|
||||
:::info
|
||||
Path conditions are applied only to **push** and **pull_request** events.
|
||||
It is currently **only available** for GitHub, GitLab and Gitea (version 1.18.0 and newer)
|
||||
:::
|
||||
|
||||
Execute a step only on a pipeline with certain files being changed:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- path: "src/*"
|
||||
```
|
||||
|
||||
You can use [glob patterns](https://github.com/bmatcuk/doublestar#patterns) to match the changed files and specify if the step should run if a file matching that pattern has been changed `include` or if some files have **not** been changed `exclude`.
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- path:
|
||||
include: [ '.woodpecker/*.yml', '*.ini' ]
|
||||
exclude: [ '*.md', 'docs/**' ]
|
||||
ignore_message: "[ALL]"
|
||||
```
|
||||
|
||||
**Hint:** Passing a defined ignore-message like `[ALL]` inside the commit message will ignore all path conditions.
|
||||
|
||||
#### `evaluate`
|
||||
|
||||
Execute a step only if the provided evaluate expression is equal to true. Both built-in [`CI_`](./50-environment.md#built-in-environment-variables) and custom variables can be used inside the expression.
|
||||
|
||||
The expression syntax can be found in [the docs](https://github.com/antonmedv/expr/blob/master/docs/Language-Definition.md) of the underlying library.
|
||||
|
||||
Run on pushes to the default branch for the repository `owner/repo`:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- evaluate: 'CI_BUILD_EVENT == "push" && CI_REPO == "owner/repo" && CI_COMMIT_BRANCH == CI_REPO_DEFAULT_BRANCH'
|
||||
```
|
||||
|
||||
Run on commits created by user `woodpecker-ci`:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- evaluate: 'CI_COMMIT_AUTHOR == "woodpecker-ci"'
|
||||
```
|
||||
|
||||
Skip all commits containing `please ignore me` in the commit message:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- evaluate: 'not (CI_COMMIT_MESSAGE contains "please ignore me")'
|
||||
```
|
||||
|
||||
Run on pull requests with the label `deploy`:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- evaluate: 'CI_COMMIT_PULL_REQUEST_LABELS contains "deploy"'
|
||||
```
|
||||
|
||||
Skip step only if `SKIP=true`, run otherwise or if undefined:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
- evaluate: 'SKIP != "true"'
|
||||
```
|
||||
|
||||
### `group` - Parallel execution
|
||||
|
||||
Woodpecker supports parallel step execution for same-machine fan-in and fan-out. Parallel steps are configured using the `group` attribute. This instructs the pipeline runner to execute the named group in parallel.
|
||||
|
||||
Example parallel configuration:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
backend:
|
||||
+ group: build
|
||||
image: golang
|
||||
commands:
|
||||
- go build
|
||||
- go test
|
||||
frontend:
|
||||
+ group: build
|
||||
image: node
|
||||
commands:
|
||||
- npm install
|
||||
- npm run test
|
||||
- npm run build
|
||||
publish:
|
||||
image: plugins/docker
|
||||
repo: octocat/hello-world
|
||||
```
|
||||
|
||||
In the above example, the `frontend` and `backend` steps are executed in parallel. The pipeline runner will not execute the `publish` step until the group completes.
|
||||
|
||||
### `volumes`
|
||||
|
||||
Woodpecker gives the ability to define Docker volumes in the YAML. You can use this parameter to mount files or folders on the host machine into your containers.
|
||||
|
||||
For more details check the [volumes docs](./70-volumes.md).
|
||||
|
||||
### `detach`
|
||||
|
||||
Woodpecker gives the ability to detach steps to run them in background until the pipeline finishes.
|
||||
|
||||
For more details check the [service docs](./60-services.md#detachment).
|
||||
|
||||
### `directory`
|
||||
|
||||
Using `directory`, you can set a subdirectory of your repository or an absolute path inside the Docker container in which your commands will run.
|
||||
|
||||
## `services`
|
||||
|
||||
Woodpecker can provide service containers. They can for example be used to run databases or cache containers during the execution of pipeline.
|
||||
|
||||
For more details check the [services docs](./60-services.md).
|
||||
|
||||
## `workspace`
|
||||
|
||||
The workspace defines the shared volume and working directory shared by all pipeline steps. The default workspace matches the below pattern, based on your repository URL.
|
||||
|
||||
```txt
|
||||
/woodpecker/src/github.com/octocat/hello-world
|
||||
```
|
||||
|
||||
The workspace can be customized using the workspace block in the YAML file:
|
||||
|
||||
```diff
|
||||
+workspace:
|
||||
+ base: /go
|
||||
+ path: src/github.com/octocat/hello-world
|
||||
|
||||
steps:
|
||||
build:
|
||||
image: golang:latest
|
||||
commands:
|
||||
- go get
|
||||
- go test
|
||||
```
|
||||
|
||||
The base attribute defines a shared base volume available to all pipeline steps. This ensures your source code, dependencies and compiled binaries are persisted and shared between steps.
|
||||
|
||||
```diff
|
||||
workspace:
|
||||
+ base: /go
|
||||
path: src/github.com/octocat/hello-world
|
||||
|
||||
steps:
|
||||
deps:
|
||||
image: golang:latest
|
||||
commands:
|
||||
- go get
|
||||
- go test
|
||||
build:
|
||||
image: node:latest
|
||||
commands:
|
||||
- go build
|
||||
```
|
||||
|
||||
This would be equivalent to the following docker commands:
|
||||
|
||||
```sh
|
||||
docker volume create my-named-volume
|
||||
|
||||
docker run --volume=my-named-volume:/go golang:latest
|
||||
docker run --volume=my-named-volume:/go node:latest
|
||||
```
|
||||
|
||||
The path attribute defines the working directory of your build. This is where your code is cloned and will be the default working directory of every step in your build process. The path must be relative and is combined with your base path.
|
||||
|
||||
```diff
|
||||
workspace:
|
||||
base: /go
|
||||
+ path: src/github.com/octocat/hello-world
|
||||
```
|
||||
|
||||
```text
|
||||
git clone https://github.com/octocat/hello-world \
|
||||
/go/src/github.com/octocat/hello-world
|
||||
```
|
||||
|
||||
## `matrix`
|
||||
|
||||
Woodpecker has integrated support for matrix builds. Woodpecker executes a separate build task for each combination in the matrix, allowing you to build and test a single commit against multiple configurations.
|
||||
|
||||
For more details check the [matrix build docs](./30-matrix-workflows.md).
|
||||
|
||||
## `platform`
|
||||
|
||||
To configure your pipeline to only be executed on an agent with a specific platform, you can use the `platform` key.
|
||||
Have a look at the official [go docs](https://go.dev/doc/install/source) for the available platforms. The syntax of the platform is `GOOS/GOARCH` like `linux/arm64` or `linux/amd64`.
|
||||
|
||||
Example:
|
||||
|
||||
Assuming we have two agents, one `arm` and one `amd64`. Previously this pipeline would have executed on **either agent**, as Woodpecker is not fussy about where it runs the pipelines. By setting the following option it will only be executed on an agent with the platform `linux/arm64`.
|
||||
|
||||
```diff
|
||||
+platform: linux/arm64
|
||||
|
||||
steps:
|
||||
build:
|
||||
image: golang
|
||||
commands:
|
||||
- go build
|
||||
- go test
|
||||
```
|
||||
|
||||
## `labels`
|
||||
|
||||
You can set labels for your pipeline to select an agent to execute the pipeline on. An agent will pick up and run a pipeline when **every** label assigned to a pipeline matches the agents labels.
|
||||
|
||||
To set additional agent labels check the [agent configuration options](../30-administration/15-agent-config.md#woodpecker_filter_labels). Agents will have at least four default labels: `platform=agent-os/agent-arch`, `hostname=my-agent`, `backend=docker` (type of the agent backend) and `repo=*`. Agents can use a `*` as a wildcard for a label. For example `repo=*` will match every repo.
|
||||
|
||||
Pipeline labels with an empty value will be ignored.
|
||||
By default each pipeline has at least the `repo=your-user/your-repo-name` label. If you have set the [platform attribute](#platform) for your pipeline it will have a label like `platform=your-os/your-arch` as well.
|
||||
|
||||
You can add additional labels as a key value map:
|
||||
|
||||
```diff
|
||||
+labels:
|
||||
+ location: europe # only agents with `location=europe` or `location=*` will be used
|
||||
+ weather: sun
|
||||
+ hostname: "" # this label will be ignored as it is empty
|
||||
|
||||
steps:
|
||||
build:
|
||||
image: golang
|
||||
commands:
|
||||
- go build
|
||||
- go test
|
||||
```
|
||||
|
||||
## `variables`
|
||||
|
||||
Woodpecker supports [YAML anchors & aliases](https://yaml.org/spec/1.2.2/#3222-anchors-and-aliases) in the pipeline configuration. These can be used as variables to not repeat yourself.
|
||||
|
||||
For more details and examples check the [Advanced YAML syntax docs](./35-advanced-yaml-syntax.md)
|
||||
|
||||
## `clone`
|
||||
|
||||
Woodpecker automatically configures a default clone step if not explicitly defined. When using the `local` backend, the [plugin-git](https://github.com/woodpecker-ci/plugin-git) binary must be on your `$PATH` for the default clone step to work. If not, you can still write a manual clone step.
|
||||
|
||||
You can manually configure the clone step in your pipeline for customization:
|
||||
|
||||
```diff
|
||||
+clone:
|
||||
+ git:
|
||||
+ image: woodpeckerci/plugin-git
|
||||
|
||||
steps:
|
||||
build:
|
||||
image: golang
|
||||
commands:
|
||||
- go build
|
||||
- go test
|
||||
```
|
||||
|
||||
Example configuration to override depth:
|
||||
|
||||
```diff
|
||||
clone:
|
||||
git:
|
||||
image: woodpeckerci/plugin-git
|
||||
+ settings:
|
||||
+ partial: false
|
||||
+ depth: 50
|
||||
```
|
||||
|
||||
Example configuration to use a custom clone plugin:
|
||||
|
||||
```diff
|
||||
clone:
|
||||
git:
|
||||
+ image: octocat/custom-git-plugin
|
||||
```
|
||||
|
||||
Example configuration to clone Mercurial repository:
|
||||
|
||||
```diff
|
||||
clone:
|
||||
hg:
|
||||
+ image: plugins/hg
|
||||
+ settings:
|
||||
+ path: bitbucket.org/foo/bar
|
||||
```
|
||||
|
||||
### Git Submodules
|
||||
|
||||
To use the credentials that cloned the repository to clone it's submodules, update `.gitmodules` to use `https` instead of `git`:
|
||||
|
||||
```diff
|
||||
[submodule "my-module"]
|
||||
path = my-module
|
||||
-url = git@github.com:octocat/my-module.git
|
||||
+url = https://github.com/octocat/my-module.git
|
||||
```
|
||||
|
||||
To use the ssh git url in `.gitmodules` for users cloning with ssh, and also use the https url in Woodpecker, add `submodule_override`:
|
||||
|
||||
```diff
|
||||
clone:
|
||||
git:
|
||||
image: woodpeckerci/plugin-git
|
||||
settings:
|
||||
recursive: true
|
||||
+ submodule_override:
|
||||
+ my-module: https://github.com/octocat/my-module.git
|
||||
|
||||
steps:
|
||||
...
|
||||
```
|
||||
|
||||
## `skip_clone`
|
||||
|
||||
By default Woodpecker is automatically adding a clone step. This clone step can be configured by the [clone](#clone) property. If you do not need a `clone` step at all you can skip it using:
|
||||
|
||||
```yaml
|
||||
skip_clone: true
|
||||
```
|
||||
|
||||
## `when` - Global pipeline conditions
|
||||
|
||||
Woodpecker gives the ability to skip whole pipelines (not just steps #when---conditional-execution-1) based on certain conditions by a `when` block. If all conditions in the `when` block evaluate to true the pipeline is executed, otherwise it is skipped, but treated as successful and other pipelines depending on it will still continue.
|
||||
|
||||
### `repo`
|
||||
|
||||
Example conditional execution by repository:
|
||||
|
||||
```diff
|
||||
+when:
|
||||
+ repo: test/test
|
||||
+
|
||||
steps:
|
||||
slack:
|
||||
image: plugins/slack
|
||||
settings:
|
||||
channel: dev
|
||||
```
|
||||
|
||||
### `branch`
|
||||
|
||||
:::note
|
||||
Branch conditions are not applied to tags.
|
||||
:::
|
||||
|
||||
Example conditional execution by branch:
|
||||
|
||||
```diff
|
||||
+when:
|
||||
+ branch: master
|
||||
+
|
||||
steps:
|
||||
slack:
|
||||
image: plugins/slack
|
||||
settings:
|
||||
channel: dev
|
||||
```
|
||||
|
||||
> The step now triggers on master, but also if the target branch of a pull request is `master`. Add an event condition to limit it further to pushes on master only.
|
||||
|
||||
Execute a step if the branch is `master` or `develop`:
|
||||
|
||||
```diff
|
||||
when:
|
||||
branch: [master, develop]
|
||||
```
|
||||
|
||||
Execute a step if the branch starts with `prefix/*`:
|
||||
|
||||
```diff
|
||||
when:
|
||||
branch: prefix/*
|
||||
```
|
||||
|
||||
Execute a step using custom include and exclude logic:
|
||||
|
||||
```diff
|
||||
when:
|
||||
branch:
|
||||
include: [ master, release/* ]
|
||||
exclude: [ release/1.0.0, release/1.1.* ]
|
||||
```
|
||||
|
||||
### `event`
|
||||
|
||||
Execute a step if the build event is a `tag`:
|
||||
|
||||
```diff
|
||||
when:
|
||||
event: tag
|
||||
```
|
||||
|
||||
Execute a step if the pipeline event is a `push` to a specified branch:
|
||||
|
||||
```diff
|
||||
when:
|
||||
event: push
|
||||
+ branch: main
|
||||
```
|
||||
|
||||
Execute a step for all non-pull request events:
|
||||
|
||||
```diff
|
||||
when:
|
||||
event: [push, tag, deployment]
|
||||
```
|
||||
|
||||
Execute a step for all build events:
|
||||
|
||||
```diff
|
||||
when:
|
||||
event: [push, pull_request, tag, deployment]
|
||||
```
|
||||
|
||||
### `ref`
|
||||
|
||||
The `ref` filter compares the git reference against which the pipeline is executed.
|
||||
This allows you to filter, for example, tags that must start with **v**:
|
||||
|
||||
```yaml
|
||||
when:
|
||||
event: tag
|
||||
ref: refs/tags/v*
|
||||
```
|
||||
|
||||
### `environment`
|
||||
|
||||
Execute a step for deployment events matching the target deployment environment:
|
||||
|
||||
```diff
|
||||
when:
|
||||
environment: production
|
||||
event: deployment
|
||||
```
|
||||
|
||||
### `instance`
|
||||
|
||||
Execute a step only on a certain Woodpecker instance matching the specified hostname:
|
||||
|
||||
```diff
|
||||
when:
|
||||
instance: stage.woodpecker.company.com
|
||||
```
|
||||
|
||||
### `path`
|
||||
|
||||
:::info
|
||||
Path conditions are applied only to **push** and **pull_request** events.
|
||||
It is currently **only available** for GitHub, GitLab and Gitea (version 1.18.0 and newer)
|
||||
:::
|
||||
|
||||
Execute a step only on a pipeline with certain files being changed:
|
||||
|
||||
```diff
|
||||
when:
|
||||
path: "src/*"
|
||||
```
|
||||
|
||||
You can use [glob patterns](https://github.com/bmatcuk/doublestar#patterns) to match the changed files and specify if the step should run if a file matching that pattern has been changed `include` or if some files have **not** been changed `exclude`.
|
||||
|
||||
```diff
|
||||
when:
|
||||
path:
|
||||
include: [ '.woodpecker/*.yml', '*.ini' ]
|
||||
exclude: [ '*.md', 'docs/**' ]
|
||||
ignore_message: "[ALL]"
|
||||
```
|
||||
|
||||
**Hint:** Passing a defined ignore-message like `[ALL]` inside the commit message will ignore all path conditions.
|
||||
|
||||
## `depends_on`
|
||||
|
||||
Woodpecker supports to define multiple workflows for a repository. Those workflows will run independent from each other. To depend them on each other you can use the [`depends_on`](./25-workflows.md#flow-control) keyword.
|
||||
|
||||
## Privileged mode
|
||||
|
||||
Woodpecker gives the ability to configure privileged mode in the YAML. You can use this parameter to launch containers with escalated capabilities.
|
||||
|
||||
> Privileged mode is only available to trusted repositories and for security reasons should only be used in private environments. See [project settings](./71-project-settings.md#trusted) to enable trusted mode.
|
||||
|
||||
```diff
|
||||
steps:
|
||||
build:
|
||||
image: docker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://docker:2375
|
||||
commands:
|
||||
- docker --tls=false ps
|
||||
|
||||
services:
|
||||
docker:
|
||||
image: docker:dind
|
||||
command: [ "--storage-driver=vfs", "--tls=false" ]
|
||||
+ privileged: true
|
||||
```
|
130
docs/versioned_docs/version-1.0/20-usage/25-workflows.md
Normal file
|
@ -0,0 +1,130 @@
|
|||
# Workflows
|
||||
|
||||
:::info
|
||||
This Feature is only available for GitHub, Gitea & GitLab repositories. Follow [this](https://github.com/woodpecker-ci/woodpecker/issues/1138) issue to support further development.
|
||||
:::
|
||||
|
||||
A pipeline has at least one workflow. A workflow is a set of steps that are executed in sequence using the same workspace which is a shared folder containing the repository and all the generated data from previous steps.
|
||||
|
||||
Incase there is a single configuration in `.woodpecker.yml` Woodpecker will create a pipeline with a single workflow.
|
||||
|
||||
By placing the configurations in a folder which is by default named `.woodpecker/` Woodpecker will create a pipeline with multiple workflows each named by the file they are defined in. Only `.yml` and `.yaml` files will be used and files in any subfolders like `.woodpecker/sub-folder/test.yml` will be ignored.
|
||||
|
||||
You can also set some custom path like `.my-ci/pipelines/` instead of `.woodpecker/` in the [project settings](./71-project-settings.md).
|
||||
|
||||
## Benefits of using workflows
|
||||
|
||||
- faster lint/test feedback, the workflow doesn't have to run fully to have a lint status pushed to the remote
|
||||
- better organization of a pipeline along various concerns using one workflow for: testing, linting, building and deploying
|
||||
- utilizing more agents to speed up the execution of the whole pipeline
|
||||
|
||||
## Example workflow definition
|
||||
|
||||
:::warning
|
||||
Please note that files are only shared between steps of the same workflow (see [File changes are incremental](./20-pipeline-syntax.md#file-changes-are-incremental)). That means you cannot access artifacts e.g. from the `build` workflow in the `deploy` workflow.
|
||||
If you still need to pass artifacts between the workflows you need use some storage [plugin](./51-plugins/10-plugins.md) (e.g. one which stores files in an Amazon S3 bucket).
|
||||
:::
|
||||
|
||||
```bash
|
||||
.woodpecker/
|
||||
├── .build.yml
|
||||
├── .deploy.yml
|
||||
├── .lint.yml
|
||||
└── .test.yml
|
||||
```
|
||||
|
||||
.woodpecker/.build.yml
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
build:
|
||||
image: debian:stable-slim
|
||||
commands:
|
||||
- echo building
|
||||
- sleep 5
|
||||
```
|
||||
|
||||
.woodpecker/.deploy.yml
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
deploy:
|
||||
image: debian:stable-slim
|
||||
commands:
|
||||
- echo deploying
|
||||
|
||||
depends_on:
|
||||
- lint
|
||||
- build
|
||||
- test
|
||||
```
|
||||
|
||||
.woodpecker/.test.yml
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
test:
|
||||
image: debian:stable-slim
|
||||
commands:
|
||||
- echo testing
|
||||
- sleep 5
|
||||
|
||||
depends_on:
|
||||
- build
|
||||
```
|
||||
|
||||
.woodpecker/.lint.yml
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
lint:
|
||||
image: debian:stable-slim
|
||||
commands:
|
||||
- echo linting
|
||||
- sleep 5
|
||||
```
|
||||
|
||||
## Status lines
|
||||
|
||||
Each workflow will report its own status back to your forge.
|
||||
|
||||
## Flow control
|
||||
|
||||
The workflows run in parallel on separate agents and share nothing.
|
||||
|
||||
Dependencies between workflows can be set with the `depends_on` element. A workflow doesn't execute until all of its dependencies finished successfully.
|
||||
|
||||
The name for a `depends_on` entry is the filename without the path, leading dots and without the file extension `.yml` or `.yaml`. If the project config for example uses `.woodpecker/` as path for CI files with a file named `.woodpecker/.lint.yml` the corresponding `depends_on` entry would be `lint`.
|
||||
|
||||
```diff
|
||||
steps:
|
||||
deploy:
|
||||
image: debian:stable-slim
|
||||
commands:
|
||||
- echo deploying
|
||||
|
||||
+depends_on:
|
||||
+ - lint
|
||||
+ - build
|
||||
+ - test
|
||||
```
|
||||
|
||||
Workflows that need to run even on failures should set the `runs_on` tag.
|
||||
|
||||
```diff
|
||||
steps:
|
||||
notify:
|
||||
image: debian:stable-slim
|
||||
commands:
|
||||
- echo notifying
|
||||
|
||||
depends_on:
|
||||
- deploy
|
||||
|
||||
+runs_on: [ success, failure ]
|
||||
```
|
||||
|
||||
:::info
|
||||
Some workflows don't need the source code, like creating a notification on failure.
|
||||
Read more about `skip_clone` at [pipeline syntax](./20-pipeline-syntax.md#skip_clone)
|
||||
:::
|
138
docs/versioned_docs/version-1.0/20-usage/30-matrix-workflows.md
Normal file
|
@ -0,0 +1,138 @@
|
|||
# Matrix workflows
|
||||
|
||||
Woodpecker has integrated support for matrix workflows. Woodpecker executes a separate workflow for each combination in the matrix, allowing you to build and test a single commit against multiple configurations.
|
||||
|
||||
Example matrix definition:
|
||||
|
||||
```yaml
|
||||
matrix:
|
||||
GO_VERSION:
|
||||
- 1.4
|
||||
- 1.3
|
||||
REDIS_VERSION:
|
||||
- 2.6
|
||||
- 2.8
|
||||
- 3.0
|
||||
```
|
||||
|
||||
Example matrix definition containing only specific combinations:
|
||||
|
||||
```yaml
|
||||
matrix:
|
||||
include:
|
||||
- GO_VERSION: 1.4
|
||||
REDIS_VERSION: 2.8
|
||||
- GO_VERSION: 1.5
|
||||
REDIS_VERSION: 2.8
|
||||
- GO_VERSION: 1.6
|
||||
REDIS_VERSION: 3.0
|
||||
```
|
||||
|
||||
## Interpolation
|
||||
|
||||
Matrix variables are interpolated in the YAML using the `${VARIABLE}` syntax, before the YAML is parsed. This is an example YAML file before interpolating matrix parameters:
|
||||
|
||||
```yaml
|
||||
matrix:
|
||||
GO_VERSION:
|
||||
- 1.4
|
||||
- 1.3
|
||||
DATABASE:
|
||||
- mysql:5.5
|
||||
- mysql:6.5
|
||||
- mariadb:10.1
|
||||
|
||||
steps:
|
||||
build:
|
||||
image: golang:${GO_VERSION}
|
||||
commands:
|
||||
- go get
|
||||
- go build
|
||||
- go test
|
||||
|
||||
services:
|
||||
database:
|
||||
image: ${DATABASE}
|
||||
```
|
||||
|
||||
Example YAML file after injecting the matrix parameters:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
build:
|
||||
- image: golang:${GO_VERSION}
|
||||
+ image: golang:1.4
|
||||
commands:
|
||||
- go get
|
||||
- go build
|
||||
- go test
|
||||
+ environment:
|
||||
+ - GO_VERSION=1.4
|
||||
+ - DATABASE=mysql:5.5
|
||||
|
||||
services:
|
||||
database:
|
||||
- image: ${DATABASE}
|
||||
+ image: mysql:5.5
|
||||
```
|
||||
|
||||
## Examples
|
||||
|
||||
### Example matrix pipeline based on Docker image tag
|
||||
|
||||
```yaml
|
||||
matrix:
|
||||
TAG:
|
||||
- 1.7
|
||||
- 1.8
|
||||
- latest
|
||||
|
||||
steps:
|
||||
build:
|
||||
image: golang:${TAG}
|
||||
commands:
|
||||
- go build
|
||||
- go test
|
||||
```
|
||||
|
||||
### Example matrix pipeline based on container image
|
||||
|
||||
```yaml
|
||||
matrix:
|
||||
IMAGE:
|
||||
- golang:1.7
|
||||
- golang:1.8
|
||||
- golang:latest
|
||||
|
||||
steps:
|
||||
build:
|
||||
image: ${IMAGE}
|
||||
commands:
|
||||
- go build
|
||||
- go test
|
||||
```
|
||||
|
||||
### Example matrix pipeline using multiple platforms
|
||||
|
||||
```yaml
|
||||
matrix:
|
||||
platform:
|
||||
- linux/amd64
|
||||
- linux/arm64
|
||||
|
||||
platform: ${platform}
|
||||
|
||||
steps:
|
||||
test:
|
||||
image: alpine
|
||||
commands:
|
||||
- echo "I am running on ${platform}"
|
||||
|
||||
test-arm-only:
|
||||
image: alpine
|
||||
commands:
|
||||
- echo "I am running on ${platform}"
|
||||
- echo "Arm is cool!"
|
||||
when:
|
||||
platform: linux/arm*
|
||||
```
|
|
@ -0,0 +1,90 @@
|
|||
# Advanced YAML syntax
|
||||
|
||||
## Anchors & aliases
|
||||
|
||||
You can use [YAML anchors & aliases](https://yaml.org/spec/1.2.2/#3222-anchors-and-aliases) as variables in your pipeline config.
