From ebf9f9ccbb2784b23428032a42ff61dfda7374ef Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Mon, 25 Nov 2024 17:59:00 +0100 Subject: [PATCH] Add dns config option to official feature set (#4418) Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> --- docs/docs/20-usage/20-workflow-syntax.md | 19 ++++++ pipeline/backend/kubernetes/pod.go | 10 +++ .../frontend/yaml/linter/schema/schema.json | 61 ++++++++----------- pipeline/frontend/yaml/types/container.go | 47 ++++++++------ 4 files changed, 81 insertions(+), 56 deletions(-) diff --git a/docs/docs/20-usage/20-workflow-syntax.md b/docs/docs/20-usage/20-workflow-syntax.md index a3d04da37..4ba0ffd92 100644 --- a/docs/docs/20-usage/20-workflow-syntax.md +++ b/docs/docs/20-usage/20-workflow-syntax.md @@ -763,6 +763,25 @@ Woodpecker supports to define multiple workflows for a repository. Those workflo Workflows that should run even on failure should set the `runs_on` tag. See [here](./25-workflows.md#flow-control) for an example. +## Advanced network options for steps + +:::warning +Only allowed if 'Trusted Network' option is enabled in repo settings by an admin. +::: + +### `dns` + +If the backend engine understands to change the DNS server and lookup domain, +this options will be used to alter the default DNS config to a custom one for a specific step. + +```yaml +steps: + - name: build + image: plugin/abc + dns: 1.2.3.4 + dns_search: 'internal.company' +``` + ## Privileged mode Woodpecker gives the ability to configure privileged mode in the YAML. You can use this parameter to launch containers with escalated capabilities. diff --git a/pipeline/backend/kubernetes/pod.go b/pipeline/backend/kubernetes/pod.go index 0a6f54a6f..d6ceabb7a 100644 --- a/pipeline/backend/kubernetes/pod.go +++ b/pipeline/backend/kubernetes/pod.go @@ -162,6 +162,16 @@ func podSpec(step *types.Step, config *config, options BackendOptions, nsp nativ return spec, err } + if len(step.DNS) != 0 || len(step.DNSSearch) != 0 { + spec.DNSConfig = &v1.PodDNSConfig{} + if len(step.DNS) != 0 { + spec.DNSConfig.Nameservers = step.DNS + } + if len(step.DNSSearch) != 0 { + spec.DNSConfig.Searches = step.DNSSearch + } + } + log.Trace().Msgf("using the image pull secrets: %v", config.ImagePullSecretNames) spec.ImagePullSecrets = secretsReferences(config.ImagePullSecretNames) if needsRegistrySecret(step) { diff --git a/pipeline/frontend/yaml/linter/schema/schema.json b/pipeline/frontend/yaml/linter/schema/schema.json index fa30b11f0..6fcb37630 100644 --- a/pipeline/frontend/yaml/linter/schema/schema.json +++ b/pipeline/frontend/yaml/linter/schema/schema.json @@ -54,6 +54,20 @@ } }, "definitions": { + "string_or_string_slice": { + "oneOf": [ + { + "type": "array", + "minLength": 1, + "items": { + "type": "string" + } + }, + { + "type": "string" + } + ] + }, "clone": { "description": "Configures the clone step. Read more: https://woodpecker-ci.org/docs/usage/workflow-syntax#clone", "oneOf": [ @@ -294,18 +308,7 @@ }, "depends_on": { "description": "Execute a step after another step has finished.", - "oneOf": [ - { - "type": "array", - "minLength": 1, - "items": { - "type": "string" - } - }, - { - "type": "string" - } - ] + "$ref": "#/definitions/string_or_string_slice" }, "detach": { "description": "Detach a step to run in background until pipeline finishes. Read more: https://woodpecker-ci.org/docs/usage/services#detachment", @@ -322,18 +325,15 @@ }, "entrypoint": { "description": "Defines container entrypoint.", - "oneOf": [ - { - "type": "array", - "minLength": 1, - "items": { - "type": "string" - } - }, - { - "type": "string" - } - ] + "$ref": "#/definitions/string_or_string_slice" + }, + "dns": { + "description": "Change