From f71142d1628a57366763b9f14a86c2baa7004166 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Tue, 10 Jan 2023 17:34:21 +0100 Subject: [PATCH] Pin official default clone image (#1526) address https://github.com/woodpecker-ci/woodpecker/issues/1508#issuecomment-1368007494 --- docs/docs/30-administration/10-server-config.md | 4 ++-- docs/docs/92-development/06-guides.md | 4 ++++ .../version-0.15/30-administration/10-server-config.md | 2 +- shared/constant/constant.go | 5 +++-- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/docs/docs/30-administration/10-server-config.md b/docs/docs/30-administration/10-server-config.md index e7bc6f129..bb93e0f72 100644 --- a/docs/docs/30-administration/10-server-config.md +++ b/docs/docs/30-administration/10-server-config.md @@ -203,7 +203,7 @@ Always use authentication to clone repositories even if they are public. Needed List of event names that will be canceled when a new pipeline for the same context (tag, branch) is created. ### `WOODPECKER_DEFAULT_CLONE_IMAGE` -> Default: `woodpeckerci/plugin-git:latest` +> Default is defined in [shared/constant/constant.go](https://github.com/woodpecker-ci/woodpecker/blob/master/shared/constant/constant.go) The default docker image to be used when cloning the repo @@ -213,7 +213,7 @@ The default docker image to be used when cloning the repo Configures the session expiration time. ### `WOODPECKER_ESCALATE` -> Default: `plugins/docker,plugins/gcr,plugins/ecr,woodpeckerci/plugin-docker,woodpeckerci/plugin-docker-buildx` +> Defaults are defined in [shared/constant/constant.go](https://github.com/woodpecker-ci/woodpecker/blob/master/shared/constant/constant.go) Docker images to run in privileged mode. Only change if you are sure what you do! diff --git a/docs/docs/92-development/06-guides.md b/docs/docs/92-development/06-guides.md index d9e863751..3752cd2ad 100644 --- a/docs/docs/92-development/06-guides.md +++ b/docs/docs/92-development/06-guides.md @@ -33,3 +33,7 @@ You should not use `sess.Begin()`, `sess.Commit()` or `sess.Close()` inside a mi ::: To automatically execute the migration after the start of the server, the new migration needs to be added to the end of `migrationTasks` in `server/store/datastore/migration/migration.go`. After a successful execution of that transaction the server will automatically add the migration to a list, so it won't be executed again on the next start. + +## Constants of official images + +All official default images, are saved in [shared/constant/constant.go](https://github.com/woodpecker-ci/woodpecker/blob/master/shared/constant/constant.go) and must be pinned by an exact tag. diff --git a/docs/versioned_docs/version-0.15/30-administration/10-server-config.md b/docs/versioned_docs/version-0.15/30-administration/10-server-config.md index f3e491d96..9154c625b 100644 --- a/docs/versioned_docs/version-0.15/30-administration/10-server-config.md +++ b/docs/versioned_docs/version-0.15/30-administration/10-server-config.md @@ -165,7 +165,7 @@ Link to documentation in the UI. Always use authentication to clone repositories even if they are public. Needed if the SCM requires to always authenticate as used by many companies. ### `WOODPECKER_DEFAULT_CLONE_IMAGE` -> Default: `woodpeckerci/plugin-git:latest` +> Default is defined in [shared/constant/constant.go](https://github.com/woodpecker-ci/woodpecker/blob/release/v0.15/shared/constant/constant.go) The default docker image to be used when cloning the repo diff --git a/shared/constant/constant.go b/shared/constant/constant.go index 40a739c38..207289d69 100644 --- a/shared/constant/constant.go +++ b/shared/constant/constant.go @@ -14,11 +14,11 @@ package constant +// PrivilegedPlugins can be changed by 'WOODPECKER_ESCALATE' at runtime var PrivilegedPlugins = []string{ "plugins/docker", "plugins/gcr", "plugins/ecr", - "woodpeckerci/plugin-docker", "woodpeckerci/plugin-docker-buildx", } @@ -32,5 +32,6 @@ var DefaultConfigOrder = [...]string{ } const ( - DefaultCloneImage = "docker.io/woodpeckerci/plugin-git:2.0" + // DefaultCloneImage can be changed by 'WOODPECKER_DEFAULT_CLONE_IMAGE' at runtime + DefaultCloneImage = "docker.io/woodpeckerci/plugin-git:2.0.3" )