diff --git a/README.md b/README.md index 9806ceb33..d93bebb01 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ Woodpecker is a simple, yet powerful CI/CD engine with great extensibility. ## Installation & Resources -Woodpecker can be installed in various ways (see the [Installation Instructions](https://woodpecker-ci.org/docs/administration/getting-started)) and runs with SQLite as database by default. +Woodpecker can be installed in various ways (see the [Installation Instructions](https://woodpecker-ci.org/docs/administration/general)) and runs with SQLite as database by default. It requires around 100 MB of RAM (Server) and 30 MB (Agent) at runtime in idle mode. ## Support diff --git a/docs/docusaurus.config.ts b/docs/docusaurus.config.ts index 5565af5b3..6c8016945 100644 --- a/docs/docusaurus.config.ts +++ b/docs/docusaurus.config.ts @@ -132,7 +132,7 @@ const config = { }, { label: 'Administration', - to: '/docs/administration/getting-started', + to: '/docs/administration/general', }, { to: '/migrations', // Always point to newest migration guide diff --git a/docs/src/pages/migrations.md b/docs/src/pages/migrations.md index a4680881a..3486861e8 100644 --- a/docs/src/pages/migrations.md +++ b/docs/src/pages/migrations.md @@ -8,13 +8,13 @@ To enhance the usability of Woodpecker and meet evolving security standards, occ - Deprecated several labels in favor of equivalents with the `woodpecker-ci.org/` prefix. The deprecated labels will be removed in a future update. The following labels are affected: - | Deprecated labels | New labels | - |-------------------|------------------------------------| - | `repo` | `woodpecker-ci.org/repo-full-name` | - | `platform` | `woodpecker-ci.org/platform` | - | `hostname` | `woodpecker-ci.org/hostname` | - | `backend` | `woodpecker-ci.org/backend` | - | `org-id` | `woodpecker-ci.org/org-id` | +| Deprecated labels | New labels | +| ----------------- | ---------------------------------- | +| `repo` | `woodpecker-ci.org/repo-full-name` | +| `platform` | `woodpecker-ci.org/platform` | +| `hostname` | `woodpecker-ci.org/hostname` | +| `backend` | `woodpecker-ci.org/backend` | +| `org-id` | `woodpecker-ci.org/org-id` | ## 3.0.0 @@ -242,7 +242,7 @@ Read more about it in [#4213](https://github.com/woodpecker-ci/woodpecker/pull/4 ## 1.0.0 -- The signature used to verify extension calls (like those used for the [config-extension](/docs/administration/advanced/external-configuration-api)) done by the Woodpecker server switched from using a shared-secret HMac to an ed25519 key-pair. Read more about it at the [config-extensions](/docs/administration/advanced/external-configuration-api) documentation. +- The signature used to verify extension calls (like those used for the [config-extension](/docs/administration/configuration/server#external-configuration-api)) done by the Woodpecker server switched from using a shared-secret HMac to an ed25519 key-pair. Read more about it at the [config-extensions](/docs/administration/configuration/server#external-configuration-api) documentation. - Refactored support for old agent filter labels and expressions. Learn how to use the new [filter](/docs/usage/workflow-syntax#labels) - Renamed step environment variable `CI_SYSTEM_ARCH` to `CI_SYSTEM_PLATFORM`. Same applies for the cli exec variable. - Renamed environment variables `CI_BUILD_*` and `CI_PREV_BUILD_*` to `CI_PIPELINE_*` and `CI_PREV_PIPELINE_*`, old ones are still available but deprecated diff --git a/docs/versioned_docs/version-2.7/20-usage/40-secrets.md b/docs/versioned_docs/version-2.7/20-usage/40-secrets.md deleted file mode 100644 index 1b55d9ce1..000000000 --- a/docs/versioned_docs/version-2.7/20-usage/40-secrets.md +++ /dev/null @@ -1,133 +0,0 @@ -# Secrets - -Woodpecker provides the ability to store named parameters external to the YAML configuration file, in a central secret store. These secrets can be passed to individual steps of the pipeline at runtime. - -Woodpecker provides three different levels to add secrets to your pipeline. The following list shows the priority of the different levels. If a secret is defined in multiple levels, will be used following this priorities: Repository secrets > Organization secrets > Global secrets. - -1. **Repository secrets**: They are available to all pipelines of an repository. -2. **Organization secrets**: They are available to all pipelines of an organization. -3. **Global secrets**: Can be configured by an instance admin. - They are available to all pipelines of the **whole** Woodpecker instance and should therefore **only** be used for secrets that are allowed to be read by **all** users. - -## Usage - -### Use secrets in commands - -Secrets are exposed to your pipeline steps and plugins as uppercase environment variables and can therefore be referenced in the commands section of your pipeline, -once their usage is declared in the `secrets` section: - -```diff - steps: - - name: docker - image: docker - commands: -+ - echo $docker_username -+ - echo $DOCKER_PASSWORD -+ secrets: [ docker_username, DOCKER_PASSWORD ] -``` - -The case of the environment variables is not changed, but secret matching is done case-insensitively. In the example above, `DOCKER_PASSWORD` would also match if the secret is called `docker_password`. - -### Use secrets in settings and environment - -You can set an setting or environment value from secrets using the `from_secret` syntax. - -In this example, the secret named `secret_token` would be passed to the setting named `token`,which will be available in the plugin as environment variable named `PLUGIN_TOKEN` (See [plugins](./51-plugins/20-creating-plugins.md#settings) for details), and to the environment variable `TOKEN_ENV`. - -```diff - steps: - - name: docker - image: my-plugin -+ environment: -+ TOKEN_ENV: -+ from_secret: secret_token -+ settings: -+ token: -+ from_secret: secret_token -``` - -### Note about parameter pre-processing - -Please note parameter expressions are subject to pre-processing. When using secrets in parameter expressions they should be escaped. - -```diff - steps: - - name: docker - image: docker - commands: -- - echo ${docker_username} -- - echo ${DOCKER_PASSWORD} -+ - echo $${docker_username} -+ - echo $${DOCKER_PASSWORD} - secrets: [ docker_username, DOCKER_PASSWORD ] -``` - -### Use in Pull Requests events - -Secrets are not exposed to pull requests by default. You can override this behavior by creating the secret and enabling the `pull_request` event type, either in UI or by CLI, see below. - -:::note -Please be careful when exposing secrets to pull requests. If your repository is open source and accepts pull requests your secrets are not safe. A bad actor can submit a malicious pull request that exposes your secrets. -::: - -## Image filter - -To prevent abusing your secrets from malicious usage, you can limit a secret to a list of images. If enabled they are not available to any other plugin (steps without user-defined commands). If you or an attacker defines explicit commands, the secrets will not be available to the container to prevent leaking them. - -## Adding Secrets - -Secrets are added to the Woodpecker in the UI or with the CLI. - -### CLI Examples - -Create the secret using default settings. The secret will be available to all images in your pipeline, and will be available to all push, tag, and deployment events (not pull request events). - -```bash -woodpecker-cli secret add \ - -repository octocat/hello-world \ - -name aws_access_key_id \ - -value -``` - -Create the secret and limit to a single image: - -```diff - woodpecker-cli secret add \ - -repository octocat/hello-world \ -+ -image plugins/s3 \ - -name aws_access_key_id \ - -value -``` - -Create the secrets and limit to a set of images: - -```diff - woodpecker-cli secret add \ - -repository octocat/hello-world \ -+ -image plugins/s3 \ -+ -image peloton/woodpecker-ecs \ - -name aws_access_key_id \ - -value -``` - -Create the secret and enable for multiple hook events: - -```diff - woodpecker-cli secret add \ - -repository octocat/hello-world \ - -image plugins/s3 \ -+ -event pull_request \ -+ -event push \ -+ -event tag \ - -name aws_access_key_id \ - -value -``` - -Loading secrets from file using curl `@` syntax. This is the recommended approach for loading secrets from file to preserve newlines: - -```diff - woodpecker-cli secret add \ - -repository octocat/hello-world \ - -name ssh_key \ -+ -value @/root/ssh/id_rsa -``` diff --git a/docs/versioned_docs/version-2.7/20-usage/90-advanced-usage.md b/docs/versioned_docs/version-2.7/20-usage/90-advanced-usage.md deleted file mode 100644 index 065386fdf..000000000 --- a/docs/versioned_docs/version-2.7/20-usage/90-advanced-usage.md +++ /dev/null @@ -1,129 +0,0 @@ -# Advanced usage - -## Advanced YAML syntax - -YAML has some advanced syntax features that can be used like variables to reduce duplication in your pipeline config: - -### Anchors & aliases - -You can use [YAML anchors & aliases](https://yaml.org/spec/1.2.2/#3222-anchors-and-aliases) as variables in your pipeline config. - -To convert this: - -```yaml -steps: - - name: test - image: golang:1.18 - commands: go test ./... - - name: build - image: golang:1.18 - commands: build -``` - -Just add a new section called **variables** like this: - -```diff -+variables: -+ - &golang_image 'golang:1.18' - - steps: - - name: test -- image: golang:1.18 -+ image: *golang_image - commands: go test ./... - - name: build -- image: golang:1.18 -+ image: *golang_image - commands: build -``` - -### Map merges and overwrites - -```yaml -variables: - - &base-plugin-settings - target: dist - recursive: false - try: true - - &special-setting - special: true - - &some-plugin codeberg.org/6543/docker-images/print_env - -steps: - - name: develop - image: *some-plugin - settings: - <<: [*base-plugin-settings, *special-setting] # merge two maps into an empty map - when: - branch: develop - - - name: main - image: *some-plugin - settings: - <<: *base-plugin-settings # merge one map and ... - try: false # ... overwrite original value - ongoing: false # ... adding a new value - when: - branch: main -``` - -### Sequence merges - -```yaml -variables: - pre_cmds: &pre_cmds - - echo start - - whoami - post_cmds: &post_cmds - - echo stop - hello_cmd: &hello_cmd - - echo hello - -steps: - - name: step1 - image: debian - commands: - - <<: *pre_cmds # prepend a sequence - - echo exec step now do dedicated things - - <<: *post_cmds # append a sequence - - name: step2 - image: debian - commands: - - <<: [*pre_cmds, *hello_cmd] # prepend two sequences - - echo echo from second step - - <<: *post_cmds -``` - -### References - -- [Official YAML specification](https://yaml.org/spec/1.2.2/#3222-anchors-and-aliases) -- [YAML Cheatsheet](https://learnxinyminutes.com/docs/yaml) - -## Persisting environment data between steps - -One can create a file containing environment variables, and then source it in each step that needs them. - -```yaml -steps: - - name: init - image: bash - commands: - - echo "FOO=hello" >> envvars - - echo "BAR=world" >> envvars - - - name: debug - image: bash - commands: - - source envvars - - echo $FOO -``` - -## Declaring global variables - -As described in [Global environment variables](./50-environment.md#global-environment-variables), you can define global variables: - -```ini -WOODPECKER_ENVIRONMENT=first_var:value1,second_var:value2 -``` - -Note that this tightly couples the server and app configurations (where the app is a completely separate application). But this is a good option for truly global variables which should apply to all steps in all pipelines for all apps. diff --git a/docs/versioned_docs/version-2.7/20-usage/project-settings.png b/docs/versioned_docs/version-2.7/20-usage/project-settings.png deleted file mode 100644 index fc29daac8..000000000 Binary files a/docs/versioned_docs/version-2.7/20-usage/project-settings.png and /dev/null differ diff --git a/docs/versioned_docs/version-2.7/30-administration/00-getting-started.md b/docs/versioned_docs/version-2.7/30-administration/00-getting-started.md deleted file mode 100644 index 8bb1b0a71..000000000 --- a/docs/versioned_docs/version-2.7/30-administration/00-getting-started.md +++ /dev/null @@ -1,59 +0,0 @@ -# Getting started - -A Woodpecker deployment consists of two parts: - -- A server which is the heart of Woodpecker and ships the web interface. -- Next to one server, you can deploy any number of agents which will run the pipelines. - -Each agent is able to process one [workflow](../20-usage/15-terminology/index.md) by default. If you have 4 agents installed and connected to the Woodpecker server, your system will process four workflows (not pipelines) in parallel. - -:::tip -You can add more agents to increase the number of parallel workflows or set the agent's `WOODPECKER_MAX_WORKFLOWS=1` environment variable to increase the number of parallel workflows per agent. -::: - -## Which version of Woodpecker should I use? - -Woodpecker is having two different kinds of releases: **stable** and **next**. - -Find more information about the different versions [here](/versions). - -## Hardware Requirements - -Below are minimal resources requirements for Woodpecker components itself: - -| Component | Memory | CPU | -| --------- | ------ | --- | -| Server | 200 MB | 1 | -| Agent | 32 MB | 1 | - -Note, that those values do not include the operating system or workload (pipelines execution) resource consumption. - -In addition you need at least some kind of database which requires additional resources depending on the selected database system. - -## Installation - -You can install Woodpecker on multiple ways. If you are not sure which one to choose, we recommend using the [docker-compose](./05-deployment-methods/10-docker-compose.md) method for the beginning: - -- Using [docker-compose](./05-deployment-methods/10-docker-compose.md) with the official [container images](./05-deployment-methods/10-docker-compose.md#docker-images) -- Using [Kubernetes](./05-deployment-methods/20-kubernetes.md) via the Woodpecker Helm chart -- Using binaries, DEBs or RPMs you can download from [latest release](https://github.com/woodpecker-ci/woodpecker/releases/latest) -- Or using a [third-party installation method](./05-deployment-methods/30-third-party.md) - -## Database - -By default Woodpecker uses a SQLite database which requires zero installation or configuration. See the [database settings](./10-database.md) page if you want to use a different database system like MySQL or PostgreSQL. - -## Forge - -What would be a CI/CD system without any code? By connecting Woodpecker to your [forge](../20-usage/15-terminology/index.md) like GitHub or Gitea you can start running pipelines on events like pushes or pull requests. Woodpecker will also use your forge for authentication and to report back the status of your pipelines. See the [forge settings](./11-forges/11-overview.md) to connect it to Woodpecker. - -## Configuration - -Check the [server configuration](./10-server-config.md) and [agent configuration](./15-agent-config.md) pages to see if you need to adjust any additional parts and after that you should be ready to start with [your first pipeline](../20-usage/10-intro.md). - -## Agent - -The agent is the worker which executes the [workflows](../20-usage/15-terminology/index.md). -Woodpecker agents can execute work using a [backend](../20-usage/15-terminology/index.md) like [docker](./22-backends/10-docker.md) or [kubernetes](./22-backends/40-kubernetes.md). -By default if you choose to deploy an agent using [docker-compose](./05-deployment-methods/10-docker-compose.md) the agent simply use docker for the backend as well. -So nothing to worry about here. If you still prefer to adjust the agent to your needs, check the [agent configuration](./15-agent-config.md) page. diff --git a/docs/versioned_docs/version-2.7/30-administration/05-deployment-methods/10-docker-compose.md b/docs/versioned_docs/version-2.7/30-administration/05-deployment-methods/10-docker-compose.md deleted file mode 100644 index 5af7e85fc..000000000 --- a/docs/versioned_docs/version-2.7/30-administration/05-deployment-methods/10-docker-compose.md +++ /dev/null @@ -1,147 +0,0 @@ -# docker-compose - -The below [docker-compose](https://docs.docker.com/compose/) configuration can be used to start a Woodpecker server with a single agent. - -It relies on a number of environment variables that you must set before running `docker-compose up`. The variables are described below. - -```yaml title="docker-compose.yaml" -version: '3' - -services: - woodpecker-server: - image: woodpeckerci/woodpecker-server:latest - ports: - - 8000:8000 - volumes: - - woodpecker-server-data:/var/lib/woodpecker/ - environment: - - WOODPECKER_OPEN=true - - WOODPECKER_HOST=${WOODPECKER_HOST} - - WOODPECKER_GITHUB=true - - WOODPECKER_GITHUB_CLIENT=${WOODPECKER_GITHUB_CLIENT} - - WOODPECKER_GITHUB_SECRET=${WOODPECKER_GITHUB_SECRET} - - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} - - woodpecker-agent: - image: woodpeckerci/woodpecker-agent:latest - command: agent - restart: always - depends_on: - - woodpecker-server - volumes: - - woodpecker-agent-config:/etc/woodpecker - - /var/run/docker.sock:/var/run/docker.sock - environment: - - WOODPECKER_SERVER=woodpecker-server:9000 - - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} - -volumes: - woodpecker-server-data: - woodpecker-agent-config: -``` - -Woodpecker needs to know its own address. You must therefore provide the public address of it in `://` format. Please omit trailing slashes: - -```diff title="docker-compose.yaml" - version: '3' - - services: - woodpecker-server: - [...] - environment: - - [...] -+ - WOODPECKER_HOST=${WOODPECKER_HOST} -``` - -Woodpecker can also have its port's configured. It uses a separate port for gRPC and for HTTP. The agent performs gRPC calls and connects to the gRPC port. -They can be configured with `*_ADDR` variables: - -```diff title="docker-compose.yaml" - version: '3' - services: - woodpecker-server: - [...] - environment: - - [...] -+ - WOODPECKER_GRPC_ADDR=${WOODPECKER_GRPC_ADDR} -+ - WOODPECKER_SERVER_ADDR=${WOODPECKER_HTTP_ADDR} -``` - -Reverse proxying can also be [configured for gRPC](../40-advanced/10-proxy.md#caddy). If the agents are connecting over the internet, it should also be SSL encrypted. The agent then needs to be configured to be secure: - -```diff title="docker-compose.yaml" - version: '3' - services: - woodpecker-server: - [...] - environment: - - [...] -+ - WOODPECKER_GRPC_SECURE=true # defaults to false -+ - WOODPECKER_GRPC_VERIFY=true # default -``` - -As agents run pipeline steps as docker containers they require access to the host machine's Docker daemon: - -```diff title="docker-compose.yaml" - version: '3' - - services: - [...] - woodpecker-agent: - [...] -+ volumes: -+ - /var/run/docker.sock:/var/run/docker.sock -``` - -Agents require the server address for agent-to-server communication. The agent connects to the server's gRPC port: - -```diff title="docker-compose.yaml" - version: '3' - - services: - woodpecker-agent: - [...] - environment: -+ - WOODPECKER_SERVER=woodpecker-server:9000 -``` - -The server and agents use a shared secret to authenticate communication. This should be a random string of your choosing and should be kept private. You can generate such string with `openssl rand -hex 32`: - -```diff title="docker-compose.yaml" - version: '3' - - services: - woodpecker-server: - [...] - environment: - - [...] -+ - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} - woodpecker-agent: - [...] - environment: - - [...] -+ - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} -``` - -## Docker images - -Image variants: - -- The `latest` image is the latest stable release -- The `vX.X.X` images are stable releases -- The `vX.X` images are based on the current release branch (e.g. `release/v1.0`) and can be used to get bugfixes asap -- The `next` images are based on the current `main` branch - -```bash -# server -docker pull woodpeckerci/woodpecker-server:latest -docker pull woodpeckerci/woodpecker-server:latest-alpine - -# agent -docker pull woodpeckerci/woodpecker-agent:latest -docker pull woodpeckerci/woodpecker-agent:latest-alpine - -# cli -docker pull woodpeckerci/woodpecker-cli:latest -docker pull woodpeckerci/woodpecker-cli:latest-alpine -``` diff --git a/docs/versioned_docs/version-2.7/30-administration/05-deployment-methods/20-kubernetes.md b/docs/versioned_docs/version-2.7/30-administration/05-deployment-methods/20-kubernetes.md deleted file mode 100644 index f931c3e78..000000000 --- a/docs/versioned_docs/version-2.7/30-administration/05-deployment-methods/20-kubernetes.md +++ /dev/null @@ -1,9 +0,0 @@ -# Kubernetes - -We recommended to deploy Woodpecker using the [Woodpecker helm chart](https://github.com/woodpecker-ci/helm). -Have a look at the [`values.yaml`](https://github.com/woodpecker-ci/helm/blob/main/charts/woodpecker/values.yaml) config files for all available settings. - -The chart contains two subcharts, `server` and `agent` which are automatically configured as needed. -The chart started off with two independent charts but was merged into one to simplify the deployment at start of 2023. - -A couple of backend-specific config env vars exists which are described in the [kubernetes backend docs](../22-backends/40-kubernetes.md). diff --git a/docs/versioned_docs/version-2.7/30-administration/05-deployment-methods/30-third-party.md b/docs/versioned_docs/version-2.7/30-administration/05-deployment-methods/30-third-party.md deleted file mode 100644 index acad9c0fd..000000000 --- a/docs/versioned_docs/version-2.7/30-administration/05-deployment-methods/30-third-party.md +++ /dev/null @@ -1,12 +0,0 @@ -# Third-party installation methods - -:::info -These installation methods are not officially supported. If you experience issues with them, please open issues in the specific repositories. -::: - -- [Using NixOS](./40-nixos.md) via the [NixOS module](https://search.nixos.org/options?channel=unstable&size=200&sort=relevance&query=woodpecker) -- [On Alpine Edge](https://pkgs.alpinelinux.org/packages?name=woodpecker&branch=edge&repo=&arch=&maintainer=) -- [On Arch Linux](https://archlinux.org/packages/?q=woodpecker) -- [On openSUSE](https://software.opensuse.org/package/woodpecker) -- [Using YunoHost](https://apps.yunohost.org/app/woodpecker) -- [On Cloudron](https://www.cloudron.io/store/org.woodpecker_ci.cloudronapp.html) diff --git a/docs/versioned_docs/version-2.7/30-administration/05-deployment-methods/40-nixos.md b/docs/versioned_docs/version-2.7/30-administration/05-deployment-methods/40-nixos.md deleted file mode 100644 index ce490ab4e..000000000 --- a/docs/versioned_docs/version-2.7/30-administration/05-deployment-methods/40-nixos.md +++ /dev/null @@ -1,88 +0,0 @@ -# NixOS - -:::info -Note that this module is not maintained by the Woodpecker developers. -If you experience issues please open a bug report in the [nixpkgs repo](https://github.com/NixOS/nixpkgs/issues/new/choose) where the module is maintained. -::: - -The NixOS install is in theory quite similar to the binary install and supports multiple backends. -In practice, the settings are specified declaratively in the NixOS configuration and no manual steps need to be taken. - -## General Configuration - -```nix -{ config -, ... -}: -let - domain = "woodpecker.example.org"; -in -{ - # This automatically sets up certificates via let's encrypt - security.acme.defaults.email = "acme@example.com"; - security.acme.acceptTerms = true; - security.acme.certs."${domain}" = { }; - - # Setting up a nginx proxy that handles tls for us - networking.firewall.allowedTCPPorts = [ 80 443 ]; - services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:3007"; - }; - }; - }; - - services.woodpecker-server = { - enable = true; - environment = { - WOODPECKER_HOST = "https://${domain}"; - WOODPECKER_SERVER_ADDR = ":3007"; - WOODPECKER_OPEN = "true"; - }; - # You can pass a file with env vars to the system it could look like: - # WOODPECKER_AGENT_SECRET=XXXXXXXXXXXXXXXXXXXXXX - environmentFile = "/path/to/my/secrets/file"; - }; - - # This sets up a woodpecker agent - services.woodpecker-agents.agents."docker" = { - enable = true; - # We need this to talk to the podman socket - extraGroups = [ "podman" ]; - environment = { - WOODPECKER_SERVER = "localhost:9000"; - WOODPECKER_MAX_WORKFLOWS = "4"; - DOCKER_HOST = "unix:///run/podman/podman.sock"; - WOODPECKER_BACKEND = "docker"; - }; - # Same as with woodpecker-server - environmentFile = [ "/var/lib/secrets/woodpecker.env" ]; - }; - - # Here we setup podman and enable dns - virtualisation.podman = { - enable = true; - defaultNetwork.settings = { - dns_enabled = true; - }; - }; - # This is needed for podman to be able to talk over dns - networking.firewall.interfaces."podman0" = { - allowedUDPPorts = [ 53 ]; - allowedTCPPorts = [ 53 ]; - }; -} -``` - -All configuration options can be found via [NixOS Search](https://search.nixos.org/options?channel=unstable&size=200&sort=relevance&query=woodpecker) - -## Tips and tricks - -There are some resources on how to utilize Woodpecker more effectively with NixOS on the [Awesome Woodpecker](../../92-awesome.md) page, like using the runners nix-store in the pipeline. diff --git a/docs/versioned_docs/version-2.7/30-administration/10-database.md b/docs/versioned_docs/version-2.7/30-administration/10-database.md deleted file mode 100644 index e3e33ba7d..000000000 --- a/docs/versioned_docs/version-2.7/30-administration/10-database.md +++ /dev/null @@ -1,53 +0,0 @@ -# Databases - -The default database engine of Woodpecker is an embedded SQLite database which requires zero installation or configuration. But you can replace it with a MySQL/MariaDB or Postgres database. - -## Configure SQLite - -By default Woodpecker uses a SQLite database stored under `/var/lib/woodpecker/`. If using containers, you can mount a [data volume](https://docs.docker.com/storage/volumes/#create-and-manage-volumes) to persist the SQLite database. - -```diff title="docker-compose.yaml" - version: '3' - - services: - woodpecker-server: - [...] -+ volumes: -+ - woodpecker-server-data:/var/lib/woodpecker/ -``` - -## Configure MySQL/MariaDB - -The below example demonstrates MySQL database configuration. See the official driver [documentation](https://github.com/go-sql-driver/mysql#dsn-data-source-name) for configuration options and examples. -The minimum version of MySQL/MariaDB required is determined by the `go-sql-driver/mysql` - see [it's README](https://github.com/go-sql-driver/mysql#requirements) for more information. - -```ini -WOODPECKER_DATABASE_DRIVER=mysql -WOODPECKER_DATABASE_DATASOURCE=root:password@tcp(1.2.3.4:3306)/woodpecker?parseTime=true -``` - -## Configure Postgres - -The below example demonstrates Postgres database configuration. See the official driver [documentation](https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-CONNSTRING) for configuration options and examples. -Please use Postgres versions equal or higher than **11**. - -```ini -WOODPECKER_DATABASE_DRIVER=postgres -WOODPECKER_DATABASE_DATASOURCE=postgres://root:password@1.2.3.4:5432/postgres?sslmode=disable -``` - -## Database Creation - -Woodpecker does not create your database automatically. If you are using the MySQL or Postgres driver you will need to manually create your database using `CREATE DATABASE`. - -## Database Migration - -Woodpecker automatically handles database migration, including the initial creation of tables and indexes. New versions of Woodpecker will automatically upgrade the database unless otherwise specified in the release notes. - -## Database Backups - -Woodpecker does not perform database backups. This should be handled by separate third party tools provided by your database vendor of choice. - -## Database Archiving - -Woodpecker does not perform data archival; it considered out-of-scope for the project. Woodpecker is rather conservative with the amount of data it stores, however, you should expect the database logs to grow the size of your database considerably. diff --git a/docs/versioned_docs/version-2.7/30-administration/10-server-config.md b/docs/versioned_docs/version-2.7/30-administration/10-server-config.md deleted file mode 100644 index 69bd2bb7d..000000000 --- a/docs/versioned_docs/version-2.7/30-administration/10-server-config.md +++ /dev/null @@ -1,578 +0,0 @@ ---- -toc_max_heading_level: 2 ---- - -# Server configuration - -## User registration - -Woodpecker does not have its own user registry; users are provided from your [forge](./11-forges/11-overview.md) (using OAuth2). - -Registration is closed by default (`WOODPECKER_OPEN=false`). If registration is open (`WOODPECKER_OPEN=true`) then every user with an account at the configured forge can login to Woodpecker. - -To open registration: - -```ini -WOODPECKER_OPEN=true -``` - -You can **also restrict** registration, by keep registration closed and: - -- **adding** new **users manually** via the CLI: `woodpecker-cli user add` -- allowing specific **admin users** via the `WOODPECKER_ADMIN` setting -- by open registration and **filter by organization** membership through the `WOODPECKER_ORGS` setting - -### Close registration, but allow specific admin users - -```ini -WOODPECKER_OPEN=false -WOODPECKER_ADMIN=johnsmith,janedoe -``` - -### Only allow registration of users, who are members of approved organizations - -```ini -WOODPECKER_OPEN=true -WOODPECKER_ORGS=dolores,dogpatch -``` - -## Administrators - -Administrators should also be enumerated in your configuration. - -```ini -WOODPECKER_ADMIN=johnsmith,janedoe -``` - -## Filtering repositories - -Woodpecker operates with the user's OAuth permission. Due to the coarse permission handling of GitHub, you may end up syncing more repos into Woodpecker than preferred. - -Use the `WOODPECKER_REPO_OWNERS` variable to filter which GitHub user's repos should be synced only. You typically want to put here your company's GitHub name. - -```ini -WOODPECKER_REPO_OWNERS=mycompany,mycompanyossgithubuser -``` - -## Global registry setting - -If you want to make available a specific private registry to all pipelines, use the `WOODPECKER_DOCKER_CONFIG` server configuration. -Point it to your server's docker config. - -```ini -WOODPECKER_DOCKER_CONFIG=/root/.docker/config.json -``` - -## Handling sensitive data in docker-compose and docker-swarm - -To handle sensitive data in docker-compose or docker-swarm configurations there are several options: - -For docker-compose you can use a `.env` file next to your compose configuration to store the secrets outside of the compose file. While this separates configuration from secrets it is still not very secure. - -Alternatively use docker-secrets. As it may be difficult to use docker secrets for environment variables Woodpecker allows to read sensible data from files by providing a `*_FILE` option of all sensible configuration variables. Woodpecker will try to read the value directly from this file. Keep in mind that when the original environment variable gets specified at the same time it will override the value read from the file. - -```diff title="docker-compose.yaml" - version: '3' - - services: - woodpecker-server: - [...] - environment: - - [...] -+ - WOODPECKER_AGENT_SECRET_FILE=/run/secrets/woodpecker-agent-secret -+ secrets: -+ - woodpecker-agent-secret -+ -+ secrets: -+ woodpecker-agent-secret: -+ external: true -``` - -Store a value to a docker secret like this: - -```bash -echo "my_agent_secret_key" | docker secret create woodpecker-agent-secret - -``` - -or generate a random one like this: - -```bash -openssl rand -hex 32 | docker secret create woodpecker-agent-secret - -``` - -## Custom JavaScript and CSS - -Woodpecker supports custom JS and CSS files. -These files must be present in the server's filesystem. -They can be backed in a Docker image or mounted from a ConfigMap inside a Kubernetes environment. -The configuration variables are independent of each other, which means it can be just one file present, or both. - -```ini -WOODPECKER_CUSTOM_CSS_FILE=/usr/local/www/woodpecker.css -WOODPECKER_CUSTOM_JS_FILE=/usr/local/www/woodpecker.js -``` - -The examples below show how to place a banner message in the top navigation bar of Woodpecker. - -### `woodpecker.css` - -```css -.banner-message { - position: absolute; - width: 280px; - height: 40px; - margin-left: 240px; - margin-top: 5px; - padding-top: 5px; - font-weight: bold; - background: red no-repeat; - text-align: center; -} -``` - -### `woodpecker.js` - -```javascript -// place/copy a minified version of jQuery or ZeptoJS here ... -!(function () { - 'use strict'; - function e() {} /*...*/ -})(); - -$().ready(function () { - $('.app nav img').first().htmlAfter(""); -}); -``` - -## All server configuration options - -The following list describes all available server configuration options. - -### `WOODPECKER_LOG_LEVEL` - -> Default: empty - -Configures the logging level. Possible values are `trace`, `debug`, `info`, `warn`, `error`, `fatal`, `panic`, `disabled` and empty. - -### `WOODPECKER_LOG_FILE` - -> Default: `stderr` - -Output destination for logs. -'stdout' and 'stderr' can be used as special keywords. - -### `WOODPECKER_LOG_XORM` - -> Default: `false` - -Enable XORM logs. - -### `WOODPECKER_LOG_XORM_SQL` - -> Default: `false` - -Enable XORM SQL command logs. - -### `WOODPECKER_DEBUG_PRETTY` - -> Default: `false` - -Enable pretty-printed debug output. - -### `WOODPECKER_DEBUG_NOCOLOR` - -> Default: `true` - -Disable colored debug output. - -### `WOODPECKER_HOST` - -> Default: empty - -Server fully qualified URL of the user-facing hostname, port (if not default for HTTP/HTTPS) and path prefix. - -Examples: - -- `WOODPECKER_HOST=http://woodpecker.example.org` -- `WOODPECKER_HOST=http://example.org/woodpecker` -- `WOODPECKER_HOST=http://example.org:1234/woodpecker` - -### `WOODPECKER_WEBHOOK_HOST` - -> Default: value from `WOODPECKER_HOST` config env - -Server fully qualified URL of the Webhook-facing hostname and path prefix. - -Example: `WOODPECKER_WEBHOOK_HOST=http://woodpecker-server.cicd.svc.cluster.local:8000` - -### `WOODPECKER_SERVER_ADDR` - -> Default: `:8000` - -Configures the HTTP listener port. - -### `WOODPECKER_SERVER_ADDR_TLS` - -> Default: `:443` - -Configures the HTTPS listener port when SSL is enabled. - -### `WOODPECKER_SERVER_CERT` - -> Default: empty - -Path to an SSL certificate used by the server to accept HTTPS requests. - -Example: `WOODPECKER_SERVER_CERT=/path/to/cert.pem` - -### `WOODPECKER_SERVER_KEY` - -> Default: empty - -Path to an SSL certificate key used by the server to accept HTTPS requests. - -Example: `WOODPECKER_SERVER_KEY=/path/to/key.pem` - -### `WOODPECKER_CUSTOM_CSS_FILE` - -> Default: empty - -File path for the server to serve a custom .CSS file, used for customizing the UI. -Can be used for showing banner messages, logos, or environment-specific hints (a.k.a. white-labeling). -The file must be UTF-8 encoded, to ensure all special characters are preserved. - -Example: `WOODPECKER_CUSTOM_CSS_FILE=/usr/local/www/woodpecker.css` - -### `WOODPECKER_CUSTOM_JS_FILE` - -> Default: empty - -File path for the server to serve a custom .JS file, used for customizing the UI. -Can be used for showing banner messages, logos, or environment-specific hints (a.k.a. white-labeling). -The file must be UTF-8 encoded, to ensure all special characters are preserved. - -Example: `WOODPECKER_CUSTOM_JS_FILE=/usr/local/www/woodpecker.js` - -### `WOODPECKER_LETS_ENCRYPT` - -> Default: `false` - -Automatically generates an SSL certificate using Let's Encrypt, and configures the server to accept HTTPS requests. - -### `WOODPECKER_GRPC_ADDR` - -> Default: `:9000` - -Configures the gRPC listener port. - -### `WOODPECKER_GRPC_SECRET` - -> Default: `secret` - -Configures the gRPC JWT secret. - -### `WOODPECKER_GRPC_SECRET_FILE` - -> Default: empty - -Read the value for `WOODPECKER_GRPC_SECRET` from the specified filepath. - -### `WOODPECKER_METRICS_SERVER_ADDR` - -> Default: empty - -Configures an unprotected metrics endpoint. An empty value disables the metrics endpoint completely. - -Example: `:9001` - -### `WOODPECKER_ADMIN` - -> Default: empty - -Comma-separated list of admin accounts. - -Example: `WOODPECKER_ADMIN=user1,user2` - -### `WOODPECKER_ORGS` - -> Default: empty - -Comma-separated list of approved organizations. - -Example: `org1,org2` - -### `WOODPECKER_REPO_OWNERS` - -> Default: empty - -Repositories by those owners will be allowed to be used in woodpecker. - -Example: `user1,user2` - -### `WOODPECKER_OPEN` - -> Default: `false` - -Enable to allow user registration. - -### `WOODPECKER_AUTHENTICATE_PUBLIC_REPOS` - -> Default: `false` - -Always use authentication to clone repositories even if they are public. Needed if the forge requires to always authenticate as used by many companies. - -### `WOODPECKER_DEFAULT_CANCEL_PREVIOUS_PIPELINE_EVENTS` - -> Default: `pull_request, push` - -List of event names that will be canceled when a new pipeline for the same context (tag, branch) is created. - -### `WOODPECKER_DEFAULT_CLONE_IMAGE` - -> Default is defined in [shared/constant/constant.go](https://github.com/woodpecker-ci/woodpecker/blob/main/shared/constant/constant.go) - -The default docker image to be used when cloning the repo - -### `WOODPECKER_DEFAULT_PIPELINE_TIMEOUT` - -> 60 (minutes) - -The default time for a repo in minutes before a pipeline gets killed - -### `WOODPECKER_MAX_PIPELINE_TIMEOUT` - -> 120 (minutes) - -The maximum time in minutes you can set in the repo settings before a pipeline gets killed - -### `WOODPECKER_SESSION_EXPIRES` - -> Default: `72h` - -Configures the session expiration time. -Context: when someone does log into Woodpecker, a temporary session token is created. -As long as the session is valid (until it expires or log-out), -a user can log into Woodpecker, without re-authentication. - -### `WOODPECKER_ESCALATE` - -> Defaults are defined in [shared/constant/constant.go](https://github.com/woodpecker-ci/woodpecker/blob/main/shared/constant/constant.go) - -Docker images to run in privileged mode. Only change if you are sure what you do! - - - -### `WOODPECKER_DOCKER_CONFIG` - -> Default: empty - -Configures a specific private registry config for all pipelines. - -Example: `WOODPECKER_DOCKER_CONFIG=/home/user/.docker/config.json` - - - -### `WOODPECKER_AGENT_SECRET` - -> Default: empty - -A shared secret used by server and agents to authenticate communication. A secret can be generated by `openssl rand -hex 32`. - -### `WOODPECKER_AGENT_SECRET_FILE` - -> Default: empty - -Read the value for `WOODPECKER_AGENT_SECRET` from the specified filepath - -### `WOODPECKER_KEEPALIVE_MIN_TIME` - -> Default: empty - -Server-side enforcement policy on the minimum amount of time a client should wait before sending a keepalive ping. - -Example: `WOODPECKER_KEEPALIVE_MIN_TIME=10s` - -### `WOODPECKER_DATABASE_DRIVER` - -> Default: `sqlite3` - -The database driver name. Possible values are `sqlite3`, `mysql` or `postgres`. - -### `WOODPECKER_DATABASE_DATASOURCE` - -> Default: `woodpecker.sqlite` if not running inside a container, `/var/lib/woodpecker/woodpecker.sqlite` if running inside a container - -The database connection string. The default value is the path of the embedded SQLite database file. - -Example: - -```bash -# MySQL -# https://github.com/go-sql-driver/mysql#dsn-data-source-name -WOODPECKER_DATABASE_DATASOURCE=root:password@tcp(1.2.3.4:3306)/woodpecker?parseTime=true - -# PostgreSQL -# https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-CONNSTRING -WOODPECKER_DATABASE_DATASOURCE=postgres://root:password@1.2.3.4:5432/woodpecker?sslmode=disable -``` - -### `WOODPECKER_DATABASE_DATASOURCE_FILE` - -> Default: empty - -Read the value for `WOODPECKER_DATABASE_DATASOURCE` from the specified filepath - -### `WOODPECKER_PROMETHEUS_AUTH_TOKEN` - -> Default: empty - -Token to secure the Prometheus metrics endpoint. -Must be set to enable the endpoint. - -### `WOODPECKER_PROMETHEUS_AUTH_TOKEN_FILE` - -> Default: empty - -Read the value for `WOODPECKER_PROMETHEUS_AUTH_TOKEN` from the specified filepath - -### `WOODPECKER_STATUS_CONTEXT` - -> Default: `ci/woodpecker` - -Context prefix Woodpecker will use to publish status messages to SCM. You probably will only need to change it if you run multiple Woodpecker instances for a single repository. - -### `WOODPECKER_STATUS_CONTEXT_FORMAT` - -> Default: `{{ .context }}/{{ .event }}/{{ .workflow }}{{if not (eq .axis_id 0)}}/{{.axis_id}}{{end}}` - -Template for the status messages published to forges, uses [Go templates](https://pkg.go.dev/text/template) as template language. -Supported variables: - -- `context`: Woodpecker's context (see `WOODPECKER_STATUS_CONTEXT`) -- `event`: the event which started the pipeline -- `workflow`: the workflow's name -- `owner`: the repo's owner -- `repo`: the repo's name - ---- - -### `WOODPECKER_LIMIT_MEM_SWAP` - -> Default: `0` - -The maximum amount of memory a single pipeline container is allowed to swap to disk, configured in bytes. There is no limit if `0`. - -### `WOODPECKER_LIMIT_MEM` - -> Default: `0` - -The maximum amount of memory a single pipeline container can use, configured in bytes. There is no limit if `0`. - -### `WOODPECKER_LIMIT_SHM_SIZE` - -> Default: `0` - -The maximum amount of memory of `/dev/shm` allowed in bytes. There is no limit if `0`. - -### `WOODPECKER_LIMIT_CPU_QUOTA` - -> Default: `0` - -The number of microseconds per CPU period that the container is limited to before throttled. There is no limit if `0`. - -### `WOODPECKER_LIMIT_CPU_SHARES` - -> Default: `0` - -The relative weight vs. other containers. - -### `WOODPECKER_LIMIT_CPU_SET` - -> Default: empty - -Comma-separated list to limit the specific CPUs or cores a pipeline container can use. - -Example: `WOODPECKER_LIMIT_CPU_SET=1,2` - -### `WOODPECKER_CONFIG_SERVICE_ENDPOINT` - -> Default: empty - -Specify a configuration service endpoint, see [Configuration Extension](./40-advanced/100-external-configuration-api.md) - -### `WOODPECKER_FORGE_TIMEOUT` - -> Default: 3s - -Specify timeout when fetching the Woodpecker configuration from forge. See for syntax reference. - -### `WOODPECKER_FORGE_RETRY` - -> Default: 3 - -Specify how many retries of fetching the Woodpecker configuration from a forge are done before we fail. - -### `WOODPECKER_ENABLE_SWAGGER` - -> Default: true - -Enable the Swagger UI for API documentation. - -### `WOODPECKER_DISABLE_VERSION_CHECK` - -> Default: false - -Disable version check in admin web UI. - -### `WOODPECKER_LOG_STORE` - -> Default: `database` - -Where to store logs. Possible values: `database` or `file`. - -### `WOODPECKER_LOG_STORE_FILE_PATH` - -> Default empty - -Directory to store logs in if [`WOODPECKER_LOG_STORE`](#woodpecker_log_store) is `file`. - ---- - -### `WOODPECKER_GITHUB_...` - -See [GitHub configuration](./11-forges/20-github.md#configuration) - -### `WOODPECKER_GITEA_...` - -See [Gitea configuration](./11-forges/30-gitea.md#configuration) - -### `WOODPECKER_BITBUCKET_...` - -See [Bitbucket configuration](./11-forges/50-bitbucket.md#configuration) - -### `WOODPECKER_GITLAB_...` - -See [GitLab configuration](./11-forges/40-gitlab.md#configuration) - -### `WOODPECKER_ADDON_FORGE` - -See [addon forges](./11-forges/100-addon.md). diff --git a/docs/versioned_docs/version-2.7/30-administration/11-forges/11-overview.md b/docs/versioned_docs/version-2.7/30-administration/11-forges/11-overview.md deleted file mode 100644 index ba45adf87..000000000 --- a/docs/versioned_docs/version-2.7/30-administration/11-forges/11-overview.md +++ /dev/null @@ -1,13 +0,0 @@ -# Forges - -## Supported features - -| Feature | [GitHub](20-github.md) | [Gitea](30-gitea.md) | [Forgejo](35-forgejo.md) | [Gitlab](40-gitlab.md) | [Bitbucket](50-bitbucket.md) | [Bitbucket Datacenter](60-bitbucket_datacenter.md) | -| ------------------------------------------------------------- | :--------------------: | :------------------: | :----------------------: | :--------------------: | :--------------------------: | :------------------------------------------------: | -| Event: Push | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| Event: Tag | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| Event: Pull-Request | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| Event: Release | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | -| Event: Deploy | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | -| [Multiple workflows](../../20-usage/25-workflows.md) | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| [when.path filter](../../20-usage/20-workflow-syntax.md#path) | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | diff --git a/docs/versioned_docs/version-2.7/30-administration/22-backends/10-docker.md b/docs/versioned_docs/version-2.7/30-administration/22-backends/10-docker.md deleted file mode 100644 index faa9e3d91..000000000 --- a/docs/versioned_docs/version-2.7/30-administration/22-backends/10-docker.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -toc_max_heading_level: 2 ---- - -# Docker backend - -This is the original backend used with Woodpecker. The docker backend executes each step inside a separate container started on the agent. - -## Docker credentials - -Woodpecker supports [Docker credentials](https://github.com/docker/docker-credential-helpers) to securely store registry credentials. Install your corresponding credential helper and configure it in your Docker config file passed via [`WOODPECKER_DOCKER_CONFIG`](../10-server-config.md#woodpecker_docker_config). - -To add your credential helper to the Woodpecker server container you could use the following code to build a custom image: - -```dockerfile -FROM woodpeckerci/woodpecker-server:latest-alpine - -RUN apk add -U --no-cache docker-credential-ecr-login -``` - -## Podman support - -While the agent was developed with Docker/Moby, Podman can also be used by setting the environment variable `DOCKER_HOST` to point to the Podman socket. In order to work without workarounds, Podman 4.0 (or above) is required. - -## Image cleanup - -The agent **will not** automatically remove images from the host. This task should be managed by the host system. For example, you can use a cron job to periodically do clean-up tasks for the CI runner. - -:::danger -The following commands **are destructive** and **irreversible** it is highly recommended that you test these commands on your system before running them in production via a cron job or other automation. -::: - -### Remove all unused images - -```bash -docker image rm $(docker images --filter "dangling=true" -q --no-trunc) -``` - -### Remove Woodpecker volumes - -```bash -docker volume rm $(docker volume ls --filter name=^wp_* --filter dangling=true -q) -``` - -## Configuration - -### `WOODPECKER_BACKEND_DOCKER_NETWORK` - -> Default: empty - -Set to the name of an existing network which will be attached to all your pipeline containers (steps). Please be careful as this allows the containers of different pipelines to access each other! - -### `WOODPECKER_BACKEND_DOCKER_ENABLE_IPV6` - -> Default: `false` - -Enable IPv6 for the networks used by pipeline containers (steps). Make sure you configured your docker daemon to support IPv6. - -### `WOODPECKER_BACKEND_DOCKER_VOLUMES` - -> Default: empty - -List of default volumes separated by comma to be mounted to all pipeline containers (steps). For example to use custom CA -certificates installed on host and host timezone use `/etc/ssl/certs:/etc/ssl/certs:ro,/etc/timezone:/etc/timezone`. diff --git a/docs/versioned_docs/version-2.7/30-administration/22-backends/50-custom-backends.md b/docs/versioned_docs/version-2.7/30-administration/22-backends/50-custom-backends.md deleted file mode 100644 index a35a4f1ee..000000000 --- a/docs/versioned_docs/version-2.7/30-administration/22-backends/50-custom-backends.md +++ /dev/null @@ -1,23 +0,0 @@ -# Custom backends - -If none of our backends fits your usecase, you can write your own. - -Therefore, implement the interface `"go.woodpecker-ci.org/woodpecker/woodpecker/v2/pipeline/backend/types".Backend` and -build a custom agent using your backend with this `main.go`: - -```go -package main - -import ( - "go.woodpecker-ci.org/woodpecker/v2/cmd/agent/core" - backendTypes "go.woodpecker-ci.org/woodpecker/v2/pipeline/backend/types" -) - -func main() { - core.RunAgent([]backendTypes.Backend{ - yourBackend, - }) -} -``` - -It is also possible to use multiple backends, you can select with [`WOODPECKER_BACKEND`](../15-agent-config.md#woodpecker_backend) between them. diff --git a/docs/versioned_docs/version-2.7/30-administration/40-advanced/10-proxy.md b/docs/versioned_docs/version-2.7/30-administration/40-advanced/10-proxy.md deleted file mode 100644 index 607cd8bd4..000000000 --- a/docs/versioned_docs/version-2.7/30-administration/40-advanced/10-proxy.md +++ /dev/null @@ -1,199 +0,0 @@ -# Proxy - -## Apache - -This guide provides a brief overview for installing Woodpecker server behind the Apache2 web-server. This is an example configuration: - -```apacheconf -ProxyPreserveHost On - -RequestHeader set X-Forwarded-Proto "https" - -ProxyPass / http://127.0.0.1:8000/ -ProxyPassReverse / http://127.0.0.1:8000/ -``` - -You must have these Apache modules installed: - -- `proxy` -- `proxy_http` - -You must configure Apache to set `X-Forwarded-Proto` when using https. - -```diff - ProxyPreserveHost On - -+RequestHeader set X-Forwarded-Proto "https" - - ProxyPass / http://127.0.0.1:8000/ - ProxyPassReverse / http://127.0.0.1:8000/ -``` - -## Nginx - -This guide provides a basic overview for installing Woodpecker server behind the Nginx web-server. For more advanced configuration options please consult the official Nginx [documentation](https://docs.nginx.com/nginx/admin-guide). - -Example configuration: - -```nginx -server { - listen 80; - server_name woodpecker.example.com; - - location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - - proxy_pass http://127.0.0.1:8000; - proxy_redirect off; - proxy_http_version 1.1; - proxy_buffering off; - - chunked_transfer_encoding off; - } -} -``` - -You must configure the proxy to set `X-Forwarded` proxy headers: - -```diff - server { - listen 80; - server_name woodpecker.example.com; - - location / { -+ proxy_set_header X-Forwarded-For $remote_addr; -+ proxy_set_header X-Forwarded-Proto $scheme; - - proxy_pass http://127.0.0.1:8000; - proxy_redirect off; - proxy_http_version 1.1; - proxy_buffering off; - - chunked_transfer_encoding off; - } - } -``` - -## Caddy - -This guide provides a brief overview for installing Woodpecker server behind the [Caddy web-server](https://caddyserver.com/). This is an example caddyfile proxy configuration: - -```caddy -# expose WebUI and API -woodpecker.example.com { - reverse_proxy woodpecker-server:8000 -} - -# expose gRPC -woodpeckeragent.example.com { - reverse_proxy h2c://woodpecker-server:9000 -} -``` - -:::note -Above configuration shows how to create reverse-proxies for web and agent communication. If your agent uses SSL do not forget to enable [`WOODPECKER_GRPC_SECURE`](../15-agent-config.md#woodpecker_grpc_secure). -::: - -## Tunnelmole - -[Tunnelmole](https://github.com/robbie-cahill/tunnelmole-client) is an open source tunneling tool. - -Start by [installing tunnelmole](https://github.com/robbie-cahill/tunnelmole-client#installation). - -After the installation, run the following command to start tunnelmole: - -```bash -tmole 8000 -``` - -It will start a tunnel and will give a response like this: - -```bash -➜ ~ tmole 8000 -http://bvdo5f-ip-49-183-170-144.tunnelmole.net is forwarding to localhost:8000 -https://bvdo5f-ip-49-183-170-144.tunnelmole.net is forwarding to localhost:8000 -``` - -Set `WOODPECKER_HOST` to the Tunnelmole URL (`xxx.tunnelmole.net`) and start the server. - -## Ngrok - -[Ngrok](https://ngrok.com/) is a popular closed source tunnelling tool. After installing ngrok, open a new console and run the following command: - -```bash -ngrok http 8000 -``` - -Set `WOODPECKER_HOST` to the ngrok URL (usually xxx.ngrok.io) and start the server. - -## Traefik - -To install the Woodpecker server behind a [Traefik](https://traefik.io/) load balancer, you must expose both the `http` and the `gRPC` ports. Here is a comprehensive example, considering you are running Traefik with docker swarm and want to do TLS termination and automatic redirection from http to https. - -```yaml -version: '3.8' - -services: - server: - image: woodpeckerci/woodpecker-server:latest - environment: - - WOODPECKER_OPEN=true - - WOODPECKER_ADMIN=your_admin_user - # other settings ... - - networks: - - dmz # externally defined network, so that traefik can connect to the server - volumes: - - woodpecker-server-data:/var/lib/woodpecker/ - - deploy: - labels: - - traefik.enable=true - - # web server - - traefik.http.services.woodpecker-service.loadbalancer.server.port=8000 - - - traefik.http.routers.woodpecker-secure.rule=Host(`cd.yourdomain.com`) - - traefik.http.routers.woodpecker-secure.tls=true - - traefik.http.routers.woodpecker-secure.tls.certresolver=letsencrypt - - traefik.http.routers.woodpecker-secure.entrypoints=websecure - - traefik.http.routers.woodpecker-secure.service=woodpecker-service - - - traefik.http.routers.woodpecker.rule=Host(`cd.yourdomain.com`) - - traefik.http.routers.woodpecker.entrypoints=web - - traefik.http.routers.woodpecker.service=woodpecker-service - - - traefik.http.middlewares.woodpecker-redirect.redirectscheme.scheme=https - - traefik.http.middlewares.woodpecker-redirect.redirectscheme.permanent=true - - traefik.http.routers.woodpecker.middlewares=woodpecker-redirect@docker - - # gRPC service - - traefik.http.services.woodpecker-grpc.loadbalancer.server.port=9000 - - traefik.http.services.woodpecker-grpc.loadbalancer.server.scheme=h2c - - - traefik.http.routers.woodpecker-grpc-secure.rule=Host(`woodpecker-grpc.yourdomain.com`) - - traefik.http.routers.woodpecker-grpc-secure.tls=true - - traefik.http.routers.woodpecker-grpc-secure.tls.certresolver=letsencrypt - - traefik.http.routers.woodpecker-grpc-secure.entrypoints=websecure - - traefik.http.routers.woodpecker-grpc-secure.service=woodpecker-grpc - - - traefik.http.routers.woodpecker-grpc.rule=Host(`woodpecker-grpc.yourdomain.com`) - - traefik.http.routers.woodpecker-grpc.entrypoints=web - - traefik.http.routers.woodpecker-grpc.service=woodpecker-grpc - - - traefik.http.middlewares.woodpecker-grpc-redirect.redirectscheme.scheme=https - - traefik.http.middlewares.woodpecker-grpc-redirect.redirectscheme.permanent=true - - traefik.http.routers.woodpecker-grpc.middlewares=woodpecker-grpc-redirect@docker - -volumes: - woodpecker-server-data: - driver: local - -networks: - dmz: - external: true -``` - -You should pass `WOODPECKER_GRPC_SECURE=true` and `WOODPECKER_GRPC_VERIFY=true` to your agent when using this configuration. diff --git a/docs/versioned_docs/version-2.7/30-administration/40-advanced/100-external-configuration-api.md b/docs/versioned_docs/version-2.7/30-administration/40-advanced/100-external-configuration-api.md deleted file mode 100644 index f951b1478..000000000 --- a/docs/versioned_docs/version-2.7/30-administration/40-advanced/100-external-configuration-api.md +++ /dev/null @@ -1,104 +0,0 @@ -# External Configuration API - -To provide additional management and preprocessing capabilities for pipeline configurations Woodpecker supports an HTTP API which can be enabled to call an external config service. -Before the run or restart of any pipeline Woodpecker will make a POST request to an external HTTP API sending the current repository, build information and all current config files retrieved from the repository. The external API can then send back new pipeline configurations that will be used immediately or respond with `HTTP 204` to tell the system to use the existing configuration. - -Every request sent by Woodpecker is signed using a [http-signature](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures) by a private key (ed25519) generated on the first start of the Woodpecker server. You can get the public key for the verification of the http-signature from `http(s)://your-woodpecker-server/api/signature/public-key`. - -A simplistic example configuration service can be found here: [https://github.com/woodpecker-ci/example-config-service](https://github.com/woodpecker-ci/example-config-service) - -:::warning -You need to trust the external config service as it is getting secret information about the repository and pipeline and has the ability to change pipeline configs that could run malicious tasks. -::: - -## Config - -```ini title="Server" -WOODPECKER_CONFIG_SERVICE_ENDPOINT=https://example.com/ciconfig -``` - -### Example request made by Woodpecker - -```json -{ - "repo": { - "id": 100, - "uid": "", - "user_id": 0, - "namespace": "", - "name": "woodpecker-testpipe", - "slug": "", - "scm": "git", - "git_http_url": "", - "git_ssh_url": "", - "link": "", - "default_branch": "", - "private": true, - "visibility": "private", - "active": true, - "config": "", - "trusted": false, - "protected": false, - "ignore_forks": false, - "ignore_pulls": false, - "cancel_pulls": false, - "timeout": 60, - "counter": 0, - "synced": 0, - "created": 0, - "updated": 0, - "version": 0 - }, - "pipeline": { - "author": "myUser", - "author_avatar": "https://myforge.com/avatars/d6b3f7787a685fcdf2a44e2c685c7e03", - "author_email": "my@email.com", - "branch": "main", - "changed_files": ["somefilename.txt"], - "commit": "2fff90f8d288a4640e90f05049fe30e61a14fd50", - "created_at": 0, - "deploy_to": "", - "enqueued_at": 0, - "error": "", - "event": "push", - "finished_at": 0, - "id": 0, - "link_url": "https://myforge.com/myUser/woodpecker-testpipe/commit/2fff90f8d288a4640e90f05049fe30e61a14fd50", - "message": "test old config\n", - "number": 0, - "parent": 0, - "ref": "refs/heads/main", - "refspec": "", - "clone_url": "", - "reviewed_at": 0, - "reviewed_by": "", - "sender": "myUser", - "signed": false, - "started_at": 0, - "status": "", - "timestamp": 1645962783, - "title": "", - "updated_at": 0, - "verified": false - }, - "configs": [ - { - "name": ".woodpecker.yaml", - "data": "steps:\n - name: backend\n image: alpine\n commands:\n - echo \"Hello there from Repo (.woodpecker.yaml)\"\n" - } - ] -} -``` - -### Example response structure - -```json -{ - "configs": [ - { - "name": "central-override", - "data": "steps:\n - name: backend\n image: alpine\n commands:\n - echo \"Hello there from ConfigAPI\"\n" - } - ] -} -``` diff --git a/docs/versioned_docs/version-2.7/30-administration/40-advanced/20-ssl.md b/docs/versioned_docs/version-2.7/30-administration/40-advanced/20-ssl.md deleted file mode 100644 index 755ba205d..000000000 --- a/docs/versioned_docs/version-2.7/30-administration/40-advanced/20-ssl.md +++ /dev/null @@ -1,90 +0,0 @@ -# SSL - -Woodpecker supports two ways of enabling SSL communication. You can either use Let's Encrypt to get automated SSL support with -renewal or provide your own SSL certificates. - -## Let's Encrypt - -Woodpecker supports automated SSL configuration and updates using Let's Encrypt. - -You can enable Let's Encrypt by making the following modifications to your server configuration: - -```ini -WOODPECKER_LETS_ENCRYPT=true -WOODPECKER_LETS_ENCRYPT_EMAIL=ssl-admin@example.tld -``` - -Note that Woodpecker uses the hostname from the `WOODPECKER_HOST` environment variable when requesting certificates. For example, if `WOODPECKER_HOST=https://example.com` is set the certificate is requested for `example.com`. To receive emails before certificates expire Let's Encrypt requires an email address. You can set it with `WOODPECKER_LETS_ENCRYPT_EMAIL=ssl-admin@example.tld`. - -The SSL certificates are stored in `$HOME/.local/share/certmagic` for binary versions of Woodpecker and in `/var/lib/woodpecker` for the Container versions of it. You can set a custom path by setting `XDG_DATA_HOME` if required. - -> Once enabled you can visit the Woodpecker UI with http and the HTTPS address. HTTP will be redirected to HTTPS. - -### Certificate Cache - -Woodpecker writes the certificates to `/var/lib/woodpecker/certmagic/`. - -### Certificate Updates - -Woodpecker uses the official Go acme library which will handle certificate upgrades. There should be no addition configuration or management required. - -## SSL with own certificates - -Woodpecker supports SSL configuration by mounting certificates into your container. - -```ini -WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt -WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key -``` - -### Certificate Chain - -The most common problem encountered is providing a certificate file without the intermediate chain. - -> LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain. - -### Certificate Errors - -SSL support is provided using the [ListenAndServeTLS](https://golang.org/pkg/net/http/#ListenAndServeTLS) function from the Go standard library. If you receive certificate errors or warnings please examine your configuration more closely. - -### Running in containers - -Update your configuration to expose the following ports: - -```diff title="docker-compose.yaml" - version: '3' - - services: - woodpecker-server: - [...] - ports: -+ - 80:80 -+ - 443:443 - - 9000:9000 -``` - -Update your configuration to mount your certificate and key: - -```diff title="docker-compose.yaml" - version: '3' - - services: - woodpecker-server: - [...] - volumes: -+ - /etc/certs/woodpecker.example.com/server.crt:/etc/certs/woodpecker.example.com/server.crt -+ - /etc/certs/woodpecker.example.com/server.key:/etc/certs/woodpecker.example.com/server.key -``` - -Update your configuration to provide the paths of your certificate and key: - -```diff title="docker-compose.yaml" - version: '3' - - services: - woodpecker-server: - [...] - environment: -+ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt -+ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key -``` diff --git a/docs/versioned_docs/version-2.7/30-administration/40-advanced/90-prometheus.md b/docs/versioned_docs/version-2.7/30-administration/40-advanced/90-prometheus.md deleted file mode 100644 index 2264f3b09..000000000 --- a/docs/versioned_docs/version-2.7/30-administration/40-advanced/90-prometheus.md +++ /dev/null @@ -1,81 +0,0 @@ -# Prometheus - -Woodpecker is compatible with Prometheus and exposes a `/metrics` endpoint if the environment variable `WOODPECKER_PROMETHEUS_AUTH_TOKEN` is set. Please note that access to the metrics endpoint is restricted and requires the authorization token from the environment variable mentioned above. - -```yaml -global: - scrape_interval: 60s - -scrape_configs: - - job_name: 'woodpecker' - bearer_token: dummyToken... - - static_configs: - - targets: ['woodpecker.domain.com'] -``` - -## Authorization - -An administrator will need to generate a user API token and configure in the Prometheus configuration file as a bearer token. Please see the following example: - -```diff - global: - scrape_interval: 60s - - scrape_configs: - - job_name: 'woodpecker' -+ bearer_token: dummyToken... - - static_configs: - - targets: ['woodpecker.domain.com'] -``` - -As an alternative, the token can also be read from a file: - -```diff - global: - scrape_interval: 60s - - scrape_configs: - - job_name: 'woodpecker' -+ bearer_token_file: /etc/secrets/woodpecker-monitoring-token - - static_configs: - - targets: ['woodpecker.domain.com'] -``` - -## Metric Reference - -List of Prometheus metrics specific to Woodpecker: - -```yaml -# HELP woodpecker_pipeline_count Pipeline count. -# TYPE woodpecker_pipeline_count counter -woodpecker_pipeline_count{branch="main",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 3 -woodpecker_pipeline_count{branch="mkdocs",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 3 -# HELP woodpecker_pipeline_time Build time. -# TYPE woodpecker_pipeline_time gauge -woodpecker_pipeline_time{branch="main",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 116 -woodpecker_pipeline_time{branch="mkdocs",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 155 -# HELP woodpecker_pipeline_total_count Total number of builds. -# TYPE woodpecker_pipeline_total_count gauge -woodpecker_pipeline_total_count 1025 -# HELP woodpecker_pending_steps Total number of pending pipeline steps. -# TYPE woodpecker_pending_steps gauge -woodpecker_pending_steps 0 -# HELP woodpecker_repo_count Total number of repos. -# TYPE woodpecker_repo_count gauge -woodpecker_repo_count 9 -# HELP woodpecker_running_steps Total number of running pipeline steps. -# TYPE woodpecker_running_steps gauge -woodpecker_running_steps 0 -# HELP woodpecker_user_count Total number of users. -# TYPE woodpecker_user_count gauge -woodpecker_user_count 1 -# HELP woodpecker_waiting_steps Total number of pipeline waiting on deps. -# TYPE woodpecker_waiting_steps gauge -woodpecker_waiting_steps 0 -# HELP woodpecker_worker_count Total number of workers. -# TYPE woodpecker_worker_count gauge -woodpecker_worker_count 4 -``` diff --git a/docs/versioned_docs/version-2.7/40-cli.md b/docs/versioned_docs/version-2.7/40-cli.md deleted file mode 100644 index 8e4e62358..000000000 --- a/docs/versioned_docs/version-2.7/40-cli.md +++ /dev/null @@ -1,795 +0,0 @@ -# CLI - -# NAME - -woodpecker-cli - command line utility - -# SYNOPSIS - -woodpecker-cli - -``` -[--config|-c]=[value] -[--disable-update-check] -[--log-file]=[value] -[--log-level]=[value] -[--nocolor] -[--pretty] -[--server|-s]=[value] -[--token|-t]=[value] -``` - -# DESCRIPTION - -Woodpecker command line utility - -**Usage**: - -``` -woodpecker-cli [GLOBAL OPTIONS] [command [COMMAND OPTIONS]] [ARGUMENTS...] -``` - -# GLOBAL OPTIONS - -**--config, -c**="": path to config file - -**--disable-update-check**: disable update check - -**--log-file**="": Output destination for logs. 