Commit graph

396 commits

Author SHA1 Message Date
antomy-gc
6516a28cdd
Secrets encryption in database (#1475)
closes #101

Added secrets encryption in database

- Google TINK or simple AES as encryption mechanisms
- Keys rotation support on TINK
- Existing SecretService is wrapped by encryption layer
- Encryption can be enabled and disabled at any time

Co-authored-by: Kuzmin Ilya <ilia.kuzmin@indrive.com>
Co-authored-by: 6543 <6543@obermui.de>
2023-01-12 20:59:07 +01:00
Stephen Muth
1816f6c715
Allow adding additional labels/annotations to kubernetes worker pods (#1510)
Example agent environment configuration using the new value:
```yaml
  - env:
    - name: WOODPECKER_BACKEND
      value: kubernetes
    - name: WOODPECKER_BACKEND_K8S_NAMESPACE
      value: default
    - name: WOODPECKER_BACKEND_K8S_POD_LABELS
      value: '{"sidecar.istio.io/inject":"false"}'
```
2022-12-31 01:37:09 +01:00
velsinki
dda4998261
Change healtcheck port into address format, redo #1197 (#1423)
As discussed in the comments in PR #1197. Also add documenation
accordingly.

One thing I'm not sure about is the simple check in health.go if the
address is usable in the GET request or not. From reading
https://pkg.go.dev/net#Dial it seems that the only non-standard address
format that would work in the `net` package but not in a GET url would
likely only be `:port`, as the others listed here are actually also
valid urls:

`For TCP, UDP and IP networks, if the host is empty or a literal
unspecified IP address, as in ":80", "0.0.0.0:80" or "[::]:80" for TCP
and UDP, "", "0.0.0.0" or "::" for IP, the local system is assumed.`

One additional thing I noticed is that while `WOODPECKER_SERVER_ADDR`
and `WOODPECKER_SERVER_ADDR` use the default value format of `:PORT`,
`WOODPECKER_SERVER` actually uses `localhost:9000`. I guess it makes a
bit of sense, considering the server might not be local to the agent,
but it looks a bit inconsistent this way. I don't think it would hurt to
make the `WOODPECKER_HEALTHCHECK_ADDR` in this format too, but then it's
different from the server flags again... :-)
2022-11-19 13:06:51 +02:00
Josh Soref
12cbe15de0
Fix spelling: gitlab (#1411)
This is most of the GitLab changes that I dropped from #1405. 

As before, I'm happy to adjust things...

<details><summary>Problematic Changes</summary>

Fwiw, this is the part that causes the tests to break (I don't
understand why, but I'm leaving this change out):

```patch
commit 703cbe3ed398bf32535120ead733b80aa145c8db
Author: Josh Soref <2119212+jsoref@users.noreply.github.com>
Date:   Tue Nov 8 17:09:06 2022 -0500

    event?! -- this seems broken

diff --git a/server/forge/gitlab/testdata/hooks.go b/server/forge/gitlab/testdata/hooks.go
index 7d39306..e394afc 100644
--- a/server/forge/gitlab/testdata/hooks.go
+++ b/server/forge/gitlab/testdata/hooks.go
@@ -27,7 +27,7 @@ var (
 	ServiceHookHeaders = http.Header{
 		"Content-Type":   []string{"application/json"},
 		"User-Agent":     []string{"GitLab/14.3.0"},
-		"X-Gitlab-Event": []string{"Service Hook"},
+		"X-GitLab-Event": []string{"Service Hook"},
 	}
 )
 
diff --git a/shared/token/token.go b/shared/token/token.go
index 3f15537..191e5ee 100644
--- a/shared/token/token.go
+++ b/shared/token/token.go
@@ -64,7 +64,7 @@ func ParseRequest(r *http.Request, fn SecretFunc) (*Token, error) {
 		return parse(bearer, fn)
 	}
 
-	token = r.Header.Get("X-Gitlab-Token")
+	token = r.Header.Get("X-GitLab-Token")
 	if len(token) != 0 {
 		return parse(token, fn)
 	}

