Commit graph

102 commits

Author SHA1 Message Date
Robert Kaussow
fe7eb64bf9
Add option to read grpc-secret from file (#1972) 2023-07-10 23:53:02 +02:00
Martin W. Kirst
2c1fc4b500
support custom .JS and .CSS files for custom banner messages (white-labeling) (#1781)
This PR introduces two new server configuration options, for providing a
custom .JS and .CSS file.
These can be used to show custom banner messages, add
environment-dependent signals, or simply a corporate logo.

### Motivation (what problem I try to solve)

I'm operating Woodpecker in multiple k8s clusters for different
environments.
When having multiple browser tabs open, I prefer strong indicators for
each environment.
E.g. a red "PROD" banner, or just a blue "QA" banner.
Also, we sometimes need to have the chance for maintenance, and instead
of broadcasting emails,
I prefer a banner message, stating something like: "Heads-up: there's a
planned downtime, next Friday, blabla...".

Also, I like to have the firm's logo visible, which makes Woodpecker
look more like an integral part of our platform.

### Implementation notes

* Two new config options are introduced ```WOODPECKER_CUSTOM_CSS_FILE```
and ```WOODPECKER_CUSTOM_JS_FILE```
* I've piggy-bagged the existing handler for assets, as it seemed to me
a minimally invasive approach
* the option along with an example is documented
* a simple unit test for the Gin-handler ensures some regression safety
* no extra dependencies are introduced

### Visual example

The documented example will look like this.

![Screenshot 2023-05-27 at 17 00
44](https://github.com/woodpecker-ci/woodpecker/assets/1189394/8940392e-463c-4651-a1eb-f017cd3cd64d)

### Areas of uncertainty 

This is my first contribution to Woodpecker and I tried my best to align
with your conventions.
That said, I found myself uncertain about these things and would be glad
about getting feedback.

* The handler tests are somewhat different than the other ones because I
wanted to keep them simple - I hope that still matches your coding
guidelines
* caching the page sometimes will let the browser not recognize changes
and a user must reload. I'm not fully into the details of how caching is
implemented and neither can judge if it's a real problem. Another pair
of eyes would be good.
2023-07-10 12:46:35 +02:00
qwerty287
cd982fcbd1
Fix pipeline status calculation/reporting (#1898)
Closes #1895 
Regression of #1784
2023-06-29 14:56:01 +02:00
qwerty287
3033abc3b4
Add own workflow model (#1784)
Closes #1287

---------

Co-authored-by: 6543 <6543@obermui.de>
2023-06-27 18:01:18 +02:00
Thomas Anderson
0c3021473f
Added Woodpecker Host Config used for Webhooks (#1869)
When SCM and Woodpecker are deployed in the same cluster, I want that
SCM requests Woodpecker directly by internal URL.


![Webhook-host-diagram](https://github.com/woodpecker-ci/woodpecker/assets/127358482/c4689d55-839a-4731-95b3-5734ba561e5f)
 
This PR adds optional URL used for Webhook calls.
2023-06-18 14:47:40 +02:00
Anbraten
ff01a9ff1d
Access repos by their ids (#1691)
closes #1295 
closes #648

# TODO
- [x] add new routes with `:repoID`
- [x] load repo in middleware using `:repoID` if present
- [x] update UI routes `:owner/:name` to `:repoID`
- [x] load repos using id in UI
- [x] add lookup endpoint `:owner/:name` to `:repoID`
- [x] redirect `:owner/:name` to `:repoID` in UI
- [x] use badge with `:repoID` route in UI
- [x] update `woodpecker-go`
- [x] check cli
- [x] add migrations / deprecation notes
- [x] check if #648 got solved directly
- [x] Test
  - [x] create repo
  - [x] repo pages
  - [x] ui redirects
  - [x] forge status links
2023-06-13 01:07:52 +02:00
6543
5139624cf8
Migrate old logs to new database schema (#1828)
address new models based on #1802
2023-06-12 22:43:14 +02:00
qwerty287
5d74174bc3
Drop old columns (#1838) 2023-06-07 19:22:44 +02:00
Anbraten
556607b525
Rework log streaming and related functions (#1802)
closes #1801
closes #1815 
closes #1144
closes  #983
closes  #557
closes #1827
regression of #1791

# TODO
- [x] adjust log model
- [x] add migration for logs
- [x] send log line via grpc using step-id
- [x] save log-line to db
- [x] stream log-lines to UI
- [x] use less structs for log-data
- [x] make web UI work
  - [x] display logs loaded from db
  - [x] display streaming logs
- [ ] ~~make migration work~~ -> dedicated pull (#1828)

