Commit graph

90 commits

Author SHA1 Message Date
tsufeki
db45794091
Fix apparmorProfile being ignored when it's the only field (#4507) 2024-12-03 17:29:03 +02:00
6543
ebf9f9ccbb
Add dns config option to official feature set (#4418)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-11-25 17:59:00 +01:00
6543
07baae28af
address review lint issues (#4354) 2024-11-11 15:25:31 +01:00
Patrick Schratz
b5915f605b
fix error="io: read/write on closed pipe" on k8s backend (#4281) 2024-11-08 11:00:03 +01:00
6543
bf5405b6cc
Respect directory option for steps again (#4319) 2024-11-06 23:21:56 +01:00
Patrick Schratz
560eab96f0
Kubernetes | Docker: Add support for rootless images (#4151) 2024-11-02 18:07:27 +01:00
Andrew Melnick
b52b021acb
Implement registries for Kubernetes backend (#4092)
According to [the documentation](https://woodpecker-ci.org/docs/administration/backends/kubernetes#images-from-private-registries), per-organization and per-pipeline registries are currently unsupported for the Kubernetes backend.

This patch implements this missing functionality by creating and deleting a matching secret for each pod with a matched registry, using the same name, labels, and annotations as the pod, and appending it to its `imagePullSecrets` list.

This patch adds tests for the new functionality, and has been manually end-to-end-tested in KinD by using a private image hosted in the matching gitea instance.

This will require updating the matching helm charts to add the create/delete permissions to the agent role, which **is already done**.

close  #2987
2024-09-30 01:03:05 +01:00
qwerty287
bcecbbd398
Fix lint (#4032) 2024-08-14 22:37:05 +03:00
Thomas Anderson
ca41540151
Switched to profile-based AppArmor configuration (#4008)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-08-06 19:05:04 +02:00
Thomas Anderson
dc10fb95ad
Removed Kubernetes default image pull secret name (#4005)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-08-06 18:47:31 +02:00
Thomas Anderson
c5746ccb50
Fail on InvalidImageName (#4007) 2024-08-06 17:07:07 +02:00
6543
b2970dbf0d
Refactor docker backend and add more test coverage (#2700)
collection of some smal nit's and additions of tests
2024-07-21 21:28:10 +02:00
6543
cd5f6f71a2
Migrate to github.com/urfave/cli/v3 (#2951) 2024-07-18 01:26:35 +02:00
Thomas Anderson
7bc38a1d8b
K8s secrets reference from step (#3655) 2024-06-23 18:20:21 +02:00
Thomas Anderson
065eebd306
Agent-wide node selector (#3608)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-06-03 17:25:28 +02:00
Anbraten
f6904d6662
Fix privileged steps in kubernetes (#3711) 2024-05-30 18:53:03 +02:00
6543
42f2734308
cspell lint go code (#3706) 2024-05-24 22:35:04 +02:00
renovate[bot]
37ea906958
fix(deps): update golang-packages (#3713)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: qwerty287 <qwerty287@posteo.de>
2024-05-23 17:37:21 +02:00
Robert Kaussow
89e100cfd1
Add godot linter to harmonitze toplevel comments (#3650) 2024-05-13 22:58:21 +02:00
Thomas Anderson
ae72102503
Ability to set pod annotations and labels from step (#3609)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-05-11 11:45:29 +02:00
qwerty287
225ddb586d
Rework entrypoints (#3269)
Co-authored-by: Thomas Anderson <127358482+zc-devs@users.noreply.github.com>
Co-authored-by: 6543 <m.huber@kithara.com>
2024-05-02 14:52:01 +02:00
Elias
f211a780f3
Handle ImagePullBackOff pod status (#3580)
close: https://github.com/woodpecker-ci/woodpecker/issues/3555

Put the same logic from `waitStep` and call the function
`isImagePullBackOffState` in the `tailStep` function.

---------

Co-authored-by: elias.souza <elias.souza@quintoandar.com.br>
Co-authored-by: Anbraten <6918444+anbraten@users.noreply.github.com>
2024-04-15 09:08:13 +02:00
YR Chen
e1b574a4bc
Add runtimeClassName in Kubernetes backend options (#3474)
Resolves #3473

---------

Co-authored-by: Thomas Anderson <127358482+zc-devs@users.noreply.github.com>
2024-03-29 10:29:07 +01:00
qwerty287
2029813fc2
Remove unused cache properties (#3567) 2024-03-29 09:48:28 +01:00
Robert Kaussow
a779eed3df
Enable golangci linter gomnd (#3171) 2024-03-15 18:00:25 +01:00
zowhoey
ad507d8ee4
Move generic agent flags to cmd/agent/core (#3484) 2024-03-15 11:31:35 +01:00
Anbraten
9db9c7116f
Improve security context handling (#3482) 2024-03-13 22:41:13 +01:00
Elias
bffc9c8ff8
fix: can't run multiple services on k8s (#3395)
Fix Issue: https://github.com/woodpecker-ci/woodpecker/issues/3288

The way the pod service starts up makes it impossible to run two or more
pipelines at the same time when we have a service section.

The idea is to set the name of the service in the same way we did for
the pod name.