|
||||
|
||||
To convert this:
|
||||
```yml
|
||||
steps:
|
||||
test:
|
||||
image: golang:1.18
|
||||
commands: go test ./...
|
||||
build:
|
||||
image: golang:1.18
|
||||
commands: build
|
||||
```
|
||||
|
||||
Just add a new section called **variables** like this:
|
||||
|
||||
```diff
|
||||
+variables:
|
||||
+ - &golang_image 'golang:1.18'
|
||||
|
||||
steps:
|
||||
test:
|
||||
- image: golang:1.18
|
||||
+ image: *golang_image
|
||||
commands: go test ./...
|
||||
build:
|
||||
- image: golang:1.18
|
||||
+ image: *golang_image
|
||||
commands: build
|
||||
```
|
||||
|
||||
## Map merges and overwrites
|
||||
|
||||
```yaml
|
||||
variables:
|
||||
- &base-plugin-settings
|
||||
target: dist
|
||||
recursive: false
|
||||
try: true
|
||||
- &special-setting
|
||||
special: true
|
||||
- &some-plugin codeberg.org/6543/docker-images/print_env
|
||||
|
||||
steps:
|
||||
develop:
|
||||
image: *some-plugin
|
||||
settings:
|
||||
<<: [*base-plugin-settings, *special-setting] # merge two maps into an empty map
|
||||
when:
|
||||
branch: develop
|
||||
|
||||
main:
|
||||
image: *some-plugin
|
||||
settings:
|
||||
<<: *base-plugin-settings # merge one map and ...
|
||||
try: false # ... overwrite original value
|
||||
ongoing: false # ... adding a new value
|
||||
when:
|
||||
branch: main
|
||||
```
|
||||
|
||||
## Sequence merges
|
||||
|
||||
```yaml
|
||||
variables:
|
||||
pre_cmds: &pre_cmds
|
||||
- echo start
|
||||
- whoami
|
||||
post_cmds: &post_cmds
|
||||
- echo stop
|
||||
hello_cmd: &hello_cmd
|
||||
- echo hello
|
||||
|
||||
steps:
|
||||
step1:
|
||||
image: debian
|
||||
commands:
|
||||
- <<: *pre_cmds # prepend a sequence
|
||||
- echo exec step now do dedicated things
|
||||
- <<: *post_cmds # append a sequence
|
||||
step2:
|
||||
image: debian
|
||||
commands:
|
||||
- <<: [*pre_cmds, *hello_cmd] # prepend two sequences
|
||||
- echo echo from second step
|
||||
- <<: *post_cmds
|
||||
```
|
143
docs/versioned_docs/version-1.0/20-usage/40-secrets.md
Normal file
|
@ -0,0 +1,143 @@
|
|||
# Secrets
|
||||
|
||||
Woodpecker provides the ability to store named parameters external to the YAML configuration file, in a central secret store. These secrets can be passed to individual steps of the pipeline at runtime.
|
||||
|
||||
Secrets are exposed to your pipeline steps and plugins as uppercase environment variables and can therefore be referenced in the commands section of your pipeline.
|
||||
|
||||
```diff
|
||||
steps:
|
||||
docker:
|
||||
image: docker
|
||||
commands:
|
||||
+ - echo $DOCKER_USERNAME
|
||||
+ - echo $DOCKER_PASSWORD
|
||||
+ secrets: [ docker_username, docker_password ]
|
||||
```
|
||||
|
||||
Alternatively, you can get a `setting` from secrets using the `from_secret` syntax.
|
||||
In this example, the secret named `secret_token` would be passed to the pipeline as `PLUGIN_TOKEN`.
|
||||
|
||||
**NOTE:** the `from_secret` syntax only works with the newer `settings` block.
|
||||
|
||||
```diff
|
||||
steps:
|
||||
docker:
|
||||
image: my-plugin
|
||||
settings:
|
||||
+ token:
|
||||
+ from_secret: secret_token
|
||||
```
|
||||
|
||||
|
||||
Please note parameter expressions are subject to pre-processing. When using secrets in parameter expressions they should be escaped.
|
||||
|
||||
```diff
|
||||
steps:
|
||||
docker:
|
||||
image: docker
|
||||
commands:
|
||||
- - echo ${DOCKER_USERNAME}
|
||||
- - echo ${DOCKER_PASSWORD}
|
||||
+ - echo $${DOCKER_USERNAME}
|
||||
+ - echo $${DOCKER_PASSWORD}
|
||||
secrets: [ docker_username, docker_password ]
|
||||
```
|
||||
|
||||
## Adding Secrets
|
||||
|
||||
Secrets are added to the Woodpecker secret store on the UI or with the CLI.
|
||||
|
||||
## Alternate Names
|
||||
|
||||
There may be scenarios where you are required to store secrets using alternate names. You can map the alternate secret name to the expected name using the below syntax:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
docker:
|
||||
image: plugins/docker
|
||||
repo: octocat/hello-world
|
||||
tags: latest
|
||||
+ secrets:
|
||||
+ - source: docker_prod_password
|
||||
+ target: docker_password
|
||||
```
|
||||
|
||||
## Pull Requests
|
||||
|
||||
Secrets are not exposed to pull requests by default. You can override this behavior by creating the secret and enabling the `pull_request` event type.
|
||||
|
||||
```diff
|
||||
woodpecker-cli secret add \
|
||||
-repository octocat/hello-world \
|
||||
-image plugins/docker \
|
||||
+ -event pull_request \
|
||||
+ -event push \
|
||||
+ -event tag \
|
||||
-name docker_username \
|
||||
-value <value>
|
||||
```
|
||||
|
||||
Please be careful when exposing secrets to pull requests. If your repository is open source and accepts pull requests your secrets are not safe. A bad actor can submit a malicious pull request that exposes your secrets.
|
||||
|
||||
## Image filter
|
||||
|
||||
To prevent abusing your secrets with malicious pull requests, you can limit a secret to a list of images. They are not available to any other container. In addition, you can make the secret available only for plugins (steps without user-defined commands).
|
||||
|
||||
:::warning
|
||||
If you enable the option "Only available for plugins", always set an image filter too. Otherwise, the secret can be accessed by a very simple self-developed plugin and is thus *not* safe.
|
||||
If you only set an image filter, you could still access the secret using the same image and by specifying a command that prints it.
|
||||
:::
|
||||
|
||||
## Examples
|
||||
|
||||
Create the secret using default settings. The secret will be available to all images in your pipeline, and will be available to all push, tag, and deployment events (not pull request events).
|
||||
|
||||
```diff
|
||||
woodpecker-cli secret add \
|
||||
-repository octocat/hello-world \
|
||||
-name aws_access_key_id \
|
||||
-value <value>
|
||||
```
|
||||
|
||||
Create the secret and limit to a single image:
|
||||
|
||||
```diff
|
||||
woodpecker-cli secret add \
|
||||
-repository octocat/hello-world \
|
||||
+ -image plugins/s3 \
|
||||
-name aws_access_key_id \
|
||||
-value <value>
|
||||
```
|
||||
|
||||
Create the secrets and limit to a set of images:
|
||||
|
||||
```diff
|
||||
woodpecker-cli secret add \
|
||||
-repository octocat/hello-world \
|
||||
+ -image plugins/s3 \
|
||||
+ -image peloton/woodpecker-ecs \
|
||||
-name aws_access_key_id \
|
||||
-value <value>
|
||||
```
|
||||
|
||||
Create the secret and enable for multiple hook events:
|
||||
|
||||
```diff
|
||||
woodpecker-cli secret add \
|
||||
-repository octocat/hello-world \
|
||||
-image plugins/s3 \
|
||||
+ -event pull_request \
|
||||
+ -event push \
|
||||
+ -event tag \
|
||||
-name aws_access_key_id \
|
||||
-value <value>
|
||||
```
|
||||
|
||||
Loading secrets from file using curl `@` syntax. This is the recommended approach for loading secrets from file to preserve newlines:
|
||||
|
||||
```diff
|
||||
woodpecker-cli secret add \
|
||||
-repository octocat/hello-world \
|
||||
-name ssh_key \
|
||||
+ -value @/root/ssh/id_rsa
|
||||
```
|
|
@ -0,0 +1,3 @@
|
|||
# Registries
|
||||
|
||||
Woodpecker provides the ability to add container registries in the settings of your repository. Adding a registry allows you to authenticate and pull private images from a container registry when using these images as a step inside your pipeline.
|
34
docs/versioned_docs/version-1.0/20-usage/45-cron.md
Normal file
|
@ -0,0 +1,34 @@
|
|||
# Cron
|
||||
|
||||
To configure cron jobs you need at least push access to the repository.
|
||||
|
||||
## Add a new cron job
|
||||
|
||||
1. To create a new cron job adjust your pipeline config(s) and add the event filter to all steps you would like to run by the cron job:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
sync_locales:
|
||||
image: weblate_sync
|
||||
settings:
|
||||
url: example.com
|
||||
token:
|
||||
from_secret: weblate_token
|
||||
+ when:
|
||||
+ event: cron
|
||||
+ cron: "name of the cron job" # if you only want to execute this step by a specific cron job
|
||||
```
|
||||
|
||||
1. Create a new cron job in the repository settings:
|
||||
|
||||
![cron settings](./cron-settings.png)
|
||||
|
||||
The supported schedule syntax can be found at <https://pkg.go.dev/github.com/robfig/cron?utm_source=godoc#hdr-CRON_Expression_Format>. If you need general understanding of the cron syntax <https://crontab.guru/> is a good place to start and experiment.
|
||||
|
||||
Examples: `@every 5m`, `@daily`, `0 30 * * * *` ...
|
||||
|
||||
:::info
|
||||
Woodpeckers cron syntax starts with seconds instead of minutes as used by most linux cron schedulers.
|
||||
|
||||
Example: "At minute 30 every hour" would be `0 30 * * * *` instead of `30 * * * *`
|
||||
:::
|
220
docs/versioned_docs/version-1.0/20-usage/50-environment.md
Normal file
|
@ -0,0 +1,220 @@
|
|||
# Environment variables
|
||||
|
||||
Woodpecker provides the ability to pass environment variables to individual pipeline steps. Note that these can't overwrite any existing, built-in variables. Example pipeline step with custom environment variables:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
build:
|
||||
image: golang
|
||||
+ environment:
|
||||
+ - CGO=0
|
||||
+ - GOOS=linux
|
||||
+ - GOARCH=amd64
|
||||
commands:
|
||||
- go build
|
||||
- go test
|
||||
```
|
||||
|
||||
Please note that the environment section is not able to expand environment variables. If you need to expand variables they should be exported in the commands section.
|
||||
|
||||
```diff
|
||||
steps:
|
||||
build:
|
||||
image: golang
|
||||
- environment:
|
||||
- - PATH=$PATH:/go
|
||||
commands:
|
||||
+ - export PATH=$PATH:/go
|
||||
- go build
|
||||
- go test
|
||||
```
|
||||
|
||||
> Please be warned that `${variable}` expressions are subject to pre-processing. If you do not want the pre-processor to evaluate your expression it must be escaped:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
build:
|
||||
image: golang
|
||||
commands:
|
||||
- - export PATH=${PATH}:/go
|
||||
+ - export PATH=$${PATH}:/go
|
||||
- go build
|
||||
- go test
|
||||
```
|
||||
|
||||
## Built-in environment variables
|
||||
|
||||
This is the reference list of all environment variables available to your pipeline containers. These are injected into your pipeline step and plugins containers, at runtime.
|
||||
|
||||
| NAME | Description |
|
||||
| -------------------------------- | -------------------------------------------------------------------------------------------- |
|
||||
| `CI=woodpecker` | environment is woodpecker |
|
||||
| | **Repository** |
|
||||
| `CI_REPO` | repository full name `<owner>/<name>` |
|
||||
| `CI_REPO_OWNER` | repository owner |
|
||||
| `CI_REPO_NAME` | repository name |
|
||||
| `CI_REPO_REMOTE_ID` | repository remote ID, is the UID it has in the forge |
|
||||
| `CI_REPO_SCM` | repository SCM (git) |
|
||||
| `CI_REPO_URL` | repository web URL |
|
||||
| `CI_REPO_CLONE_URL` | repository clone URL |
|
||||
| `CI_REPO_DEFAULT_BRANCH` | repository default branch (master) |
|
||||
| `CI_REPO_PRIVATE` | repository is private |
|
||||
| `CI_REPO_TRUSTED` | repository is trusted |
|
||||
| | **Current Commit** |
|
||||
| `CI_COMMIT_SHA` | commit SHA |
|
||||
| `CI_COMMIT_REF` | commit ref |
|
||||
| `CI_COMMIT_REFSPEC` | commit ref spec |
|
||||
| `CI_COMMIT_BRANCH` | commit branch (equals target branch for pull requests) |
|
||||
| `CI_COMMIT_SOURCE_BRANCH` | commit source branch |
|
||||
| `CI_COMMIT_TARGET_BRANCH` | commit target branch |
|
||||
| `CI_COMMIT_TAG` | commit tag name (empty if event is not `tag`) |
|
||||
| `CI_COMMIT_PULL_REQUEST` | commit pull request number (empty if event is not `pull_request`) |
|
||||
| `CI_COMMIT_PULL_REQUEST_LABELS` | labels assigned to pull request (empty if event is not `pull_request`) |
|
||||
| `CI_COMMIT_URL` | commit link in forge |
|
||||
| `CI_COMMIT_MESSAGE` | commit message |
|
||||
| `CI_COMMIT_AUTHOR` | commit author username |
|
||||
| `CI_COMMIT_AUTHOR_EMAIL` | commit author email address |
|
||||
| `CI_COMMIT_AUTHOR_AVATAR` | commit author avatar |
|
||||
| | **Current pipeline** |
|
||||
| `CI_PIPELINE_NUMBER` | pipeline number |
|
||||
| `CI_PIPELINE_PARENT` | number of parent pipeline |
|
||||
| `CI_PIPELINE_EVENT` | pipeline event (push, pull_request, tag, deployment) |
|
||||
| `CI_PIPELINE_URL` | link to the forge's web UI for the commit(s) or tag that triggered the pipeline |
|
||||
| `CI_PIPELINE_DEPLOY_TARGET` | pipeline deploy target for `deployment` events (ie production) |
|
||||
| `CI_PIPELINE_STATUS` | pipeline status (success, failure) |
|
||||
| `CI_PIPELINE_CREATED` | pipeline created UNIX timestamp |
|
||||
| `CI_PIPELINE_STARTED` | pipeline started UNIX timestamp |
|
||||
| `CI_PIPELINE_FINISHED` | pipeline finished UNIX timestamp |
|
||||
| | **Current workflow** |
|
||||
| `CI_WORKFLOW_NAME` | workflow name |
|
||||
| | **Current step** |
|
||||
| `CI_STEP_NAME` | step name |
|
||||
| `CI_STEP_STATUS` | step status (success, failure) |
|
||||
| `CI_STEP_STARTED` | step started UNIX timestamp |
|
||||
| `CI_STEP_FINISHED` | step finished UNIX timestamp |
|
||||
| | **Previous commit** |
|
||||
| `CI_PREV_COMMIT_SHA` | previous commit SHA |
|
||||
| `CI_PREV_COMMIT_REF` | previous commit ref |
|
||||
| `CI_PREV_COMMIT_REFSPEC` | previous commit ref spec |
|
||||
| `CI_PREV_COMMIT_BRANCH` | previous commit branch |
|
||||
| `CI_PREV_COMMIT_SOURCE_BRANCH` | previous commit source branch |
|
||||
| `CI_PREV_COMMIT_TARGET_BRANCH` | previous commit target branch |
|
||||
| `CI_PREV_COMMIT_URL` | previous commit link in forge |
|
||||
| `CI_PREV_COMMIT_MESSAGE` | previous commit message |
|
||||
| `CI_PREV_COMMIT_AUTHOR` | previous commit author username |
|
||||
| `CI_PREV_COMMIT_AUTHOR_EMAIL` | previous commit author email address |
|
||||
| `CI_PREV_COMMIT_AUTHOR_AVATAR` | previous commit author avatar |
|
||||
| | **Previous pipeline** |
|
||||
| `CI_PREV_PIPELINE_NUMBER` | previous pipeline number |
|
||||
| `CI_PREV_PIPELINE_PARENT` | previous pipeline number of parent pipeline |
|
||||
| `CI_PREV_PIPELINE_EVENT` | previous pipeline event (push, pull_request, tag, deployment) |
|
||||
| `CI_PREV_PIPELINE_URL` | previous pipeline link in CI |
|
||||
| `CI_PREV_PIPELINE_DEPLOY_TARGET` | previous pipeline deploy target for `deployment` events (ie production) |
|
||||
| `CI_PREV_PIPELINE_STATUS` | previous pipeline status (success, failure) |
|
||||
| `CI_PREV_PIPELINE_CREATED` | previous pipeline created UNIX timestamp |
|
||||
| `CI_PREV_PIPELINE_STARTED` | previous pipeline started UNIX timestamp |
|
||||
| `CI_PREV_PIPELINE_FINISHED` | previous pipeline finished UNIX timestamp |
|
||||
| |   |
|
||||
| `CI_WORKSPACE` | Path of the workspace where source code gets cloned to |
|
||||
| | **System** |
|
||||
| `CI_SYSTEM_NAME` | name of the CI system: `woodpecker` |
|
||||
| `CI_SYSTEM_URL` | link to CI system |
|
||||
| `CI_SYSTEM_HOST` | hostname of CI server |
|
||||
| `CI_SYSTEM_VERSION` | version of the server |
|
||||
| | **Forge** |
|
||||
| `CI_FORGE_TYPE` | name of forge (gitea, github, ...) |
|
||||
| `CI_FORGE_URL` | root URL of configured forge |
|
||||
| | **Internal** - Please don't use! |
|
||||
| `CI_SCRIPT` | Internal script path. Used to call pipeline step commands. |
|
||||
| `CI_NETRC_USERNAME` | Credentials for private repos to be able to clone data. (Only available for specific images) |
|
||||
| `CI_NETRC_PASSWORD` | Credentials for private repos to be able to clone data. (Only available for specific images) |
|
||||
| `CI_NETRC_MACHINE` | Credentials for private repos to be able to clone data. (Only available for specific images) |
|
||||
|
||||
## Global environment variables
|
||||
|
||||
If you want specific environment variables to be available in all of your pipelines use the `WOODPECKER_ENVIRONMENT` setting on the Woodpecker server. Note that these can't overwrite any existing, built-in variables.
|
||||
|
||||
```diff
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_ENVIRONMENT=first_var:value1,second_var:value2
|
||||
```
|
||||
|
||||
These can be used, for example, to manage the image tag used by multiple projects.
|
||||
|
||||
```diff
|
||||
steps:
|
||||
build:
|
||||
- image: golang:1.18
|
||||
+ image: golang:${GOLANG_VERSION}
|
||||
commands:
|
||||
- [...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_ENVIRONMENT=GOLANG_VERSION:1.18
|
||||
```
|
||||
|
||||
## String Substitution
|
||||
|
||||
Woodpecker provides the ability to substitute environment variables at runtime. This gives us the ability to use dynamic settings, commands and filters in our pipeline configuration.
|
||||
|
||||
Example commit substitution:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
docker:
|
||||
image: plugins/docker
|
||||
settings:
|
||||
+ tags: ${CI_COMMIT_SHA}
|
||||
```
|
||||
|
||||
Example tag substitution:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
docker:
|
||||
image: plugins/docker
|
||||
settings:
|
||||
+ tags: ${CI_COMMIT_TAG}
|
||||
```
|
||||
|
||||
## String Operations
|
||||
|
||||
Woodpecker also emulates bash string operations. This gives us the ability to manipulate the strings prior to substitution. Example use cases might include substring and stripping prefix or suffix values.
|
||||
|
||||
| OPERATION | DESCRIPTION |
|
||||
| ------------------ | ------------------------------------------------ |
|
||||
| `${param}` | parameter substitution |
|
||||
| `${param,}` | parameter substitution with lowercase first char |
|
||||
| `${param,,}` | parameter substitution with lowercase |
|
||||
| `${param^}` | parameter substitution with uppercase first char |
|
||||
| `${param^^}` | parameter substitution with uppercase |
|
||||
| `${param:pos}` | parameter substitution with substring |
|
||||
| `${param:pos:len}` | parameter substitution with substring and length |
|
||||
| `${param=default}` | parameter substitution with default |
|
||||
| `${param##prefix}` | parameter substitution with prefix removal |
|
||||
| `${param%%suffix}` | parameter substitution with suffix removal |
|
||||
| `${param/old/new}` | parameter substitution with find and replace |
|
||||
|
||||
Example variable substitution with substring:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
docker:
|
||||
image: plugins/docker
|
||||
settings:
|
||||
+ tags: ${CI_COMMIT_SHA:0:8}
|
||||
```
|
||||
|
||||
Example variable substitution strips `v` prefix from `v.1.0.0`:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
docker:
|
||||
image: plugins/docker
|
||||
settings:
|
||||
+ tags: ${CI_COMMIT_TAG##v}
|
||||
```
|
|
@ -0,0 +1,48 @@
|
|||
# Plugins
|
||||
|
||||
Plugins are pipeline steps that perform pre-defined tasks and are configured as steps in your pipeline. Plugins can be used to deploy code, publish artifacts, send notification, and more.
|
||||
|
||||
They are automatically pulled from the default container registry the agent's have configured.
|
||||
|
||||
Example pipeline using the Docker and Slack plugins:
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
build:
|
||||
image: golang
|
||||
commands:
|
||||
- go build
|
||||
- go test
|
||||
|
||||
publish:
|
||||
image: plugins/docker
|
||||
settings:
|
||||
repo: foo/bar
|
||||
tags: latest
|
||||
|
||||
notify:
|
||||
image: plugins/slack
|
||||
settings:
|
||||
channel: dev
|
||||
```
|
||||
|
||||
## Plugin Isolation
|
||||
|
||||
Plugins are just pipeline steps. They share the build workspace, mounted as a volume, and therefore have access to your source tree.
|
||||
|
||||
## Finding Plugins
|
||||
|
||||
For official plugins, you can use the Woodpecker plugin index:
|
||||
|
||||
- [Official Woodpecker Plugins](https://woodpecker-ci.org/plugins)
|
||||
|
||||
:::tip
|
||||
There are also other plugin lists with additional plugins. Keep in mind that [Drone](https://www.drone.io/) plugins are generally supported, but could need some adjustments and tweaking.
|
||||
|
||||
- [Drone Plugins](http://plugins.drone.io)
|
||||
- [The Geek Lab Drone Plugins](https://drone-plugin-index.geekdocs.de/plugins/drone-matrix/)
|
||||
:::
|
||||
|
||||
## Creating a plugin
|
||||
|
||||
See a [detailed plugin example](./20-sample-plugin.md).
|
|
@ -0,0 +1,60 @@
|
|||
# Example plugin
|
||||
|
||||
This provides a brief tutorial for creating a Woodpecker webhook plugin, using simple shell scripting, to make an http requests during the build pipeline.
|
||||
|
||||
## What end users will see
|
||||
|
||||
The below example demonstrates how we might configure a webhook plugin in the YAML file:
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
webhook:
|
||||
image: foo/webhook
|
||||
settings:
|
||||
url: http://example.com
|
||||
method: post
|
||||
body: |
|
||||
hello world
|
||||
```
|
||||
|
||||
## Write the logic
|
||||
|
||||
Create a simple shell script that invokes curl using the YAML configuration parameters, which are passed to the script as environment variables in uppercase and prefixed with `PLUGIN_`.
|
||||
|
||||
```bash
|
||||
#!/bin/sh
|
||||
|
||||
curl \
|
||||
-X ${PLUGIN_METHOD} \
|
||||
-d ${PLUGIN_BODY} \
|
||||
${PLUGIN_URL}
|
||||
```
|
||||
|
||||
## Package it
|
||||
|
||||
Create a Dockerfile that adds your shell script to the image, and configures the image to execute your shell script as the main entrypoint.
|
||||
|
||||
```dockerfile
|
||||
FROM alpine
|
||||
ADD script.sh /bin/
|
||||
RUN chmod +x /bin/script.sh
|
||||
RUN apk -Uuv add curl ca-certificates
|
||||
ENTRYPOINT /bin/script.sh
|
||||
```
|
||||
|
||||
Build and publish your plugin to the Docker registry. Once published your plugin can be shared with the broader Woodpecker community.
|
||||
|
||||
```nohighlight
|
||||
docker build -t foo/webhook .
|
||||
docker push foo/webhook
|
||||
```
|
||||
|
||||
Execute your plugin locally from the command line to verify it is working:
|
||||
|
||||
```nohighlight
|
||||
docker run --rm \
|
||||
-e PLUGIN_METHOD=post \
|
||||
-e PLUGIN_URL=http://example.com \
|
||||
-e PLUGIN_BODY="hello world" \
|
||||
foo/webhook
|
||||
```
|
|
@ -0,0 +1,4 @@
|
|||
label: 'Plugins'
|
||||
# position: 2
|
||||
collapsible: true
|
||||
collapsed: true
|
99
docs/versioned_docs/version-1.0/20-usage/60-services.md
Normal file
|
@ -0,0 +1,99 @@
|
|||
# Services
|
||||
|
||||
Woodpecker provides a services section in the YAML file used for defining service containers.
|
||||
The below configuration composes database and cache containers.
|
||||
|
||||
Services are accessed using custom hostnames.
|
||||
In the example below, the MySQL service is assigned the hostname `database` and is available at `database:3306`.
|
||||
|
||||
```diff
|
||||
steps:
|
||||
build:
|
||||
image: golang
|
||||
commands:
|
||||
- go build
|
||||
- go test
|
||||
|
||||
services:
|
||||
database:
|
||||
image: mysql
|
||||
|
||||
cache:
|
||||
image: redis
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
Service containers generally expose environment variables to customize service startup such as default usernames, passwords and ports. Please see the official image documentation to learn more.
