Update netrc option description (#4342)

Co-authored-by: Robert Kaussow <mail@thegeeklab.de>

docs/docs/20-usage/75-project-settings.md

@@ -40,9 +40,16 @@ Only server admins can set this option. If you are not a server admin this optio
 
 :::
 
-## Only inject netrc credentials into trusted containers
+## Only inject netrc credentials into trusted clone plugins
 
-Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step.
+The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`.
+
+By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`.
+If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not.
+
+:::note
+This option has no effect on steps other than the clone step.
+:::
 
 ## Project visibility
 

docs/versioned_docs/version-1.0/20-usage/71-project-settings.md

@@ -33,9 +33,16 @@ Only server admins can set this option. If you are not a server admin this optio
 
 :::
 
-### Only inject netrc credentials into trusted containers
+### Only inject netrc credentials into trusted clone plugins
 
-Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step.
+The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`.
+
+By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`.
+If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not.
+
+:::note
+This option has no effect on steps other than the clone step.
+:::
 
 ## Project visibility
 

docs/versioned_docs/version-2.5/20-usage/75-project-settings.md

@@ -40,9 +40,16 @@ Only server admins can set this option. If you are not a server admin this optio
 
 :::
 
-## Only inject netrc credentials into trusted containers
+## Only inject netrc credentials into trusted clone plugins
 
-Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step.
+The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`.
+
+By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`.
+If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not.
+
+:::note
+This option has no effect on steps other than the clone step.
+:::
 
 ## Project visibility
 

docs/versioned_docs/version-2.6/20-usage/75-project-settings.md

@@ -40,9 +40,16 @@ Only server admins can set this option. If you are not a server admin this optio
 
 :::
 
-## Only inject netrc credentials into trusted containers
+## Only inject netrc credentials into trusted clone plugins
 
-Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step.
+The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`.
+
+By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`.
+If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not.
+
+:::note
+This option has no effect on steps other than the clone step.
+:::
 
 ## Project visibility
 

docs/versioned_docs/version-2.7/20-usage/75-project-settings.md

@@ -40,9 +40,16 @@ Only server admins can set this option. If you are not a server admin this optio
 
 :::
 
-## Only inject netrc credentials into trusted containers
+## Only inject netrc credentials into trusted clone plugins
 
-Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step.
+The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`.
+
+By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`.
+If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not.
+
+:::note
+This option has no effect on steps other than the clone step.
+:::
 
 ## Project visibility
 

web/src/assets/locales/en.json

@@ -93,8 +93,8 @@
           "desc": "Every pipeline needs to be approved before being executed."
         },
         "netrc_only_trusted": {
-          "netrc_only_trusted": "Only inject netrc credentials into trusted containers",
-          "desc": "Only inject netrc credentials into trusted containers (recommended)."
+          "netrc_only_trusted": "Only inject netrc credentials into trusted clone plugins",
+          "desc": "If enabled, git netrc credentials are only available for trusted clone plugins set in `WOODPECKER_PLUGINS_TRUSTED_CLONE`. Otherwise, all clone plugins can use the netrc credentials. This option has no effect on non-clone steps."
         },
         "trusted": {
           "trusted": "Trusted",