# TESTED
- [x] new logs are stored in database
- [x] log retrieval via cli (of new logs) works
- [x] log streaming works (tested via curl & webui)
- [x] log retrieval via web (of new logs) works

---------

Co-authored-by: 6543 <6543@obermui.de>
2023-06-06 09:52:08 +02:00
6543
d1213afdc8
[Docs] use redocusaurus to display swagger file (#1818)
https://redocusaurus.vercel.app/

followup of  #1782

---------

Co-authored-by: Anbraten <anton@ju60.de>
2023-06-04 05:07:39 +02:00
Martin W. Kirst
14177635b6
Update swagger API specification (#1782)
# Summary

This PR drops the outdated former swagger.yaml/json and introduced
automatic API document generation from Go code.
The generated code is also used to generate documentation/markdown for
the community page,
as well as enable the Woodpecker server to serve a Swagger Web UI for
manual tinkering.

I did opt-in for gin-swagger, a middleware for the Gin framework, to
ease implementation and have a sophisticated output.
This middleware only produces Swagger v2 specs. AFAIK the newer OpenApi
3x tooling is not yet that mature,
so I guess that's fine for now.

## Implemenation notes

- former swagger.json files removed
- former // swagger godocs removed
- introduced new dependency gin-swagger, which uses godoc annotations on
top of Gin Handler functions.
- reworked Makefile to automatically generate Go code for the server
- introduce new dependency go-swagger, to generate Markdown for
documentation purposes
- add a Swagger Web UI, incl. capabilities for manual API exploration
- consider relative root paths in the implementation
- write documentation for all exposed API endpoints
- incl. API docs in the community website (auto-generated)
- provide developer documentation, for the Woodpecker authors
- no other existing logic/code was intentionally changed

---------

close #292

---------

Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
2023-06-03 21:38:36 +02:00
Anbraten
c464f857ae
Remove unused file system api (#1791)
Co-authored-by: 6543 <6543@obermui.de>
2023-05-31 18:03:03 +02:00
qwerty287
2ccf7c6f1a
Drop Gogs support (#1752)
Gogs support is broken (and we won't fix it because we don't care about
it...) because it does not support OAuth, at least after we introduced
the new Vue UI.

See:

77d830d5b5/server/forge/gogs/gogs.go (L84)

This route is not present in the new UI.
2023-05-14 10:34:05 +02:00
meak
41a50ae915
Allow to configure port for SSL (#1735)
Co-authored-by: Mehdi Katranji <hello@mek.yt>
Co-authored-by: Lauris BH <lauris@nix.lv>
2023-05-11 06:11:10 +02:00
qwerty287
54d4ec04c0
Drop Gogs private mode (#1726)
You should use `WOODPECKER_AUTHENTICATE_PUBLIC_REPOS` instead if repos
sent from forge as public should be authenticated
2023-04-30 14:01:11 +02:00
qwerty287
b90e7904a5
Support path prefix (#1714)
closes #1636 
closes #1429
supersedes #1586

Uses a different approach: just take the index.html compiled by vite and
replace the paths to js and other files using regex. This is not
compatible with the dev proxy which is also the reason why we can't use
go templates for this.
2023-04-29 17:51:50 +02:00
qwerty287
0970f35df5
Do not store inactive repos (#1658)
Do not sync repos with forge if the repo is not necessary in DB.

In the DB, only repos that were active once or repos that are currently
active are stored. When trying to enable new repos, the repos list is
fetched from the forge instead and displayed directly. In addition to
this, the forge func `Perm` was removed and is now merged with `Repo`.

Solves a TODO on RepoBatch.

---------

Co-authored-by: Anbraten <anton@ju60.de>
2023-03-21 23:01:59 +01:00
Lauris BH
46452fbd84
Update Go dependencies and minimal Go version to 1.20 (#1650)
Signed-off-by: 6543 <6543@obermui.de>
Co-authored-by: 6543 <6543@obermui.de>
2023-03-21 00:48:15 +01:00
6543
e28b43ab19
Only inject netrc to trusted clone plugins (#1352)
Co-authored-by: qwerty287 <ndev@web.de>
Co-authored-by: 6543 <6543@obermui.de>
2023-03-20 21:17:49 +01:00
qwerty287
f582ad3159
Various enhancements in configuration (#1645)
- backends: move to cli flags instead of os.Getenv
- ssh: support 2fa with key and password
- allow to set grpc jwt secret (solves todo)
- allow to set default and max timeout (solves todo)

Closes https://github.com/woodpecker-ci/woodpecker/issues/896
Closes https://github.com/woodpecker-ci/woodpecker/issues/1131
2023-03-19 20:24:43 +01:00
qwerty287
37dc8a46e0
Drop coding support (#1644)
Coding support is likely broken and nobody will ever fix it. Also it
looks like nobody wants to use it, otherwise we would have get some bug
reports.