```
</details>

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2022-11-09 17:16:17 +01:00
Josh Soref
023d03dd61
Spelling (#1405)
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-11-09 08:12:17 +01:00
qwerty287
3372d1a87c
Rename remote to forge (#1357)
As of #745

Co-authored-by: Anbraten <anton@ju60.de>
2022-11-05 00:35:06 +01:00
Harikesh00
36e42914fa
Renamed procs/jobs to steps in code (#1331)
Renamed `procs` to `steps` in code for the issue #1288

Co-authored-by: Harikesh Prajapati <harikesh.prajapati@druva.com>
Co-authored-by: qwerty287 <ndev@web.de>
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-10-28 17:38:53 +02:00
qwerty287
849e05bb8b
Rename build to pipeline in code (#1224)
Ref:  #745

Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: 6543 <6543@obermui.de>
2022-10-18 03:24:12 +02:00
Avinil Bedarkar
493ec45be6
Return return 404 if registry to delete do not exist (#1278)
Closes #524

Co-authored-by: 6543 <6543@obermui.de>
2022-10-18 01:48:04 +02:00
qwerty287
896746a91a
Remove old CLI docs generation code (#1196)
Removes code that's not longer required because we use a newer version
of urfave/cli.

Co-authored-by: 6543 <6543@obermui.de>
2022-09-25 14:36:31 +02:00
qwerty287
d28080a9eb
Make healthcheck port configurable (#1197)
Closes https://github.com/woodpecker-ci/woodpecker/issues/1193

Co-authored-by: 6543 <6543@obermui.de>
2022-09-19 00:07:37 +02:00
Anbraten
3b0263442a
Adding initial version of Kubernetes backend (#552)
Co-authored-by: laszlocph <laszlo@laszlo.cloud>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Rynoxx <rynoxx@grid-servers.net>
2022-09-05 06:01:14 +02:00
Anbraten
dbbd369c9a
Migrate to certmagic (#360)
closes #219
closes #850

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2022-09-04 03:24:42 +02:00
Anbraten
5ca7ede9e4
Improve logging (#1158)
* switch default log level to info add start message and cleanup server start
* refactor code
* fix agent debug / trace logging
2022-09-03 20:41:23 +02:00
6543
c79d49c862
Delete old fallbacks and compatible stuff (#791)
Drop ...
* ... DRONE_ and deprecated pipeline environment vars
* ... deprecated sqlite3 file path
2022-09-01 14:31:12 +02:00
6543
18c1807f4f
Create mock for store and add unit tests for cron (#1146)
* pass remote on init as argument like store

* mock store

* TestCreateBuild
2022-09-01 01:19:49 +02:00
6543
383f273392
Add cron feature (#934)
https://woodpecker-ci.org/docs/usage/cron

Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2022-09-01 00:36:32 +02:00
vanous
b7957c53aa
Fix filter cli attribute name (#1103)
Co-authored-by: Anbraten <anton@ju60.de>
2022-08-14 09:48:52 +02:00
Lauris BH
19dfc331f4
Add method to check organization membership (#1037)
* Add remote method to check organization membership
* Use named return parameters in interface
* Add membership check service
* Update Gitea SDK
2022-07-25 03:09:35 +02:00
Anbraten
cc30db44ac
Use asym key to sign webhooks (#916)
* use async key pair for webhooks

* fix tests

* fix linter

* improve code

* add key pair to database

* undo some changes

* more undo

* improve docs

* add api-endpoint

* add signaturne api endpoint

* fix error

* fix linting and test

* fix lint

* add test

* migration 006

* no need for migration

* replace httsign lib

* fix lint

Co-authored-by: 6543 <6543@obermui.de>
2022-06-01 20:06:27 +02:00
Anbraten
e79ad00826
Add agent tagging / filtering for pipelines (#902)
Officially support labels for pipelines and agents to improve pipeline picking. 