|
||||
|
||||
```diff
|
||||
services:
|
||||
database:
|
||||
image: mysql
|
||||
+ environment:
|
||||
+ - MYSQL_DATABASE=test
|
||||
+ - MYSQL_ALLOW_EMPTY_PASSWORD=yes
|
||||
|
||||
cache:
|
||||
image: redis
|
||||
```
|
||||
|
||||
## Detachment
|
||||
|
||||
Service and long running containers can also be included in the pipeline section of the configuration using the detach parameter without blocking other steps. This should be used when explicit control over startup order is required.
|
||||
|
||||
```diff
|
||||
steps:
|
||||
build:
|
||||
image: golang
|
||||
commands:
|
||||
- go build
|
||||
- go test
|
||||
|
||||
database:
|
||||
image: redis
|
||||
+ detach: true
|
||||
|
||||
test:
|
||||
image: golang
|
||||
commands:
|
||||
- go test
|
||||
```
|
||||
|
||||
Containers from detached steps will terminate when the pipeline ends.
|
||||
|
||||
## Initialization
|
||||
|
||||
Service containers require time to initialize and begin to accept connections. If you are unable to connect to a service you may need to wait a few seconds or implement a backoff.
|
||||
|
||||
```diff
|
||||
steps:
|
||||
test:
|
||||
image: golang
|
||||
commands:
|
||||
+ - sleep 15
|
||||
- go get
|
||||
- go test
|
||||
|
||||
services:
|
||||
database:
|
||||
image: mysql
|
||||
```
|
||||
|
||||
## Complete Pipeline Example
|
||||
|
||||
```yml
|
||||
services:
|
||||
database:
|
||||
image: mysql
|
||||
environment:
|
||||
- MYSQL_DATABASE=test
|
||||
- MYSQL_ROOT_PASSWORD=example
|
||||
steps:
|
||||
get-version:
|
||||
image: ubuntu
|
||||
commands:
|
||||
- ( apt update && apt dist-upgrade -y && apt install -y mysql-client 2>&1 )> /dev/null
|
||||
- sleep 30s # need to wait for mysql-server init
|
||||
- echo 'SHOW VARIABLES LIKE "version"' | mysql -uroot -hdatabase test -pexample
|
||||
```
|
27
docs/versioned_docs/version-1.0/20-usage/70-volumes.md
Normal file
|
@ -0,0 +1,27 @@
|
|||
# Volumes
|
||||
|
||||
Woodpecker gives the ability to define Docker volumes in the YAML. You can use this parameter to mount files or folders on the host machine into your containers.
|
||||
|
||||
:::note
|
||||
Volumes are only available to trusted repositories and for security reasons should only be used in private environments. See [project settings](./71-project-settings.md#trusted) to enable trusted mode.
|
||||
:::
|
||||
|
||||
```diff
|
||||
steps:
|
||||
build:
|
||||
image: docker
|
||||
commands:
|
||||
- docker build --rm -t octocat/hello-world .
|
||||
- docker run --rm octocat/hello-world --test
|
||||
- docker push octocat/hello-world
|
||||
- docker rmi octocat/hello-world
|
||||
volumes:
|
||||
+ - /var/run/docker.sock:/var/run/docker.sock
|
||||
```
|
||||
|
||||
Please note that Woodpecker mounts volumes on the host machine. This means you must use absolute paths when you configure volumes. Attempting to use relative paths will result in an error.
|
||||
|
||||
```diff
|
||||
- volumes: [ ./certs:/etc/ssl/certs ]
|
||||
+ volumes: [ /etc/ssl/certs:/etc/ssl/certs ]
|
||||
```
|
|
@ -0,0 +1,54 @@
|
|||
# Project settings
|
||||
|
||||
As the owner of a project in Woodpecker you can change project related settings via the web interface.
|
||||
|
||||
![project settings](./project-settings.png)
|
||||
|
||||
## Pipeline path
|
||||
|
||||
The path to the pipeline config file or folder. By default it is left empty which will use the following configuration resolution `.woodpecker/*.yml` -> `.woodpecker/*.yaml` -> `.woodpecker.yml` -> `.woodpecker.yaml`. If you set a custom path Woodpecker tries to load your configuration or fails if no configuration could be found at the specified location. To use a [multiple workflows](./25-workflows.md) with a custom path you have to change it to a folder path ending with a `/` like `.woodpecker/`.
|
||||
|
||||
## Repository hooks
|
||||
|
||||
Your Version-Control-System will notify Woodpecker about events via webhooks. If you want your pipeline to only run on specific webhooks, you can check them with this setting.
|
||||
|
||||
## Project settings
|
||||
|
||||
### Allow pull requests
|
||||
|
||||
Enables handling webhook's pull request event. If disabled, then pipeline won't run for pull requests.
|
||||
|
||||
### Protected
|
||||
|
||||
Every pipeline initiated by an webhook event needs to be approved by a project members with push permissions before being executed.
|
||||
The protected option can be used as an additional review process before running potentially harmful pipelines. Especially if pipelines can be executed by third-parties through pull-requests.
|
||||
|
||||
### Trusted
|
||||
|
||||
If you set your project to trusted, a pipeline step and by this the underlying containers gets access to escalated capabilities like mounting volumes.
|
||||
|
||||
:::note
|
||||
|
||||
Only server admins can set this option. If you are not a server admin this option won't be shown in your project settings.
|
||||
|
||||
:::
|
||||
|
||||
### Only inject netrc credentials into trusted containers
|
||||
|
||||
Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step.
|
||||
|
||||
## Project visibility
|
||||
|
||||
You can change the visibility of your project by this setting. If a user has access to a project he can see all builds and their logs and artifacts. Settings, Secrets and Registries can only be accessed by owners.
|
||||
|
||||
- `Public` Every user can see your project without being logged in.
|
||||
- `Internal` Only authenticated users of the Woodpecker instance can see this project.
|
||||
- `Private` Only you and other owners of the repository can see this project.
|
||||
|
||||
## Timeout
|
||||
|
||||
After this timeout a pipeline has to finish or will be treated as timed out.
|
||||
|
||||
## Cancel previous pipelines
|
||||
|
||||
By enabling this option for a pipeline event previous pipelines of the same event and context will be canceled before starting the newly triggered one.
|
18
docs/versioned_docs/version-1.0/20-usage/80-badges.md
Normal file
|
@ -0,0 +1,18 @@
|
|||
# Status Badges
|
||||
|
||||
Woodpecker has integrated support for repository status badges. These badges can be added to your website or project readme file to display the status of your code.
|
||||
|
||||
## Badge endpoint
|
||||
|
||||
```text
|
||||
<scheme>://<hostname>/api/badges/<repo-id>/status.svg
|
||||
```
|
||||
|
||||
The status badge displays the status for the latest build to your default branch (e.g. master). You can customize the branch by adding the `branch` query parameter.
|
||||
|
||||
```diff
|
||||
-<scheme>://<hostname>/api/badges/<repo-id>/status.svg
|
||||
+<scheme>://<hostname>/api/badges/<repo-id>/status.svg?branch=<branch>
|
||||
```
|
||||
|
||||
Please note status badges do not include pull request results, since the status of a pull request does not provide an accurate representation of your repository state.
|
|
@ -0,0 +1,84 @@
|
|||
# Advanced pipeline management
|
||||
|
||||
## Using variables
|
||||
|
||||
Once your pipeline starts to grow in size, it will become important to keep it DRY ("Don't Repeat Yourself") by using variables and environment variables. Depending on your specific need, there are a number of options.
|
||||
|
||||
### YAML extensions
|
||||
|
||||
As described in [Advanced YAML syntax](./35-advanced-yaml-syntax.md).
|
||||
|
||||
```yml
|
||||
variables:
|
||||
- &golang_image 'golang:1.18'
|
||||
|
||||
steps:
|
||||
build:
|
||||
image: *golang_image
|
||||
commands: build
|
||||
```
|
||||
|
||||
Note that the `golang_image` alias cannot be used with string interpolation. But this is otherwise a good option for most cases.
|
||||
|
||||
### YAML extensions (alternate form)
|
||||
|
||||
Another approach using YAML extensions:
|
||||
|
||||
```yml
|
||||
variables:
|
||||
- global_env: &global_env
|
||||
- BASH_VERSION=1.2.3
|
||||
- PATH_SRC=src/
|
||||
- PATH_TEST=test/
|
||||
- FOO=something
|
||||
|
||||
steps:
|
||||
build:
|
||||
image: bash:${BASH_VERSION}
|
||||
directory: ${PATH_SRC}
|
||||
commands:
|
||||
- make ${FOO} -o ${PATH_TEST}
|
||||
environment: *global_env
|
||||
|
||||
test:
|
||||
image: bash:${BASH_VERSION}
|
||||
commands:
|
||||
- test ${PATH_TEST}
|
||||
environment:
|
||||
- <<:*global_env
|
||||
- ADDITIONAL_LOCAL="var value"
|
||||
```
|
||||
|
||||
### Persisting environment data between steps
|
||||
|
||||
One can create a file containing environment variables, and then source it in each step that needs them.
|
||||
|
||||
```yml
|
||||
steps:
|
||||
init:
|
||||
image: bash
|
||||
commands:
|
||||
echo "FOO=hello" >> envvars
|
||||
echo "BAR=world" >> envvars
|
||||
|
||||
debug:
|
||||
image: bash
|
||||
commands:
|
||||
- source envvars
|
||||
- echo $FOO
|
||||
```
|
||||
|
||||
### Declaring global variables in `docker-compose.yml`
|
||||
|
||||
As described in [Global environment variables](./50-environment.md#global-environment-variables), one can define global variables:
|
||||
|
||||
```yml
|
||||
services:
|
||||
woodpecker-server:
|
||||
# ...
|
||||
environment:
|
||||
- WOODPECKER_ENVIRONMENT=first_var:value1,second_var:value2
|
||||
# ...
|
||||
```
|
||||
|
||||
Note that this tightly couples the server and app configurations (where the app is a completely separate application). But this is a good option for truly global variables which should apply to all steps in all pipelines for all apps.
|
4
docs/versioned_docs/version-1.0/20-usage/_category_.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
label: 'Usage'
|
||||
# position: 2
|
||||
collapsible: true
|
||||
collapsed: false
|
BIN
docs/versioned_docs/version-1.0/20-usage/cron-settings.png
Normal file
After Width: | Height: | Size: 40 KiB |
BIN
docs/versioned_docs/version-1.0/20-usage/project-settings.png
Normal file
After Width: | Height: | Size: 165 KiB |
BIN
docs/versioned_docs/version-1.0/20-usage/repo-list.png
Normal file
After Width: | Height: | Size: 21 KiB |
196
docs/versioned_docs/version-1.0/30-administration/00-setup.md
Normal file
|
@ -0,0 +1,196 @@
|
|||
# Setup
|
||||
|
||||
A Woodpecker deployment consists of two parts:
|
||||
|
||||
- A server which is the heart of Woodpecker and ships the web interface.
|
||||
- Next to one server you can deploy any number of agents which will run the pipelines.
|
||||
|
||||
> Each agent is able to process one pipeline step by default.
|
||||
>
|
||||
> If you have 4 agents installed and connected to the Woodpecker server, your system will process 4 builds in parallel.
|
||||
>
|
||||
> You can add more agents to increase the number of parallel steps or set the agent's `WOODPECKER_MAX_WORKFLOWS=1` environment variable to increase the number of parallel workflows for that agent.
|
||||
|
||||
## Which version of Woodpecker should I use?
|
||||
|
||||
Woodpecker is having two different kinds of releases: **stable** and **next**.
|
||||
|
||||
To find out more about the differences between the two releases, please read the [FAQ](/faq).
|
||||
|
||||
## Hardware Requirements
|
||||
|
||||
Below are resources requirements for Woodpecker components itself:
|
||||
|
||||
| Component | Memory | CPU |
|
||||
| --------- | ------ | --- |
|
||||
| Server | 200 MB | 1 |
|
||||
| Agent | 32 MB | 1 |
|
||||
|
||||
Note, that those values do not include the operating system or workload (pipelines execution) resources consumption.
|
||||
|
||||
In addition you need at least some kind of database which requires additional resources depending on the selected database system.
|
||||
|
||||
## Installation
|
||||
|
||||
You can install Woodpecker on multiple ways:
|
||||
|
||||
- Using [docker-compose](#docker-compose) with the official [container images](../80-downloads.md#docker-images)
|
||||
- By deploying to a [Kubernetes](./80-kubernetes.md) with manifests or Woodpeckers official Helm charts
|
||||
- Using [binaries](../80-downloads.md)
|
||||
|
||||
### docker-compose
|
||||
|
||||
The below [docker-compose](https://docs.docker.com/compose/) configuration can be used to start a Woodpecker server with a single agent.
|
||||
|
||||
It relies on a number of environment variables that you must set before running `docker-compose up`. The variables are described below.
|
||||
|
||||
```yaml
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
image: woodpeckerci/woodpecker-server:latest
|
||||
ports:
|
||||
- 8000:8000
|
||||
volumes:
|
||||
- woodpecker-server-data:/var/lib/woodpecker/
|
||||
environment:
|
||||
- WOODPECKER_OPEN=true
|
||||
- WOODPECKER_HOST=${WOODPECKER_HOST}
|
||||
- WOODPECKER_GITHUB=true
|
||||
- WOODPECKER_GITHUB_CLIENT=${WOODPECKER_GITHUB_CLIENT}
|
||||
- WOODPECKER_GITHUB_SECRET=${WOODPECKER_GITHUB_SECRET}
|
||||
- WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
|
||||
|
||||
woodpecker-agent:
|
||||
image: woodpeckerci/woodpecker-agent:latest
|
||||
command: agent
|
||||
restart: always
|
||||
depends_on:
|
||||
- woodpecker-server
|
||||
volumes:
|
||||
- woodpecker-agent-config:/etc/woodpecker
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
environment:
|
||||
- WOODPECKER_SERVER=woodpecker-server:9000
|
||||
- WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
|
||||
|
||||
volumes:
|
||||
woodpecker-server-data:
|
||||
woodpecker-agent-config:
|
||||
```
|
||||
|
||||
Woodpecker needs to know its own address. You must therefore provide the public address of it in `<scheme>://<hostname>` format. Please omit trailing slashes:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_HOST=${WOODPECKER_HOST}
|
||||
+ - WOODPECKER_HOST=${WOODPECKER_HOST}
|
||||
```
|
||||
|
||||
Woodpecker can also have its port's configured. It uses a separate port for gRPC and for HTTP. The agent performs gRPC calls and connects to the gRPC port.
|
||||
They can be configured with ADDR variables:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_GRPC_ADDR=${WOODPECKER_GRPC_ADDR}
|
||||
+ - WOODPECKER_SERVER_ADDR=${WOODPECKER_HTTP_ADDR}
|
||||
```
|
||||
|
||||
Reverse proxying can also be [configured for gRPC](./proxy#caddy). If the agents are connecting over the internet, it should also be SSL encrypted. The agent then needs to be configured to be secure:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_GRPC_SECURE=true # defaults to false
|
||||
+ - WOODPECKER_GRPC_VERIFY=true # default
|
||||
```
|
||||
|
||||
As agents run pipeline steps as docker containers they require access to the host machine's Docker daemon:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
[...]
|
||||
woodpecker-agent:
|
||||
[...]
|
||||
+ volumes:
|
||||
+ - /var/run/docker.sock:/var/run/docker.sock
|
||||
```
|
||||
|
||||
Agents require the server address for agent-to-server communication. The agent connects to the server's gRPC port:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-agent:
|
||||
[...]
|
||||
environment:
|
||||
+ - WOODPECKER_SERVER=woodpecker-server:9000
|
||||
```
|
||||
|
||||
The server and agents use a shared secret to authenticate communication. This should be a random string of your choosing and should be kept private. You can generate such string with `openssl rand -hex 32`:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
|
||||
woodpecker-agent:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
|
||||
```
|
||||
|
||||
## Authentication
|
||||
|
||||
Authentication is done using OAuth and is delegated to your forge which is configured by using environment variables. The example above demonstrates basic GitHub integration.
|
||||
|
||||
See the complete reference for all supported forges [here](./11-forges/10-overview.md).
|
||||
|
||||
## Database
|
||||
|
||||
By default Woodpecker uses a SQLite database which requires zero installation or configuration. See the [database settings](./30-database.md) page to further configure it or use MySQL or Postgres.
|
||||
|
||||
## SSL
|
||||
|
||||
Woodpecker supports SSL configuration by using Let's encrypt or by using own certificates. See the [SSL guide](./60-ssl.md).
|
||||
|
||||
## Metrics
|
||||
|
||||
A [Prometheus endpoint](./90-prometheus.md) is exposed.
|
||||
|
||||
## Behind a proxy
|
||||
|
||||
See the [proxy guide](./70-proxy.md) if you want to see a setup behind Apache, Nginx, Caddy or ngrok.
|
||||
|
||||
In the case you need to use Woodpecker with a URL path prefix (like: https://example.org/woodpecker/), you can use the option [`WOODPECKER_ROOT_URL`](./10-server-config.md#woodpecker_root_url).
|
|
@ -0,0 +1,551 @@
|
|||
# Server configuration
|
||||
|
||||
## User registration
|
||||
|
||||
Woodpecker does not have its own user registry; users are provided from your [forge](./11-forges/10-overview.md) (using OAuth2).
|
||||
|
||||
Registration is closed by default (`WOODPECKER_OPEN=false`). If registration is open (`WOODPECKER_OPEN=true`) then every user with an account at the configured forge can login to Woodpecker.
|
||||
|
||||
To open registration:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_OPEN=true
|
||||
```
|
||||
|
||||
You can **also restrict** registration, by keep registration closed and ...
|
||||
... **adding** new **users manually** via the CLI: `woodpecker-cli user add`, or
|
||||
... allowing specific **admin users** via the `WOODPECKER_ADMIN` setting, or
|
||||
by open registration and **filter by organization** membership through the `WOODPECKER_ORGS` setting.
|
||||
|
||||
### To close registration, but allow specific admin users
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_OPEN=false
|
||||
+ - WOODPECKER_ADMIN=johnsmith,janedoe
|
||||
```
|
||||
|
||||
### To only allow registration of users, who are members of approved organizations
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_OPEN=true
|
||||
+ - WOODPECKER_ORGS=dolores,dogpatch
|
||||
```
|
||||
|
||||
## Administrators
|
||||
|
||||
Administrators should also be enumerated in your configuration.
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_ADMIN=johnsmith,janedoe
|
||||
```
|
||||
|
||||
## Filtering repositories
|
||||
|
||||
Woodpecker operates with the user's OAuth permission. Due to the coarse permission handling of GitHub, you may end up syncing more repos into Woodpecker than preferred.
|
||||
|
||||
Use the `WOODPECKER_REPO_OWNERS` variable to filter which GitHub user's repos should be synced only. You typically want to put here your company's GitHub name.
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_REPO_OWNERS=mycompany,mycompanyossgithubuser
|
||||
```
|
||||
|
||||
## Global registry setting
|
||||
|
||||
If you want to make available a specific private registry to all pipelines, use the `WOODPECKER_DOCKER_CONFIG` server configuration.
|
||||
Point it to your server's docker config.
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_DOCKER_CONFIG=/home/user/.docker/config.json
|
||||
```
|
||||
|
||||
## Handling sensitive data in docker-compose and docker-swarm
|
||||
|
||||
To handle sensitive data in docker-compose or docker-swarm configurations there are several options:
|
||||
|
||||
For docker-compose you can use a .env file next to your compose configuration to store the secrets outside of the compose file. While this separates configuration from secrets it is still not very secure.
|
||||
|
||||
Alternatively use docker-secrets. As it may be difficult to use docker secrets for environment variables woodpecker allows to read sensible data from files by providing a `*_FILE` option of all sensible configuration variables. Woodpecker will try to read the value directly from this file. Keep in mind that when the original environment variable gets specified at the same time it will override the value read from the file.
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_AGENT_SECRET_FILE=/run/secrets/woodpecker-agent-secret
|
||||
+ secrets:
|
||||
+ - woodpecker-agent-secret
|
||||
+
|
||||
+secrets:
|
||||
+ woodpecker-agent-secret:
|
||||
+ external: true
|
||||
```
|
||||
|
||||
Store a value to a docker secret like this:
|
||||
`echo "my_agent_secret_key" | docker secret create woodpecker-agent-secret -`
|
||||
|
||||
or generate a random one like this:
|
||||
|
||||
`openssl rand -hex 32 | docker secret create woodpecker-agent-secret -`
|
||||
|
||||
## Custom Javascript and CSS Styling (a.k.a. white-labeling)
|
||||
|
||||
Woodpecker supports custom styling of the Web UI by providing custom JS and CSS files.
|
||||
These files must be present in the server's filesystem.
|
||||
They can be backed in a Docker image or mounted from a ConfigMap inside a Kubernetes environment.
|
||||
The configuration variables are independent of each other, which means it can be just one file present, or both.
|
||||
|
||||
```text
|
||||
WOODPECKER_CUSTOM_CSS_FILE=/usr/local/www/woodpecker.css
|
||||
WOODPECKER_CUSTOM_CSS_FILE=/usr/local/www/woodpecker.js
|
||||
```
|
||||
|
||||
The examples below show how to place a banner message in the top navigation bar of Woodpecker.
|
||||
|
||||
##### woodpecker.css
|
||||
```css
|
||||
.banner-message {
|
||||
position: absolute;
|
||||
width: 280px;
|
||||
height: 40px;
|
||||
margin-left: 240px;
|
||||
margin-top: 5px;
|
||||
padding-top: 5px;
|
||||
font-weight: bold;
|
||||
background: red no-repeat;
|
||||
text-align: center;
|
||||
}
|
||||
```
|
||||
|
||||
##### woodpecker.js
|
||||
|
||||
```javascript
|
||||
// place/copy a minified version of jQuery or ZeptoJS here ...
|
||||
!function(){"use strict";function e(){};/*...*/}();
|
||||
|
||||
$().ready(function(){
|
||||
$(".app nav img").first().htmlAfter("<div class='banner-message'>This is a demo banner message :)</div>")
|
||||
});
|
||||
```
|
||||
|
||||
|
||||
## All server configuration options
|
||||
|
||||
The following list describes all available server configuration options.
|
||||
|
||||
### `WOODPECKER_LOG_LEVEL`
|
||||
> Default: empty
|
||||
|
||||
Configures the logging level. Possible values are `trace`, `debug`, `info`, `warn`, `error`, `fatal`, `panic`, `disabled` and empty.
|
||||
|
||||
### `WOODPECKER_LOG_XORM`
|
||||
> Default: `false`
|
||||
|
||||
Enable XORM logs.
|
||||
|
||||
### `WOODPECKER_LOG_XORM_SQL`
|
||||
> Default: `false`
|
||||
|
||||
Enable XORM SQL command logs.
|
||||
|
||||
### `WOODPECKER_DEBUG_PRETTY`
|
||||
> Default: `false`
|
||||
|
||||
Enable pretty-printed debug output.
|
||||
|
||||
### `WOODPECKER_DEBUG_NOCOLOR`
|
||||
> Default: `true`
|
||||
|
||||
Disable colored debug output.
|
||||
|
||||
### `WOODPECKER_HOST`
|
||||
> Default: empty
|
||||
|
||||
Server fully qualified URL of the user-facing hostname.
|
||||
|
||||
Example: `WOODPECKER_HOST=http://woodpecker.example.org`
|
||||
|
||||
### `WOODPECKER_WEBHOOK_HOST`
|
||||
> Default: value from `WOODPECKER_HOST` config env
|
||||
|
||||
Server fully qualified URL of the Webhook-facing hostname.
|
||||
|
||||
Example: `WOODPECKER_WEBHOOK_HOST=http://woodpecker-server.cicd.svc.cluster.local:8000`
|
||||
|
||||
### `WOODPECKER_SERVER_ADDR`
|
||||
> Default: `:8000`
|
||||
|
||||
Configures the HTTP listener port.
|
||||
|
||||
### `WOODPECKER_SERVER_ADDR_TLS`
|
||||
> Default: `:443`
|
||||
|
||||
Configures the HTTPS listener port when SSL is enabled.
|
||||
|
||||
### `WOODPECKER_SERVER_CERT`
|
||||
> Default: empty
|
||||
|
||||
Path to an SSL certificate used by the server to accept HTTPS requests.
|
||||
|
||||
Example: `WOODPECKER_SERVER_CERT=/path/to/cert.pem`
|
||||
|
||||
### `WOODPECKER_SERVER_KEY`
|
||||
> Default: empty
|
||||
|
||||
Path to an SSL certificate key used by the server to accept HTTPS requests.
|
||||
|
||||
Example: `WOODPECKER_SERVER_KEY=/path/to/key.pem`
|
||||
|
||||
### `WOODPECKER_CUSTOM_CSS_FILE`
|
||||
> Default: empty
|
||||
|
||||
File path for the server to serve a custom .CSS file, used for customizing the UI.
|
||||
Can be used for showing banner messages, logos, or environment-specific hints (a.k.a. white-labeling).
|
||||
The file must be UTF-8 encoded, to ensure all special characters are preserved.
|
||||
|
||||
Example: `WOODPECKER_CUSTOM_CSS_FILE=/usr/local/www/woodpecker.css`
|
||||
|
||||
### `WOODPECKER_CUSTOM_JS_FILE`
|
||||
> Default: empty
|
||||
|
||||
File path for the server to serve a custom .JS file, used for customizing the UI.
|
||||
Can be used for showing banner messages, logos, or environment-specific hints (a.k.a. white-labeling).
|
||||
The file must be UTF-8 encoded, to ensure all special characters are preserved.