---------

Co-authored-by: 6543 <6543@obermui.de>
2023-03-19 09:36:04 +01:00
Anbraten
fa5b0fb96e
Fix linter (#1647) 2023-03-18 20:35:27 +01:00
Alexander Matyushentsev
9288670c61
feat: expose unprotected metrics endpoint (#1614)
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Anbraten <anton@ju60.de>
2023-03-12 09:41:10 +01:00
Earl Warren
7835a632e4
Define WOODPECKER_FORGE_TIMEOUT server config (#1558)
When a server such as Codeberg has unusually high response time, three
seconds may not be enough to fetch the configuration.

Signed-off-by: Earl Warren <contact@earl-warren.org>
Co-authored-by: 6543 <6543@obermui.de>
2023-02-01 18:53:19 +01:00
Anbraten
d96032349a
Store an agents list and add agent heartbeats (#1189)
Co-authored-by: 6543 <6543@obermui.de>
2023-01-28 14:13:04 +01:00
6543
a389287d80
Disable secret encryption until its fixed (#1549)
#1475, #1541, #1544
2023-01-15 20:12:18 +01:00
antomy-gc
6516a28cdd
Secrets encryption in database (#1475)
closes #101

Added secrets encryption in database

- Google TINK or simple AES as encryption mechanisms
- Keys rotation support on TINK
- Existing SecretService is wrapped by encryption layer
- Encryption can be enabled and disabled at any time

Co-authored-by: Kuzmin Ilya <ilia.kuzmin@indrive.com>
Co-authored-by: 6543 <6543@obermui.de>
2023-01-12 20:59:07 +01:00
Josh Soref
12cbe15de0
Fix spelling: gitlab (#1411)
This is most of the GitLab changes that I dropped from #1405. 

As before, I'm happy to adjust things...

<details><summary>Problematic Changes</summary>

Fwiw, this is the part that causes the tests to break (I don't
understand why, but I'm leaving this change out):

```patch
commit 703cbe3ed398bf32535120ead733b80aa145c8db
Author: Josh Soref <2119212+jsoref@users.noreply.github.com>
Date:   Tue Nov 8 17:09:06 2022 -0500

    event?! -- this seems broken

diff --git a/server/forge/gitlab/testdata/hooks.go b/server/forge/gitlab/testdata/hooks.go
index 7d39306..e394afc 100644
--- a/server/forge/gitlab/testdata/hooks.go
+++ b/server/forge/gitlab/testdata/hooks.go
@@ -27,7 +27,7 @@ var (
 	ServiceHookHeaders = http.Header{
 		"Content-Type":   []string{"application/json"},
 		"User-Agent":     []string{"GitLab/14.3.0"},
-		"X-Gitlab-Event": []string{"Service Hook"},
+		"X-GitLab-Event": []string{"Service Hook"},
 	}
 )
 
diff --git a/shared/token/token.go b/shared/token/token.go
index 3f15537..191e5ee 100644
--- a/shared/token/token.go
+++ b/shared/token/token.go
@@ -64,7 +64,7 @@ func ParseRequest(r *http.Request, fn SecretFunc) (*Token, error) {
 		return parse(bearer, fn)
 	}
 
-	token = r.Header.Get("X-Gitlab-Token")
+	token = r.Header.Get("X-GitLab-Token")
 	if len(token) != 0 {
 		return parse(token, fn)
 	}

```
</details>

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2022-11-09 17:16:17 +01:00
Josh Soref
023d03dd61
Spelling (#1405)
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-11-09 08:12:17 +01:00
qwerty287
3372d1a87c
Rename remote to forge (#1357)
As of #745

Co-authored-by: Anbraten <anton@ju60.de>
2022-11-05 00:35:06 +01:00
Harikesh00
36e42914fa
Renamed procs/jobs to steps in code (#1331)
Renamed `procs` to `steps` in code for the issue #1288

Co-authored-by: Harikesh Prajapati <harikesh.prajapati@druva.com>
Co-authored-by: qwerty287 <ndev@web.de>
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-10-28 17:38:53 +02:00
qwerty287
849e05bb8b
Rename build to pipeline in code (#1224)
Ref:  #745

Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: 6543 <6543@obermui.de>
2022-10-18 03:24:12 +02:00
Avinil Bedarkar
493ec45be6
Return return 404 if registry to delete do not exist (#1278)
Closes #524

Co-authored-by: 6543 <6543@obermui.de>
2022-10-18 01:48:04 +02:00
Anbraten
dbbd369c9a
Migrate to certmagic (#360)
closes #219
closes #850