* add pipeline labels
* update, improve docs  and add migration
* update proto file

---
closes #304 & #860
2022-05-31 01:12:18 +02:00
Anbraten
0b2b776ed8
Remove senders model (#923)
* remove senders
* drop table
2022-05-17 21:27:44 +02:00
qwerty287
6568751320
Allow to change forge status messages (#900)
Allow to change the status message via template option

Closes https://github.com/woodpecker-ci/woodpecker/issues/855
2022-05-12 19:07:33 +02:00
Zav Shotan
7313de2b1d
Add support for superseding runs (#831)
closes #11

Added support:
1. Environment variable `WOODPECKER_DELETE_MULTIPLE_RUNS_ON_EVENTS` (Default pull_request, push)
2. Builds will be marked as killed when they "override" another build
2022-05-09 11:26:09 +02:00
John Olheiser
517be0394c
Initial version of CLI docs (#886)
Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Anbraten <anton@ju60.de>
2022-04-19 14:24:24 +02:00
6543
58303dd2a7
Move value of default clone image into shared constant package (#873) 2022-04-06 15:30:49 +02:00
qwerty287
eb6d69e1fd
Use Gogs' try instance as default value (#852) 2022-03-27 04:05:56 +02:00
Anbraten
e178b7b4b2
Improve agent backend loading and suppress expectable errors (#818)
* improve agent loop loading backend once

* supress container not found or stopped warnings
2022-03-08 16:21:43 +01:00
Lukas Bachschwell
c16d42f81e
Add missing flag and docs (#825)
* Add missing flag and docs

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>
Co-authored-by: Anbraten <anton@ju60.de>
2022-03-02 16:49:00 +01:00
Lukas Bachschwell
09e6460f95
Allow loading sensitive flags from files (#815)
With systems like docker swarm or docker compose it is usually a little awkward to manage secrets. 
There is no way to directly inject them into the environment config. So you often have to write your secrets directly into the compose file

There are hacky workarounds such as overriding the entry-point of the container and loading a script which then fetches secrets from /run/secrets and replaces the environment variables, but this becomes very difficult once we are using docker images built from "scratch" (which is a really great practice otherwise) as there is no shell or standard tooling available

This adds a *_FILE variant of their Environment config values to work around this issue.

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>
2022-03-01 16:09:33 +01:00
Lukas Bachschwell
59ba8538a1
Add support for pipeline configuration service (#804)
* Add configuration extension flags to server
Add httpsignatures dependency

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Add http fetching to config fetcher

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Refetch config on rebuild

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* - Ensure multipipeline compatiblity
- Send original config in http request

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Basic tests of config api

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Simple docs page

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Better flag naming

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Rename usages of the term yaml
Rename ConfigAPI struct

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Doc adjustments

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* More docs touchups

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Fix env vars in docs

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* fix json tags for api calls

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Add example config service

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Consistent naming for configService

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Docs: Change example repository location

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Fix tests after response field rename

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Revert accidential unrelated change in api hook

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Update server flag descriptions

Co-authored-by: Anbraten <anton@ju60.de>

Co-authored-by: Anbraten <anton@ju60.de>
2022-02-28 10:56:23 +01:00
6543
a3ac393264
Use shared func for registering Sigterm on a context (#799) 2022-02-28 09:27:31 +01:00
Anbraten
52d8097290
Get Netrc machine from clone url (#800)
We previously got the machine hostname for Netrc from the url of the remote, but in cases where the clone-url does not match the api url this can lead to errors.
2022-02-26 02:54:15 +01:00
6543
c4960cdd2c
Ignore items from WOODPECKER_ENVIRONMENT only containing a key and no value (#781)
* fix 761

* refactor: rename to match what it does & log ignore case
2022-02-23 08:59:52 +01:00
Zav Shotan
905350fa15
Add support for default clone image environment variable (#769)
This allows for custom clone images for deployment in air-gap systems.

