Commit graph

63 commits

Author SHA1 Message Date
Patrick Schratz
560eab96f0
Kubernetes | Docker: Add support for rootless images (#4151) 2024-11-02 18:07:27 +01:00
6543
6ad20ced5b
Move docker resource limit settings from server to agent (#3174)
so you can set it per agent and not per server
2024-09-26 16:56:59 +01:00
6543
5b208d2c01
Allow admins to specify priviledged plugins by name **and tag** (#4075)
previous the tags where ignored, now we respect them if set
2024-09-01 21:27:12 +02:00
qwerty287
aafd217cce
Remove old pipeline options (#4016) 2024-08-15 18:58:51 +02:00
6543
31a45e5633
Add blocklist of environment variables who could alter execution of plugins (#3934) 2024-07-18 22:54:29 +02:00
6543
764329ed1d
Make sure plugins only mount the workspace base in a predefinde location (#3933) 2024-07-18 22:52:22 +02:00
6543
7b7c83d040
remove undocumented networks option from steps (#3915)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-07-18 18:18:39 +02:00
6543
e39345688d
Allow to change the working directory also plugins and services (#3914) 2024-07-18 01:02:38 +02:00
Robert Kaussow
89e100cfd1
Add godot linter to harmonitze toplevel comments (#3650) 2024-05-13 22:58:21 +02:00
qwerty287
75803dba41
Fix uppercased env (#3516)
closes #3515 

I think after this is fixed, we should publish a new release as this can
be quite important.

Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
2024-03-20 16:53:33 +02:00
qwerty287
9b0c4e4e3c
Fix env var naming (#3438)
closes #3436
2024-02-25 10:12:40 +01:00
qwerty287
de5c65939a
Deprecate alternative names on secrets (#3406)
Closes https://github.com/woodpecker-ci/woodpecker/discussions/2274

# deprecation of alternative names

Instead of
```yaml
secrets:
  - source: some_secret
    target: some_env
```
you now write:
```yaml
environment:
  some_env:
    from_secret: some_secret
```

Also, it's possible to use complex yaml objects in `environment`,
they're turned into json (just like `settings`).
2024-02-22 18:25:57 +01:00
qwerty287
0c9bbf91a3
Do not alter secret key upper-/lowercase (#3375) 2024-02-20 14:20:25 +01:00
qwerty287
6892a9ca57
Parse backend options in backend (#3227)
Currently, backend options are parsed in the yaml parser.
This has some issues:
- backend specific code should be in the backend folders
- it is not possible to add backend options for backends added via
addons
2024-02-08 18:39:32 +01:00
Anbraten
0b5eef7d1e
Improve secret availability checks (#3271) 2024-01-27 20:59:44 +01:00
qwerty287
5e2f7d81b3
Clean up models (#3228) 2024-01-22 07:56:18 +01:00
qwerty287
d1d2e9723d
Support custom steps entrypoint (#2985)
Closes https://github.com/woodpecker-ci/woodpecker/issues/278

---------

Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: 6543 <6543@obermui.de>
2024-01-19 05:34:02 +01:00
Thomas Anderson
0611fa9b32
Added protocol in port configuration (#2993)
Closes  #2727
2024-01-12 23:57:24 +01:00
Thomas Anderson
9bbc446009
Kubernetes AppArmor and seccomp (#3123)
Closes #2545

seccomp
https://kubernetes.io/docs/tutorials/security/seccomp/

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/135-seccomp/README.md

AppArmor
https://kubernetes.io/docs/tutorials/security/apparmor/

fddcbb9cbf/keps/sig-node/24-apparmor/README.md
Went ahead and implemented API from KEP-24 above.
2024-01-12 23:32:24 +01:00
6543
f8fb28e651
More docker backend test remove more undocumented (#3156)
remove Sysctls and IpcMode
2024-01-11 19:30:13 +01:00
6543
cd59a85230
Use name in backend types instead of alias (#3142) 2024-01-09 15:22:59 +01:00
6543
1eacf74376
Remove duplicate assignment of CI_STEP_NAME (#3139)
Co-authored-by: Anbraten <anton@ju60.de>
2024-01-09 08:56:28 +01:00
Thomas Anderson
253d702bc7
Fix IPv6 host aliases for kubernetes (#2992)
Closes #2991


[Tests](https://github.com/woodpecker-ci/woodpecker/pull/2993#issuecomment-1868048169)

