To fix security scan issues of `axios`. (renovate would have only
scheduled this tomorrow or on Sunday). I force-triggered the creation.
Usually renovate would also create the PR but it was somehow stuck
between automerge and missing branch tests (which is also why #2798 is
good to have).
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: qwerty287 <ndev@web.de>
Closes#1660
Taken out the part of it that's still up-to-date.
Everything else in this PR is outdated as we don't primarily use quay.io
---------
Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: Patrick Schratz <patrick.schratz@gmail.com>
[](https://renovatebot.com)
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency
versions.
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - "before 4am" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/woodpecker-ci/woodpecker).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMS41IiwidXBkYXRlZEluVmVyIjoiMzcuMzEuNSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Adds some editorial improvements that hopefully clarify the usage of
secrets.
Fixes#2704
---------
Co-authored-by: Michael Holtermann <michael.holtermann@lynq.tech>
Revert #2180 and #2480 so we can release v2.0 without breaking changes
in pipeline config.
After merging #2476 we should apply these changes to a new v2.
After merging this, we should be ready for the 2.0 release.
---------
Co-authored-by: Anbraten <anton@ju60.de>
implement this fix but with an additional field on workflows to not
change the workflow name
closes#1840closes#713
---------
Co-authored-by: 6543 <6543@obermui.de>
The SSH backend is, similar to Gogs and Coding for forges, completely
unmaintained and seems unused (it is likely broken but we didn't get any
reports).
Instead, you should directly run the agent on the SSH machine with the
`local` backend.
Hi I created a small docs draft adding install instructions for NixOS
since I initially wrote the woodpecker NixOS module which is now in
stable for ~6 months and multiple people my self included actively use
it. cc @ambroisie since we co-maintain it and he did a lot of
improvement work on the module.
Add scopes needed when creating Github application.
Removed "repo:status" scope, because it is included in already requested
"repo" scope.
Fixes: #1081
CRI-O currently requires some additional config for pipelines to run.
This adds some basic documentation to the kubernetes section explaining
the issue.
See #2510
I had experienced some issues running Woodpecker behind a reverse-proxy,
resulting from not defining the `WOODPECKER_ROOT_PATH` environment
variable in #2477.
As suggested by @qwerty287, specifying `WOODPECKER_ROOT_PATH=/foo`
*mostly* solved the issue of running the woodpecker server at an url
like `https://example.org/foo`.
However, the webhook urls and badge urls were generated excluding the
configured `WOODPECKER_ROOT_PATH`.
This PR (mostly) fixes issues related to non-empty
`WOODPECKER_ROOT_PATH`.
---------
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
- Slimify
- Add required permissions (missing so far)
- More detailed instructions on app settings
- Align env var options to style used in k8s section (UL instead of
headers)
---------
Co-authored-by: Lauris BH <lauris@nix.lv>
The `runs_on` section is missing from the syntax docs. So I added a
section for it, and linked to an example.
It's good enough. But I think it might be a good idea for someone (with
more knowledge than me) to add more info in this section. How to use it,
when to use it, etc. The example is useful but not very informative.
The current documentation mentions that when one uses woodpecker on the
same host as Gitlab, you might need to set the `Allow requests to the
local network from webhooks and integrations` option on the gitlab
server.
This option not only needs to be set when running on the same host, but
also needs to be set when setting up woodpecker with Gitlab on any
RFC1918 net and on any non standard TLD like `.local` or `.internal`.
official spec linked at top of page is inaccessible for most readers
(it's too dry and academic)
so added famous cheatsheet (heavily promoted on StackOverflow)
As suggested in
https://github.com/woodpecker-ci/woodpecker/discussions/2160.
- Simplified wording
- Referenced helm chart
- Removed "experimental" banner as the k8s backend is quite stable I'd
say (after using it for months now)
- Add example for `resources` definition`
---------
Co-authored-by: Anbraten <anton@ju60.de>
1. new translation docs
2. lazy-load TimeAgo locales (used for "x min ago" messages). This 1.
reduces size and 2. provides all languages without adding them manually.
3. Remove DayJS locales, they're unused.
Related-to: https://github.com/woodpecker-ci/woodpecker/pull/2078
Remaining CVEs:
```
❯ trivy fs --exit-code 1 --skip-dirs node_modules/,plugins/woodpecker-plugins/node_modules/ docs/
2023-08-01T10:02:36.911+0200 INFO Vulnerability scanning is enabled
2023-08-01T10:02:36.911+0200 INFO Secret scanning is enabled
2023-08-01T10:02:36.911+0200 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-08-01T10:02:36.911+0200 INFO Please see also https://aquasecurity.github.io/trivy/v0.43/docs/scanner/secret/#recommendation for faster secret detection
2023-08-01T10:02:36.963+0200 INFO Number of language-specific files: 1
2023-08-01T10:02:36.963+0200 INFO Detecting pnpm vulnerabilities...
pnpm-lock.yaml (pnpm)
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0)
┌─────────┬────────────────┬──────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├─────────┼────────────────┼──────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ got │ CVE-2022-33987 │ MEDIUM │ 9.6.0 │ 11.8.5, 12.1.0 │ missing verification of requested URLs allows redirects to │
│ │ │ │ │ │ UNIX sockets │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-33987 │
├─────────┼────────────────┼──────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ trim │ CVE-2020-7753 │ HIGH │ 0.0.1 │ 0.0.3 │ nodejs-trim: Regular Expression Denial of Service (ReDoS) in │
│ │ │ │ │ │ trim function │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-7753 │
└─────────┴────────────────┴──────────┴───────────────────┴────────────────┴──────────────────────────────────────────────────────────────┘
```
- `trim` is pulled in by `@docusaurus/theme-classic` and can be ignored
due to
https://github.com/facebook/docusaurus/issues/7275#issuecomment-1113997259
- `got` can be ignored as well, see `trim`
