mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-23 17:00:30 +00:00
Merge branch 'master' into bbserver-cleanup
This commit is contained in:
commit
65ab6412a9
11 changed files with 70 additions and 13 deletions
|
@ -35,12 +35,6 @@ Please see our [installation guide](http://readme.drone.io/setup/overview) to in
|
|||
|
||||
### From Source
|
||||
|
||||
Install build dependencies:
|
||||
|
||||
* go 1.5+ ([install guide](http://golang.org/doc/install))
|
||||
* libsqlite3 ([install script](https://github.com/drone/drone/blob/master/contrib/setup-sqlite.sh))
|
||||
* sassc ([install script](https://github.com/drone/drone/blob/master/contrib/setup-sassc.sh))
|
||||
|
||||
Clone the repository to your Go workspace:
|
||||
|
||||
```
|
||||
|
|
|
@ -76,7 +76,10 @@ func NewClientTokenTLS(uri, token string, c *tls.Config) Client {
|
|||
auther := config.Client(oauth2.NoContext, &oauth2.Token{AccessToken: token})
|
||||
if c != nil {
|
||||
if trans, ok := auther.Transport.(*oauth2.Transport); ok {
|
||||
trans.Base = &http.Transport{TLSClientConfig: c}
|
||||
trans.Base = &http.Transport{
|
||||
TLSClientConfig: c,
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
}
|
||||
}
|
||||
}
|
||||
return &client{client: auther, base: uri, token: token}
|
||||
|
|
|
@ -1,7 +1,10 @@
|
|||
package agent
|
||||
|
||||
import (
|
||||
"os"
|
||||
"os/signal"
|
||||
"sync"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
"github.com/drone/drone/client"
|
||||
|
@ -201,5 +204,25 @@ func start(c *cli.Context) {
|
|||
}
|
||||
}()
|
||||
}
|
||||
handleSignals()
|
||||
wg.Wait()
|
||||
}
|
||||
|
||||
// tracks running builds
|
||||
var running sync.WaitGroup
|
||||
|
||||
func handleSignals() {
|
||||
// Graceful shut-down on SIGINT/SIGTERM
|
||||
c := make(chan os.Signal, 1)
|
||||
signal.Notify(c, os.Interrupt)
|
||||
signal.Notify(c, syscall.SIGTERM)
|
||||
|
||||
go func() {
|
||||
<-c
|
||||
logrus.Debugln("SIGTERM received.")
|
||||
logrus.Debugln("wait for running builds to finish.")
|
||||
running.Wait()
|
||||
logrus.Debugln("done.")
|
||||
os.Exit(0)
|
||||
}()
|
||||
}
|
||||
|
|
|
@ -33,6 +33,10 @@ func (r *pipeline) run() error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
running.Add(1)
|
||||
defer func() {
|
||||
running.Done()
|
||||
}()
|
||||
|
||||
logrus.Infof("Starting build %s/%s#%d.%d",
|
||||
w.Repo.Owner, w.Repo.Name, w.Build.Number, w.Job.Number)
|
||||
|
|
|
@ -110,7 +110,7 @@ var serverCmd = cli.Command{
|
|||
},
|
||||
cli.StringFlag{
|
||||
EnvVar: "DRONE_GITHUB_SECRET",
|
||||
Name: "github-sercret",
|
||||
Name: "github-secret",
|
||||
Usage: "github oauth2 client secret",
|
||||
},
|
||||
cli.StringSliceFlag{
|
||||
|
@ -203,7 +203,7 @@ var serverCmd = cli.Command{
|
|||
},
|
||||
cli.StringFlag{
|
||||
EnvVar: "DRONE_GITLAB_SECRET",
|
||||
Name: "gitlab-sercret",
|
||||
Name: "gitlab-secret",
|
||||
Usage: "gitlab oauth2 client secret",
|
||||
},
|
||||
cli.StringFlag{
|
||||
|
|
|
@ -80,7 +80,7 @@ func setupGitlab(c *cli.Context) (remote.Remote, error) {
|
|||
return gitlab.New(gitlab.Opts{
|
||||
URL: c.String("gitlab-server"),
|
||||
Client: c.String("gitlab-client"),
|
||||
