mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-12-01 14:21:07 +00:00
Code Issues Projects Releases Wiki Activity

Add dns config option to official feature set (#4418)

Browse source 
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
This commit is contained in:
6543 2024-11-25 17:59:00 +01:00 committed by GitHub
parent 5d750322bc
commit ebf9f9ccbb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 81 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
docs/docs/20-usage/20-workflow-syntax.md
View file

@ -763,6 +763,25 @@ Woodpecker supports to define multiple workflows for a repository. Those workflo
Workflows that should run even on failure should set the `runs_on` tag. See [here](./25-workflows.md#flow-control) for an example. Workflows that should run even on failure should set the `runs_on` tag. See [here](./25-workflows.md#flow-control) for an example.
## Advanced network options for steps
:::warning
Only allowed if 'Trusted Network' option is enabled in repo settings by an admin.
:::
### `dns`
If the backend engine understands to change the DNS server and lookup domain,
this options will be used to alter the default DNS config to a custom one for a specific step.
```yaml
steps:
- name: build
image: plugin/abc
dns: 1.2.3.4
dns_search: 'internal.company'
```
## Privileged mode ## Privileged mode
Woodpecker gives the ability to configure privileged mode in the YAML. You can use this parameter to launch containers with escalated capabilities. Woodpecker gives the ability to configure privileged mode in the YAML. You can use this parameter to launch containers with escalated capabilities.

10
pipeline/backend/kubernetes/pod.go
View file

@ -162,6 +162,16 @@ func podSpec(step *types.Step, config *config, options BackendOptions, nsp nativ
return spec, err return spec, err
} }
if len(step.DNS) != 0 || len(step.DNSSearch) != 0 {
spec.DNSConfig = &v1.PodDNSConfig{}
if len(step.DNS) != 0 {
spec.DNSConfig.Nameservers = step.DNS
}
if len(step.DNSSearch) != 0 {
spec.DNSConfig.Searches = step.DNSSearch
}
}
log.Trace().Msgf("using the image pull secrets: %v", config.ImagePullSecretNames) log.Trace().Msgf("using the image pull secrets: %v", config.ImagePullSecretNames)
spec.ImagePullSecrets = secretsReferences(config.ImagePullSecretNames) spec.ImagePullSecrets = secretsReferences(config.ImagePullSecretNames)
if needsRegistrySecret(step) { if needsRegistrySecret(step) {

61
pipeline/frontend/yaml/linter/schema/schema.json
View file

@ -54,6 +54,20 @@
} }
}, },
"definitions": { "definitions": {
"string_or_string_slice": {
"oneOf": [
{
"type": "array",
"minLength": 1,
"items": {
"type": "string"
}
},
{
"type": "string"
}
]
},
"clone": { "clone": {
"description": "Configures the clone step. Read more: https://woodpecker-ci.org/docs/usage/workflow-syntax#clone", "description": "Configures the clone step. Read more: https://woodpecker-ci.org/docs/usage/workflow-syntax#clone",
"oneOf": [ "oneOf": [
@ -294,18 +308,7 @@
}, },
"depends_on": { "depends_on": {
"description": "Execute a step after another step has finished.", "description": "Execute a step after another step has finished.",
"oneOf": [ "$ref": "#/definitions/string_or_string_slice"
{
"type": "array",
"minLength": 1,
"items": {
"type": "string"
}
},
{
"type": "string"
}
]
}, },
"detach": { "detach": {
"description": "Detach a step to run in background until pipeline finishes. Read more: https://woodpecker-ci.org/docs/usage/services#detachment", "description": "Detach a step to run in background until pipeline finishes. Read more: https://woodpecker-ci.org/docs/usage/services#detachment",
@ -322,18 +325,15 @@
}, },
"entrypoint": { "entrypoint": {
"description": "Defines container entrypoint.", "description": "Defines container entrypoint.",
"oneOf": [ "$ref": "#/definitions/string_or_string_slice"
{ },
"type": "array", "dns": {
"minLength": 1, "description": "Change DNS server for step. Only allowed if 'Trusted Network' option is enabled in repo settings by an admin. Read more: https://woodpecker-ci.org/docs/usage/workflow-syntax#dns",
"items": { "$ref": "#/definitions/string_or_string_slice"
"type": "string" },
} "dns_search": {
}, "description": "Change DNS lookup domain for step. Only allowed if 'Trusted Network' option is enabled in repo settings by an admin. Read more: https://woodpecker-ci.org/docs/usage/workflow-syntax#dns",
{ "$ref": "#/definitions/string_or_string_slice"
"type": "string"
}
]
} }
} }
}, },
@ -370,18 +370,7 @@
}, },
"depends_on": { "depends_on": {
"description": "Execute a step after another step has finished.", "description": "Execute a step after another step has finished.",
"oneOf": [ "$ref": "#/definitions/string_or_string_slice"
{
"type": "array",
"minLength": 1,
"items": {
"type": "string"
}
},
{
"type": "string"
}
]
}, },
"detach": { "detach": {
"description": "Detach a step to run in background until pipeline finishes. Read more: https://woodpecker-ci.org/docs/usage/services#detachment", "description": "Detach a step to run in background until pipeline finishes. Read more: https://woodpecker-ci.org/docs/usage/services#detachment",

