Commit graph

143 commits

Author SHA1 Message Date
Thomas Anderson
9bbc446009
Kubernetes AppArmor and seccomp (#3123)
Closes #2545

seccomp
https://kubernetes.io/docs/tutorials/security/seccomp/

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/135-seccomp/README.md

AppArmor
https://kubernetes.io/docs/tutorials/security/apparmor/

fddcbb9cbf/keps/sig-node/24-apparmor/README.md
Went ahead and implemented API from KEP-24 above.
2024-01-12 23:32:24 +01:00
Robert Kaussow
9bbba4441d
Enable golangci linter forcetypeassert (#3168)
Split out from https://github.com/woodpecker-ci/woodpecker/pull/2960
2024-01-12 02:01:02 +01:00
6543
f8fb28e651
More docker backend test remove more undocumented (#3156)
remove Sysctls and IpcMode
2024-01-11 19:30:13 +01:00
qwerty287
f56f9cb1c0
Cleanups + prefer .yaml (#3069)
Co-authored-by: Robert Kaussow <xoxys@rknet.org>
2024-01-11 18:43:54 +01:00
Robert Kaussow
7756c60a33
Enable golangci linter stylecheck (#3167)
This PR only fixes error string formatting, log message strings are
still mixed upper/lowercase (see
https://github.com/woodpecker-ci/woodpecker/pull/3161#issuecomment-1885140649)
and I'm not aware of a linter to enforce it.
2024-01-10 22:56:42 +01:00
qwerty287
12c40eb957
Enable gocritic and don't ignore globally (#3159)
Use `nolint` directives instead.

From #2960
2024-01-10 15:34:44 +01:00
qwerty287
1b380ff4b4
Enable nolintlint (#3158) 2024-01-10 12:11:18 +01:00
6543
cd59a85230
Use name in backend types instead of alias (#3142) 2024-01-09 15:22:59 +01:00
6543
1eacf74376
Remove duplicate assignment of CI_STEP_NAME (#3139)
Co-authored-by: Anbraten <anton@ju60.de>
2024-01-09 08:56:28 +01:00
qwerty287
5517d87dd6
Fix step depends_on as string in schema (#3099) 2024-01-01 12:16:36 +01:00
Anbraten
6fbf98f1b9
Fix slice unmarshaling (#3097)
closes #3055
2024-01-01 11:03:31 +01:00
6543
8b47b3a978
make event in pipeline schema also a constraint_list (#3082) 2023-12-31 08:49:46 +01:00
6543
2cb7669413
add just more dag tests (#3083) 2023-12-30 16:45:11 +01:00
qwerty287
a37af3eeac
Add imports checks to linter (#3056)
supersedes https://github.com/woodpecker-ci/woodpecker/pull/874

---------

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
2023-12-29 21:19:42 +01:00
qwerty287
7e2ea306c4
Remove workflow version again (#3052) 2023-12-28 14:34:13 +01:00
Kamila Borowska
4bc2fed550
Fix DAG cycle detection (#3049)
Previously a graph like this.

    a <- b
    ^    ^
    |    |
    c <- d

Was incorrectly recognized as having a cycle.

Fixes #3048.
2023-12-28 00:14:28 +01:00
6543
840fca198e
make backend step dag generation deterministic (#3037)
the the generation for backend steps if a dag is used deterministic.

this also fix where the test randomly fail like in:
- https://ci.woodpecker-ci.org/repos/3780/pipeline/11057/30
- https://ci.woodpecker-ci.org/repos/3780/pipeline/11076/25
2023-12-27 12:38:33 +02:00
Anbraten
f01ac3f0a3
Add pull request closed event (#2684)
- [x] updates docs
- [x] adjust UI
  - [x] show correct icon
  - [x] show correct link (to pr)
  - [x] add as option in secret edit
- [x] parse webhook
- [x] update tests
  - [x] github merged
  - [x] github closed
  - [x] gitea merged
  - [x] gitea closed
  - [x] bitbucket merged
  - [x] bitbucket closed
  - [x] gitlab merged
  - [x] gitlab closed

closes #286
2023-12-26 19:22:52 +01:00
Anbraten
2b1e5f35de
Add depends_on support for steps (#2771)
Co-authored-by: 6543 <6543@obermui.de>
2023-12-24 12:14:30 +01:00
Thomas Anderson
253d702bc7
Fix IPv6 host aliases for kubernetes (#2992)
Closes #2991


[Tests](https://github.com/woodpecker-ci/woodpecker/pull/2993#issuecomment-1868048169)

---------

Co-authored-by: 6543 <6543@obermui.de>
2023-12-23 00:42:30 +01:00
qwerty287
ce4f952b50
Switch to ULID (#2986)
Closes https://github.com/woodpecker-ci/woodpecker/discussions/2156
2023-12-21 20:23:51 +01:00
Nikolai Rodionov
b3541e314e
fix: Add backend_options to service linter entry (#2930)
I've tried setting resources for a service and have seen the linter
warning that is not supported, though the the pipeline was successful
and resources were actually set on the pod. So I assume it shouldn't be
a linter issue.