'stdout' and 'stderr' can be used as special keywords. (default: stderr) - -**--log-level**="": set logging level (default: info) - -**--nocolor**: disable colored debug output, only has effect if pretty output is set too - -**--pretty**: enable pretty-printed debug output - -**--server, -s**="": server address - -**--token, -t**="": server auth token - -# COMMANDS - -## admin - -administer server settings - -### registry - -manage global registries - -#### add - -adds a registry - -**--hostname**="": registry hostname (default: docker.io) - -**--password**="": registry password - -**--username**="": registry username - -#### rm - -remove a registry - -**--hostname**="": registry hostname (default: docker.io) - -#### update - -update a registry - -**--hostname**="": registry hostname (default: docker.io) - -**--organization, --org**="": organization id or full name (e.g. 123 or octocat) - -**--password**="": registry password - -**--username**="": registry username - -#### info - -display registry info - -**--hostname**="": registry hostname (default: docker.io) - -#### ls - -list registries - -## org - -manage organizations - -### registry - -manage organization registries - -#### add - -adds a registry - -**--hostname**="": registry hostname (default: docker.io) - -**--organization, --org**="": organization id or full name (e.g. 123 or octocat) - -**--password**="": registry password - -**--username**="": registry username - -#### rm - -remove a registry - -**--hostname**="": registry hostname (default: docker.io) - -**--organization, --org**="": organization id or full name (e.g. 123 or octocat) - -#### update - -update a registry - -**--hostname**="": registry hostname (default: docker.io) - -**--organization, --org**="": organization id or full name (e.g. 123 or octocat) - -**--password**="": registry password - -**--username**="": registry username - -#### info - -display registry info - -**--hostname**="": registry hostname (default: docker.io) - -**--organization, --org**="": organization id or full name (e.g. 123 or octocat) - -#### ls - -list registries - -**--organization, --org**="": organization id or full name (e.g. 123 or octocat) - -## repo - -manage repositories - -### ls - -list all repos - -**--format**="": format output (default: {{ .FullName }} (id: {{ .ID }}, forgeRemoteID: {{ .ForgeRemoteID }})) - -**--org**="": filter by organization - -### info - -show repository details - -**--format**="": format output (default: Owner: {{ .Owner }} -Repo: {{ .Name }} -URL: {{ .ForgeURL }} -Config path: {{ .Config }} -Visibility: {{ .Visibility }} -Private: {{ .IsSCMPrivate }} -Trusted: {{ .IsTrusted }} -Gated: {{ .IsGated }} -Clone url: {{ .Clone }} -Allow pull-requests: {{ .AllowPullRequests }} -) - -### add - -add a repository - -### update - -update a repository - -**--config**="": repository configuration path (e.g. .woodpecker.yml) - -**--gated**: repository is gated - -**--pipeline-counter**="": repository starting pipeline number (default: 0) - -**--timeout**="": repository timeout (default: 0s) - -**--trusted**: repository is trusted - -**--unsafe**: validate updating the pipeline-counter is unsafe - -**--visibility**="": repository visibility - -### rm - -remove a repository - -### repair - -repair repository webhooks - -### chown - -assume ownership of a repository - -### sync - -synchronize the repository list - -**--format**="": format output (default: {{ .FullName }} (id: {{ .ID }}, forgeRemoteID: {{ .ForgeRemoteID }})) - -### registry - -manage registries - -#### add - -adds a registry - -**--hostname**="": registry hostname (default: docker.io) - -**--password**="": registry password - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -**--username**="": registry username - -#### rm - -remove a registry - -**--hostname**="": registry hostname (default: docker.io) - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -#### update - -update a registry - -**--hostname**="": registry hostname (default: docker.io) - -**--password**="": registry password - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -**--username**="": registry username - -#### info - -display registry info - -**--hostname**="": registry hostname (default: docker.io) - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -#### ls - -list registries - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -## pipeline - -manage pipelines - -### ls - -show pipeline history - -**--branch**="": branch filter - -**--event**="": event filter - -**--limit**="": limit the list size (default: 25) - -**--output**="": output format (default: table) - -**--output-no-headers**: don't print headers - -**--status**="": status filter - -### last - -show latest pipeline details - -**--branch**="": branch name (default: main) - -**--output**="": output format (default: table) - -**--output-no-headers**: don't print headers - -### logs - -show pipeline logs - -### info - -show pipeline details - -**--output**="": output format (default: table) - -**--output-no-headers**: don't print headers - -### stop - -stop a pipeline - -### start - -start a pipeline - -**--param, -p**="": custom parameters to be injected into the step environment. Format: KEY=value (default: []) - -### approve - -approve a pipeline - -### decline - -decline a pipeline - -### queue - -show pipeline queue - -**--format**="": format output (default: {{ .FullName }} #{{ .Number }}  -Status: {{ .Status }} -Event: {{ .Event }} -Commit: {{ .Commit }} -Branch: {{ .Branch }} -Ref: {{ .Ref }} -Author: {{ .Author }} {{ if .Email }}<{{.Email}}>{{ end }} -Message: {{ .Message }} -) - -### ps - -show pipeline steps - -**--format**="": format output (default: {{ .workflow.Name }} > {{ .step.Name }} (#{{ .step.PID }}): -Step: {{ .step.Name }} -Started: {{ .step.Started }} -Stopped: {{ .step.Stopped }} -Type: {{ .step.Type }} -State: {{ .step.State }} -) - -### create - -create new pipeline - -**--branch**="": branch to create pipeline from - -**--output**="": output format (default: table) - -**--output-no-headers**: don't print headers - -**--var**="": key=value (default: []) - -## log - -manage logs - -### purge - -purge a log - -## deploy - -trigger a pipeline with the 'deployment' event - -**--branch**="": branch filter - -**--event**="": event filter (default: push) - -**--format**="": format output (default: Number: {{ .Number }} -Status: {{ .Status }} -Commit: {{ .Commit }} -Branch: {{ .Branch }} -Ref: {{ .Ref }} -Message: {{ .Message }} -Author: {{ .Author }} -Target: {{ .Deploy }} -) - -**--param, -p**="": custom parameters to be injected into the step environment. Format: KEY=value (default: []) - -**--status**="": status filter (default: success) - -## exec - -execute a local pipeline - -**--backend-docker-api-version**="": the version of the API to reach, leave empty for latest. - -**--backend-docker-cert**="": path to load the TLS certificates for connecting to docker server - -**--backend-docker-host**="": path to docker socket or url to the docker server - -**--backend-docker-ipv6**: backend docker enable IPV6 - -**--backend-docker-network**="": backend docker network - -**--backend-docker-tls-verify**: enable or disable TLS verification for connecting to docker server - -**--backend-docker-volumes**="": backend docker volumes (comma separated) - -**--backend-engine**="": backend engine to run pipelines on (default: auto-detect) - -**--backend-http-proxy**="": if set, pass the environment variable down as "HTTP_PROXY" to steps - -**--backend-https-proxy**="": if set, pass the environment variable down as "HTTPS_PROXY" to steps - -**--backend-k8s-allow-native-secrets**: whether to allow existing Kubernetes secrets to be referenced from steps - -**--backend-k8s-namespace**="": backend k8s namespace (default: woodpecker) - -**--backend-k8s-pod-annotations**="": backend k8s additional Agent-wide worker pod annotations - -**--backend-k8s-pod-annotations-allow-from-step**: whether to allow using annotations from step's backend options - -**--backend-k8s-pod-image-pull-secret-names**="": backend k8s pull secret names for private registries (default: [regcred]) - -**--backend-k8s-pod-labels**="": backend k8s additional Agent-wide worker pod labels - -**--backend-k8s-pod-labels-allow-from-step**: whether to allow using labels from step's backend options - -**--backend-k8s-pod-node-selector**="": backend k8s Agent-wide worker pod node selector - -**--backend-k8s-secctx-nonroot**: `run as non root` Kubernetes security context option - -**--backend-k8s-storage-class**="": backend k8s storage class - -**--backend-k8s-storage-rwx**: backend k8s storage access mode, should ReadWriteMany (RWX) instead of ReadWriteOnce (RWO) be used? (default: true) - -**--backend-k8s-volume-size**="": backend k8s volume size (default 10G) (default: 10G) - -**--backend-local-temp-dir**="": set a different temp dir to clone workflows into (default: /tmp/nix-shell.kGX6ZV) - -**--backend-no-proxy**="": if set, pass the environment variable down as "NO_PROXY" to steps - -**--commit-author-avatar**="": - -**--commit-author-email**="": - -**--commit-author-name**="": - -**--commit-branch**="": - -**--commit-message**="": - -**--commit-ref**="": - -**--commit-refspec**="": - -**--commit-sha**="": - -**--env**="": (default: []) - -**--forge-type**="": - -**--forge-url**="": - -**--local**: run from local directory - -**--netrc-machine**="": - -**--netrc-password**="": - -**--netrc-username**="": - -**--network**="": external networks (default: []) - -**--pipeline-created**="": (default: 0) - -**--pipeline-deploy-task**="": - -**--pipeline-deploy-to**="": - -**--pipeline-event**="": (default: manual) - -**--pipeline-finished**="": (default: 0) - -**--pipeline-number**="": (default: 0) - -**--pipeline-parent**="": (default: 0) - -**--pipeline-started**="": (default: 0) - -**--pipeline-status**="": - -**--pipeline-url**="": - -**--prev-commit-author-avatar**="": - -**--prev-commit-author-email**="": - -**--prev-commit-author-name**="": - -**--prev-commit-branch**="": - -**--prev-commit-message**="": - -**--prev-commit-ref**="": - -**--prev-commit-refspec**="": - -**--prev-commit-sha**="": - -**--prev-pipeline-created**="": (default: 0) - -**--prev-pipeline-event**="": - -**--prev-pipeline-finished**="": (default: 0) - -**--prev-pipeline-number**="": (default: 0) - -**--prev-pipeline-started**="": (default: 0) - -**--prev-pipeline-status**="": - -**--prev-pipeline-url**="": - -**--privileged**="": privileged plugins (default: [plugins/docker plugins/gcr plugins/ecr woodpeckerci/plugin-docker-buildx codeberg.org/woodpecker-plugins/docker-buildx]) - -**--repo**="": full repo name - -**--repo-clone-ssh-url**="": - -**--repo-clone-url**="": - -**--repo-path**="": path to local repository - -**--repo-private**="": - -**--repo-remote-id**="": - -**--repo-trusted**: - -**--repo-url**="": - -**--step-name**="": (default: 0) - -**--system-name**="": (default: woodpecker) - -**--system-platform**="": - -**--system-url**="": (default: https://github.com/woodpecker-ci/woodpecker) - -**--timeout**="": pipeline timeout (default: 1h0m0s) - -**--volumes**="": pipeline volumes (default: []) - -**--workflow-name**="": (default: 0) - -**--workflow-number**="": (default: 0) - -**--workspace-base**="": (default: /woodpecker) - -**--workspace-path**="": (default: src) - -## info - -show information about the current user - -## registry - -manage registries - -### add - -adds a registry - -**--hostname**="": registry hostname (default: docker.io) - -**--password**="": registry password - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -**--username**="": registry username - -### rm - -remove a registry - -**--hostname**="": registry hostname (default: docker.io) - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -### update - -update a registry - -**--hostname**="": registry hostname (default: docker.io) - -**--password**="": registry password - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -**--username**="": registry username - -### info - -display registry info - -**--hostname**="": registry hostname (default: docker.io) - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -### ls - -list registries - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -## secret - -manage secrets - -### add - -adds a secret - -**--event**="": secret limited to these events (default: []) - -**--global**: global secret - -**--image**="": secret limited to these images (default: []) - -**--name**="": secret name - -**--organization, --org**="": organization id or full name (e.g. 123 or octocat) - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -**--value**="": secret value - -### rm - -remove a secret - -**--global**: global secret - -**--name**="": secret name - -**--organization, --org**="": organization id or full name (e.g. 123 or octocat) - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -### update - -update a secret - -**--event**="": secret limited to these events (default: []) - -**--global**: global secret - -**--image**="": secret limited to these images (default: []) - -**--name**="": secret name - -**--organization, --org**="": organization id or full name (e.g. 123 or octocat) - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -**--value**="": secret value - -### info - -display secret info - -**--global**: global secret - -**--name**="": secret name - -**--organization, --org**="": organization id or full name (e.g. 123 or octocat) - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -### ls - -list secrets - -**--global**: global secret - -**--organization, --org**="": organization id or full name (e.g. 123 or octocat) - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -## user - -manage users - -### ls - -list all users - -**--format**="": format output (default: {{ .Login }}) - -### info - -show user details - -**--format**="": format output (default: User: {{ .Login }} -Email: {{ .Email }}) - -### add - -adds a user - -### rm - -remove a user - -## lint - -lint a pipeline configuration file - -## log-level - -get the logging level of the server, or set it with [level] - -## cron - -manage cron jobs - -### add - -add a cron job - -**--branch**="": cron branch - -**--name**="": cron name - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -**--schedule**="": cron schedule - -### rm - -remove a cron job - -**--id**="": cron id - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -### update - -update a cron job - -**--branch**="": cron branch - -**--id**="": cron id - -**--name**="": cron name - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -**--schedule**="": cron schedule - -### info - -display info about a cron job - -**--id**="": cron id - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -### ls - -list cron jobs - -**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) - -## setup - -setup the woodpecker-cli for the first time - -**--server**="": The URL of the woodpecker server - -**--token**="": The token to authenticate with the woodpecker server - -## update - -update the woodpecker-cli to the latest version - -**--force**: force update even if the latest version is already installed diff --git a/docs/versioned_docs/version-2.7/50-about.md b/docs/versioned_docs/version-2.7/50-about.md deleted file mode 100644 index bec3304a1..000000000 --- a/docs/versioned_docs/version-2.7/50-about.md +++ /dev/null @@ -1,18 +0,0 @@ -# About - -Woodpecker has been originally forked from Drone 0.8 as the Drone CI license was changed after the 0.8 release from Apache 2.0 to a proprietary license. Woodpecker is based on this latest freely available version. - -## History - -Woodpecker was originally forked by [@laszlocph](https://github.com/laszlocph) in 2019. - -A few important time points: - -- [`2fbaa56`](https://github.com/woodpecker-ci/woodpecker/commit/2fbaa56eee0f4be7a3ca4be03dbd00c1bf5d1274) is the first commit of the fork, made on Apr 3, 2019. -- The first release [v0.8.91](https://github.com/woodpecker-ci/woodpecker/releases/tag/v0.8.91) was published on Apr 6, 2019. -- On Aug 27, 2019, the project was renamed to "Woodpecker" ([`630c383`](https://github.com/woodpecker-ci/woodpecker/commit/630c383181b10c4ec375e500c812c4b76b3c52b8)). -- The first release under the name "Woodpecker" was published on Sep 9, 2019 ([v0.8.104](https://github.com/woodpecker-ci/woodpecker/releases/tag/v0.8.104)). - -## Differences to Drone - -Woodpecker is a community-focused software that still stay free and open source forever, while Drone is managed by [Harness](https://harness.io/) and published under [Polyform Small Business](https://polyformproject.org/licenses/small-business/1.0.0/) license. diff --git a/docs/versioned_docs/version-2.7/91-migrations.md b/docs/versioned_docs/version-2.7/91-migrations.md deleted file mode 100644 index 84a79ac5e..000000000 --- a/docs/versioned_docs/version-2.7/91-migrations.md +++ /dev/null @@ -1,160 +0,0 @@ -# Migrations - -Some versions need some changes to the server configuration or the pipeline configuration files. - - - -## `next` - -- Deprecated `steps.[name].group` in favor of `steps.[name].depends_on` (see [workflow syntax](./20-usage/20-workflow-syntax.md#depends_on) to learn how to set dependencies) -- Removed `WOODPECKER_ROOT_PATH` and `WOODPECKER_ROOT_URL` config variables. Use `WOODPECKER_HOST` with a path instead -- Pipelines without a config file will now be skipped instead of failing -- Deprecated `includes` and `excludes` support from **event** filter -- Deprecated uppercasing all secret env vars, instead, the value of the `secrets` property is used. [Read more](./20-usage/40-secrets.md#use-secrets-in-commands) -- Deprecated alternative names for secrets, use `environment` with `from_secret` -- Deprecated slice definition for env vars -- Deprecated `environment` filter, use `when.evaluate` -- Use `WOODPECKER_EXPERT_FORGE_OAUTH_HOST` instead of `WOODPECKER_DEV_GITEA_OAUTH_URL` or `WOODPECKER_DEV_OAUTH_HOST` -- Deprecated `WOODPECKER_WEBHOOK_HOST` in favor of `WOODPECKER_EXPERT_WEBHOOK_HOST` - -## 2.0.0 - -- Dropped deprecated `CI_BUILD_*`, `CI_PREV_BUILD_*`, `CI_JOB_*`, `*_LINK`, `CI_SYSTEM_ARCH`, `CI_REPO_REMOTE` built-in environment variables -- Deprecated `platform:` filter in favor of `labels:`, [read more](./20-usage/20-workflow-syntax.md#filter-by-platform) -- Secrets `event` property was renamed to `events` and `image` to `images` as both are lists. The new property `events` / `images` has to be used in the api. The old properties `event` and `image` were removed. -- The secrets `plugin_only` option was removed. Secrets with images are now always only available for plugins using listed by the `images` property. Existing secrets with a list of `images` will now only be available to the listed images if they are used as a plugin. -- Removed `build` alias for `pipeline` command in CLI -- Removed `ssh` backend. Use an agent directly on the SSH machine using the `local` backend. -- Removed `/hook` and `/stream` API paths in favor of `/api/(hook|stream)`. You may need to use the "Repair repository" button in the repo settings or "Repair all" in the admin settings to recreate the forge hook. -- Removed `WOODPECKER_DOCS` config variable -- Renamed `link` to `url` (including all API fields) -- Deprecated `CI_COMMIT_URL` env var, use `CI_PIPELINE_FORGE_URL` - -## 1.0.0 - -- The signature used to verify extension calls (like those used for the [config-extension](./30-administration/40-advanced/100-external-configuration-api.md)) done by the Woodpecker server switched from using a shared-secret HMac to an ed25519 key-pair. Read more about it at the [config-extensions](./30-administration/40-advanced/100-external-configuration-api.md) documentation. -- Refactored support for old agent filter labels and expressions. Learn how to use the new [filter](./20-usage/20-workflow-syntax.md#labels) -- Renamed step environment variable `CI_SYSTEM_ARCH` to `CI_SYSTEM_PLATFORM`. Same applies for the cli exec variable. -- Renamed environment variables `CI_BUILD_*` and `CI_PREV_BUILD_*` to `CI_PIPELINE_*` and `CI_PREV_PIPELINE_*`, old ones are still available but deprecated -- Renamed environment variables `CI_JOB_*` to `CI_STEP_*`, old ones are still available but deprecated -- Renamed environment variable `CI_REPO_REMOTE` to `CI_REPO_CLONE_URL`, old is still available but deprecated -- Renamed environment variable `*_LINK` to `*_URL`, old ones are still available but deprecated -- Renamed API endpoints for pipelines (`//builds/` -> `//pipelines/`), old ones are still available but deprecated -- Updated Prometheus gauge `build_*` to `pipeline_*` -- Updated Prometheus gauge `*_job_*` to `*_step_*` -- Renamed config env `WOODPECKER_MAX_PROCS` to `WOODPECKER_MAX_WORKFLOWS` (still available as fallback) -- The pipelines are now also read from `.yaml` files, the new default order is `.woodpecker/*.yml` and `.woodpecker/*.yaml` (without any prioritization) -> `.woodpecker.yml` -> `.woodpecker.yaml` -- Dropped support for [Coding](https://coding.net/), [Gogs](https://gogs.io) and Bitbucket Server (Stash). -- `/api/queue/resume` & `/api/queue/pause` endpoint methods were changed from `GET` to `POST` -- rename `pipeline:` key in your workflow config to `steps:` -- If you want to migrate old logs to the new format, watch the error messages on start. If there are none we are good to go, else you have to plan a migration that can take hours. Set `WOODPECKER_MIGRATIONS_ALLOW_LONG` to true and let it run. -- Using `repo-id` in favor of `owner/repo` combination - - :warning: The api endpoints `/api/repos/{owner}/{repo}/...` were replaced by new endpoints using the repos id `/api/repos/{repo-id}` - - To find the id of a repo use the `/api/repos/lookup/{repo-full-name-with-slashes}` endpoint. - - The existing badge endpoint `/api/badges/{owner}/{repo}` will still work, but whenever possible try to use the new endpoint using the `repo-id`: `/api/badges/{repo-id}`. - - The UI urls for a repository changed from `/repos/{owner}/{repo}/...` to `/repos/{repo-id}/...`. You will be redirected automatically when using the old url. - - The woodpecker-go api-client is now using the `repo-id` instead of `owner/repo` for all functions -- Using `org-id` in favour of `owner` name - - :warning: The api endpoints `/api/orgs/{owner}/...` were replaced by new endpoints using the orgs id `/api/repos/{org-id}` - - To find the id of orgs use the `/api/orgs/lookup/{org_full_name}` endpoint. - - The UI urls for a organization changed from `/org/{owner}/...` to `/orgs/{org-id}/...`. You will be redirected automatically when using the old url. - - The woodpecker-go api-client is now using the `org-id` instead of `org name` for all functions -- The `command:` field has been removed from steps. If you were using it, please check if the entrypoint of the image you used is a shell. - - If it is a shell, simply rename `command:` to `commands:`. - - If it's not, you need to prepend the entrypoint before and also rename it (e.g., `commands: `). - -## 0.15.0 - -- Default value for custom pipeline path is now empty / un-set which results in following resolution: - - `.woodpecker/*.yml` -> `.woodpecker.yml` -> `.drone.yml` - - Only projects created after updating will have an empty value by default. Existing projects will stick to the current pipeline path which is `.drone.yml` in most cases. - - Read more about it at the [Project Settings](./20-usage/75-project-settings.md#pipeline-path) - -- From version `0.15.0` ongoing there will be three types of docker images: `latest`, `next` and `x.x.x` with an alpine variant for each type like `latest-alpine`. - If you used `latest` before to try pre-release features you should switch to `next` after this release. - -- Dropped support for `DRONE_*` environment variables. The according `WOODPECKER_*` variables must be used instead. - Additionally some alternative namings have been removed to simplify maintenance: - - - `WOODPECKER_AGENT_SECRET` replaces `WOODPECKER_SECRET`, `DRONE_SECRET`, `WOODPECKER_PASSWORD`, `DRONE_PASSWORD` and `DRONE_AGENT_SECRET`. - - `WOODPECKER_HOST` replaces `DRONE_HOST` and `DRONE_SERVER_HOST`. - - `WOODPECKER_DATABASE_DRIVER` replaces `DRONE_DATABASE_DRIVER` and `DATABASE_DRIVER`. - - `WOODPECKER_DATABASE_DATASOURCE` replaces `DRONE_DATABASE_DATASOURCE` and `DATABASE_CONFIG`. - -- Dropped support for `DRONE_*` environment variables in pipeline steps. Pipeline meta-data can be accessed with `CI_*` variables. - - - `CI_*` prefix replaces `DRONE_*` - - `CI` value is now `woodpecker` - - `DRONE=true` has been removed - - Some variables got deprecated and will be removed in future versions. Please migrate to the new names. Same applies for `DRONE_` of them. - - CI_ARCH => use CI_SYSTEM_ARCH - - CI_COMMIT => CI_COMMIT_SHA - - CI_TAG => CI_COMMIT_TAG - - CI_PULL_REQUEST => CI_COMMIT_PULL_REQUEST - - CI_REMOTE_URL => use CI_REPO_REMOTE - - CI_REPO_BRANCH => use CI_REPO_DEFAULT_BRANCH - - CI_PARENT_BUILD_NUMBER => use CI_BUILD_PARENT - - CI_BUILD_TARGET => use CI_BUILD_DEPLOY_TARGET - - CI_DEPLOY_TO => use CI_BUILD_DEPLOY_TARGET - - CI_COMMIT_AUTHOR_NAME => use CI_COMMIT_AUTHOR - - CI_PREV_COMMIT_AUTHOR_NAME => use CI_PREV_COMMIT_AUTHOR - - CI_SYSTEM => use CI_SYSTEM_NAME - - CI_BRANCH => use CI_COMMIT_BRANCH - - CI_SOURCE_BRANCH => use CI_COMMIT_SOURCE_BRANCH - - CI_TARGET_BRANCH => use CI_COMMIT_TARGET_BRANCH - - For all available variables and their descriptions have a look at [built-in-environment-variables](./20-usage/50-environment.md#built-in-environment-variables). - -- Prometheus metrics have been changed from `drone_*` to `woodpecker_*` - -- Base path has moved from `/var/lib/drone` to `/var/lib/woodpecker` - -- Default workspace base path has moved from `/drone` to `/woodpecker` - -- Default SQLite database location has changed: - - - `/var/lib/drone/drone.sqlite` -> `/var/lib/woodpecker/woodpecker.sqlite` - - `drone.sqlite` -> `woodpecker.sqlite` - -- Plugin Settings moved into `settings` section: - - ```diff - steps: - something: - image: my/plugin - - setting1: foo - - setting2: bar - + settings: - + setting1: foo - + setting2: bar - ``` - -- `WOODPECKER_DEBUG` option for server and agent got removed in favor of `WOODPECKER_LOG_LEVEL=debug` - -- Remove unused server flags which can safely be removed from your server config: `WOODPECKER_QUIC`, `WOODPECKER_GITHUB_SCOPE`, `WOODPECKER_GITHUB_GIT_USERNAME`, `WOODPECKER_GITHUB_GIT_PASSWORD`, `WOODPECKER_GITHUB_PRIVATE_MODE`, `WOODPECKER_GITEA_GIT_USERNAME`, `WOODPECKER_GITEA_GIT_PASSWORD`, `WOODPECKER_GITEA_PRIVATE_MODE`, `WOODPECKER_GITLAB_GIT_USERNAME`, `WOODPECKER_GITLAB_GIT_PASSWORD`, `WOODPECKER_GITLAB_PRIVATE_MODE` - -- Dropped support for manually setting the agents platform with `WOODPECKER_PLATFORM`. The platform is now automatically detected. - -- Use `WOODPECKER_STATUS_CONTEXT` instead of the deprecated options `WOODPECKER_GITHUB_CONTEXT` and `WOODPECKER_GITEA_CONTEXT`. - -## 0.14.0 - -No breaking changes - -## From Drone - -:::warning -Migration from Drone is only possible if you were running Drone <= v0.8. -::: - -1. Make sure you are already running Drone v0.8 -2. Upgrade to Woodpecker v0.14.4, migration will be done during startup -3. Upgrade to the latest Woodpecker version. Pay attention to the breaking changes listed above. diff --git a/docs/versioned_docs/version-2.7/92-awesome.md b/docs/versioned_docs/version-2.7/92-awesome.md deleted file mode 100644 index 920341d33..000000000 --- a/docs/versioned_docs/version-2.7/92-awesome.md +++ /dev/null @@ -1,67 +0,0 @@ -# Awesome Woodpecker - -A curated list of awesome things related to Woodpecker CI. - -If you have some missing resources, please feel free to [open a pull-request](https://github.com/woodpecker-ci/woodpecker/edit/main/docs/docs/92-awesome.md) and add them. - -## Official Resources - -- [Woodpecker CI pipeline configs](https://github.com/woodpecker-ci/woodpecker/tree/main/.woodpecker) - Complex setup containing different kind of pipelines - - [Golang tests](https://github.com/woodpecker-ci/woodpecker/blob/main/.woodpecker/test.yaml) - - [Typescript, eslint & Vue](https://github.com/woodpecker-ci/woodpecker/blob/main/.woodpecker/web.yaml) - - [Docusaurus & publishing to GitHub Pages](https://github.com/woodpecker-ci/woodpecker/blob/main/.woodpecker/docs.yaml) - - [Docker container building](https://github.com/woodpecker-ci/woodpecker/blob/main/.woodpecker/docker.yaml) - -## Projects using Woodpecker - -- [Woodpecker CI](https://github.com/woodpecker-ci/woodpecker/tree/main/.woodpecker) itself -- [All official plugins](https://github.com/woodpecker-ci?q=plugin&type=all) -- [dessalines/thumb-key](https://github.com/dessalines/thumb-key/blob/main/.woodpecker.yml) - Android Jetpack compose linting and building -- [Vieter](https://git.rustybever.be/vieter-v/vieter) - Archlinux/Pacman repository server & automated package build system - - [Rieter](https://git.rustybever.be/Chewing_Bever/rieter) - Rewrite of the Vieter project in Rust -- [Alex](https://git.rustybever.be/Chewing_Bever/alex) - Minecraft server wrapper designed to automate backups & complement Docker installations - -## Tools - -- [Convert Drone CI pipelines to Woodpecker CI](https://codeberg.org/lafriks/woodpecker-pipeline-transform) -- [Ansible