|
||||
|
||||
Example: `WOODPECKER_CUSTOM_JS_FILE=/usr/local/www/woodpecker.js`
|
||||
|
||||
### `WOODPECKER_LETS_ENCRYPT`
|
||||
> Default: `false`
|
||||
|
||||
Automatically generates an SSL certificate using Let's Encrypt, and configures the server to accept HTTPS requests.
|
||||
|
||||
### `WOODPECKER_GRPC_ADDR`
|
||||
> Default: `:9000`
|
||||
|
||||
Configures the gRPC listener port.
|
||||
|
||||
### `WOODPECKER_GRPC_SECRET`
|
||||
> Default: `secret`
|
||||
|
||||
Configures the gRPC JWT secret.
|
||||
|
||||
### `WOODPECKER_GRPC_SECRET_FILE`
|
||||
> Default: empty
|
||||
|
||||
Read the value for `WOODPECKER_GRPC_SECRET` from the specified filepath.
|
||||
|
||||
### `WOODPECKER_METRICS_SERVER_ADDR`
|
||||
> Default: empty
|
||||
|
||||
Configures an unprotected metrics endpoint. An empty value disables the metrics endpoint completely.
|
||||
|
||||
Example: `:9001`
|
||||
|
||||
### `WOODPECKER_ADMIN`
|
||||
> Default: empty
|
||||
|
||||
Comma-separated list of admin accounts.
|
||||
|
||||
Example: `WOODPECKER_ADMIN=user1,user2`
|
||||
|
||||
### `WOODPECKER_ORGS`
|
||||
> Default: empty
|
||||
|
||||
Comma-separated list of approved organizations.
|
||||
|
||||
Example: `org1,org2`
|
||||
|
||||
### `WOODPECKER_REPO_OWNERS`
|
||||
> Default: empty
|
||||
|
||||
Comma-separated list of syncable repo owners. ???
|
||||
|
||||
Example: `user1,user2`
|
||||
|
||||
### `WOODPECKER_OPEN`
|
||||
> Default: `false`
|
||||
|
||||
Enable to allow user registration.
|
||||
|
||||
### `WOODPECKER_DOCS`
|
||||
> Default: `https://woodpecker-ci.org/`
|
||||
|
||||
Link to documentation in the UI.
|
||||
|
||||
### `WOODPECKER_AUTHENTICATE_PUBLIC_REPOS`
|
||||
> Default: `false`
|
||||
|
||||
Always use authentication to clone repositories even if they are public. Needed if the forge requires to always authenticate as used by many companies.
|
||||
|
||||
### `WOODPECKER_DEFAULT_CANCEL_PREVIOUS_PIPELINE_EVENTS`
|
||||
> Default: `pull_request, push`
|
||||
|
||||
List of event names that will be canceled when a new pipeline for the same context (tag, branch) is created.
|
||||
|
||||
### `WOODPECKER_DEFAULT_CLONE_IMAGE`
|
||||
> Default is defined in [shared/constant/constant.go](https://github.com/woodpecker-ci/woodpecker/blob/master/shared/constant/constant.go)
|
||||
|
||||
The default docker image to be used when cloning the repo
|
||||
|
||||
### `WOODPECKER_DEFAULT_PIPELINE_TIMEOUT`
|
||||
> 60 (minutes)
|
||||
|
||||
The default time for a repo in minutes before a pipeline gets killed
|
||||
|
||||
### `WOODPECKER_MAX_PIPELINE_TIMEOUT`
|
||||
> 120 (minutes)
|
||||
|
||||
The maximum time in minutes you can set in the repo settings before a pipeline gets killed
|
||||
|
||||
### `WOODPECKER_SESSION_EXPIRES`
|
||||
> Default: `72h`
|
||||
|
||||
Configures the session expiration time.
|
||||
|
||||
### `WOODPECKER_ESCALATE`
|
||||
> Defaults are defined in [shared/constant/constant.go](https://github.com/woodpecker-ci/woodpecker/blob/master/shared/constant/constant.go)
|
||||
|
||||
Docker images to run in privileged mode. Only change if you are sure what you do!
|
||||
|
||||
<!--
|
||||
### `WOODPECKER_VOLUME`
|
||||
> Default: empty
|
||||
|
||||
Comma-separated list of Docker volumes that are mounted into every pipeline step.
|
||||
|
||||
Example: `WOODPECKER_VOLUME=/path/on/host:/path/in/container:rw`|
|
||||
-->
|
||||
|
||||
### `WOODPECKER_DOCKER_CONFIG`
|
||||
> Default: empty
|
||||
|
||||
Configures a specific private registry config for all pipelines.
|
||||
|
||||
Example: `WOODPECKER_DOCKER_CONFIG=/home/user/.docker/config.json`
|
||||
|
||||
<!--
|
||||
### `WOODPECKER_ENVIRONMENT`
|
||||
> Default: empty
|
||||
|
||||
TODO
|
||||
|
||||
### `WOODPECKER_NETWORK`
|
||||
> Default: empty
|
||||
|
||||
Comma-separated list of Docker networks that are attached to every pipeline step.
|
||||
|
||||
Example: `WOODPECKER_NETWORK=network1,network2`
|
||||
-->
|
||||
|
||||
### `WOODPECKER_AGENT_SECRET`
|
||||
> Default: empty
|
||||
|
||||
A shared secret used by server and agents to authenticate communication. A secret can be generated by `openssl rand -hex 32`.
|
||||
|
||||
### `WOODPECKER_AGENT_SECRET_FILE`
|
||||
> Default: empty
|
||||
|
||||
Read the value for `WOODPECKER_AGENT_SECRET` from the specified filepath
|
||||
|
||||
### `WOODPECKER_KEEPALIVE_MIN_TIME`
|
||||
> Default: empty
|
||||
|
||||
Server-side enforcement policy on the minimum amount of time a client should wait before sending a keepalive ping.
|
||||
|
||||
Example: `WOODPECKER_KEEPALIVE_MIN_TIME=10s`
|
||||
|
||||
### `WOODPECKER_DATABASE_DRIVER`
|
||||
> Default: `sqlite3`
|
||||
|
||||
The database driver name. Possible values are `sqlite3`, `mysql` or `postgres`.
|
||||
|
||||
### `WOODPECKER_DATABASE_DATASOURCE`
|
||||
> Default: `woodpecker.sqlite`
|
||||
|
||||
The database connection string. The default value is the path of the embedded SQLite database file.
|
||||
|
||||
Example:
|
||||
```bash
|
||||
# MySQL
|
||||
# https://github.com/go-sql-driver/mysql#dsn-data-source-name
|
||||
WOODPECKER_DATABASE_DATASOURCE=root:password@tcp(1.2.3.4:3306)/woodpecker?parseTime=true
|
||||
|
||||
# PostgreSQL
|
||||
# https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-CONNSTRING
|
||||
WOODPECKER_DATABASE_DATASOURCE=postgres://root:password@1.2.3.4:5432/woodpecker?sslmode=disable
|
||||
```
|
||||
|
||||
### `WOODPECKER_DATABASE_DATASOURCE_FILE`
|
||||
> Default: empty
|
||||
|
||||
Read the value for `WOODPECKER_DATABASE_DATASOURCE` from the specified filepath
|
||||
|
||||
### `WOODPECKER_ENCRYPTION_KEY`
|
||||
> Default: empty
|
||||
|
||||
Encryption key used to encrypt secrets in DB. See [secrets encryption](./40-encryption.md)
|
||||
|
||||
### `WOODPECKER_ENCRYPTION_KEY_FILE`
|
||||
> Default: empty
|
||||
|
||||
Read the value for `WOODPECKER_ENCRYPTION_KEY` from the specified filepath
|
||||
|
||||
### `WOODPECKER_ENCRYPTION_TINK_KEYSET_FILE`
|
||||
> Default: empty
|
||||
|
||||
Filepath to encryption keyset used to encrypt secrets in DB. See [secrets encryption](./40-encryption.md)
|
||||
|
||||
### `WOODPECKER_ENCRYPTION_DISABLE`
|
||||
> Default: empty
|
||||
|
||||
Boolean flag to decrypt secrets in DB and disable server encryption. See [secrets encryption](./40-encryption.md)
|
||||
|
||||
### `WOODPECKER_PROMETHEUS_AUTH_TOKEN`
|
||||
> Default: empty
|
||||
|
||||
Token to secure the Prometheus metrics endpoint.
|
||||
Must be set to enable the endpoint.
|
||||
|
||||
### `WOODPECKER_PROMETHEUS_AUTH_TOKEN_FILE`
|
||||
> Default: empty
|
||||
|
||||
Read the value for `WOODPECKER_PROMETHEUS_AUTH_TOKEN` from the specified filepath
|
||||
|
||||
### `WOODPECKER_STATUS_CONTEXT`
|
||||
> Default: `ci/woodpecker`
|
||||
|
||||
Context prefix Woodpecker will use to publish status messages to SCM. You probably will only need to change it if you run multiple Woodpecker instances for a single repository.
|
||||
|
||||
### `WOODPECKER_STATUS_CONTEXT_FORMAT`
|
||||
> Default: `{{ .context }}/{{ .event }}/{{ .workflow }}`
|
||||
|
||||
Template for the status messages published to forges, uses [Go templates](https://pkg.go.dev/text/template) as template language.
|
||||
Supported variables:
|
||||
|
||||
- `context`: Woodpecker's context (see `WOODPECKER_STATUS_CONTEXT`)
|
||||
- `event`: the event which started the pipeline
|
||||
- `workflow`: the workflow's name
|
||||
- `owner`: the repo's owner
|
||||
- `repo`: the repo's name
|
||||
|
||||
---
|
||||
|
||||
### `WOODPECKER_LIMIT_MEM_SWAP`
|
||||
> Default: `0`
|
||||
|
||||
The maximum amount of memory a single pipeline container is allowed to swap to disk, configured in bytes. There is no limit if `0`.
|
||||
|
||||
### `WOODPECKER_LIMIT_MEM`
|
||||
> Default: `0`
|
||||
|
||||
The maximum amount of memory a single pipeline container can use, configured in bytes. There is no limit if `0`.
|
||||
|
||||
### `WOODPECKER_LIMIT_SHM_SIZE`
|
||||
> Default: `0`
|
||||
|
||||
The maximum amount of memory of `/dev/shm` allowed in bytes. There is no limit if `0`.
|
||||
|
||||
### `WOODPECKER_LIMIT_CPU_QUOTA`
|
||||
> Default: `0`
|
||||
|
||||
The number of microseconds per CPU period that the container is limited to before throttled. There is no limit if `0`.
|
||||
|
||||
### `WOODPECKER_LIMIT_CPU_SHARES`
|
||||
> Default: `0`
|
||||
|
||||
The relative weight vs. other containers.
|
||||
|
||||
### `WOODPECKER_LIMIT_CPU_SET`
|
||||
> Default: empty
|
||||
|
||||
Comma-separated list to limit the specific CPUs or cores a pipeline container can use.
|
||||
|
||||
Example: `WOODPECKER_LIMIT_CPU_SET=1,2`
|
||||
|
||||
|
||||
### `WOODPECKER_CONFIG_SERVICE_ENDPOINT`
|
||||
> Default: ``
|
||||
|
||||
Specify a configuration service endpoint, see [Configuration Extension](./100-external-configuration-api.md)
|
||||
|
||||
|
||||
### `WOODPECKER_FORGE_TIMEOUT`
|
||||
> Default: 3sec
|
||||
|
||||
Specify how many seconds before timeout when fetching the Woodpecker configuration from a Forge
|
||||
|
||||
### `WOODPECKER_ROOT_URL`
|
||||
> Default: ``
|
||||
|
||||
Server URL path prefix (used for statics loading when having a url path prefix), should start with `/`
|
||||
|
||||
Example: `WOODPECKER_ROOT_URL=/woodpecker`
|
||||
|
||||
---
|
||||
|
||||
### `WOODPECKER_GITHUB_...`
|
||||
|
||||
See [GitHub configuration](forges/github/#configuration)
|
||||
|
||||
### `WOODPECKER_GITEA_...`
|
||||
|
||||
See [Gitea configuration](forges/gitea/#configuration)
|
||||
|
||||
### `WOODPECKER_BITBUCKET_...`
|
||||
|
||||
See [Bitbucket configuration](forges/bitbucket/#configuration)
|
||||
|
||||
### `WOODPECKER_GITLAB_...`
|
||||
|
||||
See [Gitlab configuration](forges/gitlab/#configuration)
|
|
@ -0,0 +1,104 @@
|
|||
# External Configuration API
|
||||
|
||||
To provide additional management and preprocessing capabilities for pipeline configurations Woodpecker supports an HTTP API which can be enabled to call an external config service.
|
||||
Before the run or restart of any pipeline Woodpecker will make a POST request to an external HTTP API sending the current repository, build information and all current config files retrieved from the repository. The external API can then send back new pipeline configurations that will be used immediately or respond with `HTTP 204` to tell the system to use the existing configuration.
|
||||
|
||||
Every request sent by Woodpecker is signed using a [http-signature](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures) by a private key (ed25519) generated on the first start of the Woodpecker server. You can get the public key for the verification of the http-signature from `http(s)://your-woodpecker-server/api/signature/public-key`.
|
||||
|
||||
A simplistic example configuration service can be found here: [https://github.com/woodpecker-ci/example-config-service](https://github.com/woodpecker-ci/example-config-service)
|
||||
|
||||
## Config
|
||||
|
||||
```shell
|
||||
# Server
|
||||
# ...
|
||||
WOODPECKER_CONFIG_SERVICE_ENDPOINT=https://example.com/ciconfig
|
||||
```
|
||||
|
||||
### Example request made by Woodpecker
|
||||
|
||||
```json
|
||||
{
|
||||
"repo": {
|
||||
"id": 100,
|
||||
"uid": "",
|
||||
"user_id": 0,
|
||||
"namespace": "",
|
||||
"name": "woodpecker-testpipe",
|
||||
"slug": "",
|
||||
"scm": "git",
|
||||
"git_http_url": "",
|
||||
"git_ssh_url": "",
|
||||
"link": "",
|
||||
"default_branch": "",
|
||||
"private": true,
|
||||
"visibility": "private",
|
||||
"active": true,
|
||||
"config": "",
|
||||
"trusted": false,
|
||||
"protected": false,
|
||||
"ignore_forks": false,
|
||||
"ignore_pulls": false,
|
||||
"cancel_pulls": false,
|
||||
"timeout": 60,
|
||||
"counter": 0,
|
||||
"synced": 0,
|
||||
"created": 0,
|
||||
"updated": 0,
|
||||
"version": 0
|
||||
},
|
||||
"build": {
|
||||
"author": "myUser",
|
||||
"author_avatar": "https://myforge.com/avatars/d6b3f7787a685fcdf2a44e2c685c7e03",
|
||||
"author_email": "my@email.com",
|
||||
"branch": "master",
|
||||
"changed_files": [
|
||||
"somefilename.txt"
|
||||
],
|
||||
"commit": "2fff90f8d288a4640e90f05049fe30e61a14fd50",
|
||||
"created_at": 0,
|
||||
"deploy_to": "",
|
||||
"enqueued_at": 0,
|
||||
"error": "",
|
||||
"event": "push",
|
||||
"finished_at": 0,
|
||||
"id": 0,
|
||||
"link_url": "https://myforge.com/myUser/woodpecker-testpipe/commit/2fff90f8d288a4640e90f05049fe30e61a14fd50",
|
||||
"message": "test old config\n",
|
||||
"number": 0,
|
||||
"parent": 0,
|
||||
"ref": "refs/heads/master",
|
||||
"refspec": "",
|
||||
"clone_url": "",
|
||||
"reviewed_at": 0,
|
||||
"reviewed_by": "",
|
||||
"sender": "myUser",
|
||||
"signed": false,
|
||||
"started_at": 0,
|
||||
"status": "",
|
||||
"timestamp": 1645962783,
|
||||
"title": "",
|
||||
"updated_at": 0,
|
||||
"verified": false
|
||||
},
|
||||
"configs": [
|
||||
{
|
||||
"name": ".woodpecker.yml",
|
||||
"data": "steps:\n backend:\n image: alpine\n commands:\n - echo \"Hello there from Repo (.woodpecker.yml)\"\n"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
### Example response structure
|
||||
|
||||
```json
|
||||
{
|
||||
"configs": [
|
||||
{
|
||||
"name": "central-override",
|
||||
"data": "steps:\n backend:\n image: alpine\n commands:\n - echo \"Hello there from ConfigAPI\"\n"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
|
@ -0,0 +1,14 @@
|
|||
# Overview
|
||||
|
||||
## Supported features
|
||||
|
||||
| Feature | [GitHub](github/) | [Gitea / Forgejo](gitea/) | [Gitlab](gitlab/) | [Bitbucket](bitbucket/) |
|
||||
| --- | :---: | :---: | :---: | :---: |
|
||||
| Event: Push | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
|
||||
| Event: Tag | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: |
|
||||
| Event: Pull-Request | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
|
||||
| Event: Deploy | :white_check_mark: | :x: | :x: | :x: |
|
||||
| [Multiple workflows](../../20-usage/25-workflows.md) | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: |
|
||||
| [when.path filter](../../20-usage/20-pipeline-syntax.md#path) | :white_check_mark: | :white_check_mark:¹ | :white_check_mark: | :x: |
|
||||
|
||||
¹ for pull requests at least Gitea version 1.17 is required
|
|
@ -0,0 +1,72 @@
|
|||
# GitHub
|
||||
|
||||
Woodpecker comes with built-in support for GitHub and GitHub Enterprise. To enable GitHub you should configure the Woodpecker server using the following environment variables:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_GITHUB=true
|
||||
+ - WOODPECKER_GITHUB_CLIENT=${WOODPECKER_GITHUB_CLIENT}
|
||||
+ - WOODPECKER_GITHUB_SECRET=${WOODPECKER_GITHUB_SECRET}
|
||||
|
||||
woodpecker-agent:
|
||||
[...]
|
||||
```
|
||||
|
||||
## Registration
|
||||
|
||||
Register your application with GitHub to create your client id and secret. It is very important that the authorization callback URL matches your http(s) scheme and hostname exactly with `<scheme>://<host>/authorize` as the path.
|
||||
|
||||
Please use this screenshot for reference:
|
||||
|
||||
![github oauth setup](github_oauth.png)
|
||||
|
||||
## Configuration
|
||||
|
||||
This is a full list of configuration options. Please note that many of these options use default configuration values that should work for the majority of installations.
|
||||
|
||||
### `WOODPECKER_GITHUB`
|
||||
> Default: `false`
|
||||
|
||||
Enables the GitHub driver.
|
||||
|
||||
### `WOODPECKER_GITHUB_URL`
|
||||
> Default: `https://github.com`
|
||||
|
||||
Configures the GitHub server address.
|
||||
|
||||
### `WOODPECKER_GITHUB_CLIENT`
|
||||
> Default: empty
|
||||
|
||||
Configures the GitHub OAuth client id. This is used to authorize access.
|
||||
|
||||
### `WOODPECKER_GITHUB_CLIENT_FILE`
|
||||
> Default: empty
|
||||
|
||||
Read the value for `WOODPECKER_GITHUB_CLIENT` from the specified filepath
|
||||
|
||||
### `WOODPECKER_GITHUB_SECRET`
|
||||
> Default: empty
|
||||
|
||||
Configures the GitHub OAuth client secret. This is used to authorize access.
|
||||
|
||||
### `WOODPECKER_GITHUB_SECRET_FILE`
|
||||
> Default: empty
|
||||
|
||||
Read the value for `WOODPECKER_GITHUB_SECRET` from the specified filepath
|
||||
|
||||
### `WOODPECKER_GITHUB_MERGE_REF`
|
||||
> Default: `true`
|
||||
|
||||
TODO
|
||||
|
||||
### `WOODPECKER_GITHUB_SKIP_VERIFY`
|
||||
> Default: `false`
|
||||
|
||||
Configure if SSL verification should be skipped.
|
|
@ -0,0 +1,75 @@
|
|||
# Gitea / Forgejo
|
||||
|
||||
Woodpecker comes with built-in support for Gitea and the "soft" fork Forgejo. To enable Gitea you should configure the Woodpecker container using the following environment variables:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_GITEA=true
|
||||
+ - WOODPECKER_GITEA_URL=${WOODPECKER_GITEA_URL}
|
||||
+ - WOODPECKER_GITEA_CLIENT=${WOODPECKER_GITEA_CLIENT}
|
||||
+ - WOODPECKER_GITEA_SECRET=${WOODPECKER_GITEA_SECRET}
|
||||
|
||||
woodpecker-agent:
|
||||
[...]
|
||||
```
|
||||
|
||||
## Registration
|
||||
|
||||
Register your application with Gitea to create your client id and secret. You can find the OAuth applications settings of Gitea at `https://gitea.<host>/user/settings/`. It is very import the authorization callback URL matches your http(s) scheme and hostname exactly with `https://<host>/authorize` as the path.
|
||||
|
||||
If you run the Woodpecker CI server on the same host as the Gitea instance, you might also need to allow local connections in Gitea, since version `v1.16`. Otherwise webhooks will fail. Add the following lines to your Gitea configuration (usually at `/etc/gitea/conf/app.ini`).
|
||||
```ini
|
||||
...
|
||||
[webhook]
|
||||
ALLOWED_HOST_LIST=external,loopback
|
||||
```
|
||||
For reference see [Configuration Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/#webhook-webhook).
|
||||
|
||||
![gitea oauth setup](gitea_oauth.gif)
|
||||
|
||||
|
||||
## Configuration
|
||||
|
||||
This is a full list of configuration options. Please note that many of these options use default configuration values that should work for the majority of installations.
|
||||
|
||||
### `WOODPECKER_GITEA`
|
||||
> Default: `false`
|
||||
|
||||
Enables the Gitea driver.
|
||||
|
||||
### `WOODPECKER_GITEA_URL`
|
||||
> Default: `https://try.gitea.io`
|
||||
|
||||
Configures the Gitea server address.
|
||||
|
||||
### `WOODPECKER_GITEA_CLIENT`
|
||||
> Default: empty
|
||||
|
||||
Configures the Gitea OAuth client id. This is used to authorize access.
|
||||
|
||||
### `WOODPECKER_GITEA_CLIENT_FILE`
|
||||
> Default: empty
|
||||
|
||||
Read the value for `WOODPECKER_GITEA_CLIENT` from the specified filepath
|
||||
|
||||
### `WOODPECKER_GITEA_SECRET`
|
||||
> Default: empty
|
||||
|
||||
Configures the Gitea OAuth client secret. This is used to authorize access.
|
||||
|
||||
### `WOODPECKER_GITEA_SECRET_FILE`
|
||||
> Default: empty
|
||||
|
||||
Read the value for `WOODPECKER_GITEA_SECRET` from the specified filepath
|
||||
|
||||
### `WOODPECKER_GITEA_SKIP_VERIFY`
|
||||
> Default: `false`
|
||||
|
||||
Configure if SSL verification should be skipped.
|
|
@ -0,0 +1,67 @@
|
|||
# GitLab
|
||||
|
||||
Woodpecker comes with built-in support for the GitLab version 8.2 and higher. To enable GitLab you should configure the Woodpecker container using the following environment variables:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
+ - WOODPECKER_GITLAB=true
|
||||
+ - WOODPECKER_GITLAB_URL=http://gitlab.mycompany.com
|
||||
+ - WOODPECKER_GITLAB_CLIENT=95c0282573633eb25e82
|
||||
+ - WOODPECKER_GITLAB_SECRET=30f5064039e6b359e075
|
||||
|
||||
woodpecker-agent:
|
||||
[...]
|
||||
```
|
||||
|
||||
## Registration
|
||||
|
||||
You must register your application with GitLab in order to generate a Client and Secret. Navigate to your account settings and choose Applications from the menu, and click New Application.
|
||||
|
||||
Please use `http://woodpecker.mycompany.com/authorize` as the Authorization callback URL. Grant `api` scope to the application.
|
||||
|
||||
If you run the Woodpecker CI server on the same host as the GitLab instance, you might also need to allow local connections in GitLab, otherwise API requests will fail. In GitLab, navigate to the Admin dashboard, then go to `Settings > Network > Outbound requests` and enable `Allow requests to the local network from web hooks and services`.
|
||||
|
||||
## Configuration
|
||||
|
||||
This is a full list of configuration options. Please note that many of these options use default configuration values that should work for the majority of installations.
|
||||
|
||||
### `WOODPECKER_GITLAB`
|
||||
> Default: `false`
|
||||
|
||||
Enables the GitLab driver.
|
||||
|
||||
### `WOODPECKER_GITLAB_URL`
|
||||
> Default: `https://gitlab.com`
|
||||
|
||||
Configures the GitLab server address.
|
||||
|
||||
### `WOODPECKER_GITLAB_CLIENT`
|
||||
> Default: empty
|
||||
|
||||
Configures the GitLab OAuth client id. This is used to authorize access.
|
||||
|
||||
### `WOODPECKER_GITLAB_CLIENT_FILE`
|
||||
> Default: empty
|
||||
|
||||
Read the value for `WOODPECKER_GITLAB_CLIENT` from the specified filepath
|
||||
|
||||
### `WOODPECKER_GITLAB_SECRET`
|
||||
> Default: empty
|
||||
|
||||
Configures the GitLab OAuth client secret. This is used to authorize access.
|
||||
|
||||
### `WOODPECKER_GITLAB_SECRET_FILE`
|
||||
> Default: empty
|
||||
|
||||
Read the value for `WOODPECKER_GITLAB_SECRET` from the specified filepath
|
||||
|
||||
### `WOODPECKER_GITLAB_SKIP_VERIFY`
|
||||
> Default: `false`
|
||||
|
||||
Configure if SSL verification should be skipped.
|
|
@ -0,0 +1,74 @@
|
|||
# Bitbucket
|
||||
|
||||
Woodpecker comes with built-in support for Bitbucket Cloud. To enable Bitbucket Cloud you should configure the Woodpecker container using the following environment variables:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_BITBUCKET=true
|
||||
+ - WOODPECKER_BITBUCKET_CLIENT=95c0282573633eb25e82
|
||||
+ - WOODPECKER_BITBUCKET_SECRET=30f5064039e6b359e075
|
||||
|
||||
woodpecker-agent:
|
||||
[...]
|
||||
```
|
||||
|
||||
## Registration
|
||||
|
||||
You must register your application with Bitbucket in order to generate a client and secret. Navigate to your account settings and choose OAuth from the menu, and click Add Consumer.
|
||||
|
||||
Please use the Authorization callback URL:
|
||||
|
||||
```nohighlight
|
||||
http://woodpecker.mycompany.com/authorize
|
||||
```
|
||||
|
||||
Please also be sure to check the following permissions:
|
||||
|
||||
```nohighlight
|
||||
Account:Email
|
||||
Account:Read
|
||||
Team Membership:Read
|
||||
Repositories:Read
|
||||
Webhooks:Read and Write
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
This is a full list of configuration options. Please note that many of these options use default configuration values that should work for the majority of installations.
|
||||
|
||||
### `WOODPECKER_BITBUCKET`
|
||||
> Default: `false`
|
||||
|
||||
Enables the Bitbucket driver.
|
||||
|
||||
### `WOODPECKER_BITBUCKET_CLIENT`
|
||||
> Default: empty
|
||||
|
||||
Configures the Bitbucket OAuth client id. This is used to authorize access.
|
||||
|
||||
### `WOODPECKER_BITBUCKET_CLIENT_FILE`
|
||||
> Default: empty
|
||||
|
||||
Read the value for `WOODPECKER_BITBUCKET_CLIENT` from the specified filepath
|
||||
|
||||
### `WOODPECKER_BITBUCKET_SECRET`
|
||||
> Default: empty
|
||||
|
||||
Configures the Bitbucket OAuth client secret. This is used to authorize access.
|
||||
|
||||
### `WOODPECKER_BITBUCKET_SECRET_FILE`
|
||||
> Default: empty
|
||||
|
||||
Read the value for `WOODPECKER_BITBUCKET_SECRET` from the specified filepath
|
||||
|
||||
## Missing Features
|
||||
|
||||
Merge requests are not currently supported. We are interested in patches to include this functionality.
|
||||
If you are interested in contributing to Woodpecker and submitting a patch please **contact us** via [Discord](https://discord.gg/fcMQqSMXJy) or [Matrix](https://matrix.to/#/#WoodpeckerCI-Develop:obermui.de).
|
|
@ -0,0 +1,3 @@
|
|||
label: 'Forges'
|
||||
collapsible: true
|
||||
collapsed: true
|
After Width: | Height: | Size: 129 KiB |
After Width: | Height: | Size: 25 KiB |
|
@ -0,0 +1,196 @@
|
|||
# Agent configuration
|
||||
|
||||
Agents are configured by the command line or environment variables. At the minimum you need the following information:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-agent:
|
||||
[...]
|
||||
volumes:
|
||||
- woodpecker-agent-config:/etc/woodpecker
|
||||
environment:
|
||||
+ - WOODPECKER_SERVER=localhost:9000
|
||||
+ - WOODPECKER_AGENT_SECRET="your-shared-secret-goes-here"
|
||||
```
|
||||
|
||||
The following are automatically set and can be overridden:
|
||||
|
||||
- WOODPECKER_HOSTNAME if not set, becomes the OS' hostname
|
||||
- WOODPECKER_MAX_WORKFLOWS if not set, defaults to 1
|
||||
|
||||
## Processes per agent
|
||||
|
||||
By default the maximum processes that are run per agent is 1. If required you can add `WOODPECKER_MAX_WORKFLOWS` to increase your parallel processing on a per-agent basis.