I"m also not sure if my change is correct, I only hope it is

## Some Context

A pipeline example (I've removed steps that are not related directly:
```yaml
---
steps:
  test:
    name: Test charts
    image: quay.io/helmpack/chart-testing
    environment:
      - DOCKER_HOST=tcp://docker:2375
    commands:
      - export PATH=$PWD/.bin:$PATH
      - apk update && apk add docker
      - kind create cluster --config kind.yaml
      - sed -i -E -e 's/localhost|0\.0\.0\.0/docker/g' ~/.kube/config
      - git fetch origin
      - |
        if [ -e .changed ]; then
          ct install --target-branch main --chart-dirs .
          ct install --target-branch main --chart-dirs . --upgrade
        fi

services:
  docker:
    image: docker:dind
    commands: dockerd -H tcp://0.0.0.0:2375 --tls=false
    privileged: true
    ports:
      - 2375
    backend_options:
      kubernetes:
        resources:
          requests:
            memory: 400Mi
            cpu: 100m
          limits:
            memory: 400Mi
            cpu: 100m
```

Pod description:
```
Containers:
  wp-01hhczdknafj81jv80gzjbgt93-0-services-0:
    Limits:
      cpu:     100m
      memory:  400Mi
    Requests:
      cpu:     100m
      memory:  400Mi
```

Warning in the Woodpecker UI:

```
[linter]woodpecker: services.dockerAdditional property backend_options is not allowed
```
2023-12-11 19:22:55 +01:00
runephilosof-karnovgroup
adb2c82790
Update go module path for major version 2 (#2905)
https://go.dev/doc/modules/release-workflow#breaking

Fixes https://github.com/woodpecker-ci/woodpecker/issues/2913 fixes
#2654
```
runephilosof@fedora:~/code/platform-woodpecker/woodpecker-repo-configurator (master)$ go get go.woodpecker-ci.org/woodpecker@v2.0.0
go: go.woodpecker-ci.org/woodpecker@v2.0.0: invalid version: module contains a go.mod file, so module path must match major version ("go.woodpecker-ci.org/woodpecker/v2")
```

---------

Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2023-12-08 08:15:08 +01:00
Lauris BH
511cfec66a
Fix schema validation with array syntax for clone and services (#2920)
Co-authored-by: Robert Kaussow <xoxys@rknet.org>
Co-authored-by: Anbraten <anton@ju60.de>
2023-12-07 16:56:13 +01:00
renovate[bot]
428fe659fe
Update golang (packages) (#2904)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| code.gitea.io/sdk/gitea | require | minor | `v0.16.0` -> `v0.17.0` |
| [github.com/antonmedv/expr](https://togithub.com/antonmedv/expr) |
require | patch | `v1.15.5` -> `v1.15.6` |
| [github.com/golang-jwt/jwt/v5](https://togithub.com/golang-jwt/jwt) |
require | minor | `v5.1.0` -> `v5.2.0` |
| [github.com/urfave/cli/v2](https://togithub.com/urfave/cli) | require
| minor | `v2.25.7` -> `v2.26.0` |

---

### Release Notes

<details>
<summary>antonmedv/expr (github.com/antonmedv/expr)</summary>

###
[`v1.15.6`](https://togithub.com/expr-lang/expr/releases/tag/v1.15.6)

[Compare
Source](https://togithub.com/antonmedv/expr/compare/v1.15.5...v1.15.6)

-   This is a new release for `expr-lang/epxr`.

</details>

<details>
<summary>golang-jwt/jwt (github.com/golang-jwt/jwt/v5)</summary>

### [`v5.2.0`](https://togithub.com/golang-jwt/jwt/releases/tag/v5.2.0)

[Compare
Source](https://togithub.com/golang-jwt/jwt/compare/v5.1.0...v5.2.0)

#### What's Changed

- Exported `NewValidator` by
[@&#8203;oxisto](https://togithub.com/oxisto) in
[https://github.com/golang-jwt/jwt/pull/349](https://togithub.com/golang-jwt/jwt/pull/349)
- Improve ErrInvalidKeyType error messages by
[@&#8203;Laurin-Notemann](https://togithub.com/Laurin-Notemann) in
[https://github.com/golang-jwt/jwt/pull/361](https://togithub.com/golang-jwt/jwt/pull/361)
- Update MIGRATION_GUIDE.md by
[@&#8203;jbarham](https://togithub.com/jbarham) in
[https://github.com/golang-jwt/jwt/pull/363](https://togithub.com/golang-jwt/jwt/pull/363)

