Add dns config option to official feature set (#4418)

Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-11-29 05:11:04 +00:00 · 2024-11-25 17:59:00 +01:00 · 2024-11-25 17:59:00 +01:00 · ebf9f9ccbb
commit ebf9f9ccbb
parent 5d750322bc
4 changed files with 81 additions and 56 deletions
--- a/docs/docs/20-usage/20-workflow-syntax.md
+++ b/docs/docs/20-usage/20-workflow-syntax.md
@ -763,6 +763,25 @@ Woodpecker supports to define multiple workflows for a repository. Those workflo

 Workflows that should run even on failure should set the `runs_on` tag. See [here](./25-workflows.md#flow-control) for an example.

+## Advanced network options for steps
+
+:::warning
+Only allowed if 'Trusted Network' option is enabled in repo settings by an admin.
+:::
+
+### `dns`
+
+If the backend engine understands to change the DNS server and lookup domain,
+this options will be used to alter the default DNS config to a custom one for a specific step.
+
+```yaml
+steps:
+  - name: build
+    image: plugin/abc
+    dns: 1.2.3.4
+    dns_search: 'internal.company'
+```
+
 ## Privileged mode

 Woodpecker gives the ability to configure privileged mode in the YAML. You can use this parameter to launch containers with escalated capabilities.
--- a/pipeline/backend/kubernetes/pod.go
+++ b/pipeline/backend/kubernetes/pod.go
@ -162,6 +162,16 @@ func podSpec(step *types.Step, config *config, options BackendOptions, nsp nativ
 		return spec, err
 	}

+	if len(step.DNS) != 0 || len(step.DNSSearch) != 0 {
+		spec.DNSConfig = &v1.PodDNSConfig{}
+		if len(step.DNS) != 0 {
+			spec.DNSConfig.Nameservers = step.DNS
+		}
+		if len(step.DNSSearch) != 0 {
+			spec.DNSConfig.Searches = step.DNSSearch
+		}
+	}
+
 	log.Trace().Msgf("using the image pull secrets: %v", config.ImagePullSecretNames)
 	spec.ImagePullSecrets = secretsReferences(config.ImagePullSecretNames)
 	if needsRegistrySecret(step) {
--- a/pipeline/frontend/yaml/linter/schema/schema.json
+++ b/pipeline/frontend/yaml/linter/schema/schema.json
@ -54,6 +54,20 @@
    }
  },
  "definitions": {
+    "string_or_string_slice": {
+      "oneOf": [
+        {
+          "type": "array",
+          "minLength": 1,
+          "items": {
+            "type": "string"
+          }
+        },
+        {
+          "type": "string"
+        }
+      ]
+    },
    "clone": {
      "description": "Configures the clone step. Read more: https://woodpecker-ci.org/docs/usage/workflow-syntax#clone",
      "oneOf": [
@ -294,18 +308,7 @@
        },
        "depends_on": {
          "description": "Execute a step after another step has finished.",
-          "oneOf": [
-            {
-              "type": "array",
-              "minLength": 1,
-              "items": {
-                "type": "string"
-              }
-            },
-            {
-              "type": "string"
-            }
-          ]
+          "$ref": "#/definitions/string_or_string_slice"
        },
        "detach": {
          "description": "Detach a step to run in background until pipeline finishes. Read more: https://woodpecker-ci.org/docs/usage/services#detachment",
@ -322,18 +325,15 @@
        },
        "entrypoint": {
          "description": "Defines container entrypoint.",
-          "oneOf": [
-            {
-              "type": "array",
-              "minLength": 1,
-              "items": {
-                "type": "string"
-              }
-            },
-            {
-              "type": "string"
-            }
-          ]
+          "$ref": "#/definitions/string_or_string_slice"
+        },
+        "dns": {
+          "description": "Change DNS server for step. Only allowed if 'Trusted Network' option is enabled in repo settings by an admin. Read more: https://woodpecker-ci.org/docs/usage/workflow-syntax#dns",
+          "$ref": "#/definitions/string_or_string_slice"
+        },
+        "dns_search": {
+          "description": "Change DNS lookup domain for step. Only allowed if 'Trusted Network' option is enabled in repo settings by an admin. Read more: https://woodpecker-ci.org/docs/usage/workflow-syntax#dns",
+          "$ref": "#/definitions/string_or_string_slice"
        }
      }
    },
@ -370,18 +370,7 @@
        },
        "depends_on": {
          "description": "Execute a step after another step has finished.",
-          "oneOf": [
-            {
-              "type": "array",
-              "minLength": 1,
-              "items": {
-                "type": "string"
-              }
-            },
-            {
-              "type": "string"
-            }
-          ]
+          "$ref": "#/definitions/string_or_string_slice"
        },
        "detach": {
          "description": "Detach a step to run in background until pipeline finishes. Read more: https://woodpecker-ci.org/docs/usage/services#detachment",
--- a/pipeline/frontend/yaml/types/container.go
+++ b/pipeline/frontend/yaml/types/container.go
@ -32,20 +32,29 @@ type (

