From 846fd8dc51b475dd7371d9e3b4b29915db557c26 Mon Sep 17 00:00:00 2001 From: Jener Rasmussen Date: Thu, 30 Jan 2025 13:03:58 +0100 Subject: [PATCH] Tag pipeline with source information (#4771) Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> --- docs/src/pages/migrations.md | 2 +- pipeline/backend/kubernetes/pod.go | 13 ++++++++++--- pipeline/backend/kubernetes/pod_test.go | 12 ++++++++---- pipeline/backend/kubernetes/secrets.go | 4 ++++ pipeline/backend/kubernetes/secrets_test.go | 3 ++- server/pipeline/stepbuilder/stepBuilder.go | 15 +++++++++++++++ 6 files changed, 40 insertions(+), 9 deletions(-) diff --git a/docs/src/pages/migrations.md b/docs/src/pages/migrations.md index a403e43f7..a798b2651 100644 --- a/docs/src/pages/migrations.md +++ b/docs/src/pages/migrations.md @@ -4,7 +4,7 @@ To enhance the usability of Woodpecker and meet evolving security standards, occ ## `next` -- No changes +- (Kubernetes) Deprecated `step` label on pod in favor of new namespaced label `woodpecker-ci.org/step`. The `step` label will be removed in a future update. ## 3.0.0 diff --git a/pipeline/backend/kubernetes/pod.go b/pipeline/backend/kubernetes/pod.go index 42a04356c..44b685897 100644 --- a/pipeline/backend/kubernetes/pod.go +++ b/pipeline/backend/kubernetes/pod.go @@ -31,9 +31,12 @@ import ( ) const ( - StepLabel = "step" - podPrefix = "wp-" - defaultFSGroup int64 = 1000 + // StepLabelLegacy is the legacy label name from before the introduction of the woodpecker-ci.org namespace. + // This will be removed in the future. + StepLabelLegacy = "step" + StepLabel = "woodpecker-ci.org/step" + podPrefix = "wp-" + defaultFSGroup int64 = 1000 ) func mkPod(step *types.Step, config *config, podName, goos string, options BackendOptions) (*v1.Pod, error) { @@ -115,6 +118,10 @@ func podLabels(step *types.Step, config *config, options BackendOptions) (map[st if step.Type == types.StepTypeService { labels[ServiceLabel], _ = serviceName(step) } + labels[StepLabelLegacy], err = stepLabel(step) + if err != nil { + return labels, err + } labels[StepLabel], err = stepLabel(step) if err != nil { return labels, err diff --git a/pipeline/backend/kubernetes/pod_test.go b/pipeline/backend/kubernetes/pod_test.go index 01aa95ecb..f26b713cc 100644 --- a/pipeline/backend/kubernetes/pod_test.go +++ b/pipeline/backend/kubernetes/pod_test.go @@ -72,7 +72,8 @@ func TestTinyPod(t *testing.T) { "namespace": "woodpecker", "creationTimestamp": null, "labels": { - "step": "build-via-gradle" + "step": "build-via-gradle", + "woodpecker-ci.org/step": "build-via-gradle" } }, "spec": { @@ -153,7 +154,8 @@ func TestFullPod(t *testing.T) { "labels": { "app": "test", "part-of": "woodpecker-ci", - "step": "go-test" + "step": "go-test", + "woodpecker-ci.org/step": "go-test" }, "annotations": { "apps.kubernetes.io/pod-index": "0", @@ -447,7 +449,8 @@ func TestScratchPod(t *testing.T) { "namespace": "woodpecker", "creationTimestamp": null, "labels": { - "step": "curl-google" + "step": "curl-google", + "woodpecker-ci.org/step": "curl-google" } }, "spec": { @@ -492,7 +495,8 @@ func TestSecrets(t *testing.T) { "namespace": "woodpecker", "creationTimestamp": null, "labels": { - "step": "test-secrets" + "step": "test-secrets", + "woodpecker-ci.org/step": "test-secrets" } }, "spec": { diff --git a/pipeline/backend/kubernetes/secrets.go b/pipeline/backend/kubernetes/secrets.go index 3acba1e07..da003e5d8 100644 --- a/pipeline/backend/kubernetes/secrets.go +++ b/pipeline/backend/kubernetes/secrets.go @@ -258,6 +258,10 @@ func registrySecretLabels(step *types.Step) (map[string]string, error) { if step.Type == types.StepTypeService { labels[ServiceLabel], _ = serviceName(step) } + labels[StepLabelLegacy], err = stepLabel(step) + if err != nil { + return labels, err + } labels[StepLabel], err = stepLabel(step) if err != nil { return labels, err diff --git a/pipeline/backend/kubernetes/secrets_test.go b/pipeline/backend/kubernetes/secrets_test.go index c918fc741..9415b039e 100644 --- a/pipeline/backend/kubernetes/secrets_test.go +++ b/pipeline/backend/kubernetes/secrets_test.go @@ -212,7 +212,8 @@ func TestRegistrySecret(t *testing.T) { "namespace": "woodpecker", "creationTimestamp": null, "labels": { - "step": "go-test" + "step": "go-test", + "woodpecker-ci.org/step": "go-test" } }, "type": "kubernetes.io/dockerconfigjson", diff --git a/server/pipeline/stepbuilder/stepBuilder.go b/server/pipeline/stepbuilder/stepBuilder.go index 3d0b55e7e..07f30c3ab 100644 --- a/server/pipeline/stepbuilder/stepBuilder.go +++ b/server/pipeline/stepbuilder/stepBuilder.go @@ -19,6 +19,7 @@ import ( "fmt" "maps" "path/filepath" + "strconv" "strings" "github.com/oklog/ulid/v2" @@ -194,6 +195,20 @@ func (b *StepBuilder) genItemForWorkflow(workflow *model.Workflow, axis matrix.A maps.Copy(item.Labels, b.DefaultLabels) } + // "woodpecker-ci.org" namespace is reserved for internal use + for key := range item.Labels { + if strings.HasPrefix(key, "woodpecker-ci.org") { + log.Debug().Str("forge", b.Forge.Name()).Str("repo", b.Repo.FullName).Str("label", key).Msg("dropped pipeline label with reserved prefix woodpecker-ci.org") + delete(item.Labels, key) + } + } + + item.Labels["woodpecker-ci.org/forge-id"] = b.Forge.Name() + item.Labels["woodpecker-ci.org/repo-forge-id"] = string(b.Repo.ForgeRemoteID) + item.Labels["woodpecker-ci.org/repo-id"] = strconv.FormatInt(b.Repo.ID, 10) + item.Labels["woodpecker-ci.org/repo-name"] = b.Repo.Name + item.Labels["woodpecker-ci.org/branch"] = b.Repo.Branch + return item, errorsAndWarnings }