#### New Contributors

- [@&#8203;Laurin-Notemann](https://togithub.com/Laurin-Notemann) made
their first contribution in
[https://github.com/golang-jwt/jwt/pull/361](https://togithub.com/golang-jwt/jwt/pull/361)
- [@&#8203;jbarham](https://togithub.com/jbarham) made their first
contribution in
[https://github.com/golang-jwt/jwt/pull/363](https://togithub.com/golang-jwt/jwt/pull/363)

**Full Changelog**:
https://github.com/golang-jwt/jwt/compare/v5.1.0...v5.2.0

</details>

<details>
<summary>urfave/cli (github.com/urfave/cli/v2)</summary>

### [`v2.26.0`](https://togithub.com/urfave/cli/releases/tag/v2.26.0)

[Compare
Source](https://togithub.com/urfave/cli/compare/v2.25.7...v2.26.0)

#### What's Changed

- Bash completion nits by
[@&#8203;meatballhat](https://togithub.com/meatballhat) in
[https://github.com/urfave/cli/pull/1762](https://togithub.com/urfave/cli/pull/1762)
- Chore: Rename mkdocs requirements file name by
[@&#8203;dearchap](https://togithub.com/dearchap) in
[https://github.com/urfave/cli/pull/1776](https://togithub.com/urfave/cli/pull/1776)
- Fix:(issue\_1787) Add fix for commands not listed when hide help
comma… by [@&#8203;dearchap](https://togithub.com/dearchap) in
[https://github.com/urfave/cli/pull/1788](https://togithub.com/urfave/cli/pull/1788)
- Fix nil HelpFlag panic (v2) by
[@&#8203;wxiaoguang](https://togithub.com/wxiaoguang) in
[https://github.com/urfave/cli/pull/1795](https://togithub.com/urfave/cli/pull/1795)
- Always get 0 for a nested int64 value in v2.25.7 by
[@&#8203;stephenfire](https://togithub.com/stephenfire) in
[https://github.com/urfave/cli/pull/1799](https://togithub.com/urfave/cli/pull/1799)
- Helper messages for documenting build process by
[@&#8203;abitrolly](https://togithub.com/abitrolly) in
[https://github.com/urfave/cli/pull/1800](https://togithub.com/urfave/cli/pull/1800)
- fix: check duplicated sub command name and alias by
[@&#8203;linrl3](https://togithub.com/linrl3) in
[https://github.com/urfave/cli/pull/1805](https://togithub.com/urfave/cli/pull/1805)
- Fix:(issue\_1689) Have consistent behavior for default text in man
and… by [@&#8203;dearchap](https://togithub.com/dearchap) in
[https://github.com/urfave/cli/pull/1825](https://togithub.com/urfave/cli/pull/1825)
- Fix linting issues by
[@&#8203;skelouse](https://togithub.com/skelouse) in
[https://github.com/urfave/cli/pull/1696](https://togithub.com/urfave/cli/pull/1696)

#### New Contributors

- [@&#8203;stephenfire](https://togithub.com/stephenfire) made their
first contribution in
[https://github.com/urfave/cli/pull/1799](https://togithub.com/urfave/cli/pull/1799)
- [@&#8203;linrl3](https://togithub.com/linrl3) made their first
contribution in
[https://github.com/urfave/cli/pull/1805](https://togithub.com/urfave/cli/pull/1805)

**Full Changelog**:
https://github.com/urfave/cli/compare/v2.25.7...v2.26.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am" (UTC), Automerge -
"before 4am" (UTC).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/woodpecker-ci/woodpecker).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS4zIiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: qwerty287 <ndev@web.de>
2023-12-04 20:53:46 +01:00
Thomas Anderson
3adb98b287
Simple security context options (Kubernetes) (#2550) 2023-11-26 08:46:06 +01:00
qwerty287
342b25826c
Rename link to url (#2812)
As of https://woodpecker-ci.org/docs/next/usage/terminiology#conventions
2023-11-14 17:12:12 +01:00
qwerty287
70711ed9db
Replace interface{} with any (#2807)
like golang:
2580d0e08d
2023-11-12 18:23:48 +01:00
Patrick Schratz
f3df6f8873
Add privileged schema definition (#2777)
Co-authored-by: 6543 <m.huber@kithara.com>
2023-11-09 19:31:08 +01:00
6543
5a7b689e30
Switch to go vanity urls (#2706)
Co-authored-by: Anbraten <anton@ju60.de>
2023-11-07 08:04:33 +01:00
qwerty287
1bc4415075
Add workflow version (#2476)
Closes #1834

---------

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
2023-11-06 01:37:02 +01:00
Anbraten
9e10100ad6
Fail on missing secrets (#2749)
Co-authored-by: pat-s <patrick.schratz@gmail.com>
2023-11-05 12:47:42 +01:00
Anbraten
a0f2ee9506
Add deprecation warnings (#2725) 2023-11-04 15:30:47 +01:00
Anbraten
5ff006614f
Enhance linter and errors (#1572)
Co-authored-by: 6543 <m.huber@kithara.com>
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2023-11-03 11:44:03 +01:00
qwerty287
c1faa95d8f
Revert breaking pipeline changes (#2677)
Revert #2180 and #2480 so we can release v2.0 without breaking changes
in pipeline config.