NAS](https://github.com/davestephens/ansible-nas/) - a homelab Ansible playbook that can set up Woodpecker CI and Gitea -- [picus](https://github.com/windsource/picus) - Picus connects to a Woodpecker CI server and creates an agent in the cloud when there are pending workflows. -- [Hetzner cloud](https://www.hetzner.com/cloud) based [Woodpecker compatible autoscaler](https://git.ljoonal.xyz/ljoonal/hetzner-ci-autoscaler) - Creates and destroys VPS instances based on the count of pending & running jobs. -- [woodpecker-lint](https://git.schmidl.dev/schtobia/woodpecker-lint) - A repository for linting a Woodpecker config file via pre-commit hook -- [Grafana Dashboard](https://github.com/Janik-Haag/woodpecker-grafana-dashboard) - A dashboard visualizing information exposed by the Woodpecker prometheus endpoint. -- [woodpecker-autoscaler](https://github.com/Lerentis/woodpecker-autoscaler) - Yet another Woodpecker autoscaler currently targeting [Hetzner cloud](https://www.hetzner.com/cloud) that works in parallel to other autoscaler implementations. - -## Configuration Services - -- [Dynamic Pipelines for Nix Flakes](https://github.com/pinpox/woodpecker-flake-pipeliner) - Define pipelines as Nix Flake outputs - -## Pipelines - -- [Collection of pipeline examples](https://codeberg.org/Codeberg-CI/examples) - -## Posts & tutorials - -- [Setup Gitea with Woodpecker CI](https://containers.fan/posts/setup-gitea-with-woodpecker-ci/) -- [Step-by-step guide to modern, secure and Open-source CI setup](https://devforth.io/blog/step-by-step-guide-to-modern-secure-ci-setup/) -- [Using Woodpecker CI for my static sites](https://jan.wildeboer.net/2022/07/Woodpecker-CI-Jekyll/) -- [Woodpecker CI @ Codeberg](https://www.sarkasti.eu/articles/post/woodpecker/) -- [Deploy Docker/Compose using Woodpecker CI](https://hinty.io/vverenko/deploy-docker-compose-using-woodpecker-ci/) -- [Installing Woodpecker CI in your personal homelab](https://pwa.io/articles/installing-woodpecker-in-your-homelab/) -- [Locally Cached Nix CI with Woodpecker](https://blog.kotatsu.dev/posts/2023-04-21-woodpecker-nix-caching/) -- [How to run Cypress auto-tests on Woodpecker CI and report results to Slack](https://devforth.io/blog/how-to-run-cypress-auto-tests-on-woodpecker-ci-and-report-results-to-slack/) -- [Quest For CICD - WoodpeckerCI](https://omaramin.me/posts/woodpecker/) -- [Getting started with Woodpecker CI](https://systeemkabouter.eu/getting-started-with-woodpecker-ci.html) -- [Installing gitea and woodpecker using binary packages](https://neelex.com/2023/03/26/Installing-gitea-using-binary-packages/) -- [Deploying mdbook to codeberg pages using woodpecker CI](https://www.markpitblado.me/blog/deploying-mdbook-to-codeberg-pages-using-woodpecker-ci/) -- [Deploy a Fly app with Woodpecker CI](https://joeroe.io/2024/01/09/deploy-fly-woodpecker-ci.html) -- [Ansible - using Woodpecker as an alternative to Semaphore](https://pat-s.me/ansible-using-woodpecker-as-an-alternative-to-semaphore/) - -## Videos - -- [Replace Ansible Semaphore with Woodpecker CI](https://www.youtube.com/watch?v=d610YPvCB0E) -- ["unexpected EOF" error when trying to pair Woodpecker CI served through the Caddy with Gitea](https://www.youtube.com/watch?v=n7Hyvt71Np0) -- [CICD Environment in Docker Swarm behind Caddy Server - Part 2 Woodpeckerci](https://www.youtube.com/watch?v=rkbw_k7JvS0) - -## Plugins - -We have a separate [index](/plugins) for plugins. diff --git a/docs/versioned_docs/version-2.7/pipeline-list.png b/docs/versioned_docs/version-2.7/pipeline-list.png deleted file mode 100644 index f501fe0e6..000000000 Binary files a/docs/versioned_docs/version-2.7/pipeline-list.png and /dev/null differ diff --git a/docs/versioned_docs/version-2.7/woodpecker.png b/docs/versioned_docs/version-2.7/woodpecker.png deleted file mode 100644 index b92f3589f..000000000 Binary files a/docs/versioned_docs/version-2.7/woodpecker.png and /dev/null differ diff --git a/docs/versioned_docs/version-3.0/30-administration/40-advanced/40-advanced.md b/docs/versioned_docs/version-3.0/30-administration/40-advanced/40-advanced.md deleted file mode 100644 index 4261bbeea..000000000 --- a/docs/versioned_docs/version-3.0/30-administration/40-advanced/40-advanced.md +++ /dev/null @@ -1,25 +0,0 @@ -# Advanced options - -Why should we be happy with a default setup? We should not! Woodpecker offers a lot of advanced options to configure it to your needs. - -## Behind a proxy - -See the [proxy guide](./10-proxy.md) if you want to see a setup behind Apache, Nginx, Caddy or ngrok. - -In the case you need to use Woodpecker with a URL path prefix (like: ), add the root path to [`WOODPECKER_HOST`](../10-server-config.md#woodpecker_host). - -## SSL - -Woodpecker supports SSL configuration by using Let's encrypt or by using own certificates. See the [SSL guide](./20-ssl.md). - -## Metrics - -A [Prometheus endpoint](./90-prometheus.md) is exposed by Woodpecker to collect metrics. - -## Autoscaling - -The [autoscaler](./30-autoscaler.md) can be used to deploy new agents to a cloud provider based on the current workload your server is experiencing. - -## Configuration service - -Sometime the normal yaml configuration compiler isn't enough. You can use the [configuration service](./100-external-configuration-api.md) to process your configuration files by your own. diff --git a/docs/versioned_docs/version-2.7/10-intro/index.md b/docs/versioned_docs/version-3.2/10-intro/index.md similarity index 100% rename from docs/versioned_docs/version-2.7/10-intro/index.md rename to docs/versioned_docs/version-3.2/10-intro/index.md diff --git a/docs/versioned_docs/version-3.0/20-usage/10-intro.md b/docs/versioned_docs/version-3.2/20-usage/10-intro.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/10-intro.md rename to docs/versioned_docs/version-3.2/20-usage/10-intro.md diff --git a/docs/versioned_docs/version-2.7/20-usage/100-troubleshooting.md b/docs/versioned_docs/version-3.2/20-usage/100-troubleshooting.md similarity index 100% rename from docs/versioned_docs/version-2.7/20-usage/100-troubleshooting.md rename to docs/versioned_docs/version-3.2/20-usage/100-troubleshooting.md diff --git a/docs/versioned_docs/version-2.7/20-usage/15-terminology/architecture.excalidraw b/docs/versioned_docs/version-3.2/20-usage/15-terminology/architecture.excalidraw similarity index 100% rename from docs/versioned_docs/version-2.7/20-usage/15-terminology/architecture.excalidraw rename to docs/versioned_docs/version-3.2/20-usage/15-terminology/architecture.excalidraw diff --git a/docs/versioned_docs/version-2.7/20-usage/15-terminology/architecture.svg b/docs/versioned_docs/version-3.2/20-usage/15-terminology/architecture.svg similarity index 100% rename from docs/versioned_docs/version-2.7/20-usage/15-terminology/architecture.svg rename to docs/versioned_docs/version-3.2/20-usage/15-terminology/architecture.svg diff --git a/docs/versioned_docs/version-3.0/20-usage/15-terminology/index.md b/docs/versioned_docs/version-3.2/20-usage/15-terminology/index.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/15-terminology/index.md rename to docs/versioned_docs/version-3.2/20-usage/15-terminology/index.md diff --git a/docs/versioned_docs/version-2.7/20-usage/15-terminology/pipeline-workflow-step.excalidraw b/docs/versioned_docs/version-3.2/20-usage/15-terminology/pipeline-workflow-step.excalidraw similarity index 100% rename from docs/versioned_docs/version-2.7/20-usage/15-terminology/pipeline-workflow-step.excalidraw rename to docs/versioned_docs/version-3.2/20-usage/15-terminology/pipeline-workflow-step.excalidraw diff --git a/docs/versioned_docs/version-2.7/20-usage/15-terminology/pipeline-workflow-step.svg b/docs/versioned_docs/version-3.2/20-usage/15-terminology/pipeline-workflow-step.svg similarity index 100% rename from docs/versioned_docs/version-2.7/20-usage/15-terminology/pipeline-workflow-step.svg rename to docs/versioned_docs/version-3.2/20-usage/15-terminology/pipeline-workflow-step.svg diff --git a/docs/versioned_docs/version-3.0/20-usage/20-workflow-syntax.md b/docs/versioned_docs/version-3.2/20-usage/20-workflow-syntax.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/20-workflow-syntax.md rename to docs/versioned_docs/version-3.2/20-usage/20-workflow-syntax.md diff --git a/docs/versioned_docs/version-3.0/20-usage/25-workflows.md b/docs/versioned_docs/version-3.2/20-usage/25-workflows.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/25-workflows.md rename to docs/versioned_docs/version-3.2/20-usage/25-workflows.md diff --git a/docs/versioned_docs/version-2.7/20-usage/30-matrix-workflows.md b/docs/versioned_docs/version-3.2/20-usage/30-matrix-workflows.md similarity index 100% rename from docs/versioned_docs/version-2.7/20-usage/30-matrix-workflows.md rename to docs/versioned_docs/version-3.2/20-usage/30-matrix-workflows.md diff --git a/docs/versioned_docs/version-3.0/20-usage/40-secrets.md b/docs/versioned_docs/version-3.2/20-usage/40-secrets.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/40-secrets.md rename to docs/versioned_docs/version-3.2/20-usage/40-secrets.md diff --git a/docs/versioned_docs/version-3.0/20-usage/41-registries.md b/docs/versioned_docs/version-3.2/20-usage/41-registries.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/41-registries.md rename to docs/versioned_docs/version-3.2/20-usage/41-registries.md diff --git a/docs/versioned_docs/version-3.0/20-usage/45-cron.md b/docs/versioned_docs/version-3.2/20-usage/45-cron.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/45-cron.md rename to docs/versioned_docs/version-3.2/20-usage/45-cron.md diff --git a/docs/versioned_docs/version-3.0/20-usage/50-environment.md b/docs/versioned_docs/version-3.2/20-usage/50-environment.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/50-environment.md rename to docs/versioned_docs/version-3.2/20-usage/50-environment.md diff --git a/docs/versioned_docs/version-3.0/20-usage/51-plugins/20-creating-plugins.md b/docs/versioned_docs/version-3.2/20-usage/51-plugins/20-creating-plugins.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/51-plugins/20-creating-plugins.md rename to docs/versioned_docs/version-3.2/20-usage/51-plugins/20-creating-plugins.md diff --git a/docs/versioned_docs/version-3.0/20-usage/51-plugins/51-overview.md b/docs/versioned_docs/version-3.2/20-usage/51-plugins/51-overview.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/51-plugins/51-overview.md rename to docs/versioned_docs/version-3.2/20-usage/51-plugins/51-overview.md diff --git a/docs/versioned_docs/version-2.7/20-usage/51-plugins/_category_.yaml b/docs/versioned_docs/version-3.2/20-usage/51-plugins/_category_.yaml similarity index 100% rename from docs/versioned_docs/version-2.7/20-usage/51-plugins/_category_.yaml rename to docs/versioned_docs/version-3.2/20-usage/51-plugins/_category_.yaml diff --git a/docs/versioned_docs/version-3.0/20-usage/60-services.md b/docs/versioned_docs/version-3.2/20-usage/60-services.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/60-services.md rename to docs/versioned_docs/version-3.2/20-usage/60-services.md diff --git a/docs/versioned_docs/version-2.7/20-usage/70-volumes.md b/docs/versioned_docs/version-3.2/20-usage/70-volumes.md similarity index 100% rename from docs/versioned_docs/version-2.7/20-usage/70-volumes.md rename to docs/versioned_docs/version-3.2/20-usage/70-volumes.md diff --git a/docs/versioned_docs/version-2.7/20-usage/72-linter.md b/docs/versioned_docs/version-3.2/20-usage/72-linter.md similarity index 100% rename from docs/versioned_docs/version-2.7/20-usage/72-linter.md rename to docs/versioned_docs/version-3.2/20-usage/72-linter.md diff --git a/docs/versioned_docs/version-3.0/20-usage/75-project-settings.md b/docs/versioned_docs/version-3.2/20-usage/75-project-settings.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/75-project-settings.md rename to docs/versioned_docs/version-3.2/20-usage/75-project-settings.md diff --git a/docs/versioned_docs/version-2.7/20-usage/80-badges.md b/docs/versioned_docs/version-3.2/20-usage/80-badges.md similarity index 100% rename from docs/versioned_docs/version-2.7/20-usage/80-badges.md rename to docs/versioned_docs/version-3.2/20-usage/80-badges.md diff --git a/docs/versioned_docs/version-3.0/20-usage/90-advanced-usage.md b/docs/versioned_docs/version-3.2/20-usage/90-advanced-usage.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/90-advanced-usage.md rename to docs/versioned_docs/version-3.2/20-usage/90-advanced-usage.md diff --git a/docs/versioned_docs/version-2.7/20-usage/_category_.yaml b/docs/versioned_docs/version-3.2/20-usage/_category_.yaml similarity index 100% rename from docs/versioned_docs/version-2.7/20-usage/_category_.yaml rename to docs/versioned_docs/version-3.2/20-usage/_category_.yaml diff --git a/docs/versioned_docs/version-2.7/20-usage/cron-settings.png b/docs/versioned_docs/version-3.2/20-usage/cron-settings.png similarity index 100% rename from docs/versioned_docs/version-2.7/20-usage/cron-settings.png rename to docs/versioned_docs/version-3.2/20-usage/cron-settings.png diff --git a/docs/versioned_docs/version-2.7/20-usage/linter-warnings-errors.png b/docs/versioned_docs/version-3.2/20-usage/linter-warnings-errors.png similarity index 100% rename from docs/versioned_docs/version-2.7/20-usage/linter-warnings-errors.png rename to docs/versioned_docs/version-3.2/20-usage/linter-warnings-errors.png diff --git a/docs/versioned_docs/version-2.7/20-usage/pipeline.png b/docs/versioned_docs/version-3.2/20-usage/pipeline.png similarity index 100% rename from docs/versioned_docs/version-2.7/20-usage/pipeline.png rename to docs/versioned_docs/version-3.2/20-usage/pipeline.png diff --git a/docs/versioned_docs/version-3.0/20-usage/project-settings.png b/docs/versioned_docs/version-3.2/20-usage/project-settings.png similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/project-settings.png rename to docs/versioned_docs/version-3.2/20-usage/project-settings.png diff --git a/docs/versioned_docs/version-2.7/20-usage/repo-new.png b/docs/versioned_docs/version-3.2/20-usage/repo-new.png similarity index 100% rename from docs/versioned_docs/version-2.7/20-usage/repo-new.png rename to docs/versioned_docs/version-3.2/20-usage/repo-new.png diff --git a/docs/versioned_docs/version-3.0/20-usage/secrets-plugins-filter.png b/docs/versioned_docs/version-3.2/20-usage/secrets-plugins-filter.png similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/secrets-plugins-filter.png rename to docs/versioned_docs/version-3.2/20-usage/secrets-plugins-filter.png diff --git a/docs/versioned_docs/version-3.0/30-administration/00-getting-started.md b/docs/versioned_docs/version-3.2/30-administration/00-getting-started.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/00-getting-started.md rename to docs/versioned_docs/version-3.2/30-administration/00-getting-started.md diff --git a/docs/versioned_docs/version-3.0/30-administration/04-image-variants.md b/docs/versioned_docs/version-3.2/30-administration/04-image-variants.md similarity index 69% rename from docs/versioned_docs/version-3.0/30-administration/04-image-variants.md rename to docs/versioned_docs/version-3.2/30-administration/04-image-variants.md index d4c5efa31..853035bdc 100644 --- a/docs/versioned_docs/version-3.0/30-administration/04-image-variants.md +++ b/docs/versioned_docs/version-3.2/30-administration/04-image-variants.md @@ -18,13 +18,13 @@ This was done to prevent accidental major version upgrades. Images are pushed to DockerHub and Quay. -[woodpecker-server (DockerHub)](https://hub.docker.com/r/woodpeckerci/woodpecker-server) +[woodpecker-server (DockerHub)](https://hub.docker.com/r/docker/woodpeckerci/woodpecker-server) [woodpecker-server (Quay)](https://quay.io/repository/woodpeckerci/woodpecker-server) -[woodpecker-agent (DockerHub)](https://hub.docker.com/r/woodpeckerci/woodpecker-agent) +[woodpecker-agent (DockerHub)](https://hub.docker.com/r/docker/woodpeckerci/woodpecker-agent) [woodpecker-agent (Quay)](https://quay.io/repository/woodpeckerci/woodpecker-agent) -[woodpecker-cli (DockerHub)](https://hub.docker.com/r/woodpeckerci/woodpecker-cli) +[woodpecker-cli (DockerHub)](https://hub.docker.com/r/docker/woodpeckerci/woodpecker-cli) [woodpecker-cli (Quay)](https://quay.io/repository/woodpeckerci/woodpecker-cli) -[woodpecker-autoscaler (DockerHub)](https://hub.docker.com/r/woodpeckerci/autoscaler) +[woodpecker-autoscaler (DockerHub)](https://hub.docker.com/r/docker/woodpeckerci/autoscaler) diff --git a/docs/versioned_docs/version-3.0/30-administration/05-deployment-methods/10-docker-compose.md b/docs/versioned_docs/version-3.2/30-administration/05-deployment-methods/10-docker-compose.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/05-deployment-methods/10-docker-compose.md rename to docs/versioned_docs/version-3.2/30-administration/05-deployment-methods/10-docker-compose.md diff --git a/docs/versioned_docs/version-3.0/30-administration/05-deployment-methods/20-kubernetes.md b/docs/versioned_docs/version-3.2/30-administration/05-deployment-methods/20-kubernetes.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/05-deployment-methods/20-kubernetes.md rename to docs/versioned_docs/version-3.2/30-administration/05-deployment-methods/20-kubernetes.md diff --git a/docs/versioned_docs/version-3.0/30-administration/05-deployment-methods/30-third-party.md b/docs/versioned_docs/version-3.2/30-administration/05-deployment-methods/30-third-party.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/05-deployment-methods/30-third-party.md rename to docs/versioned_docs/version-3.2/30-administration/05-deployment-methods/30-third-party.md diff --git a/docs/versioned_docs/version-3.0/30-administration/05-deployment-methods/40-nixos.md b/docs/versioned_docs/version-3.2/30-administration/05-deployment-methods/40-nixos.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/05-deployment-methods/40-nixos.md rename to docs/versioned_docs/version-3.2/30-administration/05-deployment-methods/40-nixos.md diff --git a/docs/versioned_docs/version-2.7/30-administration/05-deployment-methods/_category_.yaml b/docs/versioned_docs/version-3.2/30-administration/05-deployment-methods/_category_.yaml similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/05-deployment-methods/_category_.yaml rename to docs/versioned_docs/version-3.2/30-administration/05-deployment-methods/_category_.yaml diff --git a/docs/versioned_docs/version-3.0/30-administration/10-database.md b/docs/versioned_docs/version-3.2/30-administration/10-database.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/10-database.md rename to docs/versioned_docs/version-3.2/30-administration/10-database.md diff --git a/docs/versioned_docs/version-3.0/30-administration/10-server-config.md b/docs/versioned_docs/version-3.2/30-administration/10-server-config.md similarity index 99% rename from docs/versioned_docs/version-3.0/30-administration/10-server-config.md rename to docs/versioned_docs/version-3.2/30-administration/10-server-config.md index a308123eb..ab345aedd 100644 --- a/docs/versioned_docs/version-3.0/30-administration/10-server-config.md +++ b/docs/versioned_docs/version-3.2/30-administration/10-server-config.md @@ -337,6 +337,12 @@ Enable to allow user registration. Always use authentication to clone repositories even if they are public. Needed if the forge requires to always authenticate as used by many companies. +### `WOODPECKER_DEFAULT_ALLOW_PULL_REQUESTS` + +> Default: `true` + +The default setting for allowing pull requests on a repo. + ### `WOODPECKER_DEFAULT_CANCEL_PREVIOUS_PIPELINE_EVENTS` > Default: `pull_request, push` diff --git a/docs/versioned_docs/version-3.0/30-administration/11-forges/100-addon.md b/docs/versioned_docs/version-3.2/30-administration/11-forges/100-addon.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/11-forges/100-addon.md rename to docs/versioned_docs/version-3.2/30-administration/11-forges/100-addon.md diff --git a/docs/versioned_docs/version-3.0/30-administration/11-forges/11-overview.md b/docs/versioned_docs/version-3.2/30-administration/11-forges/11-overview.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/11-forges/11-overview.md rename to docs/versioned_docs/version-3.2/30-administration/11-forges/11-overview.md diff --git a/docs/versioned_docs/version-2.7/30-administration/11-forges/20-github.md b/docs/versioned_docs/version-3.2/30-administration/11-forges/20-github.md similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/11-forges/20-github.md rename to docs/versioned_docs/version-3.2/30-administration/11-forges/20-github.md diff --git a/docs/versioned_docs/version-3.0/30-administration/11-forges/30-gitea.md b/docs/versioned_docs/version-3.2/30-administration/11-forges/30-gitea.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/11-forges/30-gitea.md rename to docs/versioned_docs/version-3.2/30-administration/11-forges/30-gitea.md diff --git a/docs/versioned_docs/version-3.0/30-administration/11-forges/35-forgejo.md b/docs/versioned_docs/version-3.2/30-administration/11-forges/35-forgejo.md similarity index 95% rename from docs/versioned_docs/version-3.0/30-administration/11-forges/35-forgejo.md rename to docs/versioned_docs/version-3.2/30-administration/11-forges/35-forgejo.md index 1438e1556..568c121c6 100644 --- a/docs/versioned_docs/version-3.0/30-administration/11-forges/35-forgejo.md +++ b/docs/versioned_docs/version-3.2/30-administration/11-forges/35-forgejo.md @@ -33,7 +33,7 @@ To configure the Docker network if the network's name is `forgejo`, configure it ## Registration -Register your application with Forgejo to create your client id and secret. You can find the OAuth applications settings of Forgejo at `https://forgejo./user/settings/`. It is very important that the authorization callback URL matches your http(s) scheme and hostname exactly with `https:///authorize` as the path. +Register your application with Forgejo to create your client id and secret. You can find the OAuth applications settings of Forgejo at `https://forgejo./user/settings/`. It is very important that authorization callback URL matches your http(s) scheme and hostname exactly with `https:///authorize` as the path. If you run the Woodpecker CI server on the same host as the Forgejo instance, you might also need to allow local connections in Forgejo. Otherwise webhooks will fail. Add the following lines to your Forgejo configuration (usually at `/etc/forgejo/conf/app.ini`). diff --git a/docs/versioned_docs/version-3.0/30-administration/11-forges/40-gitlab.md b/docs/versioned_docs/version-3.2/30-administration/11-forges/40-gitlab.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/11-forges/40-gitlab.md rename to docs/versioned_docs/version-3.2/30-administration/11-forges/40-gitlab.md diff --git a/docs/versioned_docs/version-2.7/30-administration/11-forges/50-bitbucket.md b/docs/versioned_docs/version-3.2/30-administration/11-forges/50-bitbucket.md similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/11-forges/50-bitbucket.md rename to docs/versioned_docs/version-3.2/30-administration/11-forges/50-bitbucket.md diff --git a/docs/versioned_docs/version-3.0/30-administration/11-forges/60-bitbucket_datacenter.md b/docs/versioned_docs/version-3.2/30-administration/11-forges/60-bitbucket_datacenter.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/11-forges/60-bitbucket_datacenter.md rename to docs/versioned_docs/version-3.2/30-administration/11-forges/60-bitbucket_datacenter.md diff --git a/docs/versioned_docs/version-2.7/30-administration/11-forges/_category_.yaml b/docs/versioned_docs/version-3.2/30-administration/11-forges/_category_.yaml similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/11-forges/_category_.yaml rename to docs/versioned_docs/version-3.2/30-administration/11-forges/_category_.yaml diff --git a/docs/versioned_docs/version-2.7/30-administration/11-forges/bitbucket_oauth.png b/docs/versioned_docs/version-3.2/30-administration/11-forges/bitbucket_oauth.png similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/11-forges/bitbucket_oauth.png rename to docs/versioned_docs/version-3.2/30-administration/11-forges/bitbucket_oauth.png diff --git a/docs/versioned_docs/version-2.7/30-administration/11-forges/bitbucket_permissions.png b/docs/versioned_docs/version-3.2/30-administration/11-forges/bitbucket_permissions.png similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/11-forges/bitbucket_permissions.png rename to docs/versioned_docs/version-3.2/30-administration/11-forges/bitbucket_permissions.png diff --git a/docs/versioned_docs/version-2.7/30-administration/11-forges/gitea_oauth.gif b/docs/versioned_docs/version-3.2/30-administration/11-forges/gitea_oauth.gif similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/11-forges/gitea_oauth.gif rename to docs/versioned_docs/version-3.2/30-administration/11-forges/gitea_oauth.gif diff --git a/docs/versioned_docs/version-2.7/30-administration/11-forges/github_oauth.png b/docs/versioned_docs/version-3.2/30-administration/11-forges/github_oauth.png similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/11-forges/github_oauth.png rename to docs/versioned_docs/version-3.2/30-administration/11-forges/github_oauth.png diff --git a/docs/versioned_docs/version-3.0/30-administration/15-agent-config.md b/docs/versioned_docs/version-3.2/30-administration/15-agent-config.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/15-agent-config.md rename to docs/versioned_docs/version-3.2/30-administration/15-agent-config.md diff --git a/docs/versioned_docs/version-3.0/30-administration/22-backends/10-docker.md b/docs/versioned_docs/version-3.2/30-administration/22-backends/10-docker.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/22-backends/10-docker.md rename to docs/versioned_docs/version-3.2/30-administration/22-backends/10-docker.md diff --git a/docs/versioned_docs/version-2.7/30-administration/22-backends/20-local.md b/docs/versioned_docs/version-3.2/30-administration/22-backends/20-local.md similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/22-backends/20-local.md rename to docs/versioned_docs/version-3.2/30-administration/22-backends/20-local.md diff --git a/docs/versioned_docs/version-3.0/30-administration/22-backends/40-kubernetes.md b/docs/versioned_docs/version-3.2/30-administration/22-backends/40-kubernetes.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/22-backends/40-kubernetes.md rename to docs/versioned_docs/version-3.2/30-administration/22-backends/40-kubernetes.md diff --git a/docs/versioned_docs/version-3.0/30-administration/22-backends/50-custom-backends.md b/docs/versioned_docs/version-3.2/30-administration/22-backends/50-custom-backends.md similarity index 91% rename from docs/versioned_docs/version-3.0/30-administration/22-backends/50-custom-backends.md rename to docs/versioned_docs/version-3.2/30-administration/22-backends/50-custom-backends.md index c95956559..3b09b93d8 100644 --- a/docs/versioned_docs/version-3.0/30-administration/22-backends/50-custom-backends.md +++ b/docs/versioned_docs/version-3.2/30-administration/22-backends/50-custom-backends.md @@ -2,7 +2,7 @@ If none of our backends fits your usecase, you can write your own. -Therefore, implement the interface `"go.woodpecker-ci.org/woodpecker/woodpecker/v2/pipeline/backend/types".Backend` and +Therefore, implement the interface `"go.woodpecker-ci.org/woodpecker/woodpecker/v3/pipeline/backend/types".Backend` and build a custom agent using your backend with this `main.go`: ```go diff --git a/docs/versioned_docs/version-2.7/30-administration/22-backends/_category_.yaml b/docs/versioned_docs/version-3.2/30-administration/22-backends/_category_.yaml similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/22-backends/_category_.yaml rename to docs/versioned_docs/version-3.2/30-administration/22-backends/_category_.yaml diff --git a/docs/versioned_docs/version-3.0/30-administration/40-advanced/10-proxy.md b/docs/versioned_docs/version-3.2/30-administration/40-advanced/10-proxy.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/40-advanced/10-proxy.md rename to docs/versioned_docs/version-3.2/30-administration/40-advanced/10-proxy.md diff --git a/docs/versioned_docs/version-3.0/30-administration/40-advanced/100-external-configuration-api.md b/docs/versioned_docs/version-3.2/30-administration/40-advanced/100-external-configuration-api.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/40-advanced/100-external-configuration-api.md rename to docs/versioned_docs/version-3.2/30-administration/40-advanced/100-external-configuration-api.md diff --git a/docs/versioned_docs/version-3.0/30-administration/40-advanced/20-ssl.md b/docs/versioned_docs/version-3.2/30-administration/40-advanced/20-ssl.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/40-advanced/20-ssl.md rename to docs/versioned_docs/version-3.2/30-administration/40-advanced/20-ssl.md diff --git a/docs/versioned_docs/version-3.0/30-administration/40-advanced/30-autoscaler.md b/docs/versioned_docs/version-3.2/30-administration/40-advanced/30-autoscaler.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/40-advanced/30-autoscaler.md rename to docs/versioned_docs/version-3.2/30-administration/40-advanced/30-autoscaler.md diff --git a/docs/versioned_docs/version-2.7/30-administration/40-advanced/40-advanced.md b/docs/versioned_docs/version-3.2/30-administration/40-advanced/40-advanced.md similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/40-advanced/40-advanced.md rename to docs/versioned_docs/version-3.2/30-administration/40-advanced/40-advanced.md diff --git a/docs/versioned_docs/version-3.0/30-administration/40-advanced/90-prometheus.md b/docs/versioned_docs/version-3.2/30-administration/40-advanced/90-prometheus.