Secret: c.String("gitlab-sercret"),
|
||||
Secret: c.String("gitlab-secret"),
|
||||
Username: c.String("gitlab-git-username"),
|
||||
Password: c.String("gitlab-git-password"),
|
||||
PrivateMode: c.Bool("gitlab-private-mode"),
|
||||
|
@ -94,7 +94,7 @@ func setupGithub(c *cli.Context) (remote.Remote, error) {
|
|||
URL: c.String("github-server"),
|
||||
Context: c.String("github-context"),
|
||||
Client: c.String("github-client"),
|
||||
Secret: c.String("github-sercret"),
|
||||
Secret: c.String("github-secret"),
|
||||
Scopes: c.StringSlice("github-scope"),
|
||||
Username: c.String("github-git-username"),
|
||||
Password: c.String("github-git-password"),
|
||||
|
|
|
@ -85,6 +85,23 @@ func MustAdmin() gin.HandlerFunc {
|
|||
}
|
||||
}
|
||||
|
||||
func MustRepoAdmin() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
user := User(c)
|
||||
perm := Perm(c)
|
||||
switch {
|
||||
case user == nil:
|
||||
c.String(401, "User not authorized")
|
||||
c.Abort()
|
||||
case perm.Admin == false:
|
||||
c.String(403, "User not authorized")
|
||||
c.Abort()
|
||||
default:
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func MustUser() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
user := User(c)
|
||||
|
|
|
@ -84,8 +84,8 @@ func Load(middleware ...gin.HandlerFunc) http.Handler {
|
|||
|
||||
// requires push permissions
|
||||
repo.PATCH("", session.MustPush, server.PatchRepo)
|
||||
repo.DELETE("", session.MustPush, server.DeleteRepo)
|
||||
repo.POST("/chown", session.MustPush, server.ChownRepo)
|
||||
repo.DELETE("", session.MustRepoAdmin(), server.DeleteRepo)
|
||||
repo.POST("/chown", session.MustRepoAdmin(), server.ChownRepo)
|
||||
|
||||
repo.POST("/builds/:number", session.MustPush, server.PostBuild)
|
||||
repo.DELETE("/builds/:number/:job", session.MustPush, server.DeleteBuild)
|
||||
|
|
|
@ -65,6 +65,7 @@ machine $DRONE_NETRC_MACHINE
|
|||
login $DRONE_NETRC_USERNAME
|
||||
password $DRONE_NETRC_PASSWORD
|
||||
EOF
|
||||
chmod 0600 $HOME/.netrc
|
||||
fi
|
||||
|
||||
unset DRONE_NETRC_USERNAME
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package transform
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
|
@ -61,6 +62,9 @@ func ImageEscalate(conf *yaml.Config, patterns []string) error {
|
|||
for _, c := range conf.Pipeline {
|
||||
for _, pattern := range patterns {
|
||||
if ok, _ := filepath.Match(pattern, c.Image); ok {
|
||||
if len(c.Commands) != 0 {
|
||||
return fmt.Errorf("Custom commands disabled for the %s plugin", c.Image)
|
||||
}
|
||||
c.Privileged = true
|
||||
}
|
||||
}
|
||||
|
|
|
@ -89,6 +89,17 @@ func Test_escalate(t *testing.T) {
|
|||
ImageEscalate(c, []string{"plugins/docker"})
|
||||
g.Assert(c.Pipeline[0].Privileged).IsFalse()
|
||||
})
|
||||
|
||||
g.It("should not escalate plugin with commands", func() {
|
||||
c := newConfig(&yaml.Container{
|
||||
Image: "docker",
|
||||
Commands: []string{"echo foo"},
|
||||
})
|
||||
|
||||
err := ImageEscalate(c, []string{"docker"})
|
||||
g.Assert(c.Pipeline[0].Privileged).IsFalse()
|
||||
g.Assert(err.Error()).Equal("Custom commands disabled for the docker plugin")
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue