Commit graph

123 commits

Author SHA1 Message Date
6543
5b208d2c01
Allow admins to specify priviledged plugins by name **and tag** (#4075)
previous the tags where ignored, now we respect them if set
2024-09-01 21:27:12 +02:00
6543
3c8204a0e0
Allow alter trusted clone plugins and filter them via tag (#4074) 2024-09-01 20:41:10 +02:00
6543
fb6068d836
Add option to filter secrets by plugins with specific tags (#4069)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-08-31 13:46:50 +02:00
qwerty287
aafd217cce
Remove old pipeline options (#4016) 2024-08-15 18:58:51 +02:00
6543
31a45e5633
Add blocklist of environment variables who could alter execution of plugins (#3934) 2024-07-18 22:54:29 +02:00
6543
764329ed1d
Make sure plugins only mount the workspace base in a predefinde location (#3933) 2024-07-18 22:52:22 +02:00
6543
7b7c83d040
remove undocumented networks option from steps (#3915)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-07-18 18:18:39 +02:00
6543
e39345688d
Allow to change the working directory also plugins and services (#3914) 2024-07-18 01:02:38 +02:00
Anbraten
f6904d6662
Fix privileged steps in kubernetes (#3711) 2024-05-30 18:53:03 +02:00
6543
42f2734308
cspell lint go code (#3706) 2024-05-24 22:35:04 +02:00
Robert Kaussow
89e100cfd1
Add godot linter to harmonitze toplevel comments (#3650) 2024-05-13 22:58:21 +02:00
qwerty287
2029813fc2
Remove unused cache properties (#3567) 2024-03-29 09:48:28 +01:00
qwerty287
75803dba41
Fix uppercased env (#3516)
closes #3515 

I think after this is fixed, we should publish a new release as this can
be quite important.

Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
2024-03-20 16:53:33 +02:00
qwerty287
9b0c4e4e3c
Fix env var naming (#3438)
closes #3436
2024-02-25 10:12:40 +01:00
6543
6eafb37aba
nit: compiler.Compile explizite init Environment map 2024-02-23 17:40:52 +01:00
qwerty287
d59bc64823
Fix server panic (#3426)
Closes #3424
2024-02-23 16:32:06 +01:00
qwerty287
de5c65939a
Deprecate alternative names on secrets (#3406)
Closes https://github.com/woodpecker-ci/woodpecker/discussions/2274

# deprecation of alternative names

Instead of
```yaml
secrets:
  - source: some_secret
    target: some_env
```
you now write:
```yaml
environment:
  some_env:
    from_secret: some_secret
```

Also, it's possible to use complex yaml objects in `environment`,
they're turned into json (just like `settings`).
2024-02-22 18:25:57 +01:00
qwerty287
0c9bbf91a3
Do not alter secret key upper-/lowercase (#3375) 2024-02-20 14:20:25 +01:00
Anbraten
0b91317cde
Fix linter (#3354) 2024-02-08 22:49:07 +01:00
qwerty287
6892a9ca57
Parse backend options in backend (#3227)
Currently, backend options are parsed in the yaml parser.
This has some issues:
- backend specific code should be in the backend folders
- it is not possible to add backend options for backends added via
addons
2024-02-08 18:39:32 +01:00
Anbraten
0b5eef7d1e
Improve secret availability checks (#3271) 2024-01-27 20:59:44 +01:00
qwerty287
5e2f7d81b3
Clean up models (#3228) 2024-01-22 07:56:18 +01:00
qwerty287
d1d2e9723d
Support custom steps entrypoint (#2985)
Closes https://github.com/woodpecker-ci/woodpecker/issues/278

---------

Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: 6543 <6543@obermui.de>
2024-01-19 05:34:02 +01:00
qwerty287
001b5639a6
Use assert for test (#3201)
instead of `if`s
2024-01-14 19:33:58 +01:00
qwerty287
b9f6f3f9fb
Replace goimports with gci (#3202)
`gci` seems to be much more strict.
2024-01-14 18:22:06 +01:00
Thomas Anderson
0611fa9b32
Added protocol in port configuration (#2993)
Closes  #2727
2024-01-12 23:57:24 +01:00
Thomas Anderson
9bbc446009
Kubernetes AppArmor and seccomp (#3123)
Closes #2545

seccomp
https://kubernetes.io/docs/tutorials/security/seccomp/

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/135-seccomp/README.md

AppArmor
https://kubernetes.io/docs/tutorials/security/apparmor/

fddcbb9cbf/keps/sig-node/24-apparmor/README.md
Went ahead and implemented API from KEP-24 above.
2024-01-12 23:32:24 +01:00
6543
f8fb28e651
More docker backend test remove more undocumented (#3156)
remove Sysctls and IpcMode
2024-01-11 19:30:13 +01:00
qwerty287
12c40eb957
Enable gocritic and don't ignore globally (#3159)
Use `nolint` directives instead.

From #2960
2024-01-10 15:34:44 +01:00
qwerty287
1b380ff4b4
Enable nolintlint (#3158) 2024-01-10 12:11:18 +01:00
6543
cd59a85230
Use name in backend types instead of alias (#3142) 2024-01-09 15:22:59 +01:00
6543
1eacf74376
Remove duplicate assignment of CI_STEP_NAME (#3139)
Co-authored-by: Anbraten <anton@ju60.de>
2024-01-09 08:56:28 +01:00
Anbraten
6fbf98f1b9
Fix slice unmarshaling (#3097)
closes #3055
2024-01-01 11:03:31 +01:00
6543
2cb7669413
add just more dag tests (#3083) 2023-12-30 16:45:11 +01:00
Kamila Borowska
4bc2fed550
Fix DAG cycle detection (#3049)
Previously a graph like this.

    a <- b
    ^    ^
    |    |
    c <- d

Was incorrectly recognized as having a cycle.

Fixes #3048.
2023-12-28 00:14:28 +01:00
6543
840fca198e
make backend step dag generation deterministic (#3037)
the the generation for backend steps if a dag is used deterministic.

this also fix where the test randomly fail like in:
- https://ci.woodpecker-ci.org/repos/3780/pipeline/11057/30
- https://ci.woodpecker-ci.org/repos/3780/pipeline/11076/25
2023-12-27 12:38:33 +02:00
Anbraten
2b1e5f35de
Add depends_on support for steps (#2771)
Co-authored-by: 6543 <6543@obermui.de>
2023-12-24 12:14:30 +01:00
Thomas Anderson
253d702bc7
Fix IPv6 host aliases for kubernetes (#2992)
Closes #2991


[Tests](https://github.com/woodpecker-ci/woodpecker/pull/2993#issuecomment-1868048169)

---------

Co-authored-by: 6543 <6543@obermui.de>
2023-12-23 00:42:30 +01:00
qwerty287
ce4f952b50
Switch to ULID (#2986)
Closes https://github.com/woodpecker-ci/woodpecker/discussions/2156
2023-12-21 20:23:51 +01:00
runephilosof-karnovgroup
adb2c82790
Update go module path for major version 2 (#2905)
https://go.dev/doc/modules/release-workflow#breaking

Fixes https://github.com/woodpecker-ci/woodpecker/issues/2913 fixes
#2654
```
runephilosof@fedora:~/code/platform-woodpecker/woodpecker-repo-configurator (master)$ go get go.woodpecker-ci.org/woodpecker@v2.0.0
go: go.woodpecker-ci.org/woodpecker@v2.0.0: invalid version: module contains a go.mod file, so module path must match major version ("go.woodpecker-ci.org/woodpecker/v2")
```

---------

Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2023-12-08 08:15:08 +01:00
Thomas Anderson
3adb98b287
Simple security context options (Kubernetes) (#2550) 2023-11-26 08:46:06 +01:00
qwerty287
342b25826c
Rename link to url (#2812)
As of https://woodpecker-ci.org/docs/next/usage/terminiology#conventions
2023-11-14 17:12:12 +01:00
qwerty287
70711ed9db
Replace interface{} with any (#2807)
like golang:
2580d0e08d
2023-11-12 18:23:48 +01:00
6543
5a7b689e30
Switch to go vanity urls (#2706)
Co-authored-by: Anbraten <anton@ju60.de>
2023-11-07 08:04:33 +01:00
Anbraten
9e10100ad6
Fail on missing secrets (#2749)
Co-authored-by: pat-s <patrick.schratz@gmail.com>
2023-11-05 12:47:42 +01:00
Thomas Anderson
de53b906e8
Add ports into pipeline backend step model (#2656)
Closes #2655.


[Pipeline](https://woodpecker-ci.org/docs/next/usage/services#complete-pipeline-example):
```yaml
services:
  database:
    image: mysql
    environment:
      - MYSQL_DATABASE=test
      - MYSQL_ROOT_PASSWORD=example
    ports:
      - 3306

steps:
  get-version:
    image: ubuntu
    commands:
      - ( apt update && apt dist-upgrade -y && apt install -y mysql-client 2>&1 )> /dev/null
      - sleep 60s # need to wait for mysql-server init
      - echo 'SHOW VARIABLES LIKE "version"' | mysql -uroot -hdatabase test -pexample
```

Service:
```yaml
apiVersion: v1
kind: Service
metadata:
  name: wp-01hdq6gbkw1mn6k1655fs3rntf-0-services-0
  namespace: woodpecker-runtime
  ...
  selfLink: >-
    /api/v1/namespaces/woodpecker-runtime/services/wp-01hdq6gbkw1mn6k1655fs3rntf-0-services-0
status:
  loadBalancer: {}
spec:
  ports:
    - protocol: TCP
      port: 3306
      targetPort: 3306
  selector:
    step: database
  clusterIP: 10.43.180.120
  clusterIPs:
    - 10.43.180.120
  type: ClusterIP
  sessionAffinity: None
  ipFamilies:
    - IPv4
  ipFamilyPolicy: SingleStack
  internalTrafficPolicy: Cluster
```
2023-11-02 04:12:41 +01:00
6543
e83357833d
Use path.Join for server side path generation (#2689)
make sure to have valid config even when server is running under windows

---
*Sponsored by Kithara Software GmbH*
2023-11-01 11:29:44 +01:00
Anbraten
f44aa8a6fd
Remove plugin-only option from secrets (#2213) 2023-10-24 20:38:47 +02:00
qwerty287
46273e54d8
Require Go 1.21 (#2553)
Main change are the new `maps` and `slices` stdlib packages so we can
replace `golang.org/x/exp`.
2023-10-09 09:11:08 +02:00
Kleber Rocha
61b5672051
Add option to configure tolerations in kubernetes backend (#2249)
This code add a feature to support tolerations in Kubernetes Backend

---------

Signed-off-by: Kleber Rocha <klinux@gmail.com>
2023-08-22 22:34:59 +02:00