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-agent:
|
||||
[...]
|
||||
environment:
|
||||
- WOODPECKER_SERVER=localhost:9000
|
||||
- WOODPECKER_AGENT_SECRET="your-shared-secret-goes-here"
|
||||
+ - WOODPECKER_MAX_WORKFLOWS=4
|
||||
```
|
||||
|
||||
## Agent registration on server
|
||||
|
||||
When the agent starts, it connects to the server using token from `WOODPECKER_AGENT_SECRET`. The server identifies agent and, if such agent doesn't exist, register him.
|
||||
There are two types of token, so would be two ways of agent registration.
|
||||
|
||||
### Using system token
|
||||
|
||||
_System token_ is a token that is used system-wide, e. g. when you set the same token in `WOODPECKER_AGENT_SECRET` on both the server and the agents.
|
||||
|
||||
In that case registration process would be as follows:
|
||||
|
||||
1. First time Agent communicates with Server using system token;
|
||||
2. Server registers Agent in DB, generates ID and sends this ID back to Agent;
|
||||
3. Agent stores ID in a file configured by `WOODPECKER_AGENT_CONFIG_FILE`.
|
||||
|
||||
At the following startups Agent uses system token **and** ID.
|
||||
|
||||
### Using agent token
|
||||
|
||||
_Agent token_ is a token that is used by only particular agent. This unique token also configured by `WOODPECKER_AGENT_SECRET`, but only on the agent side.
|
||||
|
||||
In that case you probably doesn't configure `WOODPECKER_AGENT_SECRET` on the server side. The registration process would be as follows:
|
||||
|
||||
1. Administrator registers Agent manually in _Server settings - Agents - Add agent_;
|
||||
![Agent creation](./new-agent-registration.png)
|
||||
![Agent created](./new-agent-created.png)
|
||||
2. The token generated in previous step have to be provided to Agent in `WOODPECKER_AGENT_SECRET`;
|
||||
3. First time Agent communicates with Server using agent token;
|
||||
4. Server identifies Agent by the token and fills additional information provided by Agent;
|
||||
![Agent connected](./new-agent-connected.png)
|
||||
|
||||
At following startups Agent uses own token only.
|
||||
|
||||
## All agent configuration options
|
||||
|
||||
Here is the full list of configuration options and their default variables.
|
||||
|
||||
### `WOODPECKER_SERVER`
|
||||
> Default: `localhost:9000`
|
||||
|
||||
Configures gRPC address of the server.
|
||||
|
||||
### `WOODPECKER_USERNAME`
|
||||
> Default: `x-oauth-basic`
|
||||
|
||||
The gRPC username.
|
||||
|
||||
### `WOODPECKER_AGENT_SECRET`
|
||||
> Default: empty
|
||||
|
||||
A shared secret used by server and agents to authenticate communication. A secret can be generated by `openssl rand -hex 32`.
|
||||
|
||||
### `WOODPECKER_AGENT_SECRET_FILE`
|
||||
> Default: empty
|
||||
|
||||
Read the value for `WOODPECKER_AGENT_SECRET` from the specified filepath, e.g. `/etc/woodpecker/agent-secret.conf`
|
||||
|
||||
### `WOODPECKER_LOG_LEVEL`
|
||||
> Default: empty
|
||||
|
||||
Configures the logging level. Possible values are `trace`, `debug`, `info`, `warn`, `error`, `fatal`, `panic`, `disabled` and empty.
|
||||
|
||||
### `WOODPECKER_DEBUG_PRETTY`
|
||||
> Default: `false`
|
||||
|
||||
Enable pretty-printed debug output.
|
||||
|
||||
### `WOODPECKER_DEBUG_NOCOLOR`
|
||||
> Default: `true`
|
||||
|
||||
Disable colored debug output.
|
||||
|
||||
### `WOODPECKER_HOSTNAME`
|
||||
> Default: empty
|
||||
|
||||
Configures the agent hostname.
|
||||
|
||||
### `WOODPECKER_AGENT_CONFIG_FILE`
|
||||
> Default: `/etc/woodpecker/agent.conf`
|
||||
|
||||
Configures the path of the agent config file.
|
||||
|
||||
### `WOODPECKER_MAX_WORKFLOWS`
|
||||
> Default: `1`
|
||||
|
||||
Configures the number of parallel workflows.
|
||||
|
||||
### `WOODPECKER_FILTER_LABELS`
|
||||
> Default: empty
|
||||
|
||||
Configures labels to filter pipeline pick up. Use a list of key-value pairs like `key=value,second-key=*`. `*` can be used as a wildcard. By default agents provide three additional labels `platform=os/arch`, `hostname=my-agent` and `repo=*` which can be overwritten if needed. To learn how labels work check out the [pipeline syntax page](../20-usage/20-pipeline-syntax.md#labels).
|
||||
|
||||
### `WOODPECKER_HEALTHCHECK`
|
||||
> Default: `true`
|
||||
|
||||
Enable healthcheck endpoint.
|
||||
|
||||
### `WOODPECKER_HEALTHCHECK_ADDR`
|
||||
> Default: `:3000`
|
||||
|
||||
Configures healthcheck endpoint address.
|
||||
|
||||
### `WOODPECKER_KEEPALIVE_TIME`
|
||||
> Default: empty
|
||||
|
||||
After a duration of this time of no activity, the agent pings the server to check if the transport is still alive.
|
||||
|
||||
### `WOODPECKER_KEEPALIVE_TIMEOUT`
|
||||
> Default: `20s`
|
||||
|
||||
After pinging for a keepalive check, the agent waits for a duration of this time before closing the connection if no activity.
|
||||
|
||||
### `WOODPECKER_GRPC_SECURE`
|
||||
> Default: `false`
|
||||
|
||||
Configures if the connection to `WOODPECKER_SERVER` should be made using a secure transport.
|
||||
|
||||
### `WOODPECKER_GRPC_VERIFY`
|
||||
> Default: `true`
|
||||
|
||||
Configures if the gRPC server certificate should be verified, only valid when `WOODPECKER_GRPC_SECURE` is `true`.
|
||||
|
||||
### `WOODPECKER_BACKEND`
|
||||
> Default: `auto-detect`
|
||||
|
||||
Configures the backend engine to run pipelines on. Possible values are `auto-detect`, `docker`, `local`, `ssh` or `kubernetes`.
|
||||
|
||||
### `WOODPECKER_BACKEND_DOCKER_*`
|
||||
|
||||
See [Docker backend configuration](./22-backends/10-docker.md#configuration)
|
||||
|
||||
### `WOODPECKER_BACKEND_SSH_*`
|
||||
|
||||
See [SSH backend configuration](./22-backends/30-ssh.md#configuration)
|
||||
|
||||
### `WOODPECKER_BACKEND_K8S_*`
|
||||
|
||||
See [Kubernetes backend configuration](./22-backends/40-kubernetes.md#configuration)
|
||||
|
||||
## Advanced Settings
|
||||
|
||||
:::warning
|
||||
Only change these If you know what you do.
|
||||
:::
|
||||
|
||||
### `WOODPECKER_CONNECT_RETRY_COUNT`
|
||||
|
||||
> Default: `5`
|
||||
|
||||
Configures number of times agent retries to connect to the server.
|
||||
|
||||
### `WOODPECKER_CONNECT_RETRY_DELAY`
|
||||
|
||||
> Default: `2s`
|
||||
|
||||
Configures delay between agent connection retries to the server.
|
|
@ -0,0 +1,59 @@
|
|||
# Docker backend
|
||||
|
||||
This is the original backend used with Woodpecker. The docker backend executes each step inside a separate container started on the agent.
|
||||
|
||||
## Configuration
|
||||
|
||||
### `WOODPECKER_BACKEND_DOCKER_NETWORK`
|
||||
> Default: empty
|
||||
|
||||
Set to the name of an existing network which will be attached to all your pipeline containers (steps). Please be careful as this allows the containers of different pipelines to access each other!
|
||||
|
||||
### `WOODPECKER_BACKEND_DOCKER_ENABLE_IPV6`
|
||||
> Default: `false`
|
||||
|
||||
Enable IPv6 for the networks used by pipeline containers (steps). Make sure you configured your docker daemon to support IPv6.
|
||||
|
||||
### `WOODPECKER_BACKEND_DOCKER_VOLUMES`
|
||||
> Default: empty
|
||||
|
||||
List of default volumes separated by comma to be mounted to all pipeline containers (steps). For example to use custom CA
|
||||
certificates installed on host and host timezone use `/etc/ssl/certs:/etc/ssl/certs:ro,/etc/timezone:/etc/timezone`.
|
||||
|
||||
## Docker credentials
|
||||
|
||||
Woodpecker supports [Docker credentials](https://github.com/docker/docker-credential-helpers) to securely store registry credentials. Install your corresponding credential helper and configure it in your Docker config file passed via [`WOODPECKER_DOCKER_CONFIG`](../10-server-config.md#woodpecker_docker_config).
|
||||
|
||||
To add your credential helper to the Woodpecker server container you could use the following code to build a custom image:
|
||||
|
||||
```dockerfile
|
||||
FROM woodpeckerci/woodpecker-server:latest-alpine
|
||||
|
||||
RUN apk add -U --no-cache docker-credential-ecr-login
|
||||
```
|
||||
|
||||
## Podman support
|
||||
|
||||
While the agent was developed with Docker/Moby, Podman can also be used by setting the environment variable `DOCKER_SOCK` to point to the Podman socket. In order to work without workarounds, Podman 4.0 (or above) is required.
|
||||
|
||||
## Image Cleanup
|
||||
|
||||
The agent **will not** automatically remove images from the host. This task should be managed by the host system. For example, you can use a cron job to periodically do clean-up tasks for the CI runner.
|
||||
|
||||
:::danger
|
||||
|
||||
The following commands **are destructive** and **irreversible** it is highly recommended that you test these commands on your system before running them in production via a cron job or other automation.
|
||||
|
||||
:::
|
||||
|
||||
### Remove all unused images
|
||||
|
||||
```sh
|
||||
docker image rm $(docker images --filter "dangling=true" -q --no-trunc)
|
||||
```
|
||||
|
||||
### Remove Woodpecker Volumes
|
||||
|
||||
```sh
|
||||
docker volume rm $(docker volume ls --filter name=^wp_* --filter dangling=true -q)
|
||||
```
|
|
@ -0,0 +1,122 @@
|
|||
# Local backend
|
||||
|
||||
:::danger
|
||||
The local backend will execute the pipelines on the local system without any isolation of any kind.
|
||||
:::
|
||||
|
||||
:::note
|
||||
This backend is still pretty new and can not be treated as stable. Its
|
||||
implementation and configuration can change at any time. Binary releases of the
|
||||
agent will be available with the release of the [1.0.0
|
||||
milestone](https://github.com/woodpecker-ci/woodpecker/milestone/4), so for now
|
||||
you must compile the agent by yourself, to get the local backend functionality.
|
||||
<!-- TODO: remove the self-compile note after the release of the agent -->
|
||||
:::
|
||||
|
||||
Since the code runs directly in the same context as the agent (same user, same
|
||||
filesystem), a malicious pipeline could be used to access the agent
|
||||
configuration especially the `WOODPECKER_AGENT_SECRET` variable.
|
||||
|
||||
It is recommended to use this backend only for private setup where the code and
|
||||
pipeline can be trusted. You shouldn't use it for a public facing CI where
|
||||
anyone can submit code or add new repositories. You shouldn't execute the agent
|
||||
as a privileged user (root).
|
||||
|
||||
The local backend will use a random directory in $TMPDIR to store the cloned
|
||||
code and execute commands.
|
||||
|
||||
In order to use this backend, you need to download (or build) the
|
||||
[binary](https://github.com/woodpecker-ci/woodpecker/releases/latest) of the
|
||||
agent, configure it and run it on the host machine.
|
||||
|
||||
## Configuration
|
||||
|
||||
### Server
|
||||
|
||||
Enable connection to the server from the outside of the docker environment by
|
||||
exposing the port 9000:
|
||||
|
||||
```yaml
|
||||
# docker-compose.yml for the server
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
ports:
|
||||
- 9000:9000
|
||||
[...]
|
||||
environment:
|
||||
- [...]
|
||||
```
|
||||
|
||||
### Agent
|
||||
|
||||
You can use the `.env` file to store environmental variables for configuration.
|
||||
At the minimum you need the following information:
|
||||
|
||||
```ini
|
||||
# .env for the agent
|
||||
WOODPECKER_AGENT_SECRET=replace_with_your_server_secret
|
||||
WOODPECKER_SERVER=replace_with_your_server_address:9000
|
||||
```
|
||||
|
||||
## Running the agent
|
||||
|
||||
Start the agent from the directory with the `.env` file:
|
||||
|
||||
`woodpecker-agent`
|
||||
|
||||
:::note
|
||||
When using the `local` backend, the
|
||||
[plugin-git](https://github.com/woodpecker-ci/plugin-git) binary must be in
|
||||
your `$PATH` for the default clone step to work. If not, you can still write a
|
||||
manual clone step.
|
||||
:::
|
||||
|
||||
## Further configuration
|
||||
|
||||
### Specify the shell to be used for a pipeline step
|
||||
|
||||
The `image` entry is used to specify the shell, such as Bash or Fish, that is
|
||||
used to run the commands.
|
||||
|
||||
|
||||
```yaml
|
||||
# .woodpecker.yml
|
||||
|
||||
steps:
|
||||
build:
|
||||
image: bash
|
||||
commands:
|
||||
[...]
|
||||
```
|
||||
|
||||
### Using labels to filter tasks
|
||||
|
||||
You can use the [agent configuration
|
||||
options](../15-agent-config.md#woodpecker_filter_labels) and the
|
||||
[pipeline syntax](../../20-usage/20-pipeline-syntax.md#labels) to only run certain
|
||||
pipelines on certain agents. Example:
|
||||
|
||||
Define a `label` `type` with value `exec` for a particular agent:
|
||||
|
||||
```ini
|
||||
# .env for the agent
|
||||
|
||||
WOODPECKER_FILTER_LABELS=type=exec
|
||||
```
|
||||
|
||||
Then, use this `label` `type` with value `exec` in the pipeline definition, to
|
||||
only run on this agent:
|
||||
|
||||
```yaml
|
||||
# .woodpecker.yml
|
||||
|
||||
labels:
|
||||
type: exec
|
||||
|
||||
steps:
|
||||
[...]
|
||||
```
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
# SSH backend
|
||||
|
||||
:::danger
|
||||
The SSH backend will execute the pipelines using SSH on a remote system without any isolation of any kind.
|
||||
:::
|
||||
|
||||
:::note
|
||||
This backend is still pretty new and can not be treated as stable. Its implementation and configuration can change at any time.
|
||||
:::
|
||||
Since the code run directly on the SSH machine, a malicious pipeline could access and edit files the SSH user has access to and execute every command the remote user is allowed to use. Always restrict the user as far as possible!
|
||||
|
||||
It is recommended to use this backend only for private setups where the code and pipelines can be trusted. You shouldn't use it for a public facing CI where anyone can submit code or add new repositories.
|
||||
|
||||
The backend will use a random directory in $TMPDIR to store the clone code and execute commands.
|
||||
|
||||
## Configuration
|
||||
|
||||
### `WOODPECKER_BACKEND_SSH_ADDRESS`
|
||||
> Default: empty
|
||||
|
||||
The SSH host to run steps with `ssh` backend.
|
||||
|
||||
### `WOODPECKER_BACKEND_SSH_USER`
|
||||
> Default: empty
|
||||
|
||||
The SSH user to run steps with `ssh` backend.
|
||||
|
||||
### `WOODPECKER_BACKEND_SSH_KEY`
|
||||
> Default: empty
|
||||
|
||||
Path to the private SSH key to run steps with `ssh` backend.
|
||||
|
||||
### `WOODPECKER_BACKEND_SSH_KEY_PASSWORD`
|
||||
> Default: empty
|
||||
|
||||
The password for the private key to run steps with `ssh` backend.
|
||||
|
||||
### `WOODPECKER_BACKEND_SSH_PASSWORD`
|
||||
> Default empty
|
||||
|
||||
The SSH password to run steps with `ssh` backend.
|
|
@ -0,0 +1,81 @@
|
|||
# Kubernetes backend
|
||||
|
||||
:::caution
|
||||
Kubernetes support is still experimental and not all pipeline features are fully supported yet.
|
||||
|
||||
Check the [current state](https://github.com/woodpecker-ci/woodpecker/issues/1513)
|
||||
:::
|
||||
|
||||
The kubernetes backend executes each step inside a newly created pod. A PVC is also created for the lifetime of the pipeline, for transferring files between steps.
|
||||
|
||||
## Configuration
|
||||
|
||||
### `WOODPECKER_BACKEND_K8S_NAMESPACE`
|
||||
> Default: `woodpecker`
|
||||
|
||||
The namespace to create worker pods in.
|
||||
|
||||
### `WOODPECKER_BACKEND_K8S_VOLUME_SIZE`
|
||||
> Default: `10G`
|
||||
|
||||
The volume size of the pipeline volume.
|
||||
|
||||
### `WOODPECKER_BACKEND_K8S_STORAGE_CLASS`
|
||||
> Default: empty
|
||||
|
||||
The storage class to use for the pipeline volume.
|
||||
|
||||
### `WOODPECKER_BACKEND_K8S_STORAGE_RWX`
|
||||
> Default: `true`
|
||||
|
||||
Determines if `RWX` should be used for the pipeline volume's [access mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes). If false, `RWO` is used instead.
|
||||
|
||||
### `WOODPECKER_BACKEND_K8S_POD_LABELS`
|
||||
> Default: empty
|
||||
|
||||
Additional labels to apply to worker pods. Must be a YAML object, e.g. `{"example.com/test-label":"test-value"}`.
|
||||
|
||||
### `WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS`
|
||||
> Default: empty
|
||||
|
||||
Additional annotations to apply to worker pods. Must be a YAML object, e.g. `{"example.com/test-annotation":"test-value"}`.
|
||||
|
||||
## Job specific configuration
|
||||
|
||||
### Resources
|
||||
|
||||
The kubernetes backend also allows for specifying requests and limits on a per-step basic, most commonly for CPU and memory.
|
||||
See the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for more information on using resources.
|
||||
|
||||
### serviceAccountName
|
||||
|
||||
Specify the name of the ServiceAccount which the build pod will mount. This serviceAccount must be created externally.
|
||||
See the [kubernetes documentation](https://kubernetes.io/docs/concepts/security/service-accounts/) for more information on using serviceAccounts.
|
||||
|
||||
### nodeSelector
|
||||
|
||||
Specify the label which is used to select the node where the job should be executed. Labels defined here will be appended to a list already containing "kubernetes.io/arch".
|
||||
By default the pod will use "kubernetes.io/arch" inferred from top-level "platform" setting which is deducted from the agents' environment variable CI_SYSTEM_ARCH. To overwrite this, you need to specify this label in the nodeSelector section.
|
||||
See the [kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) for more information on using nodeSelector.
|
||||
|
||||
Example pipeline configuration:
|
||||
```yaml
|
||||
steps:
|
||||
build:
|
||||
image: golang
|
||||
commands:
|
||||
- go get
|
||||
- go build
|
||||
- go test
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: 'my-service-account'
|
||||
resources:
|
||||
requests:
|
||||
memory: 128Mi
|
||||
cpu: 1000m
|
||||
limits:
|
||||
memory: 256Mi
|
||||
nodeSelector:
|
||||
beta.kubernetes.io/instance-type: p3.8xlarge
|
||||
```
|
|
@ -0,0 +1,4 @@
|
|||
label: 'Backends'
|
||||
# position: 3
|
||||
collapsible: true
|
||||
collapsed: true
|
|
@ -0,0 +1,67 @@
|
|||
# Databases
|
||||
|
||||
The default database engine of Woodpecker is an embedded SQLite database which requires zero installation or configuration. But you can replace it with a MySQL/MariaDB or Postgres database.
|
||||
|
||||
## Configure SQLite
|
||||
|
||||
By default Woodpecker uses a SQLite database stored under `/var/lib/woodpecker/`. You can mount a [data volume](https://docs.docker.com/storage/volumes/#create-and-manage-volumes) to persist the SQLite database.
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
+ volumes:
|
||||
+ - woodpecker-server-data:/var/lib/woodpecker/
|
||||
```
|
||||
|
||||
## Configure MySQL/MariaDB
|
||||
|
||||
The below example demonstrates MySQL database configuration. See the official driver [documentation](https://github.com/go-sql-driver/mysql#dsn-data-source-name) for configuration options and examples.
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
+ - WOODPECKER_DATABASE_DRIVER=mysql
|
||||
+ - WOODPECKER_DATABASE_DATASOURCE=root:password@tcp(1.2.3.4:3306)/woodpecker?parseTime=true
|
||||
```
|
||||
|
||||
## Configure Postgres
|
||||
|
||||
The below example demonstrates Postgres database configuration. See the official driver [documentation](https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-CONNSTRING) for configuration options and examples.
|
||||
Please use Postgres versions equal or higher than **11**.