Pipeline: 

```yaml

services:
  mydb:
    image: mysql
    environment:
      - MYSQL_DATABASE=test
      - MYSQL_ROOT_PASSWORD=example
    ports:
      - 3306/tcp
steps:
  get-version:
    image: ubuntu
    commands:
      - ( apt update && apt dist-upgrade -y && apt install -y mysql-client 2>&1 )> /dev/null
      - sleep 30s # need to wait for mysql-server init
      - echo 'SHOW VARIABLES LIKE "version"' | mysql -uroot -hmydb test -pexample
```

Running more than one pipeline result:


![image](https://github.com/woodpecker-ci/woodpecker/assets/22245125/e512309f-0d1e-4125-bab9-2357a710fedd)

---------

Co-authored-by: elias.souza <elias.souza@quintoandar.com.br>
2024-02-17 12:30:06 +01:00
Anbraten
0b91317cde
Fix linter (#3354) 2024-02-08 22:49:07 +01:00
qwerty287
6892a9ca57
Parse backend options in backend (#3227)
Currently, backend options are parsed in the yaml parser.
This has some issues:
- backend specific code should be in the backend folders
- it is not possible to add backend options for backends added via
addons
2024-02-08 18:39:32 +01:00
qwerty287
f92f8b17a3
Make agent usable for external backends (#3270) 2024-02-08 16:33:22 +01:00
Fernando Barbosa
c7467b9828
fix: agent panic when node is terminated during step execution (#3331)
Fixes https://github.com/woodpecker-ci/woodpecker/issues/3330

This adds error handling on the agent's WaitStep function, on two
sections where it could encounter a `panic: runtime error: invalid
memory address or nil pointer dereference` in case it could no longer
access complete information about a specific pod.

This error was found to happen if the node in which the pod was running
was terminated during the step's execution.
spite active pipelines being executed on the node.

Now instead of a panic on the agent's logs and undefined behavior on the
UI it will display a more helpful error message on the UI.

### Additional context

We observed the bug first on v2.1.1, but tested the fix internally on
top of 2.3.0.


![image](https://github.com/woodpecker-ci/woodpecker/assets/7269710/dfbcf089-85f7-4b5d-8102-f21af95c5cda)
2024-02-05 22:46:14 +01:00
Thomas Anderson
e5c83190c7
Sanitize pod's step label (#3275)
Closes #3272
2024-01-26 13:42:21 +01:00
Elias
1c3159ebb7
fix: bug pod service without label service (#3256) 2024-01-23 07:42:47 +01:00
qwerty287
6925afd83b
Pin prettier version (#3260) 2024-01-22 21:38:47 +02:00
Elias
32a1199519
fix: bug annotations (#3255)
Fix Issue: https://github.com/woodpecker-ci/woodpecker/issues/3254

Co-authored-by: elias.souza <elias.souza@quintoandar.com.br>
2024-01-22 13:39:49 +01:00
Thomas Anderson
072fa29f4a
Fixed Pods creation of WP services (#3236)
Closes #3178
2024-01-21 03:56:37 +01:00
qwerty287
d1d2e9723d
Support custom steps entrypoint (#2985)
Closes https://github.com/woodpecker-ci/woodpecker/issues/278

---------

Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: 6543 <6543@obermui.de>
2024-01-19 05:34:02 +01:00
Thomas Anderson
10f2e209d6
Secured kubernetes backend configuration (#3204)
Follow up of #3165
2024-01-15 03:59:08 +01:00
qwerty287
b9f6f3f9fb
Replace goimports with gci (#3202)
`gci` seems to be much more strict.
2024-01-14 18:22:06 +01:00
Thomas Anderson
0611fa9b32
Added protocol in port configuration (#2993)
Closes  #2727
2024-01-12 23:57:24 +01:00
Thomas Anderson
9bbc446009
Kubernetes AppArmor and seccomp (#3123)
Closes #2545

seccomp
https://kubernetes.io/docs/tutorials/security/seccomp/

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/135-seccomp/README.md

AppArmor
https://kubernetes.io/docs/tutorials/security/apparmor/

fddcbb9cbf/keps/sig-node/24-apparmor/README.md
Went ahead and implemented API from KEP-24 above.
2024-01-12 23:32:24 +01:00
Robert Kaussow
9bbba4441d
Enable golangci linter forcetypeassert (#3168)
Split out from https://github.com/woodpecker-ci/woodpecker/pull/2960
2024-01-12 02:01:02 +01:00
Robert Kaussow
f813badcf9
Enable golangci linter contextcheck (#3170)
Split out from https://github.com/woodpecker-ci/woodpecker/pull/2960
2024-01-11 22:15:15 +01:00
qwerty287
b0a2b1cf2d
Lowercase all log strings (#3173)
from #3161

---------

Co-authored-by: 6543 <6543@obermui.de>
2024-01-11 19:17:07 +01:00
6543
d1fe86b7be
Use UUID as podName and cleanup arguments for Kubernetes backend (#3135)
to much args are just horrible to maintain. And we already have it nice
structured stored as step.
2024-01-11 16:32:37 +01:00
Robert Kaussow
7756c60a33
Enable golangci linter stylecheck (#3167)
This PR only fixes error string formatting, log message strings are
still mixed upper/lowercase (see
https://github.com/woodpecker-ci/woodpecker/pull/3161#issuecomment-1885140649)
and I'm not aware of a linter to enforce it.
2024-01-10 22:56:42 +01:00
qwerty287
00df53e941
Clean up logging (#3161)
- use `Err` method instead of format strings
- use `Msg` if no format string is used
2024-01-10 20:57:12 +01:00
qwerty287
12c40eb957
Enable gocritic and don't ignore globally (#3159)
Use `nolint` directives instead.

From #2960
2024-01-10 15:34:44 +01:00
qwerty287
768fd71841
Enable some linters (#3129)
Mostly those that did not require much work.

From #2960

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
2024-01-09 21:35:37 +01:00