 	// Container defines a container.
 	Container struct {
-		BackendOptions map[string]any     `yaml:"backend_options,omitempty"`
-		Commands       base.StringOrSlice `yaml:"commands,omitempty"`
-		Entrypoint     base.StringOrSlice `yaml:"entrypoint,omitempty"`
-		Detached       bool               `yaml:"detach,omitempty"`
-		Directory      string             `yaml:"directory,omitempty"`
-		Failure        string             `yaml:"failure,omitempty"`
-		Image          string             `yaml:"image,omitempty"`
-		Name           string             `yaml:"name,omitempty"`
-		Pull           bool               `yaml:"pull,omitempty"`
-		Settings       map[string]any     `yaml:"settings"`
-		Volumes        Volumes            `yaml:"volumes,omitempty"`
-		When           constraint.When    `yaml:"when,omitempty"`
-		Ports          []string           `yaml:"ports,omitempty"`
-		DependsOn      base.StringOrSlice `yaml:"depends_on,omitempty"`
+		// common
+		Name       string             `yaml:"name,omitempty"`
+		Image      string             `yaml:"image,omitempty"`
+		Pull       bool               `yaml:"pull,omitempty"`
+		Commands   base.StringOrSlice `yaml:"commands,omitempty"`
+		Entrypoint base.StringOrSlice `yaml:"entrypoint,omitempty"`
+		Directory  string             `yaml:"directory,omitempty"`
+		Settings   map[string]any     `yaml:"settings"`
+		// flow control
+		DependsOn base.StringOrSlice `yaml:"depends_on,omitempty"`
+		When      constraint.When    `yaml:"when,omitempty"`
+		Failure   string             `yaml:"failure,omitempty"`
+		Detached  bool               `yaml:"detach,omitempty"`
+		// state
+		Volumes Volumes `yaml:"volumes,omitempty"`
+		// network
+		Ports     []string           `yaml:"ports,omitempty"`
+		DNS       base.StringOrSlice `yaml:"dns,omitempty"`
+		DNSSearch base.StringOrSlice `yaml:"dns_search,omitempty"`
+		// backend specific
+		BackendOptions map[string]any `yaml:"backend_options,omitempty"`
+
+		// ACTIVE DEVELOPMENT BELOW

 		// TODO: remove base.EnvironmentMap and use map[string]any after v3.0.0 release
 		Environment base.EnvironmentMap `yaml:"environment,omitempty"`
@ -57,12 +66,10 @@ type (
 		Privileged bool `yaml:"privileged,omitempty"`

 		// Undocumented
-		Devices     []string           `yaml:"devices,omitempty"`
-		DNSSearch   base.StringOrSlice `yaml:"dns_search,omitempty"`
-		DNS         base.StringOrSlice `yaml:"dns,omitempty"`
-		ExtraHosts  []string           `yaml:"extra_hosts,omitempty"`
-		NetworkMode string             `yaml:"network_mode,omitempty"`
-		Tmpfs       []string           `yaml:"tmpfs,omitempty"`
+		Devices     []string `yaml:"devices,omitempty"`
+		ExtraHosts  []string `yaml:"extra_hosts,omitempty"`
+		NetworkMode string   `yaml:"network_mode,omitempty"`
+		Tmpfs       []string `yaml:"tmpfs,omitempty"`
 	}
 )