Commit graph

3985 commits

Author SHA1 Message Date
mscherer
c3788d943f
Fix insecure /tmp usage in local backend (#872)
Since /tmp is writable by everybody, a user could precreate
/tmp/woodpecker with 777 permissions, allowing them to modify the
pipeline while it is being run, or preventing the pipeline from running.

And since os.MkdirAll error code wasn't checked, the same attacker
could have precreated the directory where the pipeline is executed to
mess with the run, allowing code execution under the UID of the
agent (who has access to the toke, to communicate with the server, which
mean a attacker could inject a fake agent, steal credentials, etc)
2022-04-06 03:33:00 +02:00
mscherer
1fb8003294
Display system CA error only if there is an error (#870) 2022-04-05 14:37:02 +02:00
mscherer
cddc54bae4
Set default logging value of cli to info (#871) 2022-04-05 14:10:10 +02:00
Walter Reiner
c310363c99
Add ingressClassName to ingress template (#858) 2022-03-31 23:06:44 +02:00
qwerty287
eb6d69e1fd
Use Gogs' try instance as default value (#852) 2022-03-27 04:05:56 +02:00
Anbraten
50d5c53cf6
Add preview deployments for docs for pull-requests (#820) 2022-03-23 10:31:12 +01:00
Andreas Brain
4cfe01b078
Fix broken link (#844) 2022-03-20 23:44:54 +01:00
Anbraten
6ae7e2cc4f
Fix uppercase from_secrets (#842)
Secret names where matched based on their lowercase value already just the conversion to lowercase for `from_secrets` was missing.
2022-03-19 12:34:32 +01:00
6543
d49e2fdf17
[docs] show twitter link with content 2022-03-14 15:09:00 +01:00
modularTaco
02d4324492
[Charts] Add option to pass in updateStrategy (#838) 2022-03-14 15:04:15 +01:00
Anthony Wang
80c72b590c
Add support to run pipelines using a local backend (#709)
This adds support for #559. I tested using [this .woodpecker.yml](https://git.exozy.me/Ta180m/Hello-world/src/branch/main/.woodpecker.yml) on my self-hosted [Woodpecker instance](https://ci.exozy.me/Ta180m/Hello-world). I was also able to get this to build [Hugo websites](https://ci.exozy.me/Ta180m/howtuwu/build/1). It's currently very simplistic but works!

close #559
2022-03-10 22:07:02 +01:00
eleith
e0d8d13a91
fix pipeline schema to support branch as an array in 'when' (#836) 2022-03-09 15:49:06 +01:00
Johan Van de Wauw
8fa2a5efe4
Fix various typos (#835) 2022-03-09 01:44:08 +01:00
Anbraten
e178b7b4b2
Improve agent backend loading and suppress expectable errors (#818)
* improve agent loop loading backend once

* supress container not found or stopped warnings
2022-03-08 16:21:43 +01:00
mscherer
32d56ed795
Fix links in documentation (#832) 2022-03-04 09:16:21 +01:00
Anbraten
90dcc77870
fix secret updating (#828) 2022-03-03 15:24:20 +01:00
6543
313e72e56a
adapt change of #822 for release branch 2022-03-02 18:21:39 +01:00
Lukas Bachschwell
c16d42f81e
Add missing flag and docs (#825)
* Add missing flag and docs

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>
Co-authored-by: Anbraten <anton@ju60.de>
2022-03-02 16:49:00 +01:00
Anbraten
2f6f44417d
Add editing of secrets and registries (#823) 2022-03-02 00:19:33 +01:00
relnod
da99f47553
Build multiarch images for server (#821)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Anbraten <anton@ju60.de>
2022-03-01 16:40:24 +01:00
Lukas Bachschwell
09e6460f95
Allow loading sensitive flags from files (#815)
With systems like docker swarm or docker compose it is usually a little awkward to manage secrets. 
There is no way to directly inject them into the environment config. So you often have to write your secrets directly into the compose file

There are hacky workarounds such as overriding the entry-point of the container and loading a script which then fetches secrets from /run/secrets and replaces the environment variables, but this becomes very difficult once we are using docker images built from "scratch" (which is a really great practice otherwise) as there is no shell or standard tooling available

This adds a *_FILE variant of their Environment config values to work around this issue.