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/40-advanced/90-prometheus.md rename to docs/versioned_docs/version-3.2/30-administration/40-advanced/90-prometheus.md diff --git a/docs/versioned_docs/version-2.7/30-administration/40-advanced/_category_.yaml b/docs/versioned_docs/version-3.2/30-administration/40-advanced/_category_.yaml similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/40-advanced/_category_.yaml rename to docs/versioned_docs/version-3.2/30-administration/40-advanced/_category_.yaml diff --git a/docs/versioned_docs/version-2.7/30-administration/_category_.yaml b/docs/versioned_docs/version-3.2/30-administration/_category_.yaml similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/_category_.yaml rename to docs/versioned_docs/version-3.2/30-administration/_category_.yaml diff --git a/docs/versioned_docs/version-2.7/30-administration/new-agent-connected.png b/docs/versioned_docs/version-3.2/30-administration/new-agent-connected.png similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/new-agent-connected.png rename to docs/versioned_docs/version-3.2/30-administration/new-agent-connected.png diff --git a/docs/versioned_docs/version-2.7/30-administration/new-agent-created.png b/docs/versioned_docs/version-3.2/30-administration/new-agent-created.png similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/new-agent-created.png rename to docs/versioned_docs/version-3.2/30-administration/new-agent-created.png diff --git a/docs/versioned_docs/version-2.7/30-administration/new-agent-registration.png b/docs/versioned_docs/version-3.2/30-administration/new-agent-registration.png similarity index 100% rename from docs/versioned_docs/version-2.7/30-administration/new-agent-registration.png rename to docs/versioned_docs/version-3.2/30-administration/new-agent-registration.png diff --git a/docs/versioned_docs/version-3.0/40-cli.md b/docs/versioned_docs/version-3.2/40-cli.md similarity index 87% rename from docs/versioned_docs/version-3.0/40-cli.md rename to docs/versioned_docs/version-3.2/40-cli.md index cf0f3f999..1a6fb2d96 100644 --- a/docs/versioned_docs/version-3.0/40-cli.md +++ b/docs/versioned_docs/version-3.2/40-cli.md @@ -91,10 +91,20 @@ remove a registry list registries +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + #### show show registry information +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + **--hostname**="": registry hostname (default: docker.io) #### update @@ -133,10 +143,28 @@ remove a secret list secrets +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + #### show show secret information +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + **--name**="": secret name #### update @@ -378,13 +406,16 @@ execute a local pipeline show information about the current user +**--format**="": format output (deprecated) (default: User: {{ .Login }} +Email: {{ .Email }}) + ## lint lint a pipeline configuration file **--plugins-privileged**="": allow plugins to run in privileged mode, if set empty, there is no (default: []) -**--plugins-trusted-clone**="": plugins that are trusted to handle Git credentials in cloning steps (default: [docker.io/woodpeckerci/plugin-git:2.6.0 docker.io/woodpeckerci/plugin-git quay.io/woodpeckerci/plugin-git]) +**--plugins-trusted-clone**="": plugins that are trusted to handle Git credentials in cloning steps (default: [docker.io/woodpeckerci/plugin-git:2.6.2 docker.io/woodpeckerci/plugin-git quay.io/woodpeckerci/plugin-git]) **--strict**: treat warnings as errors @@ -420,12 +451,22 @@ remove a registry list registries +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + **--organization, --org**="": organization id or full name (e.g. 123 or octocat) #### show show registry information +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + **--hostname**="": registry hostname (default: docker.io) **--organization, --org**="": organization id or full name (e.g. 123 or octocat) @@ -472,12 +513,30 @@ remove a secret list secrets +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + **--organization, --org**="": organization id or full name (e.g. 123 or octocat) #### show show secret information +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + **--name**="": secret name **--organization, --org**="": organization id or full name (e.g. 123 or octocat) @@ -660,6 +719,13 @@ add a cron job **--branch**="": cron branch +**--format**="": format output (deprecated) (default: {{ .Name }}  +ID: {{ .ID }} +Branch: {{ .Branch }} +Schedule: {{ .Schedule }} +NextExec: {{ .NextExec }} +) + **--name**="": cron name **--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) @@ -678,12 +744,26 @@ remove a cron job list cron jobs +**--format**="": format output (deprecated) (default: {{ .Name }}  +ID: {{ .ID }} +Branch: {{ .Branch }} +Schedule: {{ .Schedule }} +NextExec: {{ .NextExec }} +) + **--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) #### show show cron job information +**--format**="": format output (deprecated) (default: {{ .Name }}  +ID: {{ .ID }} +Branch: {{ .Branch }} +Schedule: {{ .Schedule }} +NextExec: {{ .NextExec }} +) + **--id**="": cron id **--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) @@ -694,6 +774,13 @@ update a cron job **--branch**="": cron branch +**--format**="": format output (deprecated) (default: {{ .Name }}  +ID: {{ .ID }} +Branch: {{ .Branch }} +Schedule: {{ .Schedule }} +NextExec: {{ .NextExec }} +) + **--id**="": cron id **--name**="": cron name @@ -708,10 +795,14 @@ list all repos **--all**: query all repos, including inactive ones -**--format**="": format output (default: {{ .FullName }} (id: {{ .ID }}, forgeRemoteID: {{ .ForgeRemoteID }}, isActive: {{ .IsActive }})) +**--format**="": format output (deprecated) **--org**="": filter by organization +**--output**="": output format (default: table) + +**--output-no-headers**: don't print headers + ### registry manage registries @@ -740,12 +831,22 @@ remove a registry list registries +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + **--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) #### show show registry information +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + **--hostname**="": registry hostname (default: docker.io) **--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) @@ -800,12 +901,30 @@ remove a secret list secrets +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + **--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) #### show show secret information +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + **--name**="": secret name **--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) @@ -828,18 +947,9 @@ update a secret show repository information -**--format**="": format output (default: Owner: {{ .Owner }} -Repo: {{ .Name }} -URL: {{ .ForgeURL }} -Config path: {{ .Config }} -Visibility: {{ .Visibility }} -Private: {{ .IsSCMPrivate }} -Trusted: {{ .IsTrusted }} -Gated: {{ .IsGated }} -Require approval for: {{ .RequireApproval }} -Clone url: {{ .Clone }} -Allow pull-requests: {{ .AllowPullRequests }} -) +**--output**="": output format (default: table) + +**--output-no-headers**: don't print headers ### sync diff --git a/docs/versioned_docs/version-3.0/92-development/01-getting-started.md b/docs/versioned_docs/version-3.2/92-development/01-getting-started.md similarity index 100% rename from docs/versioned_docs/version-3.0/92-development/01-getting-started.md rename to docs/versioned_docs/version-3.2/92-development/01-getting-started.md diff --git a/docs/versioned_docs/version-2.7/92-development/02-core-ideas.md b/docs/versioned_docs/version-3.2/92-development/02-core-ideas.md similarity index 100% rename from docs/versioned_docs/version-2.7/92-development/02-core-ideas.md rename to docs/versioned_docs/version-3.2/92-development/02-core-ideas.md diff --git a/docs/versioned_docs/version-3.0/92-development/03-ui.md b/docs/versioned_docs/version-3.2/92-development/03-ui.md similarity index 100% rename from docs/versioned_docs/version-3.0/92-development/03-ui.md rename to docs/versioned_docs/version-3.2/92-development/03-ui.md diff --git a/docs/versioned_docs/version-2.7/92-development/04-docs.md b/docs/versioned_docs/version-3.2/92-development/04-docs.md similarity index 100% rename from docs/versioned_docs/version-2.7/92-development/04-docs.md rename to docs/versioned_docs/version-3.2/92-development/04-docs.md diff --git a/docs/versioned_docs/version-2.7/92-development/05-architecture.md b/docs/versioned_docs/version-3.2/92-development/05-architecture.md similarity index 100% rename from docs/versioned_docs/version-2.7/92-development/05-architecture.md rename to docs/versioned_docs/version-3.2/92-development/05-architecture.md diff --git a/docs/versioned_docs/version-2.7/92-development/06-conventions.md b/docs/versioned_docs/version-3.2/92-development/06-conventions.md similarity index 100% rename from docs/versioned_docs/version-2.7/92-development/06-conventions.md rename to docs/versioned_docs/version-3.2/92-development/06-conventions.md diff --git a/docs/versioned_docs/version-3.0/92-development/07-guides.md b/docs/versioned_docs/version-3.2/92-development/07-guides.md similarity index 100% rename from docs/versioned_docs/version-3.0/92-development/07-guides.md rename to docs/versioned_docs/version-3.2/92-development/07-guides.md diff --git a/docs/versioned_docs/version-2.7/92-development/08-translations.md b/docs/versioned_docs/version-3.2/92-development/08-translations.md similarity index 100% rename from docs/versioned_docs/version-2.7/92-development/08-translations.md rename to docs/versioned_docs/version-3.2/92-development/08-translations.md diff --git a/docs/versioned_docs/version-3.0/92-development/09-openapi.md b/docs/versioned_docs/version-3.2/92-development/09-openapi.md similarity index 100% rename from docs/versioned_docs/version-3.0/92-development/09-openapi.md rename to docs/versioned_docs/version-3.2/92-development/09-openapi.md diff --git a/docs/versioned_docs/version-3.0/92-development/09-testing.md b/docs/versioned_docs/version-3.2/92-development/09-testing.md similarity index 100% rename from docs/versioned_docs/version-3.0/92-development/09-testing.md rename to docs/versioned_docs/version-3.2/92-development/09-testing.md diff --git a/docs/versioned_docs/version-2.7/92-development/_category_.yaml b/docs/versioned_docs/version-3.2/92-development/_category_.yaml similarity index 100% rename from docs/versioned_docs/version-2.7/92-development/_category_.yaml rename to docs/versioned_docs/version-3.2/92-development/_category_.yaml diff --git a/docs/versioned_docs/version-2.7/92-development/ui-proxy.svg b/docs/versioned_docs/version-3.2/92-development/ui-proxy.svg similarity index 100% rename from docs/versioned_docs/version-2.7/92-development/ui-proxy.svg rename to docs/versioned_docs/version-3.2/92-development/ui-proxy.svg diff --git a/docs/versioned_docs/version-2.7/92-development/vscode-debug.png b/docs/versioned_docs/version-3.2/92-development/vscode-debug.png similarity index 100% rename from docs/versioned_docs/version-2.7/92-development/vscode-debug.png rename to docs/versioned_docs/version-3.2/92-development/vscode-debug.png diff --git a/docs/versioned_docs/version-2.7/92-development/vscode-run-test.png b/docs/versioned_docs/version-3.2/92-development/vscode-run-test.png similarity index 100% rename from docs/versioned_docs/version-2.7/92-development/vscode-run-test.png rename to docs/versioned_docs/version-3.2/92-development/vscode-run-test.png diff --git a/docs/versioned_docs/version-2.7/92-development/woodpecker-architecture.png b/docs/versioned_docs/version-3.2/92-development/woodpecker-architecture.png similarity index 100% rename from docs/versioned_docs/version-2.7/92-development/woodpecker-architecture.png rename to docs/versioned_docs/version-3.2/92-development/woodpecker-architecture.png diff --git a/docs/versioned_docs/version-3.0/10-intro/index.md b/docs/versioned_docs/version-3.3/10-intro/index.md similarity index 82% rename from docs/versioned_docs/version-3.0/10-intro/index.md rename to docs/versioned_docs/version-3.3/10-intro/index.md index 7d9ced179..025bd1f85 100644 --- a/docs/versioned_docs/version-3.0/10-intro/index.md +++ b/docs/versioned_docs/version-3.3/10-intro/index.md @@ -23,4 +23,4 @@ Then you might want to jump directly into it and [start creating your first pipe ## Want to start from scratch and deploy your own Woodpecker instance? -Woodpecker is [pretty lightweight](../30-administration/00-getting-started.md#hardware-requirements) and will even run on your Raspberry Pi. You can follow the [deployment guide](../30-administration/00-getting-started.md) to set up your own Woodpecker instance. +Woodpecker is lightweight and even runs on a Raspberry Pi. You can follow the [deployment guide](../30-administration/00-general.md) to set up your own Woodpecker instance. diff --git a/docs/versioned_docs/version-2.7/20-usage/10-intro.md b/docs/versioned_docs/version-3.3/20-usage/10-intro.md similarity index 90% rename from docs/versioned_docs/version-2.7/20-usage/10-intro.md rename to docs/versioned_docs/version-3.3/20-usage/10-intro.md index 9c4cb3c21..095528b4e 100644 --- a/docs/versioned_docs/version-2.7/20-usage/10-intro.md +++ b/docs/versioned_docs/version-3.3/20-usage/10-intro.md @@ -61,7 +61,7 @@ You can use any image from registries like the [Docker Hub](https://hub.docker.c steps: - name: build - image: debian -+ image: mycompany/image-with-awscli ++ image: my-company/image-with-aws_cli commands: - aws help ``` @@ -83,19 +83,20 @@ the same workspace it can use the previously built binary and test it. Sometimes you have some tasks that you need to do in every project. For example, deploying to Kubernetes or sending a Slack message. Therefore you can use one of the [official and community plugins](/plugins) or simply [create your own](./51-plugins/20-creating-plugins.md). -If you want to get a Slack notification after your pipeline has finished, you can add a Slack plugin to your pipeline: +If you want to publish a file to an S3 bucket, you can add an S3 plugin to your pipeline: ```yaml ---- -- name: notify me on Slack - image: plugins/slack - settings: - channel: developers - username: woodpecker - password: - from_secret: slack_token - when: - status: [success, failure] # This will execute the step on success and failure +steps: + # ... + - name: upload + image: woodpeckerci/plugin-s3 + settings: + bucket: my-bucket-name + access_key: a50d28f4dd477bc184fbd10b376de753 + secret_key: + from_secret: aws_secret_key + source: public/**/* + target: /target/location ``` To configure a plugin you can use the `settings` section. diff --git a/docs/versioned_docs/version-3.0/20-usage/100-troubleshooting.md b/docs/versioned_docs/version-3.3/20-usage/100-troubleshooting.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/100-troubleshooting.md rename to docs/versioned_docs/version-3.3/20-usage/100-troubleshooting.md diff --git a/docs/versioned_docs/version-3.0/20-usage/15-terminology/architecture.excalidraw b/docs/versioned_docs/version-3.3/20-usage/15-terminology/architecture.excalidraw similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/15-terminology/architecture.excalidraw rename to docs/versioned_docs/version-3.3/20-usage/15-terminology/architecture.excalidraw diff --git a/docs/versioned_docs/version-3.0/20-usage/15-terminology/architecture.svg b/docs/versioned_docs/version-3.3/20-usage/15-terminology/architecture.svg similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/15-terminology/architecture.svg rename to docs/versioned_docs/version-3.3/20-usage/15-terminology/architecture.svg diff --git a/docs/versioned_docs/version-2.7/20-usage/15-terminology/index.md b/docs/versioned_docs/version-3.3/20-usage/15-terminology/index.md similarity index 62% rename from docs/versioned_docs/version-2.7/20-usage/15-terminology/index.md rename to docs/versioned_docs/version-3.3/20-usage/15-terminology/index.md index f05f18207..e64d4565f 100644 --- a/docs/versioned_docs/version-2.7/20-usage/15-terminology/index.md +++ b/docs/versioned_docs/version-3.3/20-usage/15-terminology/index.md @@ -7,18 +7,18 @@ - **Server**: The component of Woodpecker that handles webhooks from forges, orchestrates agents, and sends status back. It also serves the API and web UI for administration and configuration. - **Agent**: A component of Woodpecker that executes [pipelines][Pipeline] (specifically one or more [workflows][Workflow]) with a specific backend (e.g. [Docker][], Kubernetes, [local][Local]). It connects to the server via GRPC. - **CLI**: The Woodpecker command-line interface (CLI) is a terminal tool used to administer the server, to execute pipelines locally for debugging / testing purposes, and to perform tasks like linting pipelines. -- **Pipeline**: A sequence of [workflows][Workflow] that are executed on the code. [Pipelines][Pipeline] are triggered by events. -- **Workflow**: A sequence of steps and services that are executed as part of a [pipeline][Pipeline]. Workflows are represented by YAML files. Each [workflow][Workflow] has its own isolated [workspace][Workspace], and often additional resources like a shared network (docker). +- **[Pipeline][Pipeline]**: A sequence of [workflows][Workflow] that are executed on the code. Pipelines are triggered by events. +- **[Workflow][Workflow]**: A sequence of steps and services that are executed as part of a [pipeline][Pipeline]. Workflows are represented by YAML files. Each workflow has its own isolated [workspace][Workspace], and often additional resources like a shared network (docker). - **Steps**: Individual commands, actions or tasks within a [workflow][Workflow]. - **Code**: Refers to the files tracked by the version control system used by the [forge][Forge]. - **Repos**: Short for repositories, these are storage locations where code is stored. -- **Forge**: The hosting platform or service where the repositories are hosted. -- **Workspace**: A folder shared between all steps of a [workflow][Workflow] containing the repository and all the generated data from previous steps. -- **Event**: Triggers the execution of a [pipeline][Pipeline], such as a [forge][Forge] event like `push`, or `manual` triggered manually from the UI. +- **[Forge][Forge]**: The hosting platform or service where the repositories are hosted. +- **[Workspace][workspace]**: A folder shared between all steps of a [workflow][Workflow] containing the repository and all the generated data from previous steps. +- **[Event][Event]**: Triggers the execution of a [pipeline][Pipeline], such as a [forge][Forge] event like `push`, or `manual` triggered manually from the UI. - **Commit**: A defined state of the code, usually associated with a version control system like Git. -- **Matrix**: A configuration option that allows the execution of [workflows][Workflow] for each value in the [matrix][Matrix]. +- **[Matrix][Matrix]**: A configuration option that allows the execution of [workflows][Workflow] for each value in the matrix. - **Service**: A service is a step that is executed from the start of a [workflow][Workflow] until its end. It can be accessed by name via the network from other steps within the same [workflow][Workflow]. -- **Plugins**: [Plugins][Plugin] are extensions that provide pre-defined actions or commands for a step in a [workflow][Workflow]. They can be configured via settings. +- **[Plugins][Plugin]**: Plugins are extensions that provide pre-defined actions or commands for a step in a [workflow][Workflow]. They can be configured via settings. - **Container**: A lightweight and isolated environment where commands are executed. - **YAML File**: A file format used to define and configure [workflows][Workflow]. - **Dependency**: [Workflows][Workflow] can depend on each other, and if possible, they are executed in parallel. @@ -33,16 +33,6 @@ ![Relation between pipelines, workflows and steps](pipeline-workflow-step.svg) -## Pipeline events - -- `push`: A push event is triggered when a commit is pushed to a branch. -- `pull_request`: A pull request event is triggered when a pull request is opened or a new commit is pushed to it. -- `pull_request_closed`: A pull request closed event is triggered when a pull request is closed or merged. -- `tag`: A tag event is triggered when a tag is pushed. -- `release`: A release event is triggered when a release, pre-release or draft is created. (You can apply further filters using [evaluate](../20-workflow-syntax.md#evaluate) with [environment variables](../50-environment.md#built-in-environment-variables).) -- `manual`: A manual event is triggered when a user manually triggers a pipeline. -- `cron`: A cron event is triggered when a cron job is executed. - ## Conventions Sometimes there are multiple terms that can be used to describe something. This section lists the preferred terms to use in Woodpecker: @@ -54,11 +44,12 @@ Sometimes there are multiple terms that can be used to describe something. This +[Event]: ../20-workflow-syntax.md#event [Pipeline]: ../20-workflow-syntax.md [Workflow]: ../25-workflows.md -[Forge]: ../../30-administration/11-forges/11-overview.md +[Forge]: ../../30-administration/10-configuration/12-forges/11-overview.md [Plugin]: ../51-plugins/51-overview.md [Workspace]: ../20-workflow-syntax.md#workspace [Matrix]: ../30-matrix-workflows.md -[Docker]: ../../30-administration/22-backends/10-docker.md -[Local]: ../../30-administration/22-backends/20-local.md +[Docker]: ../../30-administration/10-configuration/11-backends/10-docker.md +[Local]: ../../30-administration/10-configuration/11-backends/30-local.md diff --git a/docs/versioned_docs/version-3.0/20-usage/15-terminology/pipeline-workflow-step.excalidraw b/docs/versioned_docs/version-3.3/20-usage/15-terminology/pipeline-workflow-step.excalidraw similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/15-terminology/pipeline-workflow-step.excalidraw rename to docs/versioned_docs/version-3.3/20-usage/15-terminology/pipeline-workflow-step.excalidraw diff --git a/docs/versioned_docs/version-3.0/20-usage/15-terminology/pipeline-workflow-step.svg b/docs/versioned_docs/version-3.3/20-usage/15-terminology/pipeline-workflow-step.svg similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/15-terminology/pipeline-workflow-step.svg rename to docs/versioned_docs/version-3.3/20-usage/15-terminology/pipeline-workflow-step.svg diff --git a/docs/versioned_docs/version-3.3/20-usage/20-workflow-syntax.md b/docs/versioned_docs/version-3.3/20-usage/20-workflow-syntax.md new file mode 100644 index 000000000..51a23a421 --- /dev/null +++ b/docs/versioned_docs/version-3.3/20-usage/20-workflow-syntax.md @@ -0,0 +1,787 @@ +# Workflow syntax + +The Workflow section defines a list of steps to build, test and deploy your code. The steps are executed serially in the order in which they are defined. If a step returns a non-zero exit code, the workflow and therefore the entire pipeline terminates immediately and returns an error status. + +:::note +An exception to this rule are steps with a [`status: [failure]`](#status) condition, which ensures that they are executed in the case of a failed run. +::: + +:::note +We support most of YAML 1.2, but preserve some behavior from 1.1 for backward compatibility. +Read more at: [https://github.com/go-yaml/yaml](https://github.com/go-yaml/yaml/tree/v3) +::: + +Example steps: + +```yaml +steps: + - name: backend + image: golang + commands: + - go build + - go test + - name: frontend + image: node + commands: + - npm install + - npm run test + - npm run build +``` + +In the above example we define two steps, `frontend` and `backend`. The names of these steps are completely arbitrary. + +The name is optional, if not added the steps will be numerated. + +Another way to name a step is by using dictionaries: + +```yaml +steps: + backend: + image: golang + commands: + - go build + - go test + frontend: + image: node + commands: + - npm install + - npm run test + - npm run build +``` + +## Skip Commits + +Woodpecker gives the ability to skip individual commits by adding `[SKIP CI]` or `[CI SKIP]` to the commit message. Note this is case-insensitive. + +```bash +git commit -m "updated README [CI SKIP]" +``` + +## Steps + +Every step of your workflow executes commands inside a specified container.
+The defined steps are executed in sequence by default, if they should run in parallel you can use [`depends_on`](./20-workflow-syntax.md#depends_on).
+The associated commit is checked out with git to a workspace which is mounted to every step of the workflow as the working directory. + +```diff + steps: + - name: backend + image: golang + commands: ++ - go build ++ - go test +``` + +### File changes are incremental + +- Woodpecker clones the source code in the beginning of the workflow +- Changes to files are persisted through steps as the same volume is mounted to all steps + +```yaml title=".woodpecker.yaml" +steps: + - name: build + image: debian + commands: + - echo "test content" > myfile + - name: a-test-step + image: debian + commands: + - cat myfile +``` + +### `image` + +Woodpecker pulls the defined image and uses it as environment to execute the workflow step commands, for plugins and for service containers. + +When using the `local` backend, the `image` entry is used to specify the shell, such as Bash or Fish, that is used to run the commands. + +```diff + steps: + - name: build ++ image: golang:1.6 + commands: + - go build + - go test + + - name: publish ++ image: woodpeckerci/plugin-kaniko + repo: foo/bar + + services: + - name: database ++ image: mysql +``` + +Woodpecker supports any valid Docker image from any Docker registry: + +```yaml +image: golang +image: golang:1.7 +image: library/golang:1.7 +image: index.docker.io/library/golang +image: index.docker.io/library/golang:1.7 +``` + +Woodpecker does not automatically upgrade container images. Example configuration to always pull the latest image when updates are available: + +```diff + steps: + - name: build + image: golang:latest ++ pull: true +``` + +Learn more how you can use images from [different registries](./41-registries.md). + +### `commands` + +Commands of every step are executed serially as if you would enter them into your local shell. + +```diff + steps: + - name: backend + image: golang + commands: ++ - go build ++ - go test +``` + +There is no magic here. The above commands are converted to a simple shell script. The commands in the above example are roughly converted to the below script: + +```bash +#!/bin/sh +set -e + +go build +go test +``` + +The above shell script is then executed as the container entrypoint. The below docker command is an (incomplete) example of how the script is executed: + +```bash +docker run --entrypoint=build.sh golang +``` + +:::note +Only build steps can define commands. You cannot use commands with plugins or services. +::: + +### `entrypoint` + +Allows you to specify the entrypoint for containers. Note that this must be a list of the command and its arguments (e.g. `["/bin/sh", "-c"]`). + +If you define [`commands`](#commands), the default entrypoint will be `["/bin/sh", "-c", "echo $CI_SCRIPT | base64 -d | /bin/sh -e"]`. +You can also use a custom shell with `CI_SCRIPT` (Base64-encoded) if you set `commands`. + +### `environment` + +Woodpecker provides the ability to pass environment variables to individual steps. + +For more details, check the [environment docs](./50-environment.md). + +### `failure` + +Some of the steps may be allowed to fail without causing the whole workflow and therefore pipeline to report a failure (e.g., a step executing a linting check). To enable this, add `failure: ignore` to your step. If Woodpecker encounters an error while executing the step, it will report it as failed but still executes the next steps of the workflow, if any, without affecting the status of the workflow. + +```diff + steps: + - name: backend + image: golang + commands: + - go build + - go test ++ failure: ignore +``` + +### `when` - Conditional Execution + +Woodpecker supports defining a list of conditions for a step by using a `when` block. If at least one of the conditions in the `when` block evaluate to true the step is executed, otherwise it is skipped. A condition is evaluated to true if _all_ sub-conditions are true. +A condition can be a check like: + +```diff + steps: + - name: prettier + image: woodpeckerci/plugin-prettier ++ when: ++ - event: pull_request ++ repo: test/test ++ - event: push ++ branch: main +``` + +The `prettier` step is executed if one of these conditions is met: + +1. The pipeline is executed from a pull request in the repo `test/test` +2. The pipeline is executed from a push to `main` + +#### `repo` + +Example conditional execution by repository: + +```diff + steps: + - name: prettier + image: woodpeckerci/plugin-prettier ++ when: ++ - repo: test/test +``` + +#### `branch` + +:::note +Branch conditions are not applied to tags. +::: + +Example conditional execution by branch: + +```diff + steps: + - name: prettier + image: woodpeckerci/plugin-prettier ++ when: ++ - branch: main +``` + +> The step now triggers on main branch, but also if the target branch of a pull request is `main`. Add an event condition to limit it further to pushes on main only. + +Execute a step if the branch is `main` or `develop`: + +```yaml +when: + - branch: [main, develop] +``` + +Execute a step if the branch starts with `prefix/*`: + +```yaml +when: + - branch: prefix/* +``` + +The branch matching is done using [doublestar](https://github.com/bmatcuk/doublestar/#usage), note that a pattern starting with `*` should be put between quotes and a literal `/` needs to be escaped. A few examples: + +- `*\\/*` to match patterns with exactly 1 `/` +- `*\\/**` to match patters with at least 1 `/` +- `*` to match patterns without `/` +- `**` to match everything + +Execute a step using custom include and exclude logic: + +```yaml +when: + - branch: + include: [main, release/*] + exclude: [release/1.0.0, release/1.1.