From f5671ba20f9fd0fbffa8915025ca0ed9bcdd70cb Mon Sep 17 00:00:00 2001 From: Patrick Schratz Date: Thu, 6 Jun 2024 09:18:31 +0200 Subject: [PATCH] Docs: update local backend page (#3765) --- .../30-administration/22-backends/20-local.md | 22 ++++++++----------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/docs/docs/30-administration/22-backends/20-local.md b/docs/docs/30-administration/22-backends/20-local.md index 7ec95f0f8..c0faf9c2f 100644 --- a/docs/docs/30-administration/22-backends/20-local.md +++ b/docs/docs/30-administration/22-backends/20-local.md @@ -5,33 +5,31 @@ toc_max_heading_level: 3 # Local backend :::danger -The local backend will execute the pipelines on the local system without any isolation of any kind. +The local backend executes pipelines on the local system without any isolation. ::: :::note -Currently we do not support services for this backend. +Currently we do not support [services](../../20-usage/60-services.md) for this backend. [Read more here](https://github.com/woodpecker-ci/woodpecker/issues/3095). ::: -Since the code runs directly in the same context as the agent (same user, same +Since the commands run directly in the same context as the agent (same user, same filesystem), a malicious pipeline could be used to access the agent configuration especially the `WOODPECKER_AGENT_SECRET` variable. It is recommended to use this backend only for private setup where the code and -pipeline can be trusted. You shouldn't use it for a public facing CI where -anyone can submit code or add new repositories. You shouldn't execute the agent -as a privileged user (root). +pipeline can be trusted. It should not be used in a public instance where +anyone can submit code or add new repositories. The agent should not run as a privileged user (root). The local backend will use a random directory in `$TMPDIR` to store the cloned code and execute commands. In order to use this backend, you need to download (or build) the -[binary](https://github.com/woodpecker-ci/woodpecker/releases/latest) of the -agent, configure it and run it on the host machine. +[agent](https://github.com/woodpecker-ci/woodpecker/releases/latest), configure it and run it on the host machine. ## Usage -To enable the local backend, add this to your configuration: +To enable the local backend, set the following: ```ini WOODPECKER_BACKEND=local @@ -39,7 +37,7 @@ WOODPECKER_BACKEND=local ### Shell -The `image` entry is used to specify the shell, such as Bash or Fish, that is +The `image` entrypoint is used to specify the shell, such as `bash` or `fish`, that is used to run the commands. ```yaml title=".woodpecker.yaml" @@ -51,15 +49,13 @@ steps: ### Plugins -Plugins are just executable binaries: - ```yaml steps: - name: build image: /usr/bin/tree ``` -If no commands are provided, we treat them as plugins in the usual manner. +If no commands are provided, plugins are treated in the usual manner. In the context of the local backend, plugins are simply executable binaries, which can be located using their name if they are listed in `$PATH`, or through an absolute path. ### Options