mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-19 06:56:35 +00:00
31 lines
1.4 KiB
Markdown
31 lines
1.4 KiB
Markdown
# Plugins
|
|
|
|
Plugins are Docker containers, executed during your build process. Plugins are downloaded automatically, on-demand as they are encountered in your `.drone.yml` file.
|
|
|
|
See the [plugin marketplace](http://addons.drone.io) for a full catalog of official plugins.
|
|
|
|
## Security
|
|
|
|
For security reasons you must whitelist plugins. The default whitelist includes the official Drone plugins hosted in the [Docker registry](https://registry.hub.docker.com/repos/plugins/). Customize your whitelist by setting the `PLUGIN_FILTER` environment variable. This is a space-separated list and includes glob matching capabilities.
|
|
|
|
Whitelist official Drone plugins
|
|
|
|
```
|
|
PLUGIN_FILTER=plugins/*
|
|
```
|
|
|
|
Whitelist official Drone plugins and registry user `octocat`
|
|
|
|
```
|
|
PLUGIN_FILTER=plugins/* octocat/*
|
|
```
|
|
|
|
Additionally, some plugins may require to be execute as a "privileged" container.
|
|
This mode is most common for plugins that are attempting to run docker in docker type behaviors (for example the plugins/docker requires this mode).
|
|
Drone will ship will a default pattern that will allow selected official Drone plugins to run in an privileged mode.
|
|
This whitelist can be customized by setting the `ESCALATE_FILTER` environment variable.
|
|
This is a space-separated list and includes glob matching capabilities.
|
|
|
|
```
|
|
ESCALATE_FILTER=plugins/drone-docker plugins/drone-ecr plugins/drone-gcr
|
|
```
|