*] +``` + +#### `event` + +The available events are: + +- `push`: triggered when a commit is pushed to a branch. +- `pull_request`: triggered when a pull request is opened or a new commit is pushed to it. +- `pull_request_closed`: triggered when a pull request is closed or merged. +- `tag`: triggered when a tag is pushed. +- `release`: triggered when a release, pre-release or draft is created. (You can apply further filters using [evaluate](#evaluate) with [environment variables](./50-environment.md#built-in-environment-variables).) +- `deployment`: triggered when a deployment is created in the repository. (This event can be triggered from Woodpecker directly. GitHub also supports webhook triggers.) +- `cron`: triggered when a cron job is executed. +- `manual`: triggered when a user manually triggers a pipeline. + +Execute a step if the build event is a `tag`: + +```yaml +when: + - event: tag +``` + +Execute a step if the pipeline event is a `push` to a specified branch: + +```diff +when: + - event: push ++ branch: main +``` + +Execute a step for multiple events: + +```yaml +when: + - event: [push, tag, deployment] +``` + +#### `cron` + +This filter **only** applies to cron events and filters based on the name of a cron job. + +Make sure to have a `event: cron` condition in the `when`-filters as well. + +```yaml +when: + - event: cron + cron: sync_* # name of your cron job +``` + +[Read more about cron](./45-cron.md) + +#### `ref` + +The `ref` filter compares the git reference against which the workflow is executed. +This allows you to filter, for example, tags that must start with **v**: + +```yaml +when: + - event: tag + ref: refs/tags/v* +``` + +#### `status` + +There are use cases for executing steps on failure, such as sending notifications for failed workflow/pipeline. Use the status constraint to execute steps even when the workflow fails: + +```diff + steps: + - name: notify + image: alpine ++ when: ++ - status: [ success, failure ] +``` + +#### `platform` + +:::note +This condition should be used in conjunction with a [matrix](./30-matrix-workflows.md#example-matrix-pipeline-using-multiple-platforms) workflow as a regular workflow will only be executed by a single agent which only has one arch. +::: + +Execute a step for a specific platform: + +```yaml +when: + - platform: linux/amd64 +``` + +Execute a step for a specific platform using wildcards: + +```yaml +when: + - platform: [linux/*, windows/amd64] +``` + +#### `matrix` + +Execute a step for a single matrix permutation: + +```yaml +when: + - matrix: + GO_VERSION: 1.5 + REDIS_VERSION: 2.8 +``` + +#### `instance` + +Execute a step only on a certain Woodpecker instance matching the specified hostname: + +```yaml +when: + - instance: stage.woodpecker.company.com +``` + +#### `path` + +:::info +Path conditions are applied only to **push** and **pull_request** events. +It is currently **only available** for GitHub, GitLab and Gitea (version 1.18.0 and newer) +::: + +Execute a step only on a pipeline with certain files being changed: + +```yaml +when: + - path: 'src/*' +``` + +You can use [glob patterns](https://github.com/bmatcuk/doublestar#patterns) to match the changed files and specify if the step should run if a file matching that pattern has been changed `include` or if some files have **not** been changed `exclude`. + +For pipelines without file changes (empty commits or on events without file changes like `tag`), you can use `on_empty` to set whether this condition should be **true** _(default)_ or **false** in these cases. + +```yaml +when: + - path: + include: ['.woodpecker/*.yaml', '*.ini'] + exclude: ['*.md', 'docs/**'] + ignore_message: '[ALL]' + on_empty: true +``` + +:::info +Passing a defined ignore-message like `[ALL]` inside the commit message will ignore all path conditions and the `on_empty` setting. +::: + +#### `evaluate` + +Execute a step only if the provided evaluate expression is equal to true. Both built-in [`CI_`](./50-environment.md#built-in-environment-variables) and custom variables can be used inside the expression. + +The expression syntax can be found in [the docs](https://github.com/expr-lang/expr/blob/master/docs/language-definition.md) of the underlying library. + +Run on pushes to the default branch for the repository `owner/repo`: + +```yaml +when: + - evaluate: 'CI_PIPELINE_EVENT == "push" && CI_REPO == "owner/repo" && CI_COMMIT_BRANCH == CI_REPO_DEFAULT_BRANCH' +``` + +Run on commits created by user `woodpecker-ci`: + +```yaml +when: + - evaluate: 'CI_COMMIT_AUTHOR == "woodpecker-ci"' +``` + +Skip all commits containing `please ignore me` in the commit message: + +```yaml +when: + - evaluate: 'not (CI_COMMIT_MESSAGE contains "please ignore me")' +``` + +Run on pull requests with the label `deploy`: + +```yaml +when: + - evaluate: 'CI_COMMIT_PULL_REQUEST_LABELS contains "deploy"' +``` + +Skip step only if `SKIP=true`, run otherwise or if undefined: + +```yaml +when: + - evaluate: 'SKIP != "true"' +``` + +### `depends_on` + +Normally steps of a workflow are executed serially in the order in which they are defined. As soon as you set `depends_on` for a step a [directed acyclic graph](https://en.wikipedia.org/wiki/Directed_acyclic_graph) will be used and all steps of the workflow will be executed in parallel besides the steps that have a dependency set to another step using `depends_on`: + +```diff + steps: + - name: build # build will be executed immediately + image: golang + commands: + - go build + + - name: deploy + image: woodpeckerci/plugin-kaniko + settings: + repo: foo/bar ++ depends_on: [build, test] # deploy will be executed after build and test finished + + - name: test # test will be executed immediately as no dependencies are set + image: golang + commands: + - go test +``` + +:::note +You can define a step to start immediately without dependencies by adding an empty `depends_on: []`. By setting `depends_on` on a single step all other steps will be immediately executed as well if no further dependencies are specified. + +```yaml +steps: + - name: check code format + image: mstruebing/editorconfig-checker + depends_on: [] # enable parallel steps + ... +``` + +::: + +### `volumes` + +Woodpecker gives the ability to define Docker volumes in the YAML. You can use this parameter to mount files or folders on the host machine into your containers. + +For more details check the [volumes docs](./70-volumes.md). + +### `detach` + +Woodpecker gives the ability to detach steps to run them in background until the workflow finishes. + +For more details check the [service docs](./60-services.md#detachment). + +### `directory` + +Using `directory`, you can set a subdirectory of your repository or an absolute path inside the Docker container in which your commands will run. + +## `services` + +Woodpecker can provide service containers. They can for example be used to run databases or cache containers during the execution of workflow. + +For more details check the [services docs](./60-services.md). + +## `workspace` + +The workspace defines the shared volume and working directory shared by all workflow steps. +The default workspace base is `/woodpecker` and the path is extended with the repository URL (`src/{url-without-schema}`). +So an example would be `/woodpecker/src/github.com/octocat/hello-world`. + +The workspace can be customized using the workspace block in the YAML file: + +```diff ++workspace: ++ base: /go ++ path: src/github.com/octocat/hello-world + + steps: + - name: build + image: golang:latest + commands: + - go get + - go test +``` + +:::note +Plugins will always have the workspace base at `/woodpecker` +::: + +The base attribute defines a shared base volume available to all steps. This ensures your source code, dependencies and compiled binaries are persisted and shared between steps. + +```diff + workspace: ++ base: /go + path: src/github.com/octocat/hello-world + + steps: + - name: deps + image: golang:latest + commands: + - go get + - go test + - name: build + image: node:latest + commands: + - go build +``` + +This would be equivalent to the following docker commands: + +```bash +docker volume create my-named-volume + +docker run --volume=my-named-volume:/go golang:latest +docker run --volume=my-named-volume:/go node:latest +``` + +The path attribute defines the working directory of your build. This is where your code is cloned and will be the default working directory of every step in your build process. The path must be relative and is combined with your base path. + +```diff + workspace: + base: /go ++ path: src/github.com/octocat/hello-world +``` + +```bash +git clone https://github.com/octocat/hello-world \ + /go/src/github.com/octocat/hello-world +``` + + + +## `matrix` + + + +Woodpecker has integrated support for matrix builds. Woodpecker executes a separate build task for each combination in the matrix, allowing you to build and test a single commit against multiple configurations. + +For more details check the [matrix build docs](./30-matrix-workflows.md). + +## `labels` + +You can set labels for your workflow to select an agent to execute the workflow on. An agent will pick up and run a workflow when **every** label assigned to it matches the agents labels. + +To set additional agent labels, check the [agent configuration options](../30-administration/10-configuration/30-agent.md#woodpecker_agent_labels). Agents will have at least four default labels: `platform=agent-os/agent-arch`, `hostname=my-agent`, `backend=docker` (type of the agent backend) and `repo=*`. Agents can use a `*` as a wildcard for a label. For example `repo=*` will match every repo. + +Workflow labels with an empty value will be ignored. +By default, each workflow has at least the `repo=your-user/your-repo-name` label. If you have set the [platform attribute](#platform) for your workflow it will have a label like `platform=your-os/your-arch` as well. + +You can add additional labels as a key value map: + +```diff ++labels: ++ location: europe # only agents with `location=europe` or `location=*` will be used ++ weather: sun ++ hostname: "" # this label will be ignored as it is empty + + steps: + - name: build + image: golang + commands: + - go build + - go test +``` + +### Filter by platform + +To configure your workflow to only be executed on an agent with a specific platform, you can use the `platform` key. +Have a look at the official [go docs](https://go.dev/doc/install/source) for the available platforms. The syntax of the platform is `GOOS/GOARCH` like `linux/arm64` or `linux/amd64`. + +Example: + +Assuming we have two agents, one `linux/arm` and one `linux/amd64`. Previously this workflow would have executed on **either agent**, as Woodpecker is not fussy about where it runs the workflows. By setting the following option it will only be executed on an agent with the platform `linux/arm64`. + +```diff ++labels: ++ platform: linux/arm64 + + steps: + [...] +``` + +## `variables` + +Woodpecker supports using [YAML anchors & aliases](https://yaml.org/spec/1.2.2/#3222-anchors-and-aliases) as variables in the workflow configuration. + +For more details and examples check the [Advanced usage docs](./90-advanced-usage.md) + +## `clone` + +Woodpecker automatically configures a default clone step if not explicitly defined. When using the `local` backend, the [plugin-git](https://github.com/woodpecker-ci/plugin-git) binary must be on your `$PATH` for the default clone step to work. If not, you can still write a manual clone step. + +You can manually configure the clone step in your workflow for customization: + +```diff ++clone: ++ git: ++ image: woodpeckerci/plugin-git + + steps: + - name: build + image: golang + commands: + - go build + - go test +``` + +Example configuration to override depth: + +```diff + clone: + - name: git + image: woodpeckerci/plugin-git ++ settings: ++ partial: false ++ depth: 50 +``` + +Example configuration to use a custom clone plugin: + +```diff + clone: + - name: git ++ image: octocat/custom-git-plugin +``` + +### Git Submodules + +To use the credentials that cloned the repository to clone it's submodules, update `.gitmodules` to use `https` instead of `git`: + +```diff + [submodule "my-module"] + path = my-module +-url = git@github.com:octocat/my-module.git ++url = https://github.com/octocat/my-module.git +``` + +To use the ssh git url in `.gitmodules` for users cloning with ssh, and also use the https url in Woodpecker, add `submodule_override`: + +```diff + clone: + - name: git + image: woodpeckerci/plugin-git + settings: + recursive: true ++ submodule_override: ++ my-module: https://github.com/octocat/my-module.git + +steps: + ... +``` + +## `skip_clone` + +By default Woodpecker is automatically adding a clone step. This clone step can be configured by the [clone](#clone) property. If you do not need a `clone` step at all you can skip it using: + +```yaml +skip_clone: true +``` + +## `when` - Global workflow conditions + +Woodpecker gives the ability to skip whole workflows ([not just steps](#when---conditional-execution)) based on certain conditions by a `when` block. If all conditions in the `when` block evaluate to true the workflow is executed, otherwise it is skipped, but treated as successful and other workflows depending on it will still continue. + +For more information about the specific filters, take a look at the [step-specific `when` filters](#when---conditional-execution). + +Example conditional execution by branch: + +```diff ++when: ++ branch: main ++ + steps: + - name: prettier + image: woodpeckerci/plugin-prettier +``` + +The workflow now triggers on `main`, but also if the target branch of a pull request is `main`. + + + +## `depends_on` + + + +Woodpecker supports to define multiple workflows for a repository. Those workflows will run independent from each other. To depend them on each other you can use the [`depends_on`](./25-workflows.md#flow-control) keyword. + +## `runs_on` + +Workflows that should run even on failure should set the `runs_on` tag. See [here](./25-workflows.md#flow-control) for an example. + +## Advanced network options for steps + +:::warning +Only allowed if 'Trusted Network' option is enabled in repo settings by an admin. +::: + +### `dns` + +If the backend engine understands to change the DNS server and lookup domain, +this options will be used to alter the default DNS config to a custom one for a specific step. + +```yaml +steps: + - name: build + image: plugin/abc + dns: 1.2.3.4 + dns_search: 'internal.company' +``` + +## Privileged mode + +Woodpecker gives the ability to configure privileged mode in the YAML. You can use this parameter to launch containers with escalated capabilities. + +:::info +Privileged mode is only available to trusted repositories and for security reasons should only be used in private environments. See [project settings](./75-project-settings.md#trusted) to enable trusted mode. +::: + +```diff + steps: + - name: build + image: docker + environment: + - DOCKER_HOST=tcp://docker:2375 + commands: + - docker --tls=false ps + + services: + - name: docker + image: docker:dind + commands: dockerd-entrypoint.sh --storage-driver=vfs --tls=false ++ privileged: true +``` diff --git a/docs/versioned_docs/version-2.7/20-usage/25-workflows.md b/docs/versioned_docs/version-3.3/20-usage/25-workflows.md similarity index 93% rename from docs/versioned_docs/version-2.7/20-usage/25-workflows.md rename to docs/versioned_docs/version-3.3/20-usage/25-workflows.md index 5adc39f85..ef09d485e 100644 --- a/docs/versioned_docs/version-2.7/20-usage/25-workflows.md +++ b/docs/versioned_docs/version-3.3/20-usage/25-workflows.md @@ -23,13 +23,13 @@ If you still need to pass artifacts between the workflows you need use some stor ```bash .woodpecker/ -├── .build.yaml -├── .deploy.yaml -├── .lint.yaml -└── .test.yaml +├── build.yaml +├── deploy.yaml +├── lint.yaml +└── test.yaml ``` -```yaml title=".woodpecker/.build.yaml" +```yaml title=".woodpecker/build.yaml" steps: - name: build image: debian:stable-slim @@ -38,7 +38,7 @@ steps: - sleep 5 ``` -```yaml title=".woodpecker/.deploy.yaml" +```yaml title=".woodpecker/deploy.yaml" steps: - name: deploy image: debian:stable-slim @@ -51,7 +51,7 @@ depends_on: - test ``` -```yaml title=".woodpecker/.test.yaml" +```yaml title=".woodpecker/test.yaml" steps: - name: test image: debian:stable-slim @@ -63,7 +63,7 @@ depends_on: - build ``` -```yaml title=".woodpecker/.lint.yaml" +```yaml title=".woodpecker/lint.yaml" steps: - name: lint image: debian:stable-slim diff --git a/docs/versioned_docs/version-3.0/20-usage/30-matrix-workflows.md b/docs/versioned_docs/version-3.3/20-usage/30-matrix-workflows.md similarity index 96% rename from docs/versioned_docs/version-3.0/20-usage/30-matrix-workflows.md rename to docs/versioned_docs/version-3.3/20-usage/30-matrix-workflows.md index 954820523..54dcafadd 100644 --- a/docs/versioned_docs/version-3.0/20-usage/30-matrix-workflows.md +++ b/docs/versioned_docs/version-3.3/20-usage/30-matrix-workflows.md @@ -139,5 +139,5 @@ steps: ``` :::note -If you want to control the architecture of a pipeline on a Kubernetes runner, see [the nodeSelector documentation of the Kubernetes backend](../30-administration/22-backends/40-kubernetes.md#node-selector). +If you want to control the architecture of a pipeline on a Kubernetes runner, see [the nodeSelector documentation of the Kubernetes backend](../30-administration/10-configuration/11-backends/20-kubernetes.md#node-selector). ::: diff --git a/docs/versioned_docs/version-3.3/20-usage/40-secrets.md b/docs/versioned_docs/version-3.3/20-usage/40-secrets.md new file mode 100644 index 000000000..059bb52dd --- /dev/null +++ b/docs/versioned_docs/version-3.3/20-usage/40-secrets.md @@ -0,0 +1,156 @@ +# Secrets + +Woodpecker provides the ability to store named variables in a central secret store. +These secrets can be passed securely to individual pipeline steps using the `from_secret` keyword. + +Three different levels of secrets are available. +The following list shows the priority of these. +If a secret is defined in multiple levels, the following precedence applies: Repository secrets > Organization secrets > Global secrets. + +1. **Repository secrets**: Available to all pipelines of a repository. +1. **Organization secrets**: Available to all pipelines of an organization. +1. **Global secrets**: Can only be set by instance admins. + Global secret are available to all pipelines of the **entire** Woodpecker instance and should therefore be used with caution. + +:::tip +In addition to the native secret integration, external secret providers can be utilized by interacting with them directly within pipeline steps. +Access to these providers can be configured using Woodpecker secrets, enabling the retrieval of secrets from the respective external sources. +::: + +:::warning +Woodpecker can mask secrets from its native secret store, but it cannot apply the same protection to external secrets. As a result, these external secrets may be exposed in the pipeline logs. +::: + +## Usage + +You can set a setting or environment value from Woodpecker secrets using the `from_secret` syntax. + +The example below passes a secret called `secret_token` which will be stored in an environment variable named `TOKEN_ENV`: + +```diff + steps: + - name: 'step name' + image: registry/repo/image:tag + commands: ++ - echo "The secret is $TOKEN_ENV" ++ environment: ++ TOKEN_ENV: ++ from_secret: secret_token +``` + +The same syntax can be used to pass secrets to (plugin) settings. +A secret named `secret_token` is assigned to the setting `TOKEN`, which will then be available in the plugin as environment variable `PLUGIN_TOKEN` (see [plugins](./51-plugins/20-creating-plugins.md#settings) for details). +`PLUGIN_TOKEN` is then internally consumed by the plugin itself and will be honored during execution. + +```diff + steps: + - name: 'step name' + image: registry/repo/image:tag ++ settings: ++ TOKEN: ++ from_secret: secret_token +``` + +### Note about parameter pre-processing + +Please note that parameter expressions undergo pre-processing, meaning they are evaluated before the pipeline starts. +If secrets are to be used in expressions, they must be properly escaped (using `$$`) to ensure correct handling. + +```diff + steps: + - name: docker + image: docker + commands: +- - echo ${TOKEN_ENV} ++ - echo $${TOKEN_ENV} + environment: + TOKEN_ENV: + from_secret: secret_token +``` + +### Use in Pull Requests events + +By default, secrets are not exposed to pull requests. +However, you can change this behavior by creating the secret and enabling the `pull_request` event type. +This can be configured either through the UI or via the CLI, as demonstrated below. + +:::warning +Be cautious when exposing secrets to pull requests. +If your repository is public and initiates pull request runs without requiring approval, your secrets may be at risk. +Malicious actors could potentially exploit this to expose or transmit your secrets to an external location. +::: + +## Plugins filter + +To prevent abusing your secrets from malicious usage, you can limit a secret to a list of plugins. +If enabled they are not available to any other plugin (steps without user-defined commands). +Plugins have the advantage that they cannot run arbitrary commands, hence they cannot be used to expose secrets (in contrast to arbitrary steps). + +:::note +If you specify a tag, the filter will honor it. +However, if the same image appears multiple times in the list, the least privileged entry takes precedence. +For example, an image without a tag will permit all tags, even if another entry with a pinned tag is included. +::: + +![plugins filter](./secrets-plugins-filter.png) + +## Adding Secrets + +Secrets can be added through the UI or via the CLI. + +### CLI Examples + +Create the secret using default settings. +The secret will be available to all images in your pipeline, and will be available to all `push`, `tag`, and `deployment` events (not `pull_request` events). + +```bash +woodpecker-cli repo secret add \ + --repository octocat/hello-world \ + --name aws_access_key_id \ + --value +``` + +Create the secret and limit it to a single image: + +```diff + woodpecker-cli secret add \ + --repository octocat/hello-world \ ++ --image woodpeckerci/plugin-s3 \ + --name aws_access_key_id \ + --value +``` + +Create the secrets and limit it to a set of images: + +```diff + woodpecker-cli repo secret add \ + --repository octocat/hello-world \ ++ --image woodpeckerci/plugin-s3 \ ++ --image woodpeckerci/plugin-docker-buildx \ + --name aws_access_key_id \ + --value +``` + +Create the secret and enable it for multiple hook events: + +```diff + woodpecker-cli repo secret add \ + --repository octocat/hello-world \ + --image woodpeckerci/plugin-s3 \ ++ --event pull_request \ ++ --event push \ ++ --event tag \ + --name aws_access_key_id \ + --value +``` + +Secrets can be loaded from a file using the `@` syntax. +This method is recommended for loading secrets from a file, as it ensures that newlines are preserved (this is for example important for SSH keys). +Here’s an example: + +```diff + woodpecker-cli repo secret add \ + -repository octocat/hello-world \ + -name ssh_key \ ++ -value @/root/ssh/id_rsa +``` diff --git a/docs/versioned_docs/version-2.7/20-usage/41-registries.md b/docs/versioned_docs/version-3.3/20-usage/41-registries.md similarity index 87% rename from docs/versioned_docs/version-2.7/20-usage/41-registries.md rename to docs/versioned_docs/version-3.3/20-usage/41-registries.md index 8508da876..5c65349cc 100644 --- a/docs/versioned_docs/version-2.7/20-usage/41-registries.md +++ b/docs/versioned_docs/version-3.3/20-usage/41-registries.md @@ -32,16 +32,12 @@ Example registry hostname matching logic: - Hostname `gcr.io` matches image `gcr.io/foo/bar` - Hostname `docker.io` matches `golang` - Hostname `docker.io` matches `library/golang` -- Hostname `docker.io` matches `bradyrydzewski/golang` -- Hostname `docker.io` matches `bradyrydzewski/golang:latest` - -:::note -The flow above doesn't work in Kubernetes. There is [workaround](../30-administration/22-backends/40-kubernetes.md#images-from-private-registries). -::: +- Hostname `docker.io` matches `bradrydzewski/golang` +- Hostname `docker.io` matches `bradrydzewski/golang:latest` ## Global registry support -To make a private registry globally available, check the [server configuration docs](../30-administration/10-server-config.md#global-registry-setting). +To make a private registry globally available, check the [server configuration docs](../30-administration/10-configuration/10-server.md#woodpecker_docker_config). ## GCR registry support diff --git a/docs/versioned_docs/version-2.7/20-usage/45-cron.md b/docs/versioned_docs/version-3.3/20-usage/45-cron.md similarity index 60% rename from docs/versioned_docs/version-2.7/20-usage/45-cron.md rename to docs/versioned_docs/version-3.3/20-usage/45-cron.md index 95ee8202e..2cb088122 100644 --- a/docs/versioned_docs/version-2.7/20-usage/45-cron.md +++ b/docs/versioned_docs/version-3.3/20-usage/45-cron.md @@ -23,12 +23,6 @@ To configure cron jobs you need at least push access to the repository. ![cron settings](./cron-settings.png) - The supported schedule syntax can be found at . If you need general understanding of the cron syntax is a good place to start and experiment. + The supported schedule syntax can be found at . If you need general understanding of the cron syntax is a good place to start and experiment. - Examples: `@every 5m`, `@daily`, `0 30 * * * *` ... - - :::info - Woodpeckers cron syntax starts with seconds instead of minutes as used by most linux cron schedulers. - - Example: "At minute 30 every hour" would be `0 30 * * * *` instead of `30 * * * *` - ::: + Examples: `@every 5m`, `@daily`, `30 * * * *` ... diff --git a/docs/versioned_docs/version-2.7/20-usage/50-environment.md b/docs/versioned_docs/version-3.3/20-usage/50-environment.md similarity index 51% rename from docs/versioned_docs/version-2.7/20-usage/50-environment.md rename to docs/versioned_docs/version-3.3/20-usage/50-environment.md index 299bb8f53..746cb7634 100644 --- a/docs/versioned_docs/version-2.7/20-usage/50-environment.md +++ b/docs/versioned_docs/version-3.3/20-usage/50-environment.md @@ -48,97 +48,94 @@ Please note that the environment section is not able to expand environment varia This is the reference list of all environment variables available to your pipeline containers. These are injected into your pipeline step and plugins containers, at runtime. -| NAME | Description | -| -------------------------------- | ------------------------------------------------------------------------------------------------------------------ | -| `CI` | CI environment name (value: `woodpecker`) | -| | **Repository** | -| `CI_REPO` | repository full name `/` | -| `CI_REPO_OWNER` | repository owner | -| `CI_REPO_NAME` | repository name | -| `CI_REPO_REMOTE_ID` | repository remote ID, is the UID it has in the forge | -| `CI_REPO_SCM` | repository SCM (git) | -| `CI_REPO_URL` | repository web URL | -| `CI_REPO_CLONE_URL` | repository clone URL | -| `CI_REPO_CLONE_SSH_URL` | repository SSH clone URL | -| `CI_REPO_DEFAULT_BRANCH` | repository default branch (main) | -| `CI_REPO_PRIVATE` | repository is private | -| `CI_REPO_TRUSTED` | repository is trusted | -| | **Current Commit** | -| `CI_COMMIT_SHA` | commit SHA | -| `CI_COMMIT_REF` | commit ref | -| `CI_COMMIT_REFSPEC` | commit ref spec | -| `CI_COMMIT_BRANCH` | commit branch (equals target branch for pull requests) | -| `CI_COMMIT_SOURCE_BRANCH` | commit source branch (empty if event is not `pull_request` or `pull_request_closed`) | -| `CI_COMMIT_TARGET_BRANCH` | commit target branch (empty if event is not `pull_request` or `pull_request_closed`) | -| `CI_COMMIT_TAG` | commit tag name (empty if event is not `tag`) | -| `CI_COMMIT_PULL_REQUEST` | commit pull request number (empty if event is not `pull_request` or `pull_request_closed`) | -| `CI_COMMIT_PULL_REQUEST_LABELS` | labels assigned to pull request (empty if event is not `pull_request` or `pull_request_closed`) | -| `CI_COMMIT_MESSAGE` | commit message | -| `CI_COMMIT_AUTHOR` | commit author username | -| `CI_COMMIT_AUTHOR_EMAIL` | commit author email address | -| `CI_COMMIT_AUTHOR_AVATAR` | commit author avatar | -| `CI_COMMIT_PRERELEASE` | release is a pre-release (empty if event is not `release`) | -| | **Current pipeline** | -| `CI_PIPELINE_NUMBER` | pipeline number | -| `CI_PIPELINE_PARENT` | number of parent pipeline | -| `CI_PIPELINE_EVENT` | pipeline event (see [pipeline events](../20-usage/15-terminology/index.md#pipeline-events)) | -| `CI_PIPELINE_URL` | link to the web UI for the pipeline | -| `CI_PIPELINE_FORGE_URL` | link to the forge's web UI for the commit(s) or tag that triggered the pipeline | -| `CI_PIPELINE_DEPLOY_TARGET` | pipeline deploy target for `deployment` events (i.e. production) | -| `CI_PIPELINE_DEPLOY_TASK` | pipeline deploy task for `deployment` events (i.e. migration) | -| `CI_PIPELINE_STATUS` | pipeline status (success, failure) | -| `CI_PIPELINE_CREATED` | pipeline created UNIX timestamp | -| `CI_PIPELINE_STARTED` | pipeline started UNIX timestamp | -| `CI_PIPELINE_FINISHED` | pipeline finished UNIX timestamp | -| `CI_PIPELINE_FILES` | changed files (empty if event is not `push` or `pull_request`), it is undefined if more than 500 files are touched | -| | **Current workflow** | -| `CI_WORKFLOW_NAME` | workflow name | -| | **Current step** | -| `CI_STEP_NAME` | step name | -| `CI_STEP_NUMBER` | step number | -| `CI_STEP_STATUS` | step status (success, failure) | -| `CI_STEP_STARTED` | step started UNIX timestamp | -| `CI_STEP_FINISHED` | step finished UNIX timestamp | -| `CI_STEP_URL` | URL to step in UI | -| | **Previous commit** | -| `CI_PREV_COMMIT_SHA` | previous commit SHA | -| `CI_PREV_COMMIT_REF` | previous commit ref | -| `CI_PREV_COMMIT_REFSPEC` | previous commit ref spec | -| `CI_PREV_COMMIT_BRANCH` | previous commit branch | -| `CI_PREV_COMMIT_SOURCE_BRANCH` | previous commit source branch | -| `CI_PREV_COMMIT_TARGET_BRANCH` | previous commit target branch | -| `CI_PREV_COMMIT_URL` | previous commit link in forge | -| `CI_PREV_COMMIT_MESSAGE` | previous commit message | -| `CI_PREV_COMMIT_AUTHOR` | previous commit author username | -| `CI_PREV_COMMIT_AUTHOR_EMAIL` | previous commit author email address | -| `CI_PREV_COMMIT_AUTHOR_AVATAR` | previous commit author avatar | -| | **Previous pipeline** | -| `CI_PREV_PIPELINE_NUMBER` | previous pipeline number | -| `CI_PREV_PIPELINE_PARENT` | previous pipeline number of parent pipeline | -| `CI_PREV_PIPELINE_EVENT` | previous pipeline event (see [pipeline events](../20-usage/15-terminology/index.md#pipeline-events)) | -| `CI_PREV_PIPELINE_URL` | previous pipeline link in CI | -| `CI_PREV_PIPELINE_FORGE_URL` | previous pipeline link to event in forge | -| `CI_PREV_PIPELINE_DEPLOY_TARGET` | previous pipeline deploy target for `deployment` events (ie production) | -| `CI_PREV_PIPELINE_DEPLOY_TASK` | previous pipeline deploy task for `deployment` events (ie migration) | -| `CI_PREV_PIPELINE_STATUS` | previous pipeline status (success, failure) | -| `CI_PREV_PIPELINE_CREATED` | previous pipeline created UNIX timestamp | -| `CI_PREV_PIPELINE_STARTED` | previous pipeline started UNIX timestamp | -| `CI_PREV_PIPELINE_FINISHED` | previous pipeline finished UNIX timestamp | -| |   | -| `CI_WORKSPACE` | Path of the workspace where source code gets cloned to | -| | **System** | -| `CI_SYSTEM_NAME` | name of the CI system: `woodpecker` | -| `CI_SYSTEM_URL` | link to CI system | -| `CI_SYSTEM_HOST` | hostname of CI server | -| `CI_SYSTEM_VERSION` | version of the server | -| | **Forge** | -| `CI_FORGE_TYPE` | name of forge (gitea, github, ...) | -| `CI_FORGE_URL` | root URL of configured forge | -| | **Internal** - Please don't use! | -| `CI_SCRIPT` | Internal script path. Used to call pipeline step commands. | -| `CI_NETRC_USERNAME` | Credentials for private repos to be able to clone data. (Only available for specific images) | -| `CI_NETRC_PASSWORD` | Credentials for private repos to be able to clone data. (Only available for specific images) | -| `CI_NETRC_MACHINE` | Credentials for private repos to be able to clone data. (Only available for specific images) | +| NAME | Description | Example | +| -------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------ | +| `CI` | CI environment name | `woodpecker` | +| | **Repository** | | +| `CI_REPO` | repository full name `/` | `john-doe/my-repo` | +| `CI_REPO_OWNER` | repository owner | `john-doe` | +| `CI_REPO_NAME` | repository name | `my-repo` | +| `CI_REPO_REMOTE_ID` | repository remote ID, is the UID it has in the forge | `82` | +| `CI_REPO_URL` | repository web URL | `https://git.example.com/john-doe/my-repo` | +| `CI_REPO_CLONE_URL` | repository clone URL | `https://git.example.com/john-doe/my-repo.git` | +| `CI_REPO_CLONE_SSH_URL` | repository SSH clone URL | `git@git.example.com:john-doe/my-repo.git` | +| `CI_REPO_DEFAULT_BRANCH` | repository default branch | `main` | +| `CI_REPO_PRIVATE` | repository is private | `true` | +| `CI_REPO_TRUSTED_NETWORK` | repository has trusted network access | `false` | +| `CI_REPO_TRUSTED_VOLUMES` | repository has trusted volumes access | `false` | +| `CI_REPO_TRUSTED_SECURITY` | repository has trusted security access | `false` | +| | **Current Commit** | | +| `CI_COMMIT_SHA` | commit SHA | `eba09b46064473a1d345da7abf28b477468e8dbd` | +| `CI_COMMIT_REF` | commit ref | `refs/heads/main` | +| `CI_COMMIT_REFSPEC` | commit ref spec | `issue-branch:main` | +| `CI_COMMIT_BRANCH` | commit branch (equals target branch for pull requests) | `main` | +| `CI_COMMIT_SOURCE_BRANCH` | commit source branch (set only for `pull_request` and `pull_request_closed` events) | `issue-branch` | +| `CI_COMMIT_TARGET_BRANCH` | commit target branch (set only for `pull_request` and `pull_request_closed` events) | `main` | +| `CI_COMMIT_TAG` | commit tag name (empty if event is not `tag`) | `v1.10.3` | +| `CI_COMMIT_PULL_REQUEST` | commit pull request number (set only for `pull_request` and `pull_request_closed` events) | `1` | +| `CI_COMMIT_PULL_REQUEST_LABELS` | labels assigned to pull request (set only for `pull_request` and `pull_request_closed` events) | `server` | +| `CI_COMMIT_MESSAGE` | commit message | `Initial commit` | +| `CI_COMMIT_AUTHOR` | commit author username | `john-doe` | +| `CI_COMMIT_AUTHOR_EMAIL` | commit author email address | `john-doe@example.com` | +| `CI_COMMIT_AUTHOR_AVATAR` | commit author avatar | `https://git.example.com/avatars/5dcbcadbce6f87f8abef` | +| `CI_COMMIT_PRERELEASE` | release is a pre-release (empty if event is not `release`) | `false` | +| | **Current pipeline** | | +| `CI_PIPELINE_NUMBER` | pipeline number | `8` | +| `CI_PIPELINE_PARENT` | number of parent pipeline | `0` | +| `CI_PIPELINE_EVENT` | pipeline event (see [`event`](../20-usage/20-workflow-syntax.md#event)) | `push`, `pull_request`, `pull_request_closed`, `tag`, `release`, `manual`, `cron` | +| `CI_PIPELINE_URL` | link to the web UI for the pipeline | `https://ci.example.com/repos/7/pipeline/8` | +| `CI_PIPELINE_FORGE_URL` | link to the forge's web UI for the commit(s) or tag that triggered the pipeline | `https://git.example.com/john-doe/my-repo/commit/eba09b46064473a1d345da7abf28b477468e8dbd` | +| `CI_PIPELINE_DEPLOY_TARGET` | pipeline