---------

Co-authored-by: 6543 <6543@obermui.de>
2023-12-23 00:42:30 +01:00
qwerty287
ce4f952b50
Switch to ULID (#2986)
Closes https://github.com/woodpecker-ci/woodpecker/discussions/2156
2023-12-21 20:23:51 +01:00
runephilosof-karnovgroup
adb2c82790
Update go module path for major version 2 (#2905)
https://go.dev/doc/modules/release-workflow#breaking

Fixes https://github.com/woodpecker-ci/woodpecker/issues/2913 fixes
#2654
```
runephilosof@fedora:~/code/platform-woodpecker/woodpecker-repo-configurator (master)$ go get go.woodpecker-ci.org/woodpecker@v2.0.0
go: go.woodpecker-ci.org/woodpecker@v2.0.0: invalid version: module contains a go.mod file, so module path must match major version ("go.woodpecker-ci.org/woodpecker/v2")
```

---------

Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2023-12-08 08:15:08 +01:00
Thomas Anderson
3adb98b287
Simple security context options (Kubernetes) (#2550) 2023-11-26 08:46:06 +01:00
6543
5a7b689e30
Switch to go vanity urls (#2706)
Co-authored-by: Anbraten <anton@ju60.de>
2023-11-07 08:04:33 +01:00
Anbraten
9e10100ad6
Fail on missing secrets (#2749)
Co-authored-by: pat-s <patrick.schratz@gmail.com>
2023-11-05 12:47:42 +01:00
Thomas Anderson
de53b906e8
Add ports into pipeline backend step model (#2656)
Closes #2655.


[Pipeline](https://woodpecker-ci.org/docs/next/usage/services#complete-pipeline-example):
```yaml
services:
  database:
    image: mysql
    environment:
      - MYSQL_DATABASE=test
      - MYSQL_ROOT_PASSWORD=example
    ports:
      - 3306

steps:
  get-version:
    image: ubuntu
    commands:
      - ( apt update && apt dist-upgrade -y && apt install -y mysql-client 2>&1 )> /dev/null
      - sleep 60s # need to wait for mysql-server init
      - echo 'SHOW VARIABLES LIKE "version"' | mysql -uroot -hdatabase test -pexample
```

Service:
```yaml
apiVersion: v1
kind: Service
metadata:
  name: wp-01hdq6gbkw1mn6k1655fs3rntf-0-services-0
  namespace: woodpecker-runtime
  ...
  selfLink: >-
    /api/v1/namespaces/woodpecker-runtime/services/wp-01hdq6gbkw1mn6k1655fs3rntf-0-services-0
status:
  loadBalancer: {}
spec:
  ports:
    - protocol: TCP
      port: 3306
      targetPort: 3306
  selector:
    step: database
  clusterIP: 10.43.180.120
  clusterIPs:
    - 10.43.180.120
  type: ClusterIP
  sessionAffinity: None
  ipFamilies:
    - IPv4
  ipFamilyPolicy: SingleStack
  internalTrafficPolicy: Cluster
```
2023-11-02 04:12:41 +01:00
6543
e83357833d
Use path.Join for server side path generation (#2689)
make sure to have valid config even when server is running under windows

---
*Sponsored by Kithara Software GmbH*
2023-11-01 11:29:44 +01:00
qwerty287
46273e54d8
Require Go 1.21 (#2553)
Main change are the new `maps` and `slices` stdlib packages so we can
replace `golang.org/x/exp`.
2023-10-09 09:11:08 +02:00
Kleber Rocha
61b5672051
Add option to configure tolerations in kubernetes backend (#2249)
This code add a feature to support tolerations in Kubernetes Backend

---------

Signed-off-by: Kleber Rocha <klinux@gmail.com>
2023-08-22 22:34:59 +02:00
qwerty287
8cdac56d8f
Check for correct license header (#2137) 2023-08-10 11:06:00 +02:00
6543
b54f6ebad6
Let pipeline-compiler export step types (#1958) 2023-07-11 15:53:05 +02:00
Anbraten
f2c33a0d89
Fix netrc passing to clone image (#1964)
closes #1837
2023-07-09 23:41:13 +02:00
Thomas Anderson
2ba64dcb7d
Removed env vars filtering (#1913)
Closes #1911
2023-07-02 19:14:59 +02:00
Ovidiu Calbajos
609ba481b5
Support for k8s serviceAccount and nodeSelector (#1842)
Add the possiblity to specify the Kubernetes serviceAccount and/or
nodeSelector to be used on individual steps for Kubernetes executor
2023-06-12 16:00:59 +02:00
Anbraten
556607b525
Rework log streaming and related functions (#1802)
closes #1801
closes #1815 
closes #1144
closes  #983
closes  #557
closes #1827
regression of #1791

