closes#101
Added secrets encryption in database
- Google TINK or simple AES as encryption mechanisms
- Keys rotation support on TINK
- Existing SecretService is wrapped by encryption layer
- Encryption can be enabled and disabled at any time
Co-authored-by: Kuzmin Ilya <ilia.kuzmin@indrive.com>
Co-authored-by: 6543 <6543@obermui.de>
Closes#1169
Replaces structs that were added inline in hook structs with structs of
the corresponding SDKs. This makes it more readable and error-proof.
Use IDs of the forge to fetch repositories instead of their names and owner names. This improves handling of renamed and transferred repos.
TODO
- [ ] try to support as many forges as possible
- [x] Gogs (no API)
- [ ] Bitbucket Server
- [x] Coding (no API?)
- [x] update repo every time it is fetched or received from the forge
- [x] if repo remote IDs are not available, use owner / name to get it
- [x] handle redirections (redirect a renamed repo to its new path)
- [x] ~~pull all repos once during migration to update ID (?)~~ issue fixed by on-demand loading of remote IDs
- [x] handle redirections in web UI
- [ ] improve handling of hooks after a repo was renamed (currently it checks for a redirection to the repo)
- [x] tests
- [x] `UNIQUE` constraint for remote IDs after migration shouldn't work (all repos have an empty string as remote ID)
close#854close#648 partial
close https://codeberg.org/Codeberg-CI/feedback/issues/46
Possible follow-up PRs
- apply the same scheme on everything fetched from the remote (currently only users)
Co-authored-by: 6543 <6543@obermui.de>
* Implement database changes and store methods for global and organization secrets
* Add tests for new store methods
* Add organization secret API and UI
* Add global secrets API and UI
* Add suggestions
* Update warning style
* Apply suggestions from code review
Co-authored-by: Anbraten <anton@ju60.de>
* Fix lint warning
Co-authored-by: Anbraten <anton@ju60.de>
to make it easier for devs to find the right place for code
close#655
Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
closes#11
Added support:
1. Environment variable `WOODPECKER_DELETE_MULTIPLE_RUNS_ON_EVENTS` (Default pull_request, push)
2. Builds will be marked as killed when they "override" another build
* only calculate time on running builds
* Add updated timestamp into database and use it in frontend
* add more trace logging
* refactor (move grpc unrelated func into related package)
* fix xorm schema
* add todo
- Add field for image list in Secrets Repo Settings (Web UI)
Simple comma separated input field, split into images array
- validate secret images in backend
- trim spaces and filter empty list items
Signed-off-by: 6543 <6543@obermui.de>
Co-authored-by: 6543 <6543@obermui.de>
- link to specific proc (only general build before)
- set status for all procs (before: only for the whole build on some SCMs)
- set status after restart
- set status to pending after waiting for approval
- make status of gitlab, gitea & github equal
- dedupe status update code
- dedupe `PostBuild` code
close#410, close#297, close#459, close#521
* write back to webhook caller what happend
* skip sound like an error - it is none change that
* improve hook func
* dedup code & fix bugs that only existed on gated builds
* startBuild use std context
* wordings
Co-authored-by: Anbraten <anton@ju60.de>
* nit
* todo done
Co-authored-by: Anbraten <anton@ju60.de>
* UI: let remove be a remove
* UI: add deactivate repo btn
* Store: DeleteRepo also delete related
* Store: more test coverage
Co-authored-by: 6543 <6543@obermui.de>
Resolve some todos in server/model:
* Move persistent queue into its own package
* Create Types: StatusValue, SCMKind, RepoVisibly
* Rename struct Repo fields: SCMKind, IsSCMPrivate
