Commit graph

405 commits

Author SHA1 Message Date
qwerty287
8882ebcdbd
Remove secrets from schema (#4345)
Co-authored-by: Patrick Schratz <patrick.schratz@gmail.com>
2024-11-10 16:38:55 +01:00
qwerty287
e13085b69f
Pass settings to services (#4338) 2024-11-09 21:04:27 +01:00
Patrick Schratz
b5915f605b
fix error="io: read/write on closed pipe" on k8s backend (#4281) 2024-11-08 11:00:03 +01:00
6543
bf5405b6cc
Respect directory option for steps again (#4319) 2024-11-06 23:21:56 +01:00
Patrick Schratz
560eab96f0
Kubernetes | Docker: Add support for rootless images (#4151) 2024-11-02 18:07:27 +01:00
qwerty287
29474fc7d9
Split repo trusted setting (#4025) 2024-11-01 21:37:31 +01:00
Robert Kaussow
383bfbb6de
Fix wording for privileged plugins linter error (#4280) 2024-10-30 22:14:12 +01:00
qwerty287
bd933669ef
Fix snake_case env vars (#4267) 2024-10-28 17:23:49 +01:00
qwerty287
49e40772ca
Deprecate secrets (#4235) 2024-10-24 08:36:29 +03:00
6543
f8cfda1ea9
Report custom labels set by agent admins back (#4141) 2024-10-06 17:13:41 +02:00
Andrew Melnick
b52b021acb
Implement registries for Kubernetes backend (#4092)
According to [the documentation](https://woodpecker-ci.org/docs/administration/backends/kubernetes#images-from-private-registries), per-organization and per-pipeline registries are currently unsupported for the Kubernetes backend.

This patch implements this missing functionality by creating and deleting a matching secret for each pod with a matched registry, using the same name, labels, and annotations as the pod, and appending it to its `imagePullSecrets` list.

This patch adds tests for the new functionality, and has been manually end-to-end-tested in KinD by using a private image hosted in the matching gitea instance.

This will require updating the matching helm charts to add the create/delete permissions to the agent role, which **is already done**.

close  #2987
2024-09-30 01:03:05 +01:00
6543
6ad20ced5b
Move docker resource limit settings from server to agent (#3174)
so you can set it per agent and not per server
2024-09-26 16:56:59 +01:00
Patrick Schratz
b75a2cac10
Update image filter error message (#4143) 2024-09-26 13:04:07 +01:00
6543
3f3f415dca make TestCopyLineByLine fail less
https://ci.woodpecker-ci.org/repos/3780/pipeline/20741/32
2024-09-22 18:39:20 +02:00
6543
6f03102c68
directory key is allowed for services (#4127) 2024-09-19 07:30:30 +03:00
hg
276b279b7f
Process workflow logs in batches (#4045) 2024-09-18 16:29:56 +02:00
6543
375309a8a8
Remove unused struct from metadata (#4120) 2024-09-16 23:30:31 +02:00
6543
e89a2f38fd
Make cli exec metadata on pair with build in server generated metadata (#4119)
remove some old environment and add all missing options to set the whole build-in environment on `cli exec` via flags


---
*Sponsored by Kithara Software GmbH*

Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-09-16 22:03:24 +02:00
6543
38ed7f9efd
Remove some ci environment variables (#3846)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-09-08 08:59:58 +03:00
6543
f7d12bf256
Linter: respect tags for linting of global privileged plugins (#4083)
https://ci.woodpecker-ci.org/repos/8981/pipeline/162/4 should have shown an lit error but it did not.