After merging #2476 we should apply these changes to a new v2.

After merging this, we should be ready for the 2.0 release.

---------

Co-authored-by: Anbraten <anton@ju60.de>
2023-11-02 15:31:49 +01:00
Thomas Anderson
de53b906e8
Add ports into pipeline backend step model (#2656)
Closes #2655.


[Pipeline](https://woodpecker-ci.org/docs/next/usage/services#complete-pipeline-example):
```yaml
services:
  database:
    image: mysql
    environment:
      - MYSQL_DATABASE=test
      - MYSQL_ROOT_PASSWORD=example
    ports:
      - 3306

steps:
  get-version:
    image: ubuntu
    commands:
      - ( apt update && apt dist-upgrade -y && apt install -y mysql-client 2>&1 )> /dev/null
      - sleep 60s # need to wait for mysql-server init
      - echo 'SHOW VARIABLES LIKE "version"' | mysql -uroot -hdatabase test -pexample
```

Service:
```yaml
apiVersion: v1
kind: Service
metadata:
  name: wp-01hdq6gbkw1mn6k1655fs3rntf-0-services-0
  namespace: woodpecker-runtime
  ...
  selfLink: >-
    /api/v1/namespaces/woodpecker-runtime/services/wp-01hdq6gbkw1mn6k1655fs3rntf-0-services-0
status:
  loadBalancer: {}
spec:
  ports:
    - protocol: TCP
      port: 3306
      targetPort: 3306
  selector:
    step: database
  clusterIP: 10.43.180.120
  clusterIPs:
    - 10.43.180.120
  type: ClusterIP
  sessionAffinity: None
  ipFamilies:
    - IPv4
  ipFamilyPolicy: SingleStack
  internalTrafficPolicy: Cluster
```
2023-11-02 04:12:41 +01:00
6543
e83357833d
Use path.Join for server side path generation (#2689)
make sure to have valid config even when server is running under windows

---
*Sponsored by Kithara Software GmbH*
2023-11-01 11:29:44 +01:00
qwerty287
e74115027b
Add some tests (#2652)
and some cleanups
2023-10-28 13:37:54 +02:00
Anbraten
f44aa8a6fd
Remove plugin-only option from secrets (#2213) 2023-10-24 20:38:47 +02:00
Anbraten
62d6a6bc34
Move skip-ci back in front of config fetching (#2555) 2023-10-09 18:15:53 +02:00
qwerty287
46273e54d8
Require Go 1.21 (#2553)
Main change are the new `maps` and `slices` stdlib packages so we can
replace `golang.org/x/exp`.
2023-10-09 09:11:08 +02:00
renovate[bot]
e8ef1fb3c1
fix(deps): update module github.com/docker/distribution to v2.8.3+incompatible (#2517) 2023-10-03 09:35:40 +02:00
qwerty287
842e8a8e50
Remove deprecated options parsing (#2480)
Main change is that backwards compatibility to `platform` was removed.
Part of
https://github.com/woodpecker-ci/woodpecker/discussions/2170#discussioncomment-7047394
2023-09-20 13:48:34 +02:00
Kleber Rocha
61b5672051
Add option to configure tolerations in kubernetes backend (#2249)
This code add a feature to support tolerations in Kubernetes Backend

---------

Signed-off-by: Kleber Rocha <klinux@gmail.com>
2023-08-22 22:34:59 +02:00
6543
55e98a186a
Skip settings proxy config with WithProxy if its empty (#2242)
close #2208
2023-08-18 13:09:28 +02:00
6543
a5ef372190
Move "skip ci" logic into global pipeline conditions (#2216)
... and make custom errors follow std err conventions

this fix a 500 response if the whole pipeline is filtered out
2023-08-17 15:52:43 +02:00
6543
0563d7a30f
Bump default git clone plugin (#2215)
- and add alternate quay registry to trusted clone image
- add alternate registry for buildx plugin
2023-08-16 15:17:43 +02:00
qwerty287
8cdac56d8f
Check for correct license header (#2137) 2023-08-10 11:06:00 +02:00
6543
eb8fb407f9
Add TestCompilerCompile (#2183)
just add tests about compile frontend config into backend config
2023-08-10 09:52:52 +02:00
6543
23ad363c97
fix error message 2023-08-10 00:01:16 +02:00