Add support for default clone image environment variable (#769)

This allows for custom clone images for deployment in air-gap systems.

Co-authored-by: Zav Shotan <zshotan@bloomberg.net>

cmd/server/flags.go

@@ -96,6 +96,12 @@ var flags = []cli.Flag{
 		Name:    "authenticate-public-repos",
 		Usage:   "Always use authentication to clone repositories even if they are public. Needed if the SCM requires to always authenticate as used by many companies.",
 	},
+	&cli.StringFlag{
+		EnvVars: []string{"WOODPECKER_DEFAULT_CLONE_IMAGE"},
+		Name:    "default-clone-image",
+		Usage:   "The default docker image to be used when cloning the repo",
+		Value:   "woodpeckerci/plugin-git:latest",
+	},
 	&cli.StringFlag{
 		EnvVars: []string{"WOODPECKER_DOCS"},
 		Name:    "docs",

cmd/server/server.go

@@ -274,6 +274,9 @@ func setupEvilGlobals(c *cli.Context, v store.Store, r remote.Remote) {
 	// authentication
 	server.Config.Pipeline.AuthenticatePublicRepos = c.Bool("authenticate-public-repos")
 
+	// Cloning
+	server.Config.Pipeline.DefaultCloneImage = c.String("default-clone-image")
+
 	// limits
 	server.Config.Pipeline.Limits.MemSwapLimit = c.Int64("limit-mem-swap")
 	server.Config.Pipeline.Limits.MemLimit = c.Int64("limit-mem")

docs/docs/30-administration/10-server-config.md

@@ -164,6 +164,11 @@ Link to documentation in the UI.
 
 Always use authentication to clone repositories even if they are public. Needed if the SCM requires to always authenticate as used by many companies.
 
+### `WOODPECKER_DEFAULT_CLONE_IMAGE`
+> Default: `woodpeckerci/plugin-git:latest`
+
+The default docker image to be used when cloning the repo
+
 ### `WOODPECKER_SESSION_EXPIRES`
 > Default: `72h`
 

pipeline/frontend/yaml/compiler/compiler.go

@@ -61,6 +61,7 @@ type Compiler struct {
 	secrets           map[string]Secret
 	cacher            Cacher
 	reslimit          ResourceLimit
+	defaultCloneImage string
 }
 
 // New creates a new Compiler with options.
@@ -120,9 +121,13 @@ func (c *Compiler) Compile(conf *yaml.Config) *backend.Config {
 
 	// add default clone step
 	if !c.local && len(conf.Clone.Containers) == 0 && !conf.SkipClone {
+		cloneImage := defaultCloneImage
+		if len(c.defaultCloneImage) > 0 {
+			cloneImage = c.defaultCloneImage
+		}
 		container := &yaml.Container{
 			Name:        defaultCloneName,
-			Image:       defaultCloneImage,
+			Image:       cloneImage,
 			Settings:    map[string]interface{}{"depth": "0"},
 			Environment: c.cloneEnv,
 		}

pipeline/frontend/yaml/compiler/option.go

@@ -199,6 +199,12 @@ func WithResourceLimit(swap, mem, shmsize, cpuQuota, cpuShares int64, cpuSet str
 	}
 }
 
+func WithDefaultCloneImage(cloneImage string) Option {
+	return func(compiler *Compiler) {
+		compiler.defaultCloneImage = cloneImage
+	}
+}
+
 // TODO(bradrydzewski) consider an alternate approach to
 // WithProxy where the proxy strings are passed directly
 // to the function as named parameters.

pipeline/frontend/yaml/compiler/option_test.go

@@ -240,6 +240,15 @@ func TestWithVolumeCacher(t *testing.T) {
 	}
 }
 
+func TestWithDefaultCloneImage(t *testing.T) {
+	compiler := New(
+		WithDefaultCloneImage("not-an-image"),
+	)
+	if compiler.defaultCloneImage != "not-an-image" {
+		t.Errorf("Expected default clone image 'not-an-image' not found")
+	}
+}
+
 func TestWithS3Cacher(t *testing.T) {
 	compiler := New(
 		WithS3Cacher("some-access-key", "some-secret-key", "some-region", "some-bucket"),

server/config.go

@@ -67,6 +67,7 @@ var Config = struct {
 	}
 	Pipeline struct {
 		AuthenticatePublicRepos bool
+		DefaultCloneImage       string
 		Limits                  model.ResourceLimit
 		Volumes                 []string
 		Networks                []string

server/shared/procBuilder.go

@@ -246,6 +246,7 @@ func (b *ProcBuilder) toInternalRepresentation(parsed *yaml.Config, environ map[
 			),
 			b.Repo.IsSCMPrivate || server.Config.Pipeline.AuthenticatePublicRepos,
 		),
+		compiler.WithDefaultCloneImage(server.Config.Pipeline.DefaultCloneImage),
 		compiler.WithRegistry(registries...),
 		compiler.WithSecret(secrets...),
 		compiler.WithPrefix(