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2022-09-04 03:24:42 +02:00
Anbraten
5ca7ede9e4
Improve logging (#1158)
* switch default log level to info add start message and cleanup server start
* refactor code
* fix agent debug / trace logging
2022-09-03 20:41:23 +02:00
6543
c79d49c862
Delete old fallbacks and compatible stuff (#791)
Drop ...
* ... DRONE_ and deprecated pipeline environment vars
* ... deprecated sqlite3 file path
2022-09-01 14:31:12 +02:00
6543
18c1807f4f
Create mock for store and add unit tests for cron (#1146)
* pass remote on init as argument like store

* mock store

* TestCreateBuild
2022-09-01 01:19:49 +02:00
6543
383f273392
Add cron feature (#934)
https://woodpecker-ci.org/docs/usage/cron

Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2022-09-01 00:36:32 +02:00
Lauris BH
19dfc331f4
Add method to check organization membership (#1037)
* Add remote method to check organization membership
* Use named return parameters in interface
* Add membership check service
* Update Gitea SDK
2022-07-25 03:09:35 +02:00
Anbraten
cc30db44ac
Use asym key to sign webhooks (#916)
* use async key pair for webhooks

* fix tests

* fix linter

* improve code

* add key pair to database

* undo some changes

* more undo

* improve docs

* add api-endpoint

* add signaturne api endpoint

* fix error

* fix linting and test

* fix lint

* add test

* migration 006

* no need for migration

* replace httsign lib

* fix lint

Co-authored-by: 6543 <6543@obermui.de>
2022-06-01 20:06:27 +02:00
Anbraten
0b2b776ed8
Remove senders model (#923)
* remove senders
* drop table
2022-05-17 21:27:44 +02:00
qwerty287
6568751320
Allow to change forge status messages (#900)
Allow to change the status message via template option

Closes https://github.com/woodpecker-ci/woodpecker/issues/855
2022-05-12 19:07:33 +02:00
Zav Shotan
7313de2b1d
Add support for superseding runs (#831)
closes #11

Added support:
1. Environment variable `WOODPECKER_DELETE_MULTIPLE_RUNS_ON_EVENTS` (Default pull_request, push)
2. Builds will be marked as killed when they "override" another build
2022-05-09 11:26:09 +02:00
6543
58303dd2a7
Move value of default clone image into shared constant package (#873) 2022-04-06 15:30:49 +02:00
qwerty287
eb6d69e1fd
Use Gogs' try instance as default value (#852) 2022-03-27 04:05:56 +02:00
Lukas Bachschwell
c16d42f81e
Add missing flag and docs (#825)
* Add missing flag and docs

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>
Co-authored-by: Anbraten <anton@ju60.de>
2022-03-02 16:49:00 +01:00
Lukas Bachschwell
09e6460f95
Allow loading sensitive flags from files (#815)
With systems like docker swarm or docker compose it is usually a little awkward to manage secrets. 
There is no way to directly inject them into the environment config. So you often have to write your secrets directly into the compose file

There are hacky workarounds such as overriding the entry-point of the container and loading a script which then fetches secrets from /run/secrets and replaces the environment variables, but this becomes very difficult once we are using docker images built from "scratch" (which is a really great practice otherwise) as there is no shell or standard tooling available

This adds a *_FILE variant of their Environment config values to work around this issue.

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>
2022-03-01 16:09:33 +01:00
Lukas Bachschwell
59ba8538a1
Add support for pipeline configuration service (#804)
* Add configuration extension flags to server
Add httpsignatures dependency

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Add http fetching to config fetcher

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Refetch config on rebuild

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* - Ensure multipipeline compatiblity
- Send original config in http request

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Basic tests of config api

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Simple docs page

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Better flag naming

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Rename usages of the term yaml
Rename ConfigAPI struct

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Doc adjustments

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* More docs touchups

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Fix env vars in docs

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* fix json tags for api calls

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Add example config service

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Consistent naming for configService

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Docs: Change example repository location

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Fix tests after response field rename

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Revert accidential unrelated change in api hook

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>

* Update server flag descriptions

Co-authored-by: Anbraten <anton@ju60.de>

Co-authored-by: Anbraten <anton@ju60.de>
2022-02-28 10:56:23 +01:00
Anbraten
52d8097290
Get Netrc machine from clone url (#800)
We previously got the machine hostname for Netrc from the url of the remote, but in cases where the clone-url does not match the api url this can lead to errors.
2022-02-26 02:54:15 +01:00
6543
c4960cdd2c
Ignore items from WOODPECKER_ENVIRONMENT only containing a key and no value (#781)
* fix 761

* refactor: rename to match what it does & log ignore case
2022-02-23 08:59:52 +01:00