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
environment:
|
||||
+ - WOODPECKER_DATABASE_DRIVER=postgres
|
||||
+ - WOODPECKER_DATABASE_DATASOURCE=postgres://root:password@1.2.3.4:5432/postgres?sslmode=disable
|
||||
```
|
||||
|
||||
## Database Creation
|
||||
|
||||
Woodpecker does not create your database automatically. If you are using the MySQL or Postgres driver you will need to manually create your database using `CREATE DATABASE`
|
||||
|
||||
## Database Migration
|
||||
|
||||
Woodpecker automatically handles database migration, including the initial creation of tables and indexes. New versions of Woodpecker will automatically upgrade the database unless otherwise specified in the release notes.
|
||||
|
||||
## Database Backups
|
||||
|
||||
Woodpecker does not perform database backups. This should be handled by separate third party tools provided by your database vendor of choice.
|
||||
|
||||
## Database Archiving
|
||||
|
||||
Woodpecker does not perform data archival; it considered out-of-scope for the project. Woodpecker is rather conservative with the amount of data it stores, however, you should expect the database logs to grow the size of your database considerably.
|
|
@ -0,0 +1,64 @@
|
|||
# Secrets encryption
|
||||
|
||||
By default, Woodpecker does not encrypt secrets in its database. You can enable encryption
|
||||
using simple AES key or more advanced [Google TINK](https://developers.google.com/tink) encryption.
|
||||
|
||||
## Common
|
||||
|
||||
### Enabling secrets encryption
|
||||
|
||||
To enable secrets encryption and encrypt all existing secrets in database set
|
||||
`WOODPECKER_ENCRYPTION_KEY`, `WOODPECKER_ENCRYPTION_KEY_FILE` or `WOODPECKER_ENCRYPTION_TINK_KEYSET_PATH` environment
|
||||
variable depending on encryption method of your choice.
|
||||
|
||||
After encryption is enabled you will be unable to start Woodpecker server without providing valid encryption key!
|
||||
|
||||
### Disabling encryption and decrypting all secrets
|
||||
|
||||
To disable secrets encryption and decrypt database you need to start server with valid
|
||||
`WOODPECKER_ENCRYPTION_KEY` or `WOODPECKER_ENCRYPTION_TINK_KEYSET_FILE` environment variable set depending on
|
||||
enabled encryption method, and `WOODPECKER_ENCRYPTION_DISABLE` set to true.
|
||||
|
||||
After secrets was decrypted server will proceed working in unencrypted mode. You will not need to use "disable encryption"
|
||||
variable or encryption keys to start server anymore.
|
||||
|
||||
|
||||
## AES
|
||||
Simple AES encryption.
|
||||
|
||||
### Configuration
|
||||
You can manage encryption on server using these environment variables:
|
||||
- `WOODPECKER_ENCRYPTION_KEY` - encryption key
|
||||
- `WOODPECKER_ENCRYPTION_KEY_FILE` - file to read encryption key from
|
||||
- `WOODPECKER_ENCRYPTION_DISABLE` - disable encryption flag used to decrypt all data on server
|
||||
|
||||
## TINK
|
||||
TINK uses AEAD encryption instead of simple AES and supports key rotation.
|
||||
|
||||
### Configuration
|
||||
You can manage encryption on server using these two environment variables:
|
||||
- `WOODPECKER_ENCRYPTION_TINK_KEYSET_FILE` - keyset filepath
|
||||
- `WOODPECKER_ENCRYPTION_DISABLE` - disable encryption flag used to decrypt all data on server
|
||||
|
||||
### Encryption keys
|
||||
You will need plaintext AEAD-compatible Google TINK keyset to encrypt your data.
|
||||
|
||||
To generate it and then rotate keys if needed, install `tinkey`([installation guide](https://developers.google.com/tink/install-tinkey))
|
||||
|
||||
Keyset contains one or more keys, used to encrypt or decrypt your data, and primary key ID, used to determine which key
|
||||
to use while encrypting new data.
|
||||
|
||||
Keyset generation example:
|
||||
```shell
|
||||
tinkey create-keyset --key-template AES256_GCM --out-format json --out keyset.json
|
||||
```
|
||||
|
||||
### Key rotation
|
||||
Use `tinkey` to rotate encryption keys in your existing keyset:
|
||||
```shell
|
||||
tinkey rotate-keyset --in keyset_v1.json --out keyset_v2.json --key-template AES256_GCM
|
||||
```
|
||||
|
||||
Then you just need to replace server keyset file with the new one. At the moment server detects new encryption
|
||||
keyset it will re-encrypt all existing secrets with the new key, so you will be unable to start server with previous
|
||||
keyset anymore.
|
129
docs/versioned_docs/version-1.0/30-administration/60-ssl.md
Normal file
|
@ -0,0 +1,129 @@
|
|||
# SSL
|
||||
|
||||
Woodpecker supports two ways of enabling SSL communication. You can either use Let's Encrypt to get automated SSL support with
|
||||
renewal or provide your own SSL certificates.
|
||||
|
||||
## Let's Encrypt
|
||||
|
||||
Woodpecker supports automated SSL configuration and updates using Let's Encrypt.
|
||||
|
||||
You can enable Let's Encrypt by making the following modifications to your server configuration:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
ports:
|
||||
+ - 80:80
|
||||
+ - 443:443
|
||||
- 9000:9000
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_LETS_ENCRYPT=true
|
||||
+ - WOODPECKER_LETS_ENCRYPT_EMAIL=ssl-admin@example.tld
|
||||
```
|
||||
|
||||
Note that Woodpecker uses the hostname from the `WOODPECKER_HOST` environment variable when requesting certificates. For example, if `WOODPECKER_HOST=https://example.com` is set the certificate is requested for `example.com`. To receive emails before certificates expire Let's Encrypt requires an email address. You can set it with `WOODPECKER_LETS_ENCRYPT_EMAIL=ssl-admin@example.tld`.
|
||||
|
||||
The SSL certificates are stored in `$HOME/.local/share/certmagic` for binary versions of Woodpecker and in `/var/lib/woodpecker` for the Container versions of it. You can set a custom path by setting `XDG_DATA_HOME` if required.
|
||||
|
||||
> Once enabled you can visit the Woodpecker UI with http and the HTTPS address. HTTP will be redirected to HTTPS.
|
||||
|
||||
### Certificate Cache
|
||||
|
||||
Woodpecker writes the certificates to `/var/lib/woodpecker/certmagic/`.
|
||||
|
||||
### Certificate Updates
|
||||
|
||||
Woodpecker uses the official Go acme library which will handle certificate upgrades. There should be no addition configuration or management required.
|
||||
|
||||
## SSL with own certificates
|
||||
|
||||
Woodpecker supports SSL configuration by mounting certificates into your container.
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
ports:
|
||||
+ - 80:80
|
||||
+ - 443:443
|
||||
- 9000:9000
|
||||
volumes:
|
||||
+ - /etc/certs/woodpecker.example.com/server.crt:/etc/certs/woodpecker.example.com/server.crt
|
||||
+ - /etc/certs/woodpecker.example.com/server.key:/etc/certs/woodpecker.example.com/server.key
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt
|
||||
+ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key
|
||||
```
|
||||
|
||||
Update your configuration to expose the following ports:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
ports:
|
||||
+ - 80:80
|
||||
+ - 443:443
|
||||
- 9000:9000
|
||||
```
|
||||
|
||||
Update your configuration to mount your certificate and key:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
- 9000:9000
|
||||
volumes:
|
||||
+ - /etc/certs/woodpecker.example.com/server.crt:/etc/certs/woodpecker.example.com/server.crt
|
||||
+ - /etc/certs/woodpecker.example.com/server.key:/etc/certs/woodpecker.example.com/server.key
|
||||
```
|
||||
|
||||
Update your configuration to provide the paths of your certificate and key:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
- 9000:9000
|
||||
volumes:
|
||||
- /etc/certs/woodpecker.example.com/server.crt:/etc/certs/woodpecker.example.com/server.crt
|
||||
- /etc/certs/woodpecker.example.com/server.key:/etc/certs/woodpecker.example.com/server.key
|
||||
environment:
|
||||
+ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt
|
||||
+ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key
|
||||
```
|
||||
|
||||
### Certificate Chain
|
||||
|
||||
The most common problem encountered is providing a certificate file without the intermediate chain.
|
||||
|
||||
> LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain.
|
||||
|
||||
### Certificate Errors
|
||||
|
||||
SSL support is provided using the [ListenAndServeTLS](https://golang.org/pkg/net/http/#ListenAndServeTLS) function from the Go standard library. If you receive certificate errors or warnings please examine your configuration more closely.
|
181
docs/versioned_docs/version-1.0/30-administration/70-proxy.md
Normal file
|
@ -0,0 +1,181 @@
|
|||
# Proxy
|
||||
|
||||
## Apache
|
||||
|
||||
This guide provides a brief overview for installing Woodpecker server behind the Apache2 web-server. This is an example configuration:
|
||||
|
||||
```nohighlight
|
||||
ProxyPreserveHost On
|
||||
|
||||
RequestHeader set X-Forwarded-Proto "https"
|
||||
|
||||
ProxyPass / http://127.0.0.1:8000/
|
||||
ProxyPassReverse / http://127.0.0.1:8000/
|
||||
```
|
||||
|
||||
You must have the below Apache modules installed.
|
||||
|
||||
```nohighlight
|
||||
a2enmod proxy
|
||||
a2enmod proxy_http
|
||||
```
|
||||
|
||||
You must configure Apache to set `X-Forwarded-Proto` when using https.
|
||||
|
||||
```diff
|
||||
ProxyPreserveHost On
|
||||
|
||||
+RequestHeader set X-Forwarded-Proto "https"
|
||||
|
||||
ProxyPass / http://127.0.0.1:8000/
|
||||
ProxyPassReverse / http://127.0.0.1:8000/
|
||||
```
|
||||
|
||||
## Nginx
|
||||
|
||||
This guide provides a basic overview for installing Woodpecker server behind the Nginx web-server. For more advanced configuration options please consult the official Nginx [documentation](https://www.nginx.com/resources/admin-guide/).
|
||||
|
||||
Example configuration:
|
||||
|
||||
```nginx
|
||||
server {
|
||||
listen 80;
|
||||
server_name woodpecker.example.com;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $http_host;
|
||||
|
||||
proxy_pass http://127.0.0.1:8000;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_buffering off;
|
||||
|
||||
chunked_transfer_encoding off;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
You must configure the proxy to set `X-Forwarded` proxy headers:
|
||||
|
||||
```diff
|
||||
server {
|
||||
listen 80;
|
||||
server_name woodpecker.example.com;
|
||||
|
||||
location / {
|
||||
+ proxy_set_header X-Forwarded-For $remote_addr;
|
||||
+ proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
proxy_pass http://127.0.0.1:8000;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_buffering off;
|
||||
|
||||
chunked_transfer_encoding off;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Caddy
|
||||
|
||||
This guide provides a brief overview for installing Woodpecker server behind the [Caddy web-server](https://caddyserver.com/). This is an example caddyfile proxy configuration:
|
||||
|
||||
```caddy
|
||||
# expose WebUI and API
|
||||
woodpecker.example.com {
|
||||
reverse_proxy woodpecker-server:8000
|
||||
}
|
||||
|
||||
# expose gRPC
|
||||
woodpeckeragent.example.com {
|
||||
reverse_proxy h2c://woodpecker-server:9000
|
||||
}
|
||||
```
|
||||
|
||||
:::note
|
||||
Above configuration shows how to create reverse-proxies for web and agent communication. If your agent uses SSL do not forget to enable [WOODPECKER_GRPC_SECURE](./15-agent-config.md#woodpecker_grpc_secure).
|
||||
:::
|
||||
|
||||
## Ngrok
|
||||
|
||||
After installing [ngrok](https://ngrok.com/), open a new console and run:
|
||||
|
||||
```bash
|
||||
ngrok http 8000
|
||||
```
|
||||
|
||||
Set `WOODPECKER_HOST` (for example in `docker-compose.yml`) to the ngrok URL (usually xxx.ngrok.io) and start the server.
|
||||
|
||||
|
||||
## Traefik
|
||||
|
||||
To install the Woodpecker server behind a [Traefik](https://traefik.io/) load balancer, you must expose both the `http` and the `gRPC` ports. Here is a comprehensive example, considering you are running Traefik with docker swarm and want to do TLS termination and automatic redirection from http to https.
|
||||
|
||||
```yml
|
||||
version: '3.8'
|
||||
|
||||
services:
|
||||
server:
|
||||
image: woodpeckerci/woodpecker-server:latest
|
||||
environment:
|
||||
- WOODPECKER_OPEN=true
|
||||
- WOODPECKER_ADMIN=your_admin_user
|
||||
# other settings ...
|
||||
|
||||
networks:
|
||||
- dmz # externally defined network, so that traefik can connect to the server
|
||||
volumes:
|
||||
- woodpecker-server-data:/var/lib/woodpecker/
|
||||
|
||||
deploy:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
|
||||
# web server
|
||||
- traefik.http.services.woodpecker-service.loadbalancer.server.port=8000
|
||||
|
||||
- traefik.http.routers.woodpecker-secure.rule=Host(`cd.yourdomain.com`)
|
||||
- traefik.http.routers.woodpecker-secure.tls=true
|
||||
- traefik.http.routers.woodpecker-secure.tls.certresolver=letsencrypt
|
||||
- traefik.http.routers.woodpecker-secure.entrypoints=websecure
|
||||
- traefik.http.routers.woodpecker-secure.service=woodpecker-service
|
||||
|
||||
- traefik.http.routers.woodpecker.rule=Host(`cd.yourdomain.com`)
|
||||
- traefik.http.routers.woodpecker.entrypoints=web
|
||||
- traefik.http.routers.woodpecker.service=woodpecker-service
|
||||
|
||||
- traefik.http.middlewares.woodpecker-redirect.redirectscheme.scheme=https
|
||||
- traefik.http.middlewares.woodpecker-redirect.redirectscheme.permanent=true
|
||||
- traefik.http.routers.woodpecker.middlewares=woodpecker-redirect@docker
|
||||
|
||||
# gRPC service
|
||||
- traefik.http.services.woodpecker-grpc.loadbalancer.server.port=9000
|
||||
- traefik.http.services.woodpecker-grpc.loadbalancer.server.scheme=h2c
|
||||
|
||||
- traefik.http.routers.woodpecker-grpc-secure.rule=Host(`woodpecker-grpc.yourdomain.com`)
|
||||
- traefik.http.routers.woodpecker-grpc-secure.tls=true
|
||||
- traefik.http.routers.woodpecker-grpc-secure.tls.certresolver=letsencrypt
|
||||
- traefik.http.routers.woodpecker-grpc-secure.entrypoints=websecure
|
||||
- traefik.http.routers.woodpecker-grpc-secure.service=woodpecker-grpc
|
||||
|
||||
- traefik.http.routers.woodpecker-grpc.rule=Host(`woodpecker-grpc.yourdomain.com`)
|
||||
- traefik.http.routers.woodpecker-grpc.entrypoints=web
|
||||
- traefik.http.routers.woodpecker-grpc.service=woodpecker-grpc
|
||||
|
||||
- traefik.http.middlewares.woodpecker-grpc-redirect.redirectscheme.scheme=https
|
||||
- traefik.http.middlewares.woodpecker-grpc-redirect.redirectscheme.permanent=true
|
||||
- traefik.http.routers.woodpecker-grpc.middlewares=woodpecker-grpc-redirect@docker
|
||||
|
||||
|
||||
volumes:
|
||||
woodpecker-server-data:
|
||||
driver: local
|
||||
|
||||
networks:
|
||||
dmz:
|
||||
external: true
|
||||
```
|
||||
|
||||
You should pass `WOODPECKER_GRPC_SECURE=true` and `WOODPECKER_GRPC_VERIFY=true` to your agent when using this configuration.
|
|
@ -0,0 +1,72 @@
|
|||
# Kubernetes
|
||||
|
||||
Woodpecker does support Kubernetes as a backend. See the [Kubernetes backend configuration](./22-backends/40-kubernetes.md#configuration) for backend-specific options.
|
||||
|
||||
:::caution
|
||||
Kubernetes support is still experimental and not all pipeline features are fully supported yet.
|
||||
|
||||
Check the [current state](https://github.com/woodpecker-ci/woodpecker/issues/9#issuecomment-483979755)
|
||||
:::
|
||||
|
||||
## Deploy with HELM
|
||||
|
||||
Deploying Woodpecker with [HELM](https://helm.sh/docs/) is the recommended way.
|
||||
Have a look at the `values.yaml` config files for all available settings.
|
||||
|
||||
### Preparation
|
||||
|
||||
```shell
|
||||
# create agent secret
|
||||
kubectl create secret generic woodpecker-secret \
|
||||
--namespace <namespace> \
|
||||
--from-literal=WOODPECKER_AGENT_SECRET=$(openssl rand -hex 32)
|
||||
|
||||
# add credentials for your forge
|
||||
kubectl create secret generic woodpecker-github-client \
|
||||
--namespace <namespace> \
|
||||
--from-literal=WOODPECKER_GITHUB_CLIENT=xxxxxxxx
|
||||
|
||||
kubectl create secret generic woodpecker-github-secret \
|
||||
--namespace <namespace> \
|
||||
--from-literal=WOODPECKER_GITHUB_SECRET=xxxxxxxx
|
||||
|
||||
# add helm repo
|
||||
helm repo add woodpecker https://woodpecker-ci.org/
|
||||
```
|
||||
|
||||
### Woodpecker server
|
||||
|
||||
```shell
|
||||
# Install
|
||||
helm upgrade --install woodpecker-server --namespace <namespace> woodpecker/woodpecker-server
|
||||
|
||||
# Uninstall
|
||||
helm delete woodpecker-server
|
||||
```
|
||||
|
||||
### Woodpecker agent
|
||||
|
||||
```shell
|
||||
# Install
|
||||
helm upgrade --install woodpecker-agent --namespace <namespace> woodpecker/woodpecker-agent
|
||||
|
||||
# Uninstall
|
||||
helm delete woodpecker-agent
|
||||
```
|
||||
|
||||
## Volumes
|
||||
|
||||
To mount volumes a persistent volume (PV) and persistent volume claim (PVC) are needed on the cluster which can be referenced in steps via the `volume:` option.
|
||||
Assuming a PVC named "woodpecker-cache" exists, it can be referenced as follows in a step:
|
||||
|
||||
```yaml
|
||||
steps:
|
||||
"Restore Cache":
|
||||
image: meltwater/drone-cache
|
||||
volumes:
|
||||
- woodpecker-cache:/woodpecker/src/cache
|
||||
settings:
|
||||
mount:
|
||||
- "woodpecker-cache"
|
||||
[...]
|
||||
```
|
|
@ -0,0 +1,71 @@
|
|||
# Prometheus
|
||||
|
||||
Woodpecker is compatible with Prometheus and exposes a `/metrics` endpoint. Please note that access to the metrics endpoint is restricted and requires an authorization token with administrative privileges.
|
||||
|
||||
```yaml
|
||||
global:
|
||||
scrape_interval: 60s
|
||||
|
||||
scrape_configs:
|
||||
- job_name: 'woodpecker'
|
||||
bearer_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
|
||||
|
||||
static_configs:
|
||||
- targets: ['woodpecker.domain.com']
|
||||
```
|
||||
|
||||
## Authorization
|
||||
|
||||
An administrator will need to generate a user API token and configure in the Prometheus configuration file as a bearer token. Please see the following example:
|
||||
|
||||
```diff
|
||||
global:
|
||||
scrape_interval: 60s
|
||||
|
||||
scrape_configs:
|
||||
- job_name: 'woodpecker'
|
||||
+ bearer_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
|
||||
|
||||
static_configs:
|
||||
- targets: ['woodpecker.domain.com']
|
||||
```
|
||||
|
||||
## Unauthenticated Access
|
||||
|
||||
Alternatively, the unprotected `/metrics` endpoint might be exposed on the internal port. (Port is configurable via the `WOODPECKER_METRICS_SERVER_ADDR` environment variable, e.g. `:9001`.)
|
||||
|
||||
## Metric Reference
|
||||
|
||||
List of Prometheus metrics specific to Woodpecker:
|
||||
|
||||
```
|
||||
# HELP woodpecker_pipeline_count Pipeline count.
|
||||
# TYPE woodpecker_pipeline_count counter
|
||||
woodpecker_build_count{branch="master",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 3
|
||||
woodpecker_build_count{branch="mkdocs",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 3
|
||||
# HELP woodpecker_pipeline_time Build time.
|
||||
# TYPE woodpecker_pipeline_time gauge
|
||||
woodpecker_build_time{branch="master",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 116
|
||||
woodpecker_build_time{branch="mkdocs",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 155
|
||||
# HELP woodpecker_pipeline_total_count Total number of builds.
|
||||
# TYPE woodpecker_pipeline_total_count gauge
|
||||
woodpecker_build_total_count 1025
|
||||
# HELP woodpecker_pending_steps Total number of pending pipeline steps.
|
||||
# TYPE woodpecker_pending_steps gauge
|
||||
woodpecker_pending_steps 0
|
||||
# HELP woodpecker_repo_count Total number of repos.
|
||||
# TYPE woodpecker_repo_count gauge
|
||||
woodpecker_repo_count 9
|
||||
# HELP woodpecker_running_steps Total number of running pipeline steps.
|
||||
# TYPE woodpecker_running_steps gauge
|
||||
woodpecker_running_steps 0
|
||||
# HELP woodpecker_user_count Total number of users.
|
||||
# TYPE woodpecker_user_count gauge
|
||||
woodpecker_user_count 1
|
||||
# HELP woodpecker_waiting_steps Total number of pipeline waiting on deps.
|
||||
# TYPE woodpecker_waiting_steps gauge
|
||||
woodpecker_waiting_steps 0
|
||||
# HELP woodpecker_worker_count Total number of workers.
|
||||
# TYPE woodpecker_worker_count gauge
|
||||
woodpecker_worker_count 4
|
||||
```
|
|
@ -0,0 +1,4 @@
|
|||
label: 'Administration'
|
||||
# position: 3
|
||||
collapsible: true
|
||||
collapsed: true
|
After Width: | Height: | Size: 5.3 KiB |
After Width: | Height: | Size: 4.4 KiB |
After Width: | Height: | Size: 25 KiB |
920
docs/versioned_docs/version-1.0/40-cli.md
Normal file
|
@ -0,0 +1,920 @@
|
|||
# CLI
|
||||
|
||||
# NAME
|
||||
|
||||
woodpecker-cli - command line utility
|
||||
|
||||
# SYNOPSIS
|
||||
|
||||
woodpecker-cli
|
||||
|
||||
```
|
||||
[--log-level]=[value]
|
||||
[--server|-s]=[value]
|
||||
[--token|-t]=[value]
|
||||
```
|
||||
|
||||
**Usage**:
|
||||
|
||||
```
|
||||
woodpecker-cli [GLOBAL OPTIONS] command [COMMAND OPTIONS] [ARGUMENTS...]