DNS server for step. Only allowed if 'Trusted Network' option is enabled in repo settings by an admin. Read more: https://woodpecker-ci.org/docs/usage/workflow-syntax#dns", + "$ref": "#/definitions/string_or_string_slice" + }, + "dns_search": { + "description": "Change DNS lookup domain for step. Only allowed if 'Trusted Network' option is enabled in repo settings by an admin. Read more: https://woodpecker-ci.org/docs/usage/workflow-syntax#dns", + "$ref": "#/definitions/string_or_string_slice" } } }, @@ -370,18 +370,7 @@ }, "depends_on": { "description": "Execute a step after another step has finished.", - "oneOf": [ - { - "type": "array", - "minLength": 1, - "items": { - "type": "string" - } - }, - { - "type": "string" - } - ] + "$ref": "#/definitions/string_or_string_slice" }, "detach": { "description": "Detach a step to run in background until pipeline finishes. Read more: https://woodpecker-ci.org/docs/usage/services#detachment", diff --git a/pipeline/frontend/yaml/types/container.go b/pipeline/frontend/yaml/types/container.go index 73403f454..d6044edf7 100644 --- a/pipeline/frontend/yaml/types/container.go +++ b/pipeline/frontend/yaml/types/container.go @@ -32,20 +32,29 @@ type ( // Container defines a container. Container struct { - BackendOptions map[string]any `yaml:"backend_options,omitempty"` - Commands base.StringOrSlice `yaml:"commands,omitempty"` - Entrypoint base.StringOrSlice `yaml:"entrypoint,omitempty"` - Detached bool `yaml:"detach,omitempty"` - Directory string `yaml:"directory,omitempty"` - Failure string `yaml:"failure,omitempty"` - Image string `yaml:"image,omitempty"` - Name string `yaml:"name,omitempty"` - Pull bool `yaml:"pull,omitempty"` - Settings map[string]any `yaml:"settings"` - Volumes Volumes `yaml:"volumes,omitempty"` - When constraint.When `yaml:"when,omitempty"` - Ports []string `yaml:"ports,omitempty"` - DependsOn base.StringOrSlice `yaml:"depends_on,omitempty"` + // common + Name string `yaml:"name,omitempty"` + Image string `yaml:"image,omitempty"` + Pull bool `yaml:"pull,omitempty"` + Commands base.StringOrSlice `yaml:"commands,omitempty"` + Entrypoint base.StringOrSlice `yaml:"entrypoint,omitempty"` + Directory string `yaml:"directory,omitempty"` + Settings map[string]any `yaml:"settings"` + // flow control + DependsOn base.StringOrSlice `yaml:"depends_on,omitempty"` + When constraint.When `yaml:"when,omitempty"` + Failure string `yaml:"failure,omitempty"` + Detached bool `yaml:"detach,omitempty"` + // state + Volumes Volumes `yaml:"volumes,omitempty"` + // network + Ports []string `yaml:"ports,omitempty"` + DNS base.StringOrSlice `yaml:"dns,omitempty"` + DNSSearch base.StringOrSlice `yaml:"dns_search,omitempty"` + // backend specific + BackendOptions map[string]any `yaml:"backend_options,omitempty"` + + // ACTIVE DEVELOPMENT BELOW // TODO: remove base.EnvironmentMap and use map[string]any after v3.0.0 release Environment base.EnvironmentMap `yaml:"environment,omitempty"` @@ -57,12 +66,10 @@ type ( Privileged bool `yaml:"privileged,omitempty"` // Undocumented - Devices []string `yaml:"devices,omitempty"` - DNSSearch base.StringOrSlice `yaml:"dns_search,omitempty"` - DNS base.StringOrSlice `yaml:"dns,omitempty"` - ExtraHosts []string `yaml:"extra_hosts,omitempty"` - NetworkMode string `yaml:"network_mode,omitempty"` - Tmpfs []string `yaml:"tmpfs,omitempty"` + Devices []string `yaml:"devices,omitempty"` + ExtraHosts []string `yaml:"extra_hosts,omitempty"` + NetworkMode string `yaml:"network_mode,omitempty"` + Tmpfs []string `yaml:"tmpfs,omitempty"` } )