Tag pipeline with source information (#4771)

Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>

docs/src/pages/migrations.md

@@ -4,7 +4,7 @@ To enhance the usability of Woodpecker and meet evolving security standards, occ
 
 ## `next`
 
-- No changes
+- (Kubernetes) Deprecated `step` label on pod in favor of new namespaced label `woodpecker-ci.org/step`. The `step` label will be removed in a future update.
 
 ## 3.0.0
 

pipeline/backend/kubernetes/pod.go

@@ -31,9 +31,12 @@ import (
 )
 
 const (
-	StepLabel            = "step"
-	podPrefix            = "wp-"
-	defaultFSGroup int64 = 1000
+	// StepLabelLegacy is the legacy label name from before the introduction of the woodpecker-ci.org namespace.
+	// This will be removed in the future.
+	StepLabelLegacy       = "step"
+	StepLabel             = "woodpecker-ci.org/step"
+	podPrefix             = "wp-"
+	defaultFSGroup  int64 = 1000
 )
 
 func mkPod(step *types.Step, config *config, podName, goos string, options BackendOptions) (*v1.Pod, error) {
@@ -115,6 +118,10 @@ func podLabels(step *types.Step, config *config, options BackendOptions) (map[st
 	if step.Type == types.StepTypeService {
 		labels[ServiceLabel], _ = serviceName(step)
 	}
+	labels[StepLabelLegacy], err = stepLabel(step)
+	if err != nil {
+		return labels, err
+	}
 	labels[StepLabel], err = stepLabel(step)
 	if err != nil {
 		return labels, err

pipeline/backend/kubernetes/pod_test.go

@@ -72,7 +72,8 @@ func TestTinyPod(t *testing.T) {
 			"namespace": "woodpecker",
 			"creationTimestamp": null,
 			"labels": {
-				"step": "build-via-gradle"
+				"step": "build-via-gradle",
+				"woodpecker-ci.org/step": "build-via-gradle"
 			}
 		},
 		"spec": {
@@ -153,7 +154,8 @@ func TestFullPod(t *testing.T) {
 			"labels": {
 				"app": "test",
 				"part-of": "woodpecker-ci",
-				"step": "go-test"
+				"step": "go-test",
+				"woodpecker-ci.org/step": "go-test"
 			},
 			"annotations": {
 				"apps.kubernetes.io/pod-index": "0",
@@ -447,7 +449,8 @@ func TestScratchPod(t *testing.T) {
 			"namespace": "woodpecker",
 			"creationTimestamp": null,
 			"labels": {
-				"step": "curl-google"
+				"step": "curl-google",
+				"woodpecker-ci.org/step": "curl-google"
 			}
 		},
 		"spec": {
@@ -492,7 +495,8 @@ func TestSecrets(t *testing.T) {
 			"namespace": "woodpecker",
 			"creationTimestamp": null,
 			"labels": {
-				"step": "test-secrets"
+				"step": "test-secrets",
+				"woodpecker-ci.org/step": "test-secrets"
 			}
 		},
 		"spec": {

pipeline/backend/kubernetes/secrets.go

@@ -258,6 +258,10 @@ func registrySecretLabels(step *types.Step) (map[string]string, error) {
 	if step.Type == types.StepTypeService {
 		labels[ServiceLabel], _ = serviceName(step)
 	}
+	labels[StepLabelLegacy], err = stepLabel(step)
+	if err != nil {
+		return labels, err
+	}
 	labels[StepLabel], err = stepLabel(step)
 	if err != nil {
 		return labels, err

pipeline/backend/kubernetes/secrets_test.go

@@ -212,7 +212,8 @@ func TestRegistrySecret(t *testing.T) {
 			"namespace": "woodpecker",
 			"creationTimestamp": null,
 			"labels": {
-				"step": "go-test"
+				"step": "go-test",
+				"woodpecker-ci.org/step": "go-test"
 			}
 		},
 		"type": "kubernetes.io/dockerconfigjson",

server/pipeline/stepbuilder/stepBuilder.go

@@ -19,6 +19,7 @@ import (
 	"fmt"
 	"maps"
 	"path/filepath"
+	"strconv"
 	"strings"
 
 	"github.com/oklog/ulid/v2"
@@ -194,6 +195,20 @@ func (b *StepBuilder) genItemForWorkflow(workflow *model.Workflow, axis matrix.A
 		maps.Copy(item.Labels, b.DefaultLabels)
 	}
 
+	// "woodpecker-ci.org" namespace is reserved for internal use
+	for key := range item.Labels {
+		if strings.HasPrefix(key, "woodpecker-ci.org") {
+			log.Debug().Str("forge", b.Forge.Name()).Str("repo", b.Repo.FullName).Str("label", key).Msg("dropped pipeline label with reserved prefix woodpecker-ci.org")
+			delete(item.Labels, key)
+		}
+	}
+
+	item.Labels["woodpecker-ci.org/forge-id"] = b.Forge.Name()
+	item.Labels["woodpecker-ci.org/repo-forge-id"] = string(b.Repo.ForgeRemoteID)
+	item.Labels["woodpecker-ci.org/repo-id"] = strconv.FormatInt(b.Repo.ID, 10)
+	item.Labels["woodpecker-ci.org/repo-name"] = b.Repo.Name
+	item.Labels["woodpecker-ci.org/branch"] = b.Repo.Branch
+
 	return item, errorsAndWarnings
 }