|
||||
```
|
||||
|
||||
# GLOBAL OPTIONS
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
|
||||
# COMMANDS
|
||||
|
||||
## pipeline, build
|
||||
|
||||
manage pipelines
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### ls
|
||||
|
||||
show pipeline history
|
||||
|
||||
**--branch**="": branch filter
|
||||
|
||||
**--event**="": event filter
|
||||
|
||||
**--format**="": format output (default: [33mPipeline #{{ .Number }} [0m
|
||||
Status: {{ .Status }}
|
||||
Event: {{ .Event }}
|
||||
Commit: {{ .Commit }}
|
||||
Branch: {{ .Branch }}
|
||||
Ref: {{ .Ref }}
|
||||
Author: {{ .Author }} {{ if .Email }}<{{.Email}}>{{ end }}
|
||||
Message: {{ .Message }}
|
||||
)
|
||||
|
||||
**--limit**="": limit the list size (default: 0)
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--status**="": status filter
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### last
|
||||
|
||||
show latest pipeline details
|
||||
|
||||
**--branch**="": branch name (default: master)
|
||||
|
||||
**--format**="": format output (default: Number: {{ .Number }}
|
||||
Status: {{ .Status }}
|
||||
Event: {{ .Event }}
|
||||
Commit: {{ .Commit }}
|
||||
Branch: {{ .Branch }}
|
||||
Ref: {{ .Ref }}
|
||||
Message: {{ .Message }}
|
||||
Author: {{ .Author }}
|
||||
)
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### logs
|
||||
|
||||
show pipeline logs
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### info
|
||||
|
||||
show pipeline details
|
||||
|
||||
**--format**="": format output (default: Number: {{ .Number }}
|
||||
Status: {{ .Status }}
|
||||
Event: {{ .Event }}
|
||||
Commit: {{ .Commit }}
|
||||
Branch: {{ .Branch }}
|
||||
Ref: {{ .Ref }}
|
||||
Message: {{ .Message }}
|
||||
Author: {{ .Author }}
|
||||
)
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### stop
|
||||
|
||||
stop a pipeline
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### start
|
||||
|
||||
start a pipeline
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--param, -p**="": custom parameters to be injected into the step environment. Format: KEY=value
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### approve
|
||||
|
||||
approve a pipeline
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### decline
|
||||
|
||||
decline a pipeline
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### queue
|
||||
|
||||
show pipeline queue
|
||||
|
||||
**--format**="": format output (default: [33m{{ .FullName }} #{{ .Number }} [0m
|
||||
Status: {{ .Status }}
|
||||
Event: {{ .Event }}
|
||||
Commit: {{ .Commit }}
|
||||
Branch: {{ .Branch }}
|
||||
Ref: {{ .Ref }}
|
||||
Author: {{ .Author }} {{ if .Email }}<{{.Email}}>{{ end }}
|
||||
Message: {{ .Message }}
|
||||
)
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### ps
|
||||
|
||||
show pipeline steps
|
||||
|
||||
**--format**="": format output (default: [33mStep #{{ .PID }} [0m
|
||||
Step: {{ .Name }}
|
||||
State: {{ .State }}
|
||||
)
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### create
|
||||
|
||||
create new pipeline
|
||||
|
||||
**--branch**="": branch to create pipeline from
|
||||
|
||||
**--format**="": format output (default: [33mPipeline #{{ .Number }} [0m
|
||||
Status: {{ .Status }}
|
||||
Event: {{ .Event }}
|
||||
Commit: {{ .Commit }}
|
||||
Branch: {{ .Branch }}
|
||||
Ref: {{ .Ref }}
|
||||
Author: {{ .Author }} {{ if .Email }}<{{.Email}}>{{ end }}
|
||||
Message: {{ .Message }}
|
||||
)
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
**--var**="": key=value
|
||||
|
||||
## log
|
||||
|
||||
manage logs
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### purge
|
||||
|
||||
purge a log
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
## deploy
|
||||
|
||||
deploy code
|
||||
|
||||
**--branch**="": branch filter (default: master)
|
||||
|
||||
**--event**="": event filter (default: push)
|
||||
|
||||
**--format**="": format output (default: Number: {{ .Number }}
|
||||
Status: {{ .Status }}
|
||||
Commit: {{ .Commit }}
|
||||
Branch: {{ .Branch }}
|
||||
Ref: {{ .Ref }}
|
||||
Message: {{ .Message }}
|
||||
Author: {{ .Author }}
|
||||
Target: {{ .Deploy }}
|
||||
)
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--param, -p**="": custom parameters to be injected into the step environment. Format: KEY=value
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--status**="": status filter (default: success)
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
## exec
|
||||
|
||||
execute a local pipeline
|
||||
|
||||
**--backend-docker-ipv6**: backend docker enable IPV6
|
||||
|
||||
**--backend-docker-network**="": backend docker network
|
||||
|
||||
**--backend-docker-volumes**="": backend docker volumes (comma separated)
|
||||
|
||||
**--backend-engine**="": backend engine to run pipelines on (default: auto-detect)
|
||||
|
||||
**--backend-k8s-namespace**="": backend k8s namespace (default: woodpecker)
|
||||
|
||||
**--backend-k8s-pod-annotations**="": backend k8s additional worker pod annotations
|
||||
|
||||
**--backend-k8s-pod-labels**="": backend k8s additional worker pod labels
|
||||
|
||||
**--backend-k8s-storage-class**="": backend k8s storage class
|
||||
|
||||
**--backend-k8s-storage-rwx**: backend k8s storage access mode, should ReadWriteMany (RWX) instead of ReadWriteOnce (RWO) be used? (default: true)
|
||||
|
||||
**--backend-k8s-volume-size**="": backend k8s volume size (default 10G) (default: 10G)
|
||||
|
||||
**--backend-ssh-address**="": backend ssh address
|
||||
|
||||
**--backend-ssh-key**="": backend ssh key file
|
||||
|
||||
**--backend-ssh-key-password**="": backend ssh key password
|
||||
|
||||
**--backend-ssh-password**="": backend ssh password
|
||||
|
||||
**--backend-ssh-user**="": backend ssh user
|
||||
|
||||
**--commit-author-avatar**="":
|
||||
|
||||
**--commit-author-email**="":
|
||||
|
||||
**--commit-author-name**="":
|
||||
|
||||
**--commit-branch**="":
|
||||
|
||||
**--commit-message**="":
|
||||
|
||||
**--commit-ref**="":
|
||||
|
||||
**--commit-refspec**="":
|
||||
|
||||
**--commit-sha**="":
|
||||
|
||||
**--env**="":
|
||||
|
||||
**--forge-type**="":
|
||||
|
||||
**--forge-url**="":
|
||||
|
||||
**--local**: run from local directory
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--netrc-machine**="":
|
||||
|
||||
**--netrc-password**="":
|
||||
|
||||
**--netrc-username**="":
|
||||
|
||||
**--network**="": external networks
|
||||
|
||||
**--pipeline-created**="": (default: 0)
|
||||
|
||||
**--pipeline-event**="": (default: manual)
|
||||
|
||||
**--pipeline-finished**="": (default: 0)
|
||||
|
||||
**--pipeline-link**="":
|
||||
|
||||
**--pipeline-number**="": (default: 0)
|
||||
|
||||
**--pipeline-parent**="": (default: 0)
|
||||
|
||||
**--pipeline-started**="": (default: 0)
|
||||
|
||||
**--pipeline-status**="":
|
||||
|
||||
**--pipeline-target**="":
|
||||
|
||||
**--prev-commit-author-avatar**="":
|
||||
|
||||
**--prev-commit-author-email**="":
|
||||
|
||||
**--prev-commit-author-name**="":
|
||||
|
||||
**--prev-commit-branch**="":
|
||||
|
||||
**--prev-commit-message**="":
|
||||
|
||||
**--prev-commit-ref**="":
|
||||
|
||||
**--prev-commit-refspec**="":
|
||||
|
||||
**--prev-commit-sha**="":
|
||||
|
||||
**--prev-pipeline-created**="": (default: 0)
|
||||
|
||||
**--prev-pipeline-event**="":
|
||||
|
||||
**--prev-pipeline-finished**="": (default: 0)
|
||||
|
||||
**--prev-pipeline-link**="":
|
||||
|
||||
**--prev-pipeline-number**="": (default: 0)
|
||||
|
||||
**--prev-pipeline-started**="": (default: 0)
|
||||
|
||||
**--prev-pipeline-status**="":
|
||||
|
||||
**--privileged**="": privileged plugins (default: "plugins/docker", "plugins/gcr", "plugins/ecr", "woodpeckerci/plugin-docker-buildx")
|
||||
|
||||
**--repo**="": full repo name
|
||||
|
||||
**--repo-clone-url**="":
|
||||
|
||||
**--repo-link**="":
|
||||
|
||||
**--repo-private**="":
|
||||
|
||||
**--repo-remote-id**="":
|
||||
|
||||
**--repo-trusted**:
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--step-name**="": (default: 0)
|
||||
|
||||
**--system-link**="": (default: https://github.com/woodpecker-ci/woodpecker)
|
||||
|
||||
**--system-name**="": (default: woodpecker)
|
||||
|
||||
**--system-platform**="":
|
||||
|
||||
**--timeout**="": pipeline timeout (default: 0s)
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
**--volumes**="": pipeline volumes
|
||||
|
||||
**--workflow-name**="": (default: 0)
|
||||
|
||||
**--workflow-number**="": (default: 0)
|
||||
|
||||
**--workspace-base**="": (default: /woodpecker)
|
||||
|
||||
**--workspace-path**="": (default: src)
|
||||
|
||||
## info
|
||||
|
||||
show information about the current user
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
## registry
|
||||
|
||||
manage registries
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### add
|
||||
|
||||
adds a registry
|
||||
|
||||
**--hostname**="": registry hostname (default: docker.io)
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--password**="": registry password
|
||||
|
||||
**--repository, --repo**="": repository id or full-name (e.g. 134 or octocat/hello-world)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
**--username**="": registry username
|
||||
|
||||
### rm
|
||||
|
||||
remove a registry
|
||||
|
||||
**--hostname**="": registry hostname (default: docker.io)
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--repository, --repo**="": repository id or full-name (e.g. 134 or octocat/hello-world)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### update
|
||||
|
||||
update a registry
|
||||
|
||||
**--hostname**="": registry hostname (default: docker.io)
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--password**="": registry password
|
||||
|
||||
**--repository, --repo**="": repository id or full-name (e.g. 134 or octocat/hello-world)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
**--username**="": registry username
|
||||
|
||||
### info
|
||||
|
||||
display registry info
|
||||
|
||||
**--hostname**="": registry hostname (default: docker.io)
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--repository, --repo**="": repository id or full-name (e.g. 134 or octocat/hello-world)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### ls
|
||||
|
||||
list registries
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--repository, --repo**="": repository id or full-name (e.g. 134 or octocat/hello-world)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
## secret
|
||||
|
||||
manage secrets
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### add
|
||||
|
||||
adds a secret
|
||||
|
||||
**--event**="": secret limited to these events
|
||||
|
||||
**--global**: global secret
|
||||
|
||||
**--image**="": secret limited to these images
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--name**="": secret name
|
||||
|
||||
**--organization**="": organization name (e.g. octocat)
|
||||
|
||||
**--plugins-only**: secret limited to plugins
|
||||
|
||||
**--repository, --repo**="": repository id or full-name (e.g. 134 or octocat/hello-world)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
**--value**="": secret value
|
||||
|
||||
### rm
|
||||
|
||||
remove a secret
|
||||
|
||||
**--global**: global secret
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--name**="": secret name
|
||||
|
||||
**--organization**="": organization name (e.g. octocat)
|
||||
|
||||
**--repository, --repo**="": repository id or full-name (e.g. 134 or octocat/hello-world)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### update
|
||||
|
||||
update a secret
|
||||
|
||||
**--event**="": secret limited to these events
|
||||
|
||||
**--global**: global secret
|
||||
|
||||
**--image**="": secret limited to these images
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--name**="": secret name
|
||||
|
||||
**--organization**="": organization name (e.g. octocat)
|
||||
|
||||
**--plugins-only**: secret limited to plugins
|
||||
|
||||
**--repository, --repo**="": repository id or full-name (e.g. 134 or octocat/hello-world)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
**--value**="": secret value
|
||||
|
||||
### info
|
||||
|
||||
display secret info
|
||||
|
||||
**--global**: global secret
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--name**="": secret name
|
||||
|
||||
**--organization**="": organization name (e.g. octocat)
|
||||
|
||||
**--repository, --repo**="": repository id or full-name (e.g. 134 or octocat/hello-world)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### ls
|
||||
|
||||
list secrets
|
||||
|
||||
**--global**: global secret
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--organization**="": organization name (e.g. octocat)
|
||||
|
||||
**--repository, --repo**="": repository id or full-name (e.g. 134 or octocat/hello-world)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
## repo
|
||||
|
||||
manage repositories
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### ls
|
||||
|
||||
list all repos
|
||||
|
||||
**--format**="": format output (default: [33m{{ .FullName }}[0m (id: {{ .ID }}))
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--org**="": filter by organization
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### info
|
||||
|
||||
show repository details
|
||||
|
||||
**--format**="": format output (default: Owner: {{ .Owner }}
|
||||
Repo: {{ .Name }}
|
||||
Link: {{ .Link }}
|
||||
Config path: {{ .Config }}
|
||||
Visibility: {{ .Visibility }}
|
||||
Private: {{ .IsSCMPrivate }}
|
||||
Trusted: {{ .IsTrusted }}
|
||||
Gated: {{ .IsGated }}
|
||||
Clone url: {{ .Clone }}
|
||||
Allow pull-requests: {{ .AllowPullRequests }}
|
||||
)
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### add
|
||||
|
||||
add a repository
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### update
|
||||
|
||||
update a repository
|
||||
|
||||
**--config**="": repository configuration path (e.g. .woodpecker.yml)
|
||||
|
||||
**--gated**: repository is gated
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--pipeline-counter**="": repository starting pipeline number (default: 0)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--timeout**="": repository timeout (default: 0s)
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
**--trusted**: repository is trusted
|
||||
|
||||
**--unsafe**: validate updating the pipeline-counter is unsafe
|
||||
|
||||
**--visibility**="": repository visibility
|
||||
|
||||
### rm
|
||||
|
||||
remove a repository
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### repair
|
||||
|
||||
repair repository webhooks
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### chown
|
||||
|
||||
assume ownership of a repository
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### sync
|
||||
|
||||
synchronize the repository list
|
||||
|
||||
**--format**="": format output (default: [33m{{ .FullName }}[0m (id: {{ .ID }}))
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
## user
|
||||
|
||||
manage users
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### ls
|
||||
|
||||
list all users
|
||||
|
||||
**--format**="": format output (default: {{ .Login }})
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### info
|
||||
|
||||
show user details
|
||||
|
||||
**--format**="": format output (default: User: {{ .Login }}
|
||||
Email: {{ .Email }})
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### add
|
||||
|
||||
adds a user
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### rm
|
||||
|
||||
remove a user
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
## lint
|
||||
|
||||
lint a pipeline configuration file
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
## log-level
|
||||
|
||||
get the logging level of the server, or set it with [level]
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
## cron
|
||||
|
||||
manage cron jobs
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### add
|
||||
|
||||
add a cron job
|
||||
|
||||
**--branch**="": cron branch
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--name**="": cron name
|
||||
|
||||
**--repository, --repo**="": repository id or full-name (e.g. 134 or octocat/hello-world)
|
||||
|
||||
**--schedule**="": cron schedule
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### rm
|
||||
|
||||
remove a cron job
|
||||
|
||||
**--id**="": cron id
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--repository, --repo**="": repository id or full-name (e.g. 134 or octocat/hello-world)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### update
|
||||
|
||||
update a cron job
|
||||
|
||||
**--branch**="": cron branch
|
||||
|
||||
**--id**="": cron id
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--name**="": cron name
|
||||
|
||||
**--repository, --repo**="": repository id or full-name (e.g. 134 or octocat/hello-world)
|
||||
|
||||
**--schedule**="": cron schedule
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### info
|
||||
|
||||
display info about a cron job
|
||||
|
||||
**--id**="": cron id
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--repository, --repo**="": repository id or full-name (e.g. 134 or octocat/hello-world)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
||||
|
||||
### ls
|
||||
|
||||
list cron jobs
|
||||
|
||||
**--log-level**="": set logging level (default: info)
|
||||
|
||||
**--repository, --repo**="": repository id or full-name (e.g. 134 or octocat/hello-world)
|
||||
|
||||
**--server, -s**="": server address
|
||||
|
||||
**--token, -t**="": server auth token
|
33
docs/versioned_docs/version-1.0/80-downloads.md
Normal file
|
@ -0,0 +1,33 @@
|
|||
# Downloads
|
||||
|
||||
## Which version of Woodpecker should I use?
|
||||
|
||||
Woodpecker is having two different kinds of releases: **stable** and **next**.
|
||||
|
||||
To find out more about the differences between the two releases, please read the [FAQ](/faq).
|
||||
|
||||
## Binaries & DEB, RPM
|
||||
|
||||
[Latest release](https://github.com/woodpecker-ci/woodpecker/releases/latest)
|
||||
|
||||
## Docker images
|
||||
|
||||
Image variants:
|
||||
* The `latest` image is the latest stable release
|
||||
* The `vX.X.X` images are stable releases
|
||||
* The `vX.X` images are based on the latest patch version of a specific minor release (see [Semver](https://semver.org/))
|
||||
* The `next` images are based on the current master branch and should not be used for production environments
|
||||
|
||||
``` bash
|
||||
# server
|
||||
docker pull woodpeckerci/woodpecker-server:latest
|
||||
docker pull woodpeckerci/woodpecker-server:latest-alpine
|
||||
|
||||
# agent
|
||||
docker pull woodpeckerci/woodpecker-agent:latest
|
||||
docker pull woodpeckerci/woodpecker-agent:latest-alpine
|
||||
|
||||
# cli
|
||||
docker pull woodpeckerci/woodpecker-cli:latest
|
||||
docker pull woodpeckerci/woodpecker-cli:latest-alpine
|
||||
```
|
115
docs/versioned_docs/version-1.0/91-migrations.md
Normal file
|
@ -0,0 +1,115 @@
|
|||
# Migrations
|
||||
|
||||
Some versions need some changes to the server configuration or the pipeline configuration files.
|
||||
|
||||
## next
|
||||
|
||||
No breaking changes
|
||||
|
||||
## 1.0.0
|
||||
|
||||
- The signature used to verify extensions calls (like those used for the [config-extension](./30-administration/100-external-configuration-api.md)) done by the Woodpecker server switched from using a shared-secret HMac to an ed25519 key-pair. Read more about it at the [config-extensions](./30-administration/100-external-configuration-api.md) documentation.
|
||||
- Refactored support of old agent filter labels and expression. Learn how to use the new [filter](./20-usage/20-pipeline-syntax.md#labels)
|
||||
- Renamed step environment variable `CI_SYSTEM_ARCH` to `CI_SYSTEM_PLATFORM`. Same applies for the cli exec variable.
|
||||
- Renamed environment variables `CI_BUILD_*` and `CI_PREV_BUILD_*` to `CI_PIPELINE_*` and `CI_PREV_PIPELINE_*`, old ones are still available but deprecated
|
||||
- Renamed environment variables `CI_JOB_*` to `CI_STEP_*`, old ones are still available but deprecated
|
||||
- Renamed environment variable `CI_REPO_REMOTE` to `CI_REPO_CLONE_URL`, old is still available but deprecated
|
||||
- Renamed environment variable `*_LINK` to `*_URL`, old ones are still available but deprecated
|
||||
- Renamed API endpoints for pipelines (`<owner>/<repo>/builds/<buildId>` -> `<owner>/<repo>/pipelines/<pipelineId>`), old ones are still available but deprecated
|
||||
- Updated Prometheus gauge `build_*` to `pipeline_*`
|
||||
- Updated Prometheus gauge `*_job_*` to `*_step_*`
|
||||
- Renamed config env `WOODPECKER_MAX_PROCS` to `WOODPECKER_MAX_WORKFLOWS` (still available as fallback)
|
||||
- The pipelines are now also read from `.yaml` files, the new default order is `.woodpecker/*.yml` and `.woodpecker/*.yaml` (without any prioritization) -> `.woodpecker.yml` -> `.woodpecker.yaml`
|
||||
- Dropped support for [Coding](https://coding.net/), [Gogs](https://gogs.io) and Bitbucket Server (Stash).
|
||||
- `/api/queue/resume` & `/api/queue/pause` endpoint methods were changed from `GET` to `POST`
|
||||
- rename `pipeline:` key in your workflow config to `steps:`
|
||||
- If you want to migrate old logs to the new format, watch the error messages on start. If there are none we are good to go, else you have to plan a migration that can take hours. Set `WOODPECKER_MIGRATIONS_ALLOW_LONG` to true and let it run.
|
||||
- Using `repo-id` in favor of `owner/repo` combination
|
||||
- :warning: The api endpoints `/api/repos/{owner}/{repo}/...` were replaced by new endpoints using the repos id `/api/repos/{repo-id}`
|
||||
- To find the id of a repo use the `/api/repos/lookup/{repo-full-name-with-slashes}` endpoint.
|
||||
- The existing badge endpoint `/api/badges/{owner}/{repo}` will still work, but whenever possible try to use the new endpoint using the `repo-id`: `/api/badges/{repo-id}`.
|
||||
- The UI urls for a repository changed from `/repos/{owner}/{repo}/...` to `/repos/{repo-id}/...`. You will be redirected automatically when using the old url.
|
||||
- The woodpecker-go api-client is now using the `repo-id` instead of `owner/repo` for all functions
|
||||
- Using `org-id` in favour of `owner` name
|
||||
- :warning: The api endpoints `/api/orgs/{owner}/...` were replaced by new endpoints using the orgs id `/api/repos/{org-id}`
|
||||
- To find the id of orgs use the `/api/orgs/lookup/{org_full_name}` endpoint.
|
||||
- The UI urls for a organization changed from `/org/{owner}/...` to `/orgs/{org-id}/...`. You will be redirected automatically when using the old url.
|
||||
- The woodpecker-go api-client is now using the `org-id` instead of `org name` for all functions
|
||||
|
||||
## 0.15.0
|
||||
|
||||
- Default value for custom pipeline path is now empty / un-set which results in following resolution:
|
||||
|
||||
`.woodpecker/*.yml` -> `.woodpecker.yml` -> `.drone.yml`
|
||||
|
||||
Only projects created after updating will have an empty value by default. Existing projects will stick to the current pipeline path which is `.drone.yml` in most cases.
|
||||
|
||||
Read more about it at the [Project Settings](./20-usage/71-project-settings.md#pipeline-path)
|
||||
|
||||
- From version `0.15.0` ongoing there will be three types of docker images: `latest`, `next` and `x.x.x` with an alpine variant for each type like `latest-alpine`.
|
||||
If you used `latest` before to try pre-release features you should switch to `next` after this release.
|
||||
|
||||
- Dropped support for `DRONE_*` environment variables. The according `WOODPECKER_*` variables must be used instead.
|
||||
Additionally some alternative namings have been removed to simplify maintenance:
|
||||
- `WOODPECKER_AGENT_SECRET` replaces `WOODPECKER_SECRET`, `DRONE_SECRET`, `WOODPECKER_PASSWORD`, `DRONE_PASSWORD` and `DRONE_AGENT_SECRET`.
|
||||
- `WOODPECKER_HOST` replaces `DRONE_HOST` and `DRONE_SERVER_HOST`.
|
||||
- `WOODPECKER_DATABASE_DRIVER` replaces `DRONE_DATABASE_DRIVER` and `DATABASE_DRIVER`.
|
||||
- `WOODPECKER_DATABASE_DATASOURCE` replaces `DRONE_DATABASE_DATASOURCE` and `DATABASE_CONFIG`.
|
||||
|
||||
- Dropped support for `DRONE_*` environment variables in pipeline steps. Pipeline meta-data can be accessed with `CI_*` variables.
|
||||
- `CI_*` prefix replaces `DRONE_*`
|
||||
- `CI` value is now `woodpecker`
|
||||
- `DRONE=true` has been removed
|
||||
- Some variables got deprecated and will be removed in future versions. Please migrate to the new names. Same applies for `DRONE_` of them.
|
||||
- CI_ARCH => use CI_SYSTEM_ARCH
|
||||
- CI_COMMIT => CI_COMMIT_SHA
|
||||
- CI_TAG => CI_COMMIT_TAG
|
||||
- CI_PULL_REQUEST => CI_COMMIT_PULL_REQUEST
|
||||
- CI_REMOTE_URL => use CI_REPO_REMOTE
|
||||
- CI_REPO_BRANCH => use CI_REPO_DEFAULT_BRANCH
|
||||
- CI_PARENT_BUILD_NUMBER => use CI_BUILD_PARENT
|
||||
- CI_BUILD_TARGET => use CI_BUILD_DEPLOY_TARGET
|
||||
- CI_DEPLOY_TO => use CI_BUILD_DEPLOY_TARGET
|
||||
- CI_COMMIT_AUTHOR_NAME => use CI_COMMIT_AUTHOR
|
||||
- CI_PREV_COMMIT_AUTHOR_NAME => use CI_PREV_COMMIT_AUTHOR
|
||||
- CI_SYSTEM => use CI_SYSTEM_NAME
|
||||
- CI_BRANCH => use CI_COMMIT_BRANCH
|
||||
- CI_SOURCE_BRANCH => use CI_COMMIT_SOURCE_BRANCH
|
||||
- CI_TARGET_BRANCH => use CI_COMMIT_TARGET_BRANCH
|
||||
|
||||
For all available variables and their descriptions have a look at [built-in-environment-variables](./20-usage/50-environment.md#built-in-environment-variables).
|
||||
|
||||
- Prometheus metrics have been changed from `drone_*` to `woodpecker_*`
|
||||
|
||||
- Base path has moved from `/var/lib/drone` to `/var/lib/woodpecker`
|
||||
|
||||
- Default workspace base path has moved from `/drone` to `/woodpecker`
|
||||
|
||||
- Default SQLite database location has changed:
|
||||
- `/var/lib/drone/drone.sqlite` -> `/var/lib/woodpecker/woodpecker.sqlite`
|
||||
- `drone.sqlite` -> `woodpecker.sqlite`
|
||||
|
||||
- Plugin Settings moved into `settings` section:
|
||||
|
||||
```diff
|
||||
steps:
|
||||
something:
|
||||
image: my/plugin
|
||||
- setting1: foo
|
||||
- setting2: bar
|
||||
+ settings:
|
||||
+ setting1: foo
|
||||
+ setting2: bar
|
||||
```
|
||||
|
||||
- `WOODPECKER_DEBUG` option for server and agent got removed in favor of `WOODPECKER_LOG_LEVEL=debug`
|
||||
|
||||
- Remove unused server flags which can safely be removed from your server config: `WOODPECKER_QUIC`, `WOODPECKER_GITHUB_SCOPE`, `WOODPECKER_GITHUB_GIT_USERNAME`, `WOODPECKER_GITHUB_GIT_PASSWORD`, `WOODPECKER_GITHUB_PRIVATE_MODE`, `WOODPECKER_GITEA_GIT_USERNAME`, `WOODPECKER_GITEA_GIT_PASSWORD`, `WOODPECKER_GITEA_PRIVATE_MODE`, `WOODPECKER_GITLAB_GIT_USERNAME`, `WOODPECKER_GITLAB_GIT_PASSWORD`, `WOODPECKER_GITLAB_PRIVATE_MODE`
|
||||
|
||||
- Dropped support for manually setting the agents platform with `WOODPECKER_PLATFORM`. The platform is now automatically detected.
|
||||
|
||||
- Use `WOODPECKER_STATUS_CONTEXT` instead of the deprecated options `WOODPECKER_GITHUB_CONTEXT` and `WOODPECKER_GITEA_CONTEXT`.
|
||||
|
||||
## 0.14.0
|
||||
|
||||
No breaking changes
|
50
docs/versioned_docs/version-1.0/92-awesome.md
Normal file
|
@ -0,0 +1,50 @@
|
|||
# Awesome Woodpecker
|
||||
|
||||
A curated list of awesome things related to Woodpecker-CI.
|
||||
|
||||
If you have some missing resources, please feel free to [open a pull-request](https://github.com/woodpecker-ci/woodpecker/edit/master/docs/docs/92-awesome.md) and add them.
|
||||
|
||||
## Official Resources
|
||||
|
||||
- [Woodpecker CI pipeline configs](https://github.com/woodpecker-ci/woodpecker/tree/master/.woodpecker) - Complex setup containing different kind of pipelines
|
||||
- [Golang tests](https://github.com/woodpecker-ci/woodpecker/blob/master/.woodpecker/test.yml)
|
||||
- [Typescript, eslint & Vue](https://github.com/woodpecker-ci/woodpecker/blob/master/.woodpecker/web.yml)
|
||||
- [Docusaurus & publishing to GitHub Pages](https://github.com/woodpecker-ci/woodpecker/blob/master/.woodpecker/docs.yml)
|
||||
- [Docker container building](https://github.com/woodpecker-ci/woodpecker/blob/master/.woodpecker/docker.yml)
|
||||
- [Helm chart linting & releasing](https://github.com/woodpecker-ci/woodpecker/blob/master/.woodpecker/helm.yml)
|
||||
|
||||
## Projects using Woodpecker
|
||||
|
||||
- [Woodpecker-CI](https://github.com/woodpecker-ci/woodpecker/tree/master/.woodpecker) itself
|
||||
- [All official plugins](https://github.com/woodpecker-ci?q=plugin&type=all)
|
||||
- [dessalines/thumb-key](https://github.com/dessalines/thumb-key/blob/main/.woodpecker.yml) - Android Jetpack compose linting and building
|
||||
|
||||
## Tools
|
||||
|
||||
- [Convert Drone CI pipelines to Woodpecker CI](https://codeberg.org/lafriks/woodpecker-pipeline-transform)
|
||||
- [Ansible NAS](https://github.com/davestephens/ansible-nas/) - a homelab Ansible playbook that can set up Woodpecker-CI and Gitea
|
||||
- [picus](https://github.com/windsource/picus) - Picus connects to a Woodpecker CI server and creates an agent in the cloud when there are pending workflows.
