diff --git a/docs/docs/20-usage/75-project-settings.md b/docs/docs/20-usage/75-project-settings.md index 24bdbe605..e9b21c0ad 100644 --- a/docs/docs/20-usage/75-project-settings.md +++ b/docs/docs/20-usage/75-project-settings.md @@ -40,9 +40,16 @@ Only server admins can set this option. If you are not a server admin this optio ::: -## Only inject netrc credentials into trusted containers +## Only inject netrc credentials into trusted clone plugins -Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step. +The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`. + +By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not. + +:::note +This option has no effect on steps other than the clone step. +::: ## Project visibility diff --git a/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md b/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md index 319a07e61..ef2d85d52 100644 --- a/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md +++ b/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md @@ -33,9 +33,16 @@ Only server admins can set this option. If you are not a server admin this optio ::: -### Only inject netrc credentials into trusted containers +### Only inject netrc credentials into trusted clone plugins -Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step. +The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`. + +By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not. + +:::note +This option has no effect on steps other than the clone step. +::: ## Project visibility diff --git a/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md b/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md index 24bdbe605..e9b21c0ad 100644 --- a/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md +++ b/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md @@ -40,9 +40,16 @@ Only server admins can set this option. If you are not a server admin this optio ::: -## Only inject netrc credentials into trusted containers +## Only inject netrc credentials into trusted clone plugins -Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step. +The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`. + +By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not. + +:::note +This option has no effect on steps other than the clone step. +::: ## Project visibility diff --git a/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md b/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md index 24bdbe605..e9b21c0ad 100644 --- a/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md +++ b/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md @@ -40,9 +40,16 @@ Only server admins can set this option. If you are not a server admin this optio ::: -## Only inject netrc credentials into trusted containers +## Only inject netrc credentials into trusted clone plugins -Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step. +The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`. + +By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not. + +:::note +This option has no effect on steps other than the clone step. +::: ## Project visibility diff --git a/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md b/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md index 24bdbe605..e9b21c0ad 100644 --- a/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md +++ b/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md @@ -40,9 +40,16 @@ Only server admins can set this option. If you are not a server admin this optio ::: -## Only inject netrc credentials into trusted containers +## Only inject netrc credentials into trusted clone plugins -Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step. +The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`. + +By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not. + +:::note +This option has no effect on steps other than the clone step. +::: ## Project visibility diff --git a/web/src/assets/locales/en.json b/web/src/assets/locales/en.json index 194c6afcd..f26f0c020 100644 --- a/web/src/assets/locales/en.json +++ b/web/src/assets/locales/en.json @@ -93,8 +93,8 @@ "desc": "Every pipeline needs to be approved before being executed." }, "netrc_only_trusted": { - "netrc_only_trusted": "Only inject netrc credentials into trusted containers", - "desc": "Only inject netrc credentials into trusted containers (recommended)." + "netrc_only_trusted": "Only inject netrc credentials into trusted clone plugins", + "desc": "If enabled, git netrc credentials are only available for trusted clone plugins set in `WOODPECKER_PLUGINS_TRUSTED_CLONE`. Otherwise, all clone plugins can use the netrc credentials. This option has no effect on non-clone steps." }, "trusted": { "trusted": "Trusted",