# TODO
- [x] adjust log model
- [x] add migration for logs
- [x] send log line via grpc using step-id
- [x] save log-line to db
- [x] stream log-lines to UI
- [x] use less structs for log-data
- [x] make web UI work
  - [x] display logs loaded from db
  - [x] display streaming logs
- [ ] ~~make migration work~~ -> dedicated pull (#1828)

# TESTED
- [x] new logs are stored in database
- [x] log retrieval via cli (of new logs) works
- [x] log streaming works (tested via curl & webui)
- [x] log retrieval via web (of new logs) works

---------

Co-authored-by: 6543 <6543@obermui.de>
2023-06-06 09:52:08 +02:00
6543
971cb52032
Rename pipeline frontend types (#1829)
this adjust the packages that parse the yaml-config-file to match
[Terminology](https://woodpecker-ci.org/docs/next/usage/terminology)
2023-06-06 09:14:21 +02:00
6543
f81b447638
remove undocumented docker specific option (#1825) 2023-06-05 17:30:32 +02:00
6543
ea895baf83
Resolve built-in variables for global when filter (#1790)
addresses
bd461477bd

close  #1244, close #1580

---------

Co-authored-by: Anbraten <anton@ju60.de>
2023-06-05 00:15:07 +02:00
Stephen Muth
2941e508b3
Allow setting resources for kubernetes on a per-step basis (#1767)
This add a simple implementation of requests/limits for individual
steps. There is no validation of what the resource actually is beyond
checking that it can successfully be converted to a Quantity, so it can
be used for things other than just memory/CPU.

close #1809
2023-06-04 00:50:08 +02:00
Anbraten
36b5ae3459
Add env for workflow and step name (#1693)
closes #1681
2023-04-08 13:15:28 +02:00
qwerty287
7ddc18348f
Only grant privileged to plugins (#1646)
Closes https://github.com/woodpecker-ci/woodpecker/issues/1525

Co-authored-by: Anbraten <anton@ju60.de>
2023-03-19 03:07:10 +01:00
Stephen Muth
bc87208a33
Rework status constraint logic for successes (#1515)
Since "success" and "failure" are the only two possible values, and
"success" is considered to be included by default, the existing code can
also be simplified a little.

This has the side effect of ignoring the "exclude" part of the
constraint completely. I put it in the tests just to make sure the
workaround in
https://github.com/woodpecker-ci/woodpecker/issues/1181#issuecomment-1347253585
continues to work as expected, but couldn't think of any legitimate use
cases for it.

Fixes #1181
2023-01-02 06:36:57 +01:00
Sergio Fenoll
f0e518a5a2
Add option to ignore failures on steps (#1219)
closes #1181
closes #834 

Adds `ignore_failure` to pipeline steps. When it's set to true,
if the step fails the following steps continue to execute as if no failure had occurred.

---

failure enums idea:
* fail (default) = if other steps run in parallel, wait for them and
then let workflow fail
* cancel = if other steps run in parallel, kill them
* ignore = we mark the step as failed but it wont have any impact
2022-11-15 19:47:27 +01:00
6543
b15ca52a63
Move constrain to only have a single command in backend to run to dedicated backends (#1032)
at the moment we compile a script that we can pipe in as single command
this is because of the constrains the docker backend gives us.

so we move it into the docker backend and eventually get rid of it altogether
2022-10-31 00:26:49 +01:00
qwerty287
e568c42e84
Support plugin-only secrets (#1344)
Closes #1071
2022-10-27 04:21:07 +02:00
qwerty287
f6cac78119
Allow to change directory for steps (#1329)
Add `directory` YAML key that changes the workdir. Can replace a `cd`
before your commands start or make it possible to run plugins in a
subdirectory.
2022-10-24 16:31:06 +02:00
6543
da997fa34a
Add support sub-settings and secrets in sub-settings (#1221) 2022-10-03 19:25:43 +02:00