|
||||
- [Hetzner cloud](https://www.hetzner.com/cloud) based [Woodpecker compatible autoscaler](https://git.ljoonal.xyz/ljoonal/hetzner-ci-autoscaler) - Creates and destroys VPS instances based on the count of pending & running jobs.
|
||||
|
||||
## Templates
|
||||
|
||||
## Pipelines
|
||||
|
||||
- [Collection of pipeline examples](https://codeberg.org/Codeberg-CI/examples)
|
||||
|
||||
## Posts & tutorials
|
||||
|
||||
- [Setup Gitea with Woodpecker CI](https://containers.fan/posts/setup-gitea-with-woodpecker-ci/)
|
||||
- [Step-by-step guide to modern, secure and Open-source CI setup](https://devforth.io/blog/step-by-step-guide-to-modern-secure-ci-setup/)
|
||||
- [Using Woodpecker CI for my static sites](https://jan.wildeboer.net/2022/07/Woodpecker-CI-Jekyll/)
|
||||
- [Woodpecker CI @ Codeberg](https://www.sarkasti.eu/articles/post/woodpecker/)
|
||||
- [Deploy Docker/Compose using Woodpecker CI](https://hinty.io/vverenko/deploy-docker-compose-using-woodpecker-ci/)
|
||||
- [Installing Woodpecker CI in your personal homelab](https://pwa.io/articles/installing-woodpecker-in-your-homelab/)
|
||||
|
||||
## Videos
|
||||
|
||||
- [Replace Ansible Semaphore with Woodpecker CI](https://www.youtube.com/watch?v=d610YPvCB0E)
|
||||
|
||||
## Plugins
|
||||
|
||||
We have a separate [index](/plugins) for plugins.
|
|
@ -0,0 +1,146 @@
|
|||
# Getting started
|
||||
|
||||
You can develop on your local computer by following the [steps below](#preparation-for-local-development) or you can start with a fully prepared online setup using [Gitpod](https://github.com/gitpod-io/gitpod) and [Gitea](https://github.com/go-gitea/gitea).
|
||||
|
||||
## Gitpod
|
||||
|
||||
If you want to start development or updating docs as easy as possible you can use our preconfigured setup for Woodpecker using [Gitpod](https://github.com/gitpod-io/gitpod). Gitpod starts a complete development setup in the cloud containing:
|
||||
|
||||
- An IDE in the browser or bridged to your local VS-Code or Jetbrains
|
||||
- A preconfigured [Gitea](https://github.com/go-gitea/gitea) instance as forge
|
||||
- A preconfigured Woodpecker server
|
||||
- A single preconfigured Woodpecker agent node
|
||||
- Our docs preview server
|
||||
|
||||
Simply start Woodpecker in Gitpod by clicking on the following badge. You can login with `woodpecker` and `password`.
|
||||
|
||||
[![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/woodpecker-ci/woodpecker)
|
||||
|
||||
## Preparation for local development
|
||||
|
||||
### Install Go
|
||||
|
||||
Install Golang (>=1.20) as described by [this guide](https://go.dev/doc/install).
|
||||
|
||||
### Install make
|
||||
|
||||
> GNU Make is a tool which controls the generation of executables and other non-source files of a program from the program's source files. (https://www.gnu.org/software/make/)
|
||||
|
||||
Install make on:
|
||||
- Ubuntu: `apt install make` - [Docs](https://wiki.ubuntuusers.de/Makefile/)
|
||||
- [Windows](https://stackoverflow.com/a/32127632/8461267)
|
||||
- Mac OS: `brew install make`
|
||||
|
||||
### Install Node.js & pnpm
|
||||
|
||||
Install [Node.js (>=14)](https://nodejs.org/en/download/) if you want to build Woodpeckers UI or documentation.
|
||||
|
||||
For dependencies installation (node_modules) for the UI and documentation of Woodpecker the package-manager pnpm is used. The installation of pnpm is described by [this guide](https://pnpm.io/installation).
|
||||
|
||||
### Create a `.env` file with your development configuration
|
||||
|
||||
Similar to the environment variables you can set for your production setup of Woodpecker, you can create a `.env` in the root of the Woodpecker project and add any need config to it.
|
||||
|
||||
A common config for debugging would look like this:
|
||||
|
||||
```ini
|
||||
WOODPECKER_OPEN=true
|
||||
WOODPECKER_ADMIN=your-username
|
||||
|
||||
# if you want to test webhooks with an online forge like GitHub this address needs to be accessible from public server
|
||||
WOODPECKER_HOST=http://your-dev-address.com
|
||||
|
||||
# github (sample for a forge config - see /docs/administration/forge/overview for other forges)
|
||||
WOODPECKER_GITHUB=true
|
||||
WOODPECKER_GITHUB_CLIENT=<redacted>
|
||||
WOODPECKER_GITHUB_SECRET=<redacted>
|
||||
|
||||
# agent
|
||||
WOODPECKER_SERVER=localhost:9000
|
||||
WOODPECKER_SECRET=a-long-and-secure-password-used-for-the-local-development-system
|
||||
WOODPECKER_MAX_WORKFLOWS=1
|
||||
|
||||
# enable if you want to develop the UI
|
||||
# WOODPECKER_DEV_WWW_PROXY=http://localhost:8010
|
||||
|
||||
# used so you can login without using a public address
|
||||
WOODPECKER_DEV_OAUTH_HOST=http://localhost:8000
|
||||
|
||||
# disable health-checks while debugging (normally not needed while developing)
|
||||
WOODPECKER_HEALTHCHECK=false
|
||||
|
||||
# WOODPECKER_LOG_LEVEL=debug
|
||||
# WOODPECKER_LOG_LEVEL=trace
|
||||
```
|
||||
|
||||
### Setup O-Auth
|
||||
|
||||
Create an O-Auth app for your forge as describe in the [forges documentation](../30-administration/11-forges/10-overview.md). If you set `WOODPECKER_DEV_OAUTH_HOST=http://localhost:8000` you can use that address with the path as explained for the specific forge to login without the need for a public address. For example for GitHub you would use `http://localhost:8000/authorize` as authorization callback URL.
|
||||
|
||||
## Developing with VS-Code
|
||||
|
||||
You can use different methods for debugging the Woodpecker applications. One of the currently recommended ways to debug and test the Woodpecker application is using [VS-Code](https://code.visualstudio.com/) or [VS-Codium](https://vscodium.com/) (Open-Source binaries of VS-Code) as most maintainers are using it and Woodpecker already includes the needed debug configurations for it.
|
||||
|
||||
To launch all needed services for local development you can use "Woodpecker CI" debugging configuration that will launch UI, server and agent in debugging mode. Then open `http://localhost:8000` to access it.
|
||||
|
||||
As a starting guide for programming Go with VS-Code you can use this video guide:
|
||||
[![Getting started with Go in VS-Code](https://img.youtube.com/vi/1MXIGYrMk80/0.jpg)](https://www.youtube.com/watch?v=1MXIGYrMk80)
|
||||
|
||||
### Debugging Woodpecker
|
||||
|
||||
The Woodpecker source code already includes launch configurations for the Woodpecker server and agent. To start debugging you can click on the debug icon in the navigation bar of VS-Code (ctrl-shift-d). On that page you will see the existing launch jobs at the top. Simply select the agent or server and click on the play button. You can set breakpoints in the source files to stop at specific points.
|
||||
|
||||
![Woodpecker debugging with VS-Code](./vscode-debug.png)
|
||||
|
||||
## Testing & linting code
|
||||
|
||||
To test or lint parts of Woodpecker you can run one of the following commands:
|
||||
|
||||
```bash
|
||||
# test server code
|
||||
make test-server
|
||||
|
||||
# test agent code
|
||||
make test-agent
|
||||
|
||||
# test cli code
|
||||
make test-cli
|
||||
|
||||
# test datastore / database related code like migrations of the server
|
||||
make test-server-datastore
|
||||
|
||||
# lint go code
|
||||
make lint
|
||||
|
||||
# lint UI code
|
||||
make lint-frontend
|
||||
|
||||
# test UI code
|
||||
make test-frontend
|
||||
```
|
||||
|
||||
If you want to test a specific go file you can also use:
|
||||
|
||||
```bash
|
||||
go test -race -timeout 30s github.com/woodpecker-ci/woodpecker/<path-to-the-package-or-file-to-test>
|
||||
```
|
||||
|
||||
Or you can open the test-file inside [VS-Code](#developing-with-vs-code) and run or debug the test by clicking on the inline commands:
|
||||
|
||||
![Run test via VS-Code](./vscode-run-test.png)
|
||||
|
||||
## Run applications from terminal
|
||||
|
||||
If you want to run a Woodpecker applications from your terminal you can use one of the following commands from the base of the Woodpecker project. They will execute Woodpecker in a similar way as described in [debugging Woodpecker](#debugging-woodpecker) without the ability to really debug it in your editor.
|
||||
|
||||
```bash title="start server"
|
||||
go run ./cmd/server
|
||||
```
|
||||
|
||||
```bash title="start agent"
|
||||
go run ./cmd/agent
|
||||
```
|
||||
|
||||
```bash title="execute cli command"
|
||||
go run ./cmd/cli [command]
|
||||
```
|
38
docs/versioned_docs/version-1.0/92-development/03-ui.md
Normal file
|
@ -0,0 +1,38 @@
|
|||
# UI Development
|
||||
|
||||
To develop the UI you need to install [Node.js and pnpm](./01-getting-started.md#install-nodejs--pnpm). In addition it is recommended to use VS-Code with the recommended plugin selection to get features like auto-formatting, linting and typechecking. The UI is written with [Vue 3](https://v3.vuejs.org/) as Single-Page-Application accessing the Woodpecker REST api.
|
||||
|
||||
## Setup
|
||||
The UI code is placed in `web/`. Change to that folder in your terminal with `cd web/` and install all dependencies by running `pnpm install`. For production builds the generated UI code is integrated into the Woodpecker server by using [go-embed](https://pkg.go.dev/embed).
|
||||
|
||||
Testing UI changes would require us to rebuild the UI after each adjustment to the code by running `pnpm build` and restarting the Woodpecker server. To avoid this you can make use of the dev-proxy integrated into the Woodpecker server. This integrated dev-proxy will forward all none api request to a separate http-server which will only serve the UI files.
|
||||
|
||||
![UI Proxy architecture](./ui-proxy.svg)
|
||||
|
||||
Start the UI server locally with [hot-reloading](https://stackoverflow.com/a/41429055/8461267) by running: `pnpm start`. To enable the forwarding of requests to the UI server you have to enable the dev-proxy inside the Woodpecker server by adding `WOODPECKER_DEV_WWW_PROXY=http://localhost:8010` to your `.env` file.
|
||||
After starting the Woodpecker server as explained in the [debugging](./01-getting-started.md#debugging) section, you should now be able to access the UI under [http://localhost:8000](http://localhost:8000).
|
||||
|
||||
## Tools and frameworks
|
||||
|
||||
The following list contains some tools and frameworks used by the Woodpecker UI. For some points we added some guidelines / hints to help you developing.
|
||||
|
||||
- [Vue 3](https://v3.vuejs.org/)
|
||||
- use `setup` and composition api
|
||||
- place (re-usable) components in `web/src/components/`
|
||||
- views should have a route in `web/src/router.ts` and are located in `web/src/views/`
|
||||
- [Windicss](https://windicss.org/) (similar to Tailwind)
|
||||
- use Windicss classes where possible
|
||||
- if needed extend the Windicss config to use new classes
|
||||
- [Vite](https://vitejs.dev/) (similar to Webpack)
|
||||
- [Typescript](https://www.typescriptlang.org/)
|
||||
- avoid using `any` and `unknown` (the linter will prevent you from doing so anyways :wink:)
|
||||
- [eslint](https://eslint.org/)
|
||||
- [Volar & vue-tsc](https://github.com/johnsoncodehk/volar/) for type-checking in .vue file
|
||||
- use the take-over mode of Volar as described by [this guide](https://github.com/johnsoncodehk/volar/discussions/471)
|
||||
|
||||
## Messages and Translations
|
||||
|
||||
Woodpecker uses [Vue I18n](https://vue-i18n.intlify.dev/) as translation library. New translations have to be added to `web/src/assets/locales/en.json`. The English source file will be automatically imported into [Weblate](https://translate.woodpecker-ci.org/) (the translation system used by Woodpecker) where all other languages will be translated by the community based on the English source.
|
||||
You must not provide translations except English in PRs, otherwise weblate could put git into conflicts (when someone has translated in that language file and changes are not into master branch yet)
|
||||
|
||||
For more information about translations see [Translations](./07-translations.md).
|
20
docs/versioned_docs/version-1.0/92-development/04-docs.md
Normal file
|
@ -0,0 +1,20 @@
|
|||
# Documentation
|
||||
|
||||
The documentation is using docusaurus as framework. You can learn more about it from its [official documentation](https://docusaurus.io/docs/).
|
||||
|
||||
If you only want to change some text it probably is enough if you just search for the corresponding [Markdown](https://www.markdownguide.org/basic-syntax/) file inside the `docs/docs/` folder and adjust it. If you want to change larger parts and test the rendered documentation you can run docusaurus locally. Similarly to the UI you need to install [Node.js and pnpm](./01-getting-started.md#install-nodejs--pnpm). After that you can run and build docusaurus locally by using the following commands:
|
||||
|
||||
```bash
|
||||
cd docs/
|
||||
|
||||
pnpm install
|
||||
|
||||
# build plugins used by the docs
|
||||
pnpm build:woodpecker-plugins
|
||||
|
||||
# start docs with hot-reloading, so you can change the docs and directly see the changes in the browser without reloading it manually
|
||||
pnpm start
|
||||
|
||||
# or build the docs to deploy it to some static page hosting
|
||||
pnpm build
|
||||
```
|
|
@ -0,0 +1,48 @@
|
|||
# Architecture
|
||||
|
||||
## Package architecture
|
||||
|
||||
![Woodpecker architecture](./woodpecker-architecture.png)
|
||||
|
||||
## System architecture
|
||||
|
||||
### main package hierarchy
|
||||
|
||||
| package | meaning | imports
|
||||
|------------|--------------------------------------------------------------|----------
|
||||
| `cmd/**` | parse command-line args & environment to stat server/cli/agent | all other
|
||||
| `agent/**` | code only agent (remote worker) will need | `pipeline`, `shared`
|
||||
| `cli/**` | code only cli tool does need | `pipeline`, `shared`, `woodpecker-go`
|
||||
| `server/**`| code only server will need | `pipeline`, `shared`
|
||||
| `shared/**`| code shared for all three main tools (go help utils) | only std and external libs
|
||||
| `woodpecker-go/**` | go client for server rest api | std
|
||||
|
||||
### Server
|
||||
|
||||
| package | meaning | imports
|
||||
|----------------------|-------------------------------------------------------------------------------------|----------
|
||||
| `server/api/**` | handle web requests from `server/router` | `pipeline`, `../badges`, `../ccmenue`, `../logging`, `../model`, `../pubsub`, `../queue`, `../forge`, `../shared`, `../store`, `shared`, (TODO: mv `server/router/middleware/session`)
|
||||
| `server/badges/**` | generate svg badges for pipelines | `../model`
|
||||
| `server/ccmenu/**` | generate xml ccmenu for pipelines | `../model`
|
||||
| `server/grpc/**` | gRPC server agents can connect to | `pipeline/rpc/**`, `../logging`, `../model`, `../pubsub`, `../queue`, `../forge`, `../pipeline`, `../store`
|
||||
| `server/logging/**` | logging lib for gPRC server to stream logs while running | std
|
||||
| `server/model/**` | structs for store (db) and api (json) | std
|
||||
| `server/plugins/**` | plugins for server | `../model`, `../forge`
|
||||
| `server/pipeline/**` | orchestrate pipelines | `pipeline`, `../model`, `../pubsub`, `../queue`, `../forge`, `../store`, `../plugins`
|
||||
| `server/pubsub/**` | pubsub lib for server to push changes to the WebUI | std
|
||||
| `server/queue/**` | queue lib for server where agents pull new pipelines from via gRPC | `server/model`
|
||||
| `server/forge/**` | forge lib for server to connect and handle forge specific stuff | `shared`, `server/model`
|
||||
| `server/router/**` | handle requests to REST API (and all middleware) and serve UI and WebUI config | `shared`, `../api`, `../model`, `../forge`, `../store`, `../web`
|
||||
| `server/store/**` | handle database | `server/model`
|
||||
| `server/shared/**` | TODO: move and split [#974](https://github.com/woodpecker-ci/woodpecker/issues/974) |
|
||||
| `server/web/**` | server SPA |
|
||||
|
||||
* `../` = `server/`
|
||||
|
||||
### Agent
|
||||
|
||||
TODO
|
||||
|
||||
### CLI
|
||||
|
||||
TODO
|
39
docs/versioned_docs/version-1.0/92-development/06-guides.md
Normal file
|
@ -0,0 +1,39 @@
|
|||
# Guides
|
||||
|
||||
## ORM
|
||||
|
||||
Woodpecker uses [Xorm](https://xorm.io/) as ORM for the database connection.
|
||||
You can find its documentation at [gobook.io/read/gitea.com/xorm](https://gobook.io/read/gitea.com/xorm/manual-en-US/).
|
||||
|
||||
## Add a new migration
|
||||
|
||||
Woodpecker uses migrations to change the database schema if a database model has been changed. If for example a developer removes a property `Counter` from the model `Repo` in `server/model/` they would need to add a new migration task like the following example to a file like `server/store/datastore/migration/004_repos_drop_repo_counter.go`:
|
||||
|
||||
```go
|
||||
package migration
|
||||
|
||||
import (
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
var alterTableReposDropCounter = task{
|
||||
name: "alter-table-drop-counter",
|
||||
fn: func(sess *xorm.Session) error {
|
||||
return dropTableColumns(sess, "repos", "repo_counter")
|
||||
},
|
||||
}
|
||||
```
|
||||
|
||||
:::info
|
||||
Adding new properties to models will be handled automatically by the underlying [ORM](#orm) based on the [struct field tags](https://stackoverflow.com/questions/10858787/what-are-the-uses-for-tags-in-go) of the model. If you add a completely new model, you have to add it to the `allBeans` variable at `server/store/datastore/migration/migration.go` to get a new table created.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
You should not use `sess.Begin()`, `sess.Commit()` or `sess.Close()` inside a migration. Session / transaction handling will be done by the underlying migration manager.
|
||||
:::
|
||||
|
||||
To automatically execute the migration after the start of the server, the new migration needs to be added to the end of `migrationTasks` in `server/store/datastore/migration/migration.go`. After a successful execution of that transaction the server will automatically add the migration to a list, so it won't be executed again on the next start.
|
||||
|
||||
## Constants of official images
|
||||
|
||||
All official default images, are saved in [shared/constant/constant.go](https://github.com/woodpecker-ci/woodpecker/blob/master/shared/constant/constant.go) and must be pinned by an exact tag.
|
|
@ -0,0 +1,17 @@
|
|||
# Translations
|
||||
|
||||
Woodpecker uses [Vue I18n](https://vue-i18n.intlify.dev/) as translation library, thus you can easily translate the web UI into your language. Therefore, copy the file `web/src/assets/locales/en.json` to the same path with your language's code and `.json` as name.
|
||||
Then, translate content of this file, but only the values:
|
||||
|
||||
```json
|
||||
{
|
||||
"dont_translate": "Only translate this text"
|
||||
}
|
||||
```
|
||||
|
||||
To add support for time formatting, import the language into two files:
|
||||
|
||||
1. `web/src/compositions/useDate.ts`: Just add a line like `import 'dayjs/locale/en';` to the first block of `import` statements and replace `en` with your language's code.
|
||||
2. `web/src/utils/timeAgo.ts`: Add a line like `import en from 'javascript-time-ago/locale/en.json';` to the other `import`-statements and replace both `en`s with your language's code. Then, add the line `TimeAgo.addDefaultLocale(en);` to the other lines of them, and replace `en` with your language's code.
|
||||
|
||||
Then, the web UI should be available in your language. You should open a pull request to our repository to get your changes into the next release.
|
76
docs/versioned_docs/version-1.0/92-development/08-swagger.md
Normal file
|
@ -0,0 +1,76 @@
|
|||
# Swagger, API Spec and Code Generation
|
||||
|
||||
Woodpecker uses [gin-swagger](https://github.com/swaggo/gin-swagger) middleware to automatically
|
||||
generate Swagger v2 API specifications and a nice looking Web UI from the source code.
|
||||
Also, the generated spec will be transformed into Markdown, using [go-swagger](https://github.com/go-swagger/go-swagger)
|
||||
and then being using on the community's website documentation.
|
||||
|
||||
It's paramount important to keep the gin handler function's godoc documentation up-to-date,
|
||||
to always have accurate API documentation.
|
||||
Whenever you change, add or enhance an API endpoint, please update the godocs.
|
||||
|
||||
You don't require any extra tools on your machine, all Swagger tooling is automatically fetched by standard Go tools.
|
||||
|
||||
### Gin-Handler API documentation guideline
|
||||
|
||||
Here's a typical example of how annotations for Swagger documentation look like...
|
||||
|
||||
```text
|
||||
--- server/api/user.go ---
|
||||
// @Summary Get a user
|
||||
// @Description Returns a user with the specified login name. Requires admin rights.
|
||||
// @Router /users/{login} [get]
|
||||
// @Produce json
|
||||
// @Success 200 {object} User
|
||||
// @Tags Users
|
||||
// @Param Authorization header string true "Insert your personal access token" default(Bearer <personal access token>)
|
||||
// @Param login path string true "the user's login name"
|
||||
// @Param foobar query string false "optional foobar parameter"
|
||||
// @Param page query int false "for response pagination, page offset number" default(1)
|
||||
// @Param perPage query int false "for response pagination, max items per page" default(50)
|
||||
```
|
||||
|
||||
```text
|
||||
--- server/model/user.go ---
|
||||
type User struct {
|
||||
ID int64 `json:"id" xorm:"pk autoincr 'user_id'"`
|
||||
// ...
|
||||
} // @name User
|
||||
```
|
||||
|
||||
These guidelines aim to have consistent wording in the swagger doc:
|
||||
* first word after `@Summary` and `@Summary` are always uppercase
|
||||
* `@Summary` has no . (dot) at the end of the line
|
||||
* model structs shall use custom short names, to ease life for API consumers, using `@name`
|
||||
* `@Success` object or array declarations shall be short, this means the actual `model.User` struct must have a `@name` annotation, so that the model can be renderend in Swagger
|
||||
* when pagination is used, `@Parame page` and `@Parame perPage` must be added manually
|
||||
* `@Param Authorization` is almost always present, there are just a few un-protected endpoints
|
||||
|
||||
There are many examples in the server/api package, which you can use a blueprint.
|
||||
More enhanced information you can find here https://github.com/swaggo/swag/blob/master/README.md#declarative-comments-format
|
||||
|
||||
### Manual code generation
|
||||
|
||||
##### generate the server's Go code containing the Swagger
|
||||
|
||||
```shell
|
||||
make generate-swagger
|
||||
```
|
||||
|
||||
##### update the Markdown in the ./docs folder
|
||||
|
||||
```shell
|
||||
make docs
|
||||
```
|
||||
|
||||
##### auto-format swagger related godoc
|
||||
|
||||
```shell
|
||||
go run github.com/swaggo/swag/cmd/swag@latest fmt -g server/api/z.go
|
||||
```
|
||||
|
||||
**WARNING, known issue**: using swag v1.18.12 , there's a bug when running the `fmt` command,
|
||||
which makes the swagger generator failing, because it can't find the models/structs/types anymore.
|
||||
To fix it, please replace `// @name\tModelName` with `// @name ModelName`,
|
||||
which means, replace the tab (`\t`) with a space (` `).
|
||||
See https://github.com/swaggo/swag/pull/1594 == once this is merged and released, the mentioned issue is obsolete.
|
|
@ -0,0 +1,10 @@
|
|||
# Security
|
||||
|
||||
We take security seriously.
|
||||
If you discover a security issue, please bring it to their attention right away!
|
||||
|
||||
### Reporting a Vulnerability
|
||||
|
||||
Please **DO NOT** file a public issue, instead send your report privately to [`security @ woodpecker-ci.org`](mailto:security@woodpecker-ci.org).
|
||||
|
||||
Security reports are greatly appreciated, and we will publicly thank you for it. If you choose to remain anonymous, we will respect your request and keep your name confidential.
|
|
@ -0,0 +1,4 @@
|
|||
label: 'Development'
|
||||
# position: 3
|
||||
collapsible: true
|
||||
collapsed: true
|
16
docs/versioned_docs/version-1.0/92-development/ui-proxy.svg
Normal file
After Width: | Height: | Size: 7.5 KiB |
BIN
docs/versioned_docs/version-1.0/92-development/vscode-debug.png
Normal file
After Width: | Height: | Size: 17 KiB |
After Width: | Height: | Size: 11 KiB |
After Width: | Height: | Size: 61 KiB |
BIN
docs/versioned_docs/version-1.0/woodpecker.png
Normal file
After Width: | Height: | Size: 70 KiB |
8
docs/versioned_sidebars/version-1.0-sidebars.json
Normal file
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
"tutorialSidebar": [
|
||||
{
|
||||
"type": "autogenerated",
|
||||
"dirName": "."
|
||||
}
|
||||
]
|
||||
}
|
|
@ -1,3 +1,4 @@
|
|||
[
|
||||
"1.0",
|
||||
"0.15"
|
||||
]
|
||||
|
|