this fix it

a followup of https://github.com/woodpecker-ci/woodpecker/pull/4053
2024-09-05 00:25:22 +02:00
6543
32d1ec7cec
Remove all default privileged plugins (#4053) 2024-09-02 10:41:20 +02:00
6543
5b208d2c01
Allow admins to specify priviledged plugins by name **and tag** (#4075)
previous the tags where ignored, now we respect them if set
2024-09-01 21:27:12 +02:00
6543
3c8204a0e0
Allow alter trusted clone plugins and filter them via tag (#4074) 2024-09-01 20:41:10 +02:00
6543
d02c6b7266
Use kaniko plugin in docs as example (#4072) 2024-09-01 15:31:52 +02:00
6543
e4f954ef94
Remove all default 3rd party privileged plugins (#3918) 2024-08-31 19:04:47 +02:00
6543
fb6068d836
Add option to filter secrets by plugins with specific tags (#4069)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-08-31 13:46:50 +02:00
Anbraten
599dd97d1b
Wait for tracer to be done before finishing workflow (#4068) 2024-08-30 11:44:56 +02:00
xtex
e2a43e8467
Fix schema with detached steps (#4066) 2024-08-29 13:01:53 +00:00
qwerty287
644f731327
Fix schema with commands and entrypoint (#4065) 2024-08-28 13:52:07 +02:00
hg
37d1ca8bc1
Read long log lines from file storage correctly (#4048) 2024-08-25 22:53:04 +02:00
qwerty287
aafd217cce
Remove old pipeline options (#4016) 2024-08-15 18:58:51 +02:00
qwerty287
289f530b2b
Warn if using secrets/env with plugin (#4027) 2024-08-15 07:40:14 +02:00
qwerty287
bcecbbd398
Fix lint (#4032) 2024-08-14 22:37:05 +03:00
hg
df5287bb65
Set CI_PREV_COMMIT_{SOURCE,TARGET}_BRANCH as mentioned in the documentation (#4001) 2024-08-08 19:01:59 +02:00
qwerty287
c0b1d6aaa4
Allow using args in container (#4011) 2024-08-07 21:11:55 +02:00
Thomas Anderson
6c9469f610
Improved Local backend detection (#4006)
Co-authored-by: 6543 <6543@obermui.de>
2024-08-07 12:04:10 +02:00
Thomas Anderson
ca41540151
Switched to profile-based AppArmor configuration (#4008)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-08-06 19:05:04 +02:00
Thomas Anderson
dc10fb95ad
Removed Kubernetes default image pull secret name (#4005)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-08-06 18:47:31 +02:00
Thomas Anderson
c5746ccb50
Fail on InvalidImageName (#4007) 2024-08-06 17:07:07 +02:00
qwerty287
111eb7ef48
Fix dropped env vars (#3969)
Co-authored-by: 6543 <6543@obermui.de>
2024-07-25 17:17:09 +02:00
qwerty287
3ae4a8d7bb
Drop version in schema (#3970) 2024-07-25 00:43:43 +02:00
qwerty287
123c4ae03e
Update docker to v27 (#3972) 2024-07-25 00:43:21 +02:00
6543
1c7c87b8f0
Remove deprecated pipeline settings (#3916) 2024-07-23 13:06:47 +02:00
renovate[bot]
251129a29c
fix(deps): update golang-packages (#3958)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: qwerty287 <qwerty287@posteo.de>
2024-07-22 18:18:26 +02:00
6543
b2970dbf0d
Refactor docker backend and add more test coverage (#2700)
collection of some smal nit's and additions of tests
2024-07-21 21:28:10 +02:00
6543
54b91db6b0
Add PULLREQUEST_DRONE_PULL_REQUEST drone env (#3939) 2024-07-19 17:15:05 +02:00
6543
31a45e5633
Add blocklist of environment variables who could alter execution of plugins (#3934) 2024-07-18 22:54:29 +02:00
6543
764329ed1d
Make sure plugins only mount the workspace base in a predefinde location (#3933) 2024-07-18 22:52:22 +02:00
6543
7b7c83d040
remove undocumented networks option from steps (#3915)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-07-18 18:18:39 +02:00
6543
cd5f6f71a2
Migrate to github.com/urfave/cli/v3 (#2951) 2024-07-18 01:26:35 +02:00