Co-authored-by: Zav Shotan <zshotan@bloomberg.net>
2022-02-10 17:05:19 +01:00
Zav Shotan
f16525fae5
Add flag to always authenticate when cloning public repositories (#760)
As a developer using an custom git server (e.g. Github Enterprise) I would like to be able to authenticate 
the user on repositories which are marked as public.

See issue: https://github.com/woodpecker-ci/woodpecker/issues/473

Ref: https://github.com/woodpecker-ci/woodpecker/pull/693#issuecomment-1025771162
2022-02-08 17:55:08 +01:00
KN4CK3R
5f79739bc0
Add documentation of all server configuration options (#666)
* Added documentation of all configuration options.

* sort some flags

* adjust config docs to current flags

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Anton Bracke <anton@ju60.de>
2022-02-06 21:21:57 +01:00
Anbraten
6af94d79e3
Remove unused flags / options (#693)
Some flags where unused and / or unnecessary as they are covered by alternatives implemented in PRs of milestone 0.15.0 and just complicated the setup.

closes #681
2022-01-31 15:38:00 +01:00
6543
edbf6a3ba9
Allow to change status context again (#674)
* use flag value

* fix test

* sed -i 's/STATUS_CONTEXT/WOODPECKER_STATUS_CONTEXT/g'

* docs

* Update docs/docs/91-migrations.md

Co-authored-by: Anbraten <anton@ju60.de>
2022-01-29 20:37:36 +01:00
6543
b6e47a3f4a
Update deps (#724)
* update github.com/containerd/containerd v1.5.7 -> v1.5.9

* update github.com/lib/pq v1.10.3 -> v1.10.4

* update github.com/prometheus/client_golang v1.11.0 -> v1.12.0

* update github.com/rs/zerolog v1.25.0 -> v1.26.1

* update golang.org/x/crypto 2021-12-15 -> 2022-01-28
2022-01-29 16:04:50 +01:00
Anbraten
50570cba5c
Automatically determine platform of agent (#690)
* Automatically determine platform of agent

* add migration hint

* cleanup docs a bit
2022-01-17 15:19:30 +01:00
6543
2f91bdd4a0
gofumpt -w -l -extra . (#661) 2022-01-05 21:50:23 +01:00
6543
dec0eeeed7
Use global branch filter only on events containing branch info (#659)
- close #581
- delete unused code
- simplify code
- add check to procBuilder to fail on invalid config
2022-01-05 17:54:44 +01:00
6543
e8807c5e53
Add "woodpeckerci/plugin-docker-buildx" to privileged plugins (#623)
* refactor global const in own package

* add "woodpeckerci/plugin-docker-buildx" to privileged plugins

* add woodpeckerci/plugin-docker
2021-12-19 12:46:36 +01:00
6543
ef597eca0c
Add flag for not fetching permissions (FlatPermissions) (#491) (#625)
Co-authored-by: Alex Eftimie <alex.eftimie@getyourguide.com>
2021-12-19 12:04:29 +01:00
Anbraten
3bee9044f1
Add flag to set oauth redirect host in dev mode (#586) 2021-12-13 20:22:09 +01:00
Anbraten
33a657103e
hide gin output from normal starts (#603) 2021-12-12 22:49:30 +01:00
6543
4cbdacb21c
Nits Collected over last month (#595)
- add coverage.out
- add context queue
- fix misspell
- sanitize config: WOODPECKER_GITEA_URL
- storage backend migration should have no xorm session within migration function
2021-12-11 13:15:04 +01:00
6543
f1e2f3dcad
Add log-level option to cli (#584)
* add log-level option to cli

* use app.Before

* rm not needed
2021-12-10 21:49:22 +01:00
6543
4ea00f0035
Make cancel pipeline work again (#585)
* logger: on level debug or trace add caller to logs

* more logging

* fix cancel bug

* ignore error if occur for queue cancel
2021-12-08 23:40:00 +01:00