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>
2022-03-01 16:09:33 +01:00
6543
86748bb8f6
Fix Makefile by exposing VERSION_NUMBER var for bundle targets (#816) 2022-03-01 12:28:44 +01:00
Lukas Bachschwell
59ba8538a1
Add support for pipeline configuration service (#804)
* Add configuration extension flags to server
Add httpsignatures dependency

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Add http fetching to config fetcher

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Refetch config on rebuild

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* - Ensure multipipeline compatiblity
- Send original config in http request

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Basic tests of config api

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Simple docs page

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Better flag naming

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Rename usages of the term yaml
Rename ConfigAPI struct

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Doc adjustments

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* More docs touchups

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Fix env vars in docs

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* fix json tags for api calls

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Add example config service

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Consistent naming for configService

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Docs: Change example repository location

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Fix tests after response field rename

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Revert accidential unrelated change in api hook

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Update server flag descriptions

Co-authored-by: Anbraten <anton@ju60.de>

Co-authored-by: Anbraten <anton@ju60.de>
2022-02-28 10:56:23 +01:00
6543
a3ac393264
Use shared func for registering Sigterm on a context (#799) 2022-02-28 09:27:31 +01:00
Lukas Bachschwell
a2315fe931
Do not filter on linux/amd64 per default (#805)
* Do not filter on linux/amd64 per default & add tests

Tasks with no platform would otherwise not perform on runners with different OS/ARCH combos

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>
Co-authored-by: 6543 <6543@obermui.de>
2022-02-26 22:54:28 +01:00
qwerty287
ecc25395aa
Branch list enhancements (#808)
* Allow users not logged in to access branches page
  (fixes a nil pointer derefernce)

* Add Gogs support for branches
2022-02-26 17:36:00 +01:00
Anbraten
40b5c6a320
Add hint for not visibles trusted option in project settings for non-admins (#807) 2022-02-26 15:01:51 +01:00
6543
4607cf5f59
Split GRPC code of related contexts into separate files (#798) 2022-02-26 14:37:10 +01:00
Anbraten
1cc8122ec8
Support all backends for cli exec (#801) 2022-02-26 03:02:42 +01:00
Anbraten
52d8097290
Get Netrc machine from clone url (#800)
We previously got the machine hostname for Netrc from the url of the remote, but in cases where the clone-url does not match the api url this can lead to errors.
2022-02-26 02:54:15 +01:00
6543
8ae124d5e6
Remove unused code (#797)
* delete empty code files

* delete outdated readme

* delete unused code

* dedup license
2022-02-25 21:42:45 +01:00
6543
e33fd13468
CI: bump golang version (#794) 2022-02-25 12:08:48 +01:00
6543
7a4c6d32de
Changelog v0.15.0 (#790)
Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-02-24 17:34:49 +01:00
6543
56a854fe14
Update deps (#789)
* update github.com/docker/cli

* update github.com/docker/distribution

* update github.com/docker/docker

* update github.com/gin-gonic/gin

* update github.com/golang-jwt/jwt/v4

* update github.com/golangci/golangci-lint

* update github.com/gorilla/securecookie

* update github.com/mattn/go-sqlite3

* update github.com/moby/moby

* update github.com/prometheus/client_golang

* update github.com/xanzy/go-gitlab
2022-02-24 17:33:24 +01:00
6543
505cf8c09a
make gRPC error "to many keepalive pings" only show up in trace logs (#787)
hotfix #717

This comes from the agent being inactive / not sending and requesting any data if there a no pipelines waiting for him to execute. GRPC seems to only allow 2 pings without calling an actual endpoint before closing the connection. I think this will be indirectly solved in the moment we implement something like #536

https://github.com/grpc/grpc/blob/master/doc/keepalive.md

Co-authored-by: Anbraten <anton@ju60.de>
2022-02-24 15:53:44 +01:00
6543
f97f6f25b3
fix nfpm (#788)
fix #774
2022-02-24 15:35:11 +01:00
qwerty287
28e96a3851
View better error if repo was deleted/renamed (#780)
If the repo was renamed, there's an issue with Gitea: it redirects the /api/v1/repos/<owner>/<repo>/hooks POST request to a GET request at the same URL.
This URL returns the list of all hooks, thus the Gitea SDK can't parse the response into a single gitea.Hook type.