47
pipeline/frontend/yaml/types/container.go
View file

@ -32,20 +32,29 @@ type (
// Container defines a container. // Container defines a container.
Container struct { Container struct {
BackendOptions map[string]any `yaml:"backend_options,omitempty"` // common
Commands base.StringOrSlice `yaml:"commands,omitempty"` Name string `yaml:"name,omitempty"`
Entrypoint base.StringOrSlice `yaml:"entrypoint,omitempty"` Image string `yaml:"image,omitempty"`
Detached bool `yaml:"detach,omitempty"` Pull bool `yaml:"pull,omitempty"`
Directory string `yaml:"directory,omitempty"` Commands base.StringOrSlice `yaml:"commands,omitempty"`
Failure string `yaml:"failure,omitempty"` Entrypoint base.StringOrSlice `yaml:"entrypoint,omitempty"`
Image string `yaml:"image,omitempty"` Directory string `yaml:"directory,omitempty"`
Name string `yaml:"name,omitempty"` Settings map[string]any `yaml:"settings"`
Pull bool `yaml:"pull,omitempty"` // flow control
Settings map[string]any `yaml:"settings"` DependsOn base.StringOrSlice `yaml:"depends_on,omitempty"`
Volumes Volumes `yaml:"volumes,omitempty"` When constraint.When `yaml:"when,omitempty"`
When constraint.When `yaml:"when,omitempty"` Failure string `yaml:"failure,omitempty"`
Ports []string `yaml:"ports,omitempty"` Detached bool `yaml:"detach,omitempty"`
DependsOn base.StringOrSlice `yaml:"depends_on,omitempty"` // state
Volumes Volumes `yaml:"volumes,omitempty"`
// network
Ports []string `yaml:"ports,omitempty"`
DNS base.StringOrSlice `yaml:"dns,omitempty"`
DNSSearch base.StringOrSlice `yaml:"dns_search,omitempty"`
// backend specific
BackendOptions map[string]any `yaml:"backend_options,omitempty"`
// ACTIVE DEVELOPMENT BELOW
// TODO: remove base.EnvironmentMap and use map[string]any after v3.0.0 release // TODO: remove base.EnvironmentMap and use map[string]any after v3.0.0 release
Environment base.EnvironmentMap `yaml:"environment,omitempty"` Environment base.EnvironmentMap `yaml:"environment,omitempty"`
@ -57,12 +66,10 @@ type (
Privileged bool `yaml:"privileged,omitempty"` Privileged bool `yaml:"privileged,omitempty"`
// Undocumented // Undocumented
Devices []string `yaml:"devices,omitempty"` Devices []string `yaml:"devices,omitempty"`
DNSSearch base.StringOrSlice `yaml:"dns_search,omitempty"` ExtraHosts []string `yaml:"extra_hosts,omitempty"`
DNS base.StringOrSlice `yaml:"dns,omitempty"` NetworkMode string `yaml:"network_mode,omitempty"`
ExtraHosts []string `yaml:"extra_hosts,omitempty"` Tmpfs []string `yaml:"tmpfs,omitempty"`
NetworkMode string `yaml:"network_mode,omitempty"`
Tmpfs []string `yaml:"tmpfs,omitempty"`
} }
) )