woodpecker/docs/setup/plugins.md

31 lines
1.4 KiB
Markdown

# Plugins
Plugins are Docker containers, executed during your build process. Plugins are downloaded automatically, on-demand as they are encountered in your `.drone.yml` file.
See the [plugin marketplace](http://addons.drone.io) for a full catalog of official plugins.
## Security
For security reasons you must whitelist plugins. The default whitelist includes the official Drone plugins hosted in the [Docker registry](https://registry.hub.docker.com/repos/plugins/). Customize your whitelist by setting the `PLUGIN_FILTER` environment variable. This is a space-separated list and includes glob matching capabilities.
Whitelist official Drone plugins
```
PLUGIN_FILTER=plugins/*
```
Whitelist official Drone plugins and registry user `octocat`
```
PLUGIN_FILTER=plugins/* octocat/*
```
Additionally, some plugins may require to be execute as a "privileged" container.
This mode is most common for plugins that are attempting to run docker in docker type behaviors (for example the plugins/docker requires this mode).
Drone will ship will a default pattern that will allow selected official Drone plugins to run in an privileged mode.
This whitelist can be customized by setting the `ESCALATE_FILTER` environment variable.
This is a space-separated list and includes glob matching capabilities.
```
ESCALATE_FILTER=plugins/drone-docker plugins/drone-ecr plugins/drone-gcr
```