A better error is also visisble if the repo was deleted.
2022-02-24 14:54:05 +01:00
6543
c4960cdd2c
Ignore items from WOODPECKER_ENVIRONMENT only containing a key and no value (#781)
* fix 761

* refactor: rename to match what it does & log ignore case
2022-02-23 08:59:52 +01:00
René Schaar
dde0678246
Update docker hub link (#779)
The old docker hub link directs you either to a login page or to your profile. I think it makes more sense to redirect the user directly to available images in the explore tab
2022-02-20 21:47:49 +01:00
qwerty287
13030b3d19
Increase margin for "No pipeline steps available!" (#777)
Just a simple UI improvement, set margin to `1rem` on the "No pipeline steps available!" message.
2022-02-14 15:21:28 +01:00
Anbraten
637291db4e
Follow-up for date tooltip (#766)
- ​load the Tooltip component on demand
- to show date in format same to Github and Gitea use it for commit ago time tooltips
2022-02-14 11:02:17 +01:00
Zav Shotan
905350fa15
Add support for default clone image environment variable (#769)
This allows for custom clone images for deployment in air-gap systems.

Co-authored-by: Zav Shotan <zshotan@bloomberg.net>
2022-02-10 17:05:19 +01:00
Zav Shotan
51904c9ee1
Add support for building in docker (#759)
be able to build woodpecker on any environment

Co-authored-by: Zav Shotan <zshotan@bloomberg.net>
Co-authored-by: 6543 <6543@obermui.de>
2022-02-10 15:12:47 +01:00
Anbraten
3b4dc03486
Move vcs configs and hide some unstable options from docs (#755)
move vcs configs to their pages, hide some unclear options
2022-02-09 20:32:38 +01:00
mscherer
3b52afab93
Use DOCKER_HOST env to search for docker before searching for a hardcode docker socket (#763)
Fix #757
2022-02-09 00:08:20 +01:00
9p4
7521336627
Show date time on hover over time items (#756)
Adds a tooltip that shows the date and time when hovering over "created at" times.
2022-02-08 17:41:16 -05:00
Zav Shotan
f16525fae5
Add flag to always authenticate when cloning public repositories (#760)
As a developer using an custom git server (e.g. Github Enterprise) I would like to be able to authenticate 
the user on repositories which are marked as public.

See issue: https://github.com/woodpecker-ci/woodpecker/issues/473

Ref: https://github.com/woodpecker-ci/woodpecker/pull/693#issuecomment-1025771162
2022-02-08 17:55:08 +01:00
9p4
8ce41788e8
Add repo-link to badge markdown in UI (#753)
Co-authored-by: Anbraten <anton@ju60.de>
2022-02-06 22:05:02 +01:00
KN4CK3R
5f79739bc0
Add documentation of all server configuration options (#666)
* Added documentation of all configuration options.

* sort some flags

* adjust config docs to current flags

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Anton Bracke <anton@ju60.de>
2022-02-06 21:21:57 +01:00
valentinleistner
6bb964921e
Add page to view all projects of a user / group (#741)
* ReposOwner view

shows all repos owned by a person or organization
uses /:repoOwner urls (e. g. ci.example.org/example-org)
also includes a link from the repo page to the owner page
related to #468

* ReposOwner remove add btn; msg if no projects; grid

implements the changes suggested by @anbraten:
- removed the `add repository` button
- now shows a message `This organization / user does not have any projects yet.`
  when appropriate

now uses `grid` instead of `flex` on desktop to keep the search bar
centered and always in the same place
2022-02-06 20:59:45 +01:00