deploy target for `deployment` events | `production` | +| `CI_PIPELINE_DEPLOY_TASK` | pipeline deploy task for `deployment` events | `migration` | +| `CI_PIPELINE_CREATED` | pipeline created UNIX timestamp | `1722617519` | +| `CI_PIPELINE_STARTED` | pipeline started UNIX timestamp | `1722617519` | +| `CI_PIPELINE_FILES` | changed files (empty if event is not `push` or `pull_request`), it is undefined if more than 500 files are touched | `[]`, `[".woodpecker.yml","README.md"]` | +| | **Current workflow** | | +| `CI_WORKFLOW_NAME` | workflow name | `release` | +| | **Current step** | | +| `CI_STEP_NAME` | step name | `build package` | +| `CI_STEP_NUMBER` | step number | `0` | +| `CI_STEP_STARTED` | step started UNIX timestamp | `1722617519` | +| `CI_STEP_URL` | URL to step in UI | `https://ci.example.com/repos/7/pipeline/8` | +| | **Previous commit** | | +| `CI_PREV_COMMIT_SHA` | previous commit SHA | `15784117e4e103f36cba75a9e29da48046eb82c4` | +| `CI_PREV_COMMIT_REF` | previous commit ref | `refs/heads/main` | +| `CI_PREV_COMMIT_REFSPEC` | previous commit ref spec | `issue-branch:main` | +| `CI_PREV_COMMIT_BRANCH` | previous commit branch | `main` | +| `CI_PREV_COMMIT_SOURCE_BRANCH` | previous commit source branch (set only for `pull_request` and `pull_request_closed` events) | `issue-branch` | +| `CI_PREV_COMMIT_TARGET_BRANCH` | previous commit target branch (set only for `pull_request` and `pull_request_closed` events) | `main` | +| `CI_PREV_COMMIT_URL` | previous commit link in forge | `https://git.example.com/john-doe/my-repo/commit/15784117e4e103f36cba75a9e29da48046eb82c4` | +| `CI_PREV_COMMIT_MESSAGE` | previous commit message | `test` | +| `CI_PREV_COMMIT_AUTHOR` | previous commit author username | `john-doe` | +| `CI_PREV_COMMIT_AUTHOR_EMAIL` | previous commit author email address | `john-doe@example.com` | +| `CI_PREV_COMMIT_AUTHOR_AVATAR` | previous commit author avatar | `https://git.example.com/avatars/12` | +| | **Previous pipeline** | | +| `CI_PREV_PIPELINE_NUMBER` | previous pipeline number | `7` | +| `CI_PREV_PIPELINE_PARENT` | previous pipeline number of parent pipeline | `0` | +| `CI_PREV_PIPELINE_EVENT` | previous pipeline event (see [`event`](../20-usage/20-workflow-syntax.md#event)) | `push`, `pull_request`, `pull_request_closed`, `tag`, `release`, `manual`, `cron` | +| `CI_PREV_PIPELINE_URL` | previous pipeline link in CI | `https://ci.example.com/repos/7/pipeline/7` | +| `CI_PREV_PIPELINE_FORGE_URL` | previous pipeline link to event in forge | `https://git.example.com/john-doe/my-repo/commit/15784117e4e103f36cba75a9e29da48046eb82c4` | +| `CI_PREV_PIPELINE_DEPLOY_TARGET` | previous pipeline deploy target for `deployment` events | `production` | +| `CI_PREV_PIPELINE_DEPLOY_TASK` | previous pipeline deploy task for `deployment` events | `migration` | +| `CI_PREV_PIPELINE_STATUS` | previous pipeline status | `success`, `failure` | +| `CI_PREV_PIPELINE_CREATED` | previous pipeline created UNIX timestamp | `1722610173` | +| `CI_PREV_PIPELINE_STARTED` | previous pipeline started UNIX timestamp | `1722610173` | +| `CI_PREV_PIPELINE_FINISHED` | previous pipeline finished UNIX timestamp | `1722610383` | +| |   | | +| `CI_WORKSPACE` | Path of the workspace where source code gets cloned to | `/woodpecker/src/git.example.com/john-doe/my-repo` | +| | **System** | | +| `CI_SYSTEM_NAME` | name of the CI system | `woodpecker` | +| `CI_SYSTEM_URL` | link to CI system | `https://ci.example.com` | +| `CI_SYSTEM_HOST` | hostname of CI server | `ci.example.com` | +| `CI_SYSTEM_VERSION` | version of the server | `2.7.0` | +| | **Forge** | | +| `CI_FORGE_TYPE` | name of forge | `bitbucket` , `bitbucket_dc` , `forgejo` , `gitea` , `github` , `gitlab` | +| `CI_FORGE_URL` | root URL of configured forge | `https://git.example.com` | +| | **Internal** - Please don't use! | | +| `CI_SCRIPT` | Internal script path. Used to call pipeline step commands. | | +| `CI_NETRC_USERNAME` | Credentials for private repos to be able to clone data. (Only available for specific images) | | +| `CI_NETRC_PASSWORD` | Credentials for private repos to be able to clone data. (Only available for specific images) | | +| `CI_NETRC_MACHINE` | Credentials for private repos to be able to clone data. (Only available for specific images) | | ## Global environment variables @@ -172,7 +169,7 @@ Example commit substitution: ```diff steps: - name: docker - image: plugins/docker + image: woodpeckerci/plugin-kaniko settings: + tags: ${CI_COMMIT_SHA} ``` @@ -182,7 +179,7 @@ Example tag substitution: ```diff steps: - name: docker - image: plugins/docker + image: woodpeckerci/plugin-kaniko settings: + tags: ${CI_COMMIT_TAG} ``` @@ -210,7 +207,7 @@ Example variable substitution with substring: ```diff steps: - name: docker - image: plugins/docker + image: woodpeckerci/plugin-kaniko settings: + tags: ${CI_COMMIT_SHA:0:8} ``` @@ -220,7 +217,7 @@ Example variable substitution strips `v` prefix from `v.1.0.0`: ```diff steps: - name: docker - image: plugins/docker + image: woodpeckerci/plugin-kaniko settings: + tags: ${CI_COMMIT_TAG##v} ``` diff --git a/docs/versioned_docs/version-2.7/20-usage/51-plugins/20-creating-plugins.md b/docs/versioned_docs/version-3.3/20-usage/51-plugins/20-creating-plugins.md similarity index 97% rename from docs/versioned_docs/version-2.7/20-usage/51-plugins/20-creating-plugins.md rename to docs/versioned_docs/version-3.3/20-usage/51-plugins/20-creating-plugins.md index 8a0ea5920..4591a1d1a 100644 --- a/docs/versioned_docs/version-2.7/20-usage/51-plugins/20-creating-plugins.md +++ b/docs/versioned_docs/version-3.3/20-usage/51-plugins/20-creating-plugins.md @@ -10,7 +10,7 @@ These are passed to your plugin as uppercase env vars with a `PLUGIN_` prefix. Using a setting like `url` results in an env var named `PLUGIN_URL`. Characters like `-` are converted to an underscore (`_`). `some_String` gets `PLUGIN_SOME_STRING`. -CamelCase is not respected, `anInt` get `PLUGIN_ANINT`. +CamelCase is not respected, `anInt` get `PLUGIN_ANINT`. ### Basic settings @@ -42,7 +42,7 @@ Values like this are converted to JSON and then passed to your plugin. In the ex ### Secrets -Secrets should be passed as settings too. Therefore, users should use [`from_secret`](../40-secrets.md#use-secrets-in-settings-and-environment). +Secrets should be passed as settings too. Therefore, users should use [`from_secret`](../40-secrets.md#usage). ## Plugin library diff --git a/docs/versioned_docs/version-2.7/20-usage/51-plugins/51-overview.md b/docs/versioned_docs/version-3.3/20-usage/51-plugins/51-overview.md similarity index 61% rename from docs/versioned_docs/version-2.7/20-usage/51-plugins/51-overview.md rename to docs/versioned_docs/version-3.3/20-usage/51-plugins/51-overview.md index 0e5905036..7da822a47 100644 --- a/docs/versioned_docs/version-2.7/20-usage/51-plugins/51-overview.md +++ b/docs/versioned_docs/version-3.3/20-usage/51-plugins/51-overview.md @@ -1,11 +1,12 @@ # Plugins -Plugins are pipeline steps that perform pre-defined tasks and are configured as steps in your pipeline. Plugins can be used to deploy code, publish artifacts, send notification, and more. +Plugins are pipeline steps that perform pre-defined tasks and are configured as steps in your pipeline. +Plugins can be used to deploy code, publish artifacts, send notification, and more. They are automatically pulled from the default container registry the agent's have configured. ```dockerfile title="Dockerfile" -FROM laszlocloud/kubectl +FROM cloud/kubectl COPY deploy /usr/local/deploy ENTRYPOINT ["/usr/local/deploy"] ``` @@ -17,12 +18,12 @@ kubectl apply -f $PLUGIN_TEMPLATE ```yaml title=".woodpecker.yaml" steps: - name: deploy-to-k8s - image: laszlocloud/my-k8s-plugin + image: cloud/my-k8s-plugin settings: template: config/k8s/service.yaml ``` -Example pipeline using the Docker and Slack plugins: +Example pipeline using the Docker and Prettier plugins: ```yaml steps: @@ -32,16 +33,14 @@ steps: - go build - go test + - name: prettier + image: woodpeckerci/plugin-prettier + - name: publish - image: plugins/docker + image: woodpeckerci/plugin-kaniko settings: repo: foo/bar tags: latest - - - name: notify - image: plugins/slack - settings: - channel: dev ``` ## Plugin Isolation @@ -49,9 +48,10 @@ steps: Plugins are just pipeline steps. They share the build workspace, mounted as a volume, and therefore have access to your source tree. While normal steps are all about arbitrary code execution, plugins should only allow the functions intended by the plugin author. -So there are a few limitations, like the workspace base is always mounted at `/woodpecker`, but the working directory is dynamically adjusted accordingly. So as user of a plugin you should not have to care about this. - -Also instead of using environment variables the plugin should only care about one prefixed with `PLUGIN_` witch are the internal representation of the **settings** ([read more](./20-creating-plugins.md)). +That's why there are a few limitations. The workspace base is always mounted at `/woodpecker`, but the working directory is dynamically +adjusted accordingly, as user of a plugin you should not have to care about this. Also, you cannot use the plugin together with `commands` +or `entrypoint` which will fail. Using `environment` is possible, but in this case, the plugin is internally not treated as plugin +anymore. The container then cannot access secrets with plugin filter anymore and the containers won't be privileged without explicit definition. ## Finding Plugins diff --git a/docs/versioned_docs/version-3.0/20-usage/51-plugins/_category_.yaml b/docs/versioned_docs/version-3.3/20-usage/51-plugins/_category_.yaml similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/51-plugins/_category_.yaml rename to docs/versioned_docs/version-3.3/20-usage/51-plugins/_category_.yaml diff --git a/docs/versioned_docs/version-2.7/20-usage/60-services.md b/docs/versioned_docs/version-3.3/20-usage/60-services.md similarity index 96% rename from docs/versioned_docs/version-2.7/20-usage/60-services.md rename to docs/versioned_docs/version-3.3/20-usage/60-services.md index 4992e5dc2..14262855c 100644 --- a/docs/versioned_docs/version-2.7/20-usage/60-services.md +++ b/docs/versioned_docs/version-3.3/20-usage/60-services.md @@ -110,5 +110,5 @@ steps: commands: - ( apt update && apt dist-upgrade -y && apt install -y mysql-client 2>&1 )> /dev/null - sleep 30s # need to wait for mysql-server init - - echo 'SHOW VARIABLES LIKE "version"' | mysql -uroot -hdatabase test -pexample + - echo 'SHOW VARIABLES LIKE "version"' | mysql -u root -h database test -p example ``` diff --git a/docs/versioned_docs/version-3.0/20-usage/70-volumes.md b/docs/versioned_docs/version-3.3/20-usage/70-volumes.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/70-volumes.md rename to docs/versioned_docs/version-3.3/20-usage/70-volumes.md diff --git a/docs/versioned_docs/version-3.0/20-usage/72-linter.md b/docs/versioned_docs/version-3.3/20-usage/72-linter.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/72-linter.md rename to docs/versioned_docs/version-3.3/20-usage/72-linter.md diff --git a/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md b/docs/versioned_docs/version-3.3/20-usage/75-project-settings.md similarity index 60% rename from docs/versioned_docs/version-2.7/20-usage/75-project-settings.md rename to docs/versioned_docs/version-3.3/20-usage/75-project-settings.md index d57b3a932..d4495c41b 100644 --- a/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md +++ b/docs/versioned_docs/version-3.3/20-usage/75-project-settings.md @@ -25,10 +25,9 @@ Only activate this option if you trust all users who have push access to your re Otherwise, these users will be able to steal secrets that are only available for `deploy` events. ::: -## Protected +## Require approval for -Every pipeline initiated by an webhook event needs to be approved by a project members with push permissions before being executed. -The protected option can be used as an additional review process before running potentially harmful pipelines. Especially if pipelines can be executed by third-parties through pull-requests. +To prevent malicious pipelines from extracting secrets or running harmful commands or to prevent accidental pipeline runs, you can require approval for an additional review process. Depending on the enabled option, a pipeline will be put on hold after creation and will only continue after approval. The default restrictive setting is `Approvals for forked repositories`. ## Trusted @@ -40,15 +39,20 @@ Only server admins can set this option. If you are not a server admin this optio ::: -## Only inject Git credentials into trusted clone plugins +## Custom trusted clone plugins -The clone step may require Git credentials (e.g. for private repos) which are injected via `netrc`. +During the clone process, Git credentials (e.g., for private repositories) may be required. +These credentials are provided via [`netrc`](https://everything.curl.dev/usingcurl/netrc.html). -By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. -If this option is disabled, the Git credentials are injected into every clone plugin, regardless of whether it is trusted or not. +These credentials are injected only into trusted plugins specified in the environment variable `WOODPECKER_PLUGINS_TRUSTED_CLONE` (an instance-wide Woodpecker server setting) or declared in this repository-level setting. -:::note -This option has no effect on steps other than the clone step. +With these credentials, it’s possible to perform any Git operations, including pushing changes back to the repo. +To prevent unauthorized access or misuse, a plugin allowlist is required, either on the instance level or the repository level. +Without an explicit allowlist, a malicious contributor could exploit a custom clone plugin in a Pull Request to reveal or transfer these credentials during the clone step. + +:::info +This setting does not affect subsequent steps, nor does it allow direct pushes to the repository. +To enable pushing changes, you can inject Git credentials as a secret or use a dedicated plugin, such as [appleboy/drone-git-push](https://woodpecker-ci.org/plugins/Git%20Push). ::: ## Project visibility diff --git a/docs/versioned_docs/version-3.0/20-usage/80-badges.md b/docs/versioned_docs/version-3.3/20-usage/80-badges.md similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/80-badges.md rename to docs/versioned_docs/version-3.3/20-usage/80-badges.md diff --git a/docs/versioned_docs/version-3.3/20-usage/90-advanced-usage.md b/docs/versioned_docs/version-3.3/20-usage/90-advanced-usage.md new file mode 100644 index 000000000..e8a691de0 --- /dev/null +++ b/docs/versioned_docs/version-3.3/20-usage/90-advanced-usage.md @@ -0,0 +1,222 @@ +# Advanced usage + +## Advanced YAML syntax + +YAML has some advanced syntax features that can be used like variables to reduce duplication in your pipeline config: + +### Anchors & aliases + +You can use [YAML anchors & aliases](https://yaml.org/spec/1.2.2/#3222-anchors-and-aliases) as variables in your pipeline config. + +To convert this: + +```yaml +steps: + - name: test + image: golang:1.18 + commands: go test ./... + - name: build + image: golang:1.18 + commands: build +``` + +Just add a new section called **variables** like this: + +```diff ++variables: ++ - &golang_image 'golang:1.18' + + steps: + - name: test +- image: golang:1.18 ++ image: *golang_image + commands: go test ./... + - name: build +- image: golang:1.18 ++ image: *golang_image + commands: build +``` + +### Map merges and overwrites + +```yaml +variables: + - &base-plugin-settings + target: dist + recursive: false + try: true + - &special-setting + special: true + - &some-plugin codeberg.org/6543/docker-images/print_env + +steps: + - name: develop + image: *some-plugin + settings: + <<: [*base-plugin-settings, *special-setting] # merge two maps into an empty map + when: + branch: develop + + - name: main + image: *some-plugin + settings: + <<: *base-plugin-settings # merge one map and ... + try: false # ... overwrite original value + ongoing: false # ... adding a new value + when: + branch: main +``` + +### Sequence merges + +```yaml +variables: + pre_cmds: &pre_cmds + - echo start + - whoami + post_cmds: &post_cmds + - echo stop + hello_cmd: &hello_cmd + - echo hello + +steps: + - name: step1 + image: debian + commands: + - <<: *pre_cmds # prepend a sequence + - echo exec step now do dedicated things + - <<: *post_cmds # append a sequence + - name: step2 + image: debian + commands: + - <<: [*pre_cmds, *hello_cmd] # prepend two sequences + - echo echo from second step + - <<: *post_cmds +``` + +### References + +- [Official YAML specification](https://yaml.org/spec/1.2.2/#3222-anchors-and-aliases) +- [YAML cheat sheet](https://learnxinyminutes.com/docs/yaml) + +## Persisting environment data between steps + +One can create a file containing environment variables, and then source it in each step that needs them. + +```yaml +steps: + - name: init + image: bash + commands: + - echo "FOO=hello" >> envvars + - echo "BAR=world" >> envvars + + - name: debug + image: bash + commands: + - source envvars + - echo $FOO +``` + +## Declaring global variables + +As described in [Global environment variables](./50-environment.md#global-environment-variables), you can define global variables: + +```ini +WOODPECKER_ENVIRONMENT=first_var:value1,second_var:value2 +``` + +Note that this tightly couples the server and app configurations (where the app is a completely separate application). But this is a good option for truly global variables which should apply to all steps in all pipelines for all apps. + +## Docker in docker (dind) setup + +:::warning +This set up will only work on trusted repositories and for security reasons should only be used in private environments. +See [project settings](./75-project-settings.md#trusted) to enable "trusted" mode. +::: + +The snippet below shows how a step can communicate with the docker daemon running in a `docker:dind` service. + +:::note +If your goal is to build/publish OCI images, consider using the [Docker Buildx Plugin](https://woodpecker-ci.org/plugins/Docker%20Buildx) instead. +::: + +First we need to define a service running a docker with the `dind` tag. +This service must run in `privileged` mode: + +```yaml +services: + - name: docker + image: docker:dind # use 'docker:-dind' or similar in production + privileged: true + ports: + - 2376 +``` + +Next, we need to set up TLS communication between the `dind` service and the step that wants to communicate with the docker daemon (unauthenticated TCP connections have been deprecated [as of docker v27](https://github.com/docker/cli/blob/v27.4.0/docs/deprecated.md#unauthenticated-tcp-connections) and will result in an error in v28). + +This can be achieved by letting the daemon generate TLS certificates and share them with the client through an agent volume mount (`/opt/woodpeckerci/dind-certs` in the example below). + +```diff +services: + - name: docker + image: docker:dind # use 'docker:-dind' or similar in production + privileged: true ++ environment: ++ DOCKER_TLS_CERTDIR: /dind-certs ++ volumes: ++ - /opt/woodpeckerci/dind-certs:/dind-certs + ports: + - 2376 +``` + +In the docker client step: + +1. Set the `DOCKER_*` environment variables shown below to configure the connection with the daemon. + These generic docker environment variables that are framework-agnostic (e.g. frameworks like [TestContainers](https://testcontainers.com/), [Spring Boot Docker Compose](https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-docker-compose) do all respect them). +2. Mount the volume to the location where the daemon has created the certificates (`/opt/woodpeckerci/dind-certs`) + +Test the connection with the docker client: + +```diff +steps: + - name: test + image: docker:cli # in production use something like 'docker:-cli' ++ environment: ++ DOCKER_HOST: "tcp://docker:2376" ++ DOCKER_CERT_PATH: "/dind-certs/client" ++ DOCKER_TLS_VERIFY: "1" ++ volumes: ++ - /opt/woodpeckerci/dind-certs:/dind-certs + commands: + - docker version +``` + +This step should output the server and client version information if everything has been set up correctly. + +Full example: + +```yaml +steps: + - name: test + image: docker:cli # use 'docker:-cli' or similar in production + environment: + DOCKER_HOST: 'tcp://docker:2376' + DOCKER_CERT_PATH: '/dind-certs/client' + DOCKER_TLS_VERIFY: '1' + volumes: + - /opt/woodpeckerci/dind-certs:/dind-certs + commands: + - docker version + +services: + - name: docker + image: docker:dind # use 'docker:-dind' or similar in production + privileged: true + environment: + DOCKER_TLS_CERTDIR: /dind-certs + volumes: + - /opt/woodpeckerci/dind-certs:/dind-certs + ports: + - 2376 +``` diff --git a/docs/versioned_docs/version-3.0/20-usage/_category_.yaml b/docs/versioned_docs/version-3.3/20-usage/_category_.yaml similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/_category_.yaml rename to docs/versioned_docs/version-3.3/20-usage/_category_.yaml diff --git a/docs/versioned_docs/version-3.0/20-usage/cron-settings.png b/docs/versioned_docs/version-3.3/20-usage/cron-settings.png similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/cron-settings.png rename to docs/versioned_docs/version-3.3/20-usage/cron-settings.png diff --git a/docs/versioned_docs/version-3.0/20-usage/linter-warnings-errors.png b/docs/versioned_docs/version-3.3/20-usage/linter-warnings-errors.png similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/linter-warnings-errors.png rename to docs/versioned_docs/version-3.3/20-usage/linter-warnings-errors.png diff --git a/docs/versioned_docs/version-3.0/20-usage/pipeline.png b/docs/versioned_docs/version-3.3/20-usage/pipeline.png similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/pipeline.png rename to docs/versioned_docs/version-3.3/20-usage/pipeline.png diff --git a/docs/versioned_docs/version-3.3/20-usage/project-settings.png b/docs/versioned_docs/version-3.3/20-usage/project-settings.png new file mode 100644 index 000000000..f3ce025f2 Binary files /dev/null and b/docs/versioned_docs/version-3.3/20-usage/project-settings.png differ diff --git a/docs/versioned_docs/version-3.0/20-usage/repo-new.png b/docs/versioned_docs/version-3.3/20-usage/repo-new.png similarity index 100% rename from docs/versioned_docs/version-3.0/20-usage/repo-new.png rename to docs/versioned_docs/version-3.3/20-usage/repo-new.png diff --git a/docs/versioned_docs/version-3.3/20-usage/secrets-plugins-filter.png b/docs/versioned_docs/version-3.3/20-usage/secrets-plugins-filter.png new file mode 100644 index 000000000..460d852fb Binary files /dev/null and b/docs/versioned_docs/version-3.3/20-usage/secrets-plugins-filter.png differ diff --git a/docs/versioned_docs/version-3.3/30-administration/00-general.md b/docs/versioned_docs/version-3.3/30-administration/00-general.md new file mode 100644 index 000000000..19f44bedf --- /dev/null +++ b/docs/versioned_docs/version-3.3/30-administration/00-general.md @@ -0,0 +1,43 @@ +# General + +Woodpecker consists of essential components (`server` and `agent`) and an optional component (`autoscaler`). + +The **server** provides the user interface, processes webhook requests to the underlying forge, serves the API and analyzes the pipeline configurations from the YAML files. + +The **agent** executes the [workflows](../20-usage/15-terminology/index.md) via a specific [backend](../20-usage/15-terminology/index.md) (Docker, Kubernetes, local) and connects to the server via GRPC. Multiple agents can coexist so that the job limits, choice of backend and other agent-related settings can be fine-tuned for a single instance. + +The **autoscaler** allows spinning up new VMs on a cloud provider of choice to process pending builds. After the builds finished, the VMs are destroyed again (after a short transition time). + +:::tip +You can add more agents to increase the number of parallel workflows or set the agent's [`WOODPECKER_MAX_WORKFLOWS=1`](./10-configuration/30-agent.md#woodpecker_max_workflows) environment variable to increase the number of parallel workflows per agent. +::: + +## Database + +Woodpecker uses a SQLite database by default, which requires no installation or configuration. For larger instances it is recommended to use it with a Postgres or MariaDB instance. For more details take a look at the [database settings](./10-configuration/10-server.md#databases) page. + +## Forge + +What would a CI/CD system be without any code. By connecting Woodpecker to your [forge](../20-usage/15-terminology/index.md), you can start pipelines on events like pushes or pull requests. Woodpecker will also use your forge to authenticate and report back the status of your pipelines. For more details take a look at the [forge settings](./10-configuration/12-forges/11-overview.md) page. + +## Container images + +:::info +No `latest` tag exists to prevent accidental major version upgrades. Either use a SemVer tag or one of the rolling major/minor version tags. Alternatively, the `next` tag can be used for rolling builds from the `main` branch. +::: + +- `vX.Y.Z`: SemVer tags for specific releases, no entrypoint shell (scratch image) + - `vX.Y` + - `vX` +- `vX.Y.Z-alpine`: SemVer tags for specific releases, rootless for Server and CLI (as of v3.0). + - `vX.Y-alpine` + - `vX-alpine` +- `next`: Built from the `main` branch +- `pull_`: Images built from Pull Request branches. + +Images are pushed to DockerHub and Quay. + +- woodpecker-server ([DockerHub](https://hub.docker.com/r/docker/woodpeckerci/woodpecker-server) or [Quay](https://quay.io/repository/woodpeckerci/woodpecker-server)) +- woodpecker-agent ([DockerHub](https://hub.docker.com/r/docker/woodpeckerci/woodpecker-agent) or [Quay](https://quay.io/repository/woodpeckerci/woodpecker-agent)) +- woodpecker-cli ([DockerHub](https://hub.docker.com/r/docker/woodpeckerci/woodpecker-cli) or [Quay](https://quay.io/repository/woodpeckerci/woodpecker-cli)) +- woodpecker-autoscaler ([DockerHub](https://hub.docker.com/r/docker/woodpeckerci/autoscaler)) diff --git a/docs/versioned_docs/version-3.3/30-administration/05-installation/10-docker-compose.md b/docs/versioned_docs/version-3.3/30-administration/05-installation/10-docker-compose.md new file mode 100644 index 000000000..3ac2400e3 --- /dev/null +++ b/docs/versioned_docs/version-3.3/30-administration/05-installation/10-docker-compose.md @@ -0,0 +1,142 @@ +# Docker Compose + +This example [docker-compose](https://docs.docker.com/compose/) setup shows the deployment of a Woodpecker instance connected to GitHub (`WOODPECKER_GITHUB=true`). If you are using another forge, please change this including the respective secret settings. + +It creates persistent volumes for the server and agent config directories. The bundled SQLite DB is stored in `/var/lib/woodpecker` and is the most important part to be persisted as it holds all users and repository information. + +The server uses the default port `8000` and gets exposed to the host here, so WoodpeckerWO can be accessed through this port on the host or by a reverse proxy sitting in front of it. + +```yaml title="docker-compose.yaml" +services: + woodpecker-server: + image: woodpeckerci/woodpecker-server:v3 + ports: + - 8000:8000 + volumes: + - woodpecker-server-data:/var/lib/woodpecker/ + environment: + - WOODPECKER_OPEN=true + - WOODPECKER_HOST=${WOODPECKER_HOST} + - WOODPECKER_GITHUB=true + - WOODPECKER_GITHUB_CLIENT=${WOODPECKER_GITHUB_CLIENT} + - WOODPECKER_GITHUB_SECRET=${WOODPECKER_GITHUB_SECRET} + - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} + + woodpecker-agent: + image: woodpeckerci/woodpecker-agent:v3 + command: agent + restart: always + depends_on: + - woodpecker-server + volumes: + - woodpecker-agent-config:/etc/woodpecker + - /var/run/docker.sock:/var/run/docker.sock + environment: + - WOODPECKER_SERVER=woodpecker-server:9000 + - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} + +volumes: + woodpecker-server-data: + woodpecker-agent-config: +``` + +Woodpecker must know its own address. You must therefore specify the public address in the format `://`. Please omit any trailing slashes: + +```diff title="docker-compose.yaml" + services: + woodpecker-server: + [...] + environment: + - [...] ++ - WOODPECKER_HOST=${WOODPECKER_HOST} +``` + +It is also possible to customize the ports used. Woodpecker uses a separate port for gRPC and for HTTP. The agent makes gRPC calls and connects to the gRPC port. They can be configured with `*_ADDR` variables: + +```diff title="docker-compose.yaml" + services: + woodpecker-server: + [...] + environment: + - [...] ++ - WOODPECKER_GRPC_ADDR=${WOODPECKER_GRPC_ADDR} ++ - WOODPECKER_SERVER_ADDR=${WOODPECKER_HTTP_ADDR} +``` + +If the agents establish a connection via the Internet, TLS encryption should be activated for gRPC. The agent must then be configured properly: + +```diff title="docker-compose.yaml" + services: + woodpecker-agent: + [...] + environment: + - [...] ++ - WOODPECKER_GRPC_SECURE=true # defaults to false ++ - WOODPECKER_GRPC_VERIFY=true # default +``` + +As agents execute pipeline steps as Docker containers, they require access to the Docker daemon of the host machine: + +```diff title="docker-compose.yaml" + services: + [...] + woodpecker-agent: + [...] ++ volumes: ++ - /var/run/docker.sock:/var/run/docker.sock +``` + +Agents require the server address for communication between agents and servers. The agent connects to the gRPC port of the server: + +```diff title="docker-compose.yaml" + services: + woodpecker-agent: + [...] + environment: ++ - WOODPECKER_SERVER=woodpecker-server:9000 +``` + +The server and the agents use a shared secret to authenticate the communication. This should be a random string, which you should keep secret. You can create such a string with `openssl rand -hex 32`: + +```diff title="docker-compose.yaml" + services: + woodpecker-server: + [...] + environment: + - [...] ++ - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} + woodpecker-agent: + [...] + environment: + - [...] ++ - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} +``` + +## Handling sensitive data + +There are several options for handling sensitive data in `docker compose` or `docker swarm` configurations: + +For Docker Compose, you can use an `.env` file next to your compose configuration to store the secrets outside the compose file. Although this separates the configuration from the secrets, it is still not very secure. + +Alternatively, you can also use `docker-secrets`. As it can be difficult to use `docker-secrets` for environment variables, Woodpecker allows reading sensitive data from files by providing a `*_FILE` option for all sensitive configuration variables. Woodpecker will then attempt to read the value directly from this file. Note that the original environment variable will overwrite the value read from the file if it is specified at the same time. + +```diff title="docker-compose.yaml" + services: + woodpecker-server: + [...] + environment: + - [...] ++ - WOODPECKER_AGENT_SECRET_FILE=/run/secrets/woodpecker-agent-secret ++ secrets: ++ - woodpecker-agent-secret ++ ++ secrets: ++ woodpecker-agent-secret: ++ external: true +``` + +To store values in a docker secret you can use the following command: + +```bash +echo "my_agent_secret_key" | docker secret create woodpecker-agent-secret - +``` diff --git a/docs/versioned_docs/version-3.3/30-administration/05-installation/20-helm-chart.md b/docs/versioned_docs/version-3.3/30-administration/05-installation/20-helm-chart.md new file mode 100644 index 000000000..d421f8959 --- /dev/null +++ b/docs/versioned_docs/version-3.3/30-administration/05-installation/20-helm-chart.md @@ -0,0 +1,45 @@ +# Helm Chart + +Woodpecker provides a [Helm chart](https://github.com/woodpecker-ci/helm) for Kubernetes environments: + +```bash +helm repo add woodpecker oci://ghcr.io/woodpecker-ci/helm +helm install woodpecker woodpecker/woodpecker +``` + +## Metrics + +To enable metrics gathering, set the following in values.yml: + +```yaml +metrics: + enabled: true + port: 9001 +``` + +This activates the `/metrics` endpoint on port `9001` without authentication. This port is not exposed externally by default. Use the instructions at Prometheus if you want to enable authenticated external access to metrics. + +To enable both Prometheus pod monitoring discovery, set: + + + +```yaml +prometheus: + podmonitor: + enabled: true + interval: 60s + labels: {} +``` + + + +If you are not receiving metrics after following the steps above, verify that your Prometheus configuration includes your namespace explicitly in the podMonitorNamespaceSelector or that the selectors are disabled: + +```yaml +# Search all available namespaces +podMonitorNamespaceSelector: + matchLabels: {} +# Enable all available pod monitors +podMonitorSelector: + matchLabels: {} +``` diff --git a/docs/versioned_docs/version-3.3/30-administration/05-installation/30-packages.md b/docs/versioned_docs/version-3.3/30-administration/05-installation/30-packages.md new file mode 100644 index 000000000..e54e2b093 --- /dev/null +++ b/docs/versioned_docs/version-3.3/30-administration/05-installation/30-packages.md @@ -0,0 +1,176 @@ +# Distribution packages + +## Official packages + +- DEB +- RPM + +The pre-built packages are available on the [GitHub releases](https://github.com/woodpecker-ci/woodpecker/releases/latest) page. The packages can be installed using the package manager of your distribution. + +```Shell +# Debian/Ubuntu +curl -L https://github.com/woodpecker-ci/woodpecker/releases/download/${RELEASE_VERSION}/woodpecker_${RELEASE_VERSION}_amd64.deb -o woodpecker-server.deb +sudo apt --fix-broken install ./woodpecker-server.deb + +# CentOS/RHEL +sudo dnf install https://github.com/woodpecker-ci/woodpecker/releases/download/${RELEASE_VERSION}/woodpecker_${RELEASE_VERSION}_amd64.rpm +``` + +The package installation will create a systemd service file for the Woodpecker server and agent along with an example environment file. To configure the server, copy the example environment file `/etc/woodpecker/woodpecker-server.env.example` to `/etc/woodpecker/woodpecker-server.env` and adjust the values. + +```ini title="/usr/local/lib/systemd/system/woodpecker-server.service" +[Unit] +Description=WoodpeckerCI server +Documentation=https://woodpecker-ci.org/docs/administration/server-config +Requires=network.target +After=network.target +ConditionFileNotEmpty=/etc/woodpecker/woodpecker-server.env +ConditionPathExists=/etc/woodpecker/woodpecker-server.env + +[Service] +Type=simple +EnvironmentFile=/etc/woodpecker/woodpecker-server.env +User=woodpecker +Group=woodpecker +ExecStart=/usr/local/bin/woodpecker-server +WorkingDirectory=/var/lib/woodpecker/ +StateDirectory=woodpecker + +[Install] +WantedBy=multi-user.target +``` + +```shell title="/etc/woodpecker/woodpecker-server.env" +WOODPECKER_OPEN=true +WOODPECKER_HOST=${WOODPECKER_HOST} +WOODPECKER_GITHUB=true +WOODPECKER_GITHUB_CLIENT=${WOODPECKER_GITHUB_CLIENT} +WOODPECKER_GITHUB_SECRET=${WOODPECKER_GITHUB_SECRET} +WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} +``` + +After installing the agent, copy the example environment file `/etc/woodpecker/woodpecker-agent.env.example` to `/etc/woodpecker/woodpecker-agent.env` and adjust the values as well. The agent will automatically register itself with the server. + +```ini title="/usr/local/lib/systemd/system/woodpecker-agent.service" +[Unit] +Description=WoodpeckerCI agent +Documentation=https://woodpecker-ci.org/docs/administration/agent-config +Requires=network.target +After=network.target +ConditionFileNotEmpty=/etc/woodpecker/woodpecker-agent.env +ConditionPathExists=/etc/woodpecker/woodpecker-agent.env + +[Service] +Type=simple +EnvironmentFile=/etc/woodpecker/woodpecker-agent.env +User=woodpecker +Group=woodpecker +ExecStart=/usr/local/bin/woodpecker-agent +WorkingDirectory=/var/lib/woodpecker/ +StateDirectory=woodpecker + +[Install] +WantedBy=multi-user.target +``` + +```shell title="/etc/woodpecker/woodpecker-agent.env" +WOODPECKER_SERVER=localhost:9000 +WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} +``` + +## Community packages + +:::info +Woodpecker itself is not responsible for creating these packages. Please reach out to the people responsible for packaging Woodpecker for the individual distributions. +::: + +- [Alpine (Edge)](https://pkgs.alpinelinux.org/packages?name=woodpecker&branch=edge&repo=&arch=&maintainer=) +- [Arch Linux](https://archlinux.org/packages/?q=woodpecker) +- [openSUSE](https://software.opensuse.org/package/woodpecker) +- [YunoHost](https://apps.yunohost.org/app/woodpecker) +- [Cloudron](https://www.cloudron.io/store/org.woodpecker_ci.cloudronapp.html) + +### NixOS + +:::info +This module is not maintained by the Woodpecker developers. +If you experience issues please open a bug report in the [nixpkgs repo](https://github.com/NixOS/nixpkgs/issues/new/choose) where the module is maintained. +::: + +In theory, the NixOS installation is very similar to the binary installation and supports multiple backends. +In practice, the settings are specified declaratively in the NixOS configuration and no manual steps need to be taken. + + + +```nix +{ config +, ... +}: +let + domain = "woodpecker.example.org"; +in +{ + # This automatically sets up certificates via let's encrypt + security.acme.defaults.email = "acme@example.com"; + security.acme.acceptTerms = true; + security.acme.certs."${domain}" = { }; + + # Setting up a nginx proxy that handles tls for us + networking.firewall.allowedTCPPorts = [ 80 443 ]; + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:3007"; + }; + }; + }; + + services.woodpecker-server = { + enable = true; + environment = { + WOODPECKER_HOST = "https://${domain}"; + WOODPECKER_SERVER_ADDR = ":3007"; + WOODPECKER_OPEN = "true"; + }; + # You can pass a file with env vars to the system it could look like: + # WOODPECKER_AGENT_SECRET=XXXXXXXXXXXXXXXXXXXXXX + environmentFile = "/path/to/my/secrets/file"; + }; + + # This sets up a woodpecker agent + services.woodpecker-agents.agents."docker" = { + enable = true; + # We need this to talk to the podman socket + extraGroups = [ "podman" ]; + environment = { + WOODPECKER_SERVER = "localhost:9000"; + WOODPECKER_MAX_WORKFLOWS = "4"; + DOCKER_HOST = "unix:///run/podman/podman.sock"; + WOODPECKER_BACKEND = "docker"; + }; + # Same as with woodpecker-server + environmentFile = [ "/var/lib/secrets/woodpecker.env" ]; + }; + + # Here we setup podman and enable dns + virtualisation.podman = { + enable = true; + defaultNetwork.settings = { + dns_enabled = true; + }; + }; + # This is needed for podman to be able to talk over dns + networking.firewall.interfaces."podman0" = { + allowedUDPPorts = [ 53 ]; + allowedTCPPorts = [ 53 ]; + }; +} +``` + +All configuration options can be found via [NixOS Search](https://search.nixos.org/options?channel=unstable&size=200&sort=relevance&query=woodpecker). There are also some additional resources on how to utilize Woodpecker more effectively with NixOS on the [Awesome Woodpecker](/awesome) page, like using the runners nix-store in the pipeline. diff --git a/docs/versioned_docs/version-3.0/30-administration/05-deployment-methods/_category_.yaml b/docs/versioned_docs/version-3.3/30-administration/05-installation/_category_.yaml similarity index 54% rename from docs/versioned_docs/version-3.0/30-administration/05-deployment-methods/_category_.yaml rename to docs/versioned_docs/version-3.3/30-administration/05-installation/_category_.yaml index 3907838b0..59d884127 100644 --- a/docs/versioned_docs/version-3.0/30-administration/05-deployment-methods/_category_.yaml +++ b/docs/versioned_docs/version-3.3/30-administration/05-installation/_category_.yaml @@ -1,3 +1,3 @@ -label: 'Deployment methods' +label: 'Installation' collapsible: true collapsed: true diff --git a/docs/versioned_docs/version-3.3/30-administration/10-configuration/10-server.md b/docs/versioned_docs/version-3.3/30-administration/10-configuration/10-server.md new file mode 100644 index 000000000..51e48c00f --- /dev/null +++ b/docs/versioned_docs/version-3.3/30-administration/10-configuration/10-server.md @@ -0,0 +1,980 @@ +--- +toc_max_heading_level: 3 +--- + +# Server + +## Forge and User configuration + +Woodpecker does not have its own user registration. Users are provided by your [forge](./12-forges/11-overview.md) (using OAuth2). The registration is closed by default (`WOODPECKER_OPEN=false`). If the registration is open, any user with an account can log in to Woodpecker with the configured forge. + +You can also restrict the registration: + +- closed registration and manually managing users with the CLI `woodpecker-cli user` +- open registration and allowing certain admin users with the setting `WOODPECKER_ADMIN` + + ```ini + WOODPECKER_OPEN=false + WOODPECKER_ADMIN=john.smith,jane_doe + ``` + +- open registration and filtering by organizational affiliation with the setting `WOODPECKER_ORGS` + + ```ini + WOODPECKER_OPEN=true + WOODPECKER_ORGS=dolores,dog-patch + ``` + +Administrators should also be explicitly set in your configuration. + +```ini +WOODPECKER_ADMIN=john.smith,jane_doe +``` + +## Repository configuration + +Woodpecker works with the user's OAuth permissions on the forge. By default Woodpecker will synchronize all repositories the user has access to. Use the variable `WOODPECKER_REPO_OWNERS` to filter which repos should only be synchronized by GitHub users. Normally you should enter the GitHub name of your company here. + +```ini +WOODPECKER_REPO_OWNERS=my_company,my_company_oss_github_user +``` + +## Databases + +The default database engine of Woodpecker is an embedded SQLite database which requires zero installation or configuration. But you can replace it with a MySQL/MariaDB or PostgreSQL database. There are also some fundamentals to keep in mind: + +- Woodpecker does not create your database automatically. If you are using the MySQL or Postgres driver you will need to manually create your database using `CREATE DATABASE`. + +- Woodpecker does not perform data archival; it considered out-of-scope for the project. Woodpecker is rather conservative with the amount of data it stores, however, you should expect the database logs to grow the size of your database considerably. + +- Woodpecker automatically handles database migration, including the initial creation of tables and indexes. New versions of Woodpecker will automatically upgrade the database unless otherwise specified in the release notes. + +- Woodpecker does not perform database backups. This should be handled by separate third party tools provided by your database vendor of choice. + +### SQLite + +By default Woodpecker uses a SQLite database stored under `/var/lib/woodpecker/`. If using containers, you can mount a [data volume](https://docs.docker.com/storage/volumes/#create-and-manage-volumes) to persist the SQLite database. + +```diff title="docker-compose.yaml" + services: + woodpecker-server: + [...] ++ volumes: ++ - woodpecker-server-data:/var/lib/woodpecker/ +``` + +### MySQL/MariaDB + +The below example demonstrates MySQL database configuration. See the official driver [documentation](https://github.com/go-sql-driver/mysql#dsn-data-source-name) for configuration options and examples. +The minimum version of MySQL/MariaDB required is determined by the `go-sql-driver/mysql` - see [it's README](https://github.com/go-sql-driver/mysql#requirements) for more information. + +```ini +WOODPECKER_DATABASE_DRIVER=mysql +WOODPECKER_DATABASE_DATASOURCE=root:password@tcp(1.2.3.4:3306)/woodpecker?parseTime=true +``` + +### PostgreSQL + +The below example demonstrates Postgres database configuration. See the official driver [documentation](https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-CONNSTRING) for configuration options and examples. +Please use Postgres versions equal or higher than **11**. + +```ini +WOODPECKER_DATABASE_DRIVER=postgres +WOODPECKER_DATABASE_DATASOURCE=postgres://root:password@1.2.3.4:5432/postgres?sslmode=disable +``` + +## TLS + +Woodpecker supports SSL configuration by mounting certificates into your container. + +```ini +WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt +WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key +``` + +TLS support is provided using the [ListenAndServeTLS](https://golang.org/pkg/net/http/#ListenAndServeTLS) function from the Go standard library. + +### Container configuration + +In addition to the ports shown in the [docker-compose](../05-installation/10-docker-compose.md) installation, port `443` must be exposed: + +```diff title="docker-compose.yaml" + services: + woodpecker-server: + [...] + ports: ++ - 80:80 ++ - 443:443 + - 9000:9000 +``` + +Additionally, the certificate and key must be mounted and referenced: + +```diff title="docker-compose.yaml" + services: + woodpecker-server: + [...] + environment: ++ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt ++ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key + volumes: ++ - /etc/certs/woodpecker.example.com/server.crt:/etc/certs/woodpecker.example.com/server.crt ++ - /etc/certs/woodpecker.example.com/server.key:/etc/certs/woodpecker.example.com/server.key +``` + +## Reverse Proxy + +### Apache + +This guide provides a brief overview for installing Woodpecker server behind the Apache2 web-server. This is an example configuration: + + + +```apacheconf +ProxyPreserveHost On + +RequestHeader set X-Forwarded-Proto "https" + +ProxyPass / http://127.0.0.1:8000/ +ProxyPassReverse / http://127.0.0.1:8000/ +``` + +You must have these Apache modules installed: + +- `proxy` +- `proxy_http` + +You must configure Apache to set `X-Forwarded-Proto` when using https. + +```diff + ProxyPreserveHost On + ++RequestHeader set X-Forwarded-Proto "https" + + ProxyPass / http://127.0.0.1:8000/ + ProxyPassReverse / http://127.0.0.1:8000/ +``` + +### Nginx + +This guide provides a basic overview for installing Woodpecker server behind the Nginx web-server. For more advanced configuration options please consult the official Nginx [documentation](https://docs.nginx.com/nginx/admin-guide). + +Example configuration: + +```nginx +server { + listen 80; + server_name woodpecker.example.com; + + location / { + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + + proxy_pass http://127.0.0.1:8000; + proxy_redirect off; + proxy_http_version 1.1; + proxy_buffering off; + + chunked_transfer_encoding off; + } +} +``` + +You must configure the proxy to set `X-Forwarded` proxy headers: + +```diff + server { + listen 80; + server_name woodpecker.example.com; + + location / { ++ proxy_set_header X-Forwarded-For $remote_addr; ++ proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://127.0.0.1:8000; + proxy_redirect off; + proxy_http_version 1.1; + proxy_buffering off; + + chunked_transfer_encoding off; + } + } +``` + +### Caddy + +This guide provides a brief overview for installing Woodpecker server behind the [Caddy web-server](https://caddyserver.com/). This is an example caddyfile proxy configuration: + +```caddy +# expose WebUI and API +woodpecker.example.com { + reverse_proxy woodpecker-server:8000 +} + +# expose gRPC +woodpecker-agent.example.com { + reverse_proxy h2c://woodpecker-server:9000 +} +``` + +### Tunnelmole + +[Tunnelmole](https://github.com/robbie-cahill/tunnelmole-client) is an open source tunneling tool. + +Start by [installing tunnelmole](https://github.com/robbie-cahill/tunnelmole-client#installation). + +After the installation, run the following command to start tunnelmole: + +```bash +tmole 8000 +``` + +It will start a tunnel and will give a response like this: + +```bash +➜ ~ tmole 8000 +http://bvdo5f-ip-49-183-170-144.tunnelmole.net is forwarding to localhost:8000 +https://bvdo5f-ip-49-183-170-144.tunnelmole.net is forwarding to localhost:8000 +``` + +Set `WOODPECKER_HOST` to the Tunnelmole URL (`xxx.tunnelmole.net`) and start the server. + +### Ngrok + +[Ngrok](https://ngrok.com/) is a popular closed source tunnelling tool. After installing ngrok, open a new console and run the following command: + +```bash +ngrok http 8000 +``` + +Set `WOODPECKER_HOST` to the ngrok URL (usually xxx.ngrok.io) and start the server. + +### Traefik + +To install the Woodpecker server behind a [Traefik](https://traefik.io/) load balancer, you must expose both the `http` and the `gRPC` ports. Here is a comprehensive example, considering you are running Traefik with docker swarm and want to do TLS termination and automatic redirection from http to https. + + + +```yaml +services: + server: + image: woodpeckerci/woodpecker-server:latest + environment: + - WOODPECKER_OPEN=true + - WOODPECKER_ADMIN=your_admin_user + # other settings ... + + networks: + - dmz # externally defined network, so that traefik can connect to the server + volumes: + - woodpecker-server-data:/var/lib/woodpecker/ + + deploy: + labels: + - traefik.enable=true + + # web server + - traefik.http.services.woodpecker-service.loadbalancer.server.port=8000 + + - traefik.http.routers.woodpecker-secure.rule=Host(`ci.example.com`) + - traefik.http.routers.woodpecker-secure.tls=true + - traefik.http.routers.woodpecker-secure.tls.certresolver=letsencrypt + - traefik.http.routers.woodpecker-secure.entrypoints=web-secure + - traefik.http.routers.woodpecker-secure.service=woodpecker-service + + - traefik.http.routers.woodpecker.rule=Host(`ci.example.com`) + - traefik.http.routers.woodpecker.entrypoints=web + - traefik.http.routers.woodpecker.service=woodpecker-service + + - traefik.http.middlewares.woodpecker-redirect.redirectscheme.scheme=https + - traefik.http.middlewares.woodpecker-redirect.redirectscheme.permanent=true + - traefik.http.routers.woodpecker.middlewares=woodpecker-redirect@docker + + # gRPC service + - traefik.http.services.woodpecker-grpc.loadbalancer.server.port=9000 + - traefik.http.services.woodpecker-grpc.loadbalancer.server.scheme=h2c + + - traefik.http.routers.woodpecker-grpc-secure.rule=Host(`woodpecker-grpc.example.com`) + - traefik.http.routers.woodpecker-grpc-secure.tls=true + - traefik.http.routers.woodpecker-grpc-secure.tls.certresolver=letsencrypt + - traefik.http.routers.woodpecker-grpc-secure.entrypoints=web-secure + - traefik.http.routers.woodpecker-grpc-secure.service=woodpecker-grpc + + - traefik.http.routers.woodpecker-grpc.rule=Host(`woodpecker-grpc.example.com`) + - traefik.http.routers.woodpecker-grpc.entrypoints=web + - traefik.http.routers.woodpecker-grpc.service=woodpecker-grpc + + - traefik.http.middlewares.woodpecker-grpc-redirect.redirectscheme.scheme=https + - traefik.http.middlewares.woodpecker-grpc-redirect.redirectscheme.permanent=true + - traefik.http.routers.woodpecker-grpc.middlewares=woodpecker-grpc-redirect@docker + +volumes: + woodpecker-server-data: + driver: local + +networks: + dmz: + external: true +``` + +## Metrics + +### Endpoint + +Woodpecker is compatible with Prometheus and exposes a `/metrics` endpoint if the environment variable `WOODPECKER_PROMETHEUS_AUTH_TOKEN` is set. Please note that access to the metrics endpoint is restricted and requires the authorization token from the environment variable mentioned above. + +```yaml +global: + scrape_interval: 60s + +scrape_configs: + - job_name: 'woodpecker' + bearer_token: dummyToken... + + static_configs: + - targets: ['woodpecker.domain.com'] +``` + +### Authorization + +An administrator will need to generate a user API token and configure in the Prometheus configuration file as a bearer token. Please see the following example: + +```diff + global: + scrape_interval: 60s + + scrape_configs: + - job_name: 'woodpecker' ++ bearer_token: dummyToken... + + static_configs: + - targets: ['woodpecker.domain.com'] +``` + +As an alternative, the token can also be read from a file: + +```diff + global: + scrape_interval: 60s + + scrape_configs: + - job_name: 'woodpecker' ++ bearer_token_file: /etc/secrets/woodpecker-monitoring-token + + static_configs: + - targets: ['woodpecker.domain.com'] +``` + +### Reference + +List of Prometheus metrics specific to Woodpecker: + +```yaml +# HELP woodpecker_pipeline_count Pipeline count. +# TYPE woodpecker_pipeline_count counter +woodpecker_pipeline_count{branch="main",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 3 +woodpecker_pipeline_count{branch="dev",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 3 +# HELP woodpecker_pipeline_time Build time. +# TYPE woodpecker_pipeline_time gauge +woodpecker_pipeline_time{branch="main",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 116 +woodpecker_pipeline_time{branch="dev",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 155 +# HELP woodpecker_pipeline_total_count Total number of builds. +# TYPE woodpecker_pipeline_total_count gauge +woodpecker_pipeline_total_count 1025 +# HELP woodpecker_pending_steps Total number of pending pipeline steps. +# TYPE woodpecker_pending_steps gauge +woodpecker_pending_steps 0 +# HELP woodpecker_repo_count Total number of repos. +# TYPE woodpecker_repo_count gauge +woodpecker_repo_count 9 +# HELP woodpecker_running_steps Total number of running pipeline steps. +# TYPE woodpecker_running_steps gauge +woodpecker_running_steps 0 +# HELP woodpecker_user_count Total number of users. +# TYPE woodpecker_user_count gauge +woodpecker_user_count 1 +# HELP woodpecker_waiting_steps Total number of pipeline waiting on deps. +# TYPE woodpecker_waiting_steps gauge +woodpecker_waiting_steps 0 +# HELP woodpecker_worker_count Total number of workers. +# TYPE woodpecker_worker_count gauge +woodpecker_worker_count 4 +``` + +## External Configuration API + +To provide additional management and preprocessing capabilities for pipeline configurations Woodpecker supports an HTTP API which can be enabled to call an external config service. +Before the run or restart of any pipeline Woodpecker will make a POST request to an external HTTP API sending the current repository, build information and all current config files retrieved from the repository. The external API can then send back new pipeline configurations that will be used immediately or respond with `HTTP 204` to tell the system to use the existing configuration. + +Every request sent by Woodpecker is signed using a [http-signature](https://datatracker.ietf.org/doc/html/rfc9421) by a private key (ed25519) generated on the first start of the Woodpecker server. You can get the public key for the verification of the http-signature from `http(s)://your-woodpecker-server/api/signature/public-key`. + +A simplistic example configuration service can be found here: [https://github.com/woodpecker-ci/example-config-service](https://github.com/woodpecker-ci/example-config-service) + +:::warning +You need to trust the external config service as it is getting secret information about the repository and pipeline and has the ability to change pipeline configs that could run malicious tasks. +::: + +### Configuration + +```ini title="Server" +WOODPECKER_CONFIG_SERVICE_ENDPOINT=https://example.com/ciconfig +``` + +#### Example request made by Woodpecker + +```json +{ + "repo": { + "id": 100, + "uid": "", + "user_id": 0, + "namespace": "", + "name": "woodpecker-test-pipe", + "slug": "", + "scm": "git", + "git_http_url": "", + "git_ssh_url": "", + "link": "", + "default_branch": "", + "private": true, + "visibility": "private", + "active": true, + "config": "", + "trusted": false, + "protected": false, + "ignore_forks": false, + "ignore_pulls": false, + "cancel_pulls": false, + "timeout": 60, + "counter": 0, + "synced": 0, + "created": 0, + "updated": 0, + "version": 0 + }, + "pipeline": { + "author": "myUser", + "author_avatar": "https://myforge.com/avatars/d6b3f7787a685fcdf2a44e2c685c7e03", + "author_email": "my@email.com", + "branch": "main", + "changed_files": ["some-file-name.txt"], + "commit": "2fff90f8d288a4640e90f05049fe30e61a14fd50", + "created_at": 0, + "deploy_to": "", + "enqueued_at": 0, + "error": "", + "event": "push", + "finished_at": 0, + "id": 0, + "link_url": "https://myforge.com/myUser/woodpecker-testpipe/commit/2fff90f8d288a4640e90f05049fe30e61a14fd50", + "message": "test old config\n", + "number": 0, + "parent": 0, + "ref": "refs/heads/main", + "refspec": "", + "clone_url": "", + "reviewed_at": 0, + "reviewed_by": "", + "sender": "myUser", + "signed": false, + "started_at": 0, + "status": "", + "timestamp": 1645962783, + "title": "", + "updated_at": 0, + "verified": false + }, + "netrc": { + "machine": "https://example.com", + "login": "user", + "password": "password" + } +} +``` + +#### Example response structure + +```json +{ + "configs": [ + { + "name": "central-override", + "data": "steps:\n - name: backend\n image: alpine\n commands:\n - echo \"Hello there from ConfigAPI\"\n" + } + ] +} +``` + +## UI customization + +Woodpecker supports custom JS and CSS files. These files must be present in the server's filesystem. +They can be backed in a Docker image or mounted from a ConfigMap inside a Kubernetes environment. +The configuration variables are independent of each other, which means it can be just one file present, or both. + +```ini +WOODPECKER_CUSTOM_CSS_FILE=/usr/local/www/woodpecker.css +WOODPECKER_CUSTOM_JS_FILE=/usr/local/www/woodpecker.js +``` + +The examples below show how to place a banner message in the top navigation bar of Woodpecker. + +```css title="woodpecker.css" +.banner-message { + position: absolute; + width: 280px; + height: 40px; + margin-left: 240px; + margin-top: 5px; + padding-top: 5px; + font-weight: bold; + background: red no-repeat; + text-align: center; +} +``` + +```javascript title="woodpecker.js" +// place/copy a minified version of your preferred lightweight JavaScript library here ... +!(function () { + 'use strict'; + function e() {} /*...*/ +})(); + +$().ready(function () { + $('.app nav img').first().htmlAfter(""); +}); +``` + +## Environment variables + +### `WOODPECKER_LOG_LEVEL` + +> Default: empty + +Configures the logging level. Possible values are `trace`, `debug`, `info`, `warn`, `error`, `fatal`, `panic`, `disabled` and empty. + +### `WOODPECKER_LOG_FILE` + +> Default: `stderr` + +Output destination for logs. +'stdout' and 'stderr' can be used as special keywords. + +### `WOODPECKER_DATABASE_LOG` + +> Default: `false` + +Enable logging in database engine (currently xorm). + +### `WOODPECKER_DATABASE_LOG_SQL` + +> Default: `false` + +Enable logging of sql commands. + +### `WOODPECKER_DATABASE_MAX_CONNECTIONS` + +> Default: `100` + +Max database connections xorm is allowed create. + +### `WOODPECKER_DATABASE_IDLE_CONNECTIONS` + +> Default: `2` + +Amount of database connections xorm will hold open. + +### `WOODPECKER_DATABASE_CONNECTION_TIMEOUT` + +> Default: `3 Seconds` + +Time an active database connection is allowed to stay open. + +### `WOODPECKER_DEBUG_PRETTY` + +> Default: `false` + +Enable pretty-printed debug output. + +### `WOODPECKER_DEBUG_NOCOLOR` + +> Default: `true` + +Disable colored debug output. + +### `WOODPECKER_HOST` + +> Default: empty + +Server fully qualified URL of the user-facing hostname, port (if not default for HTTP/HTTPS) and path prefix. + +Examples: + +- `WOODPECKER_HOST=http://woodpecker.example.org` +- `WOODPECKER_HOST=http://example.org/woodpecker` +- `WOODPECKER_HOST=http://example.org:1234/woodpecker` + +### `WOODPECKER_SERVER_ADDR` + +> Default: `:8000` + +Configures the HTTP listener port. + +### `WOODPECKER_SERVER_ADDR_TLS` + +> Default: `:443` + +Configures the HTTPS listener port when SSL is enabled. + +### `WOODPECKER_SERVER_CERT` + +> Default: empty + +Path to an SSL certificate used by the server to accept HTTPS requests. + +Example: `WOODPECKER_SERVER_CERT=/path/to/cert.pem` + +### `WOODPECKER_SERVER_KEY` + +> Default: empty + +Path to an SSL certificate key used by the server to accept HTTPS requests. + +Example: `WOODPECKER_SERVER_KEY=/path/to/key.pem` + +### `WOODPECKER_CUSTOM_CSS_FILE` + +> Default: empty + +File path for the server to serve a custom .CSS file, used for customizing the UI. +Can be used for showing banner messages, logos, or environment-specific hints (a.k.a. white-labeling). +The file must be UTF-8 encoded, to ensure all special characters are preserved. + +Example: `WOODPECKER_CUSTOM_CSS_FILE=/usr/local/www/woodpecker.css` + +### `WOODPECKER_CUSTOM_JS_FILE` + +> Default: empty + +File path for the server to serve a custom .JS file, used for customizing the UI. +Can be used for showing banner messages, logos, or environment-specific hints (a.k.a. white-labeling). +The file must be UTF-8 encoded, to ensure all special characters are preserved. + +Example: `WOODPECKER_CUSTOM_JS_FILE=/usr/local/www/woodpecker.js` + +### `WOODPECKER_GRPC_ADDR` + +> Default: `:9000` + +Configures the gRPC listener port. + +### `WOODPECKER_GRPC_SECRET` + +> Default: `secret` + +Configures the gRPC JWT secret. + +### `WOODPECKER_GRPC_SECRET_FILE` + +> Default: empty + +Read the value for `WOODPECKER_GRPC_SECRET` from the specified filepath. + +### `WOODPECKER_METRICS_SERVER_ADDR` + +> Default: empty + +Configures an unprotected metrics endpoint. An empty value disables the metrics endpoint completely. + +Example: `:9001` + +### `WOODPECKER_ADMIN` + +> Default: empty + +Comma-separated list of admin accounts. + +Example: `WOODPECKER_ADMIN=user1,user2` + +### `WOODPECKER_ORGS` + +> Default: empty + +Comma-separated list of approved organizations. + +Example: `org1,org2` + +### `WOODPECKER_REPO_OWNERS` + +> Default: empty + +Repositories by those owners will be allowed to be used in woodpecker. + +Example: `user1,user2` + +### `WOODPECKER_OPEN` + +> Default: `false` + +Enable to allow user registration. + +### `WOODPECKER_AUTHENTICATE_PUBLIC_REPOS` + +> Default: `false` + +Always use authentication to clone repositories even if they are public. Needed if the forge requires to always authenticate as used by many companies. + +### `WOODPECKER_DEFAULT_ALLOW_PULL_REQUESTS` + +> Default: `true` + +The default setting for allowing pull requests on a repo. + +### `WOODPECKER_DEFAULT_CANCEL_PREVIOUS_PIPELINE_EVENTS` + +> Default: `pull_request, push` + +List of event names that will be canceled when a new pipeline for the same context (tag, branch) is created. + +### `WOODPECKER_DEFAULT_CLONE_PLUGIN` + +> Default is defined in [shared/constant/constant.go](https://github.com/woodpecker-ci/woodpecker/blob/main/shared/constant/constant.go) + +The default docker image to be used when cloning the repo. + +It is also added to the trusted clone plugin list. + +### `WOODPECKER_DEFAULT_WORKFLOW_LABELS` + +> By default run workflows on any agent if no label conditions are set in workflow definition. + +You can specify default label/platform conditions that will be used for agent selection for workflows that does not have labels conditions set. + +Example: `platform=linux/amd64,backend=docker` + +### `WOODPECKER_DEFAULT_PIPELINE_TIMEOUT` + +> 60 (minutes) + +The default time for a repo in minutes before a pipeline gets killed + +### `WOODPECKER_MAX_PIPELINE_TIMEOUT` + +> 120 (minutes) + +The maximum time in minutes you can set in the repo settings before a pipeline gets killed + +### `WOODPECKER_SESSION_EXPIRES` + +> Default: `72h` + +Configures the session expiration time. +Context: when someone does log into Woodpecker, a temporary session token is created. +As long as the session is valid (until it expires or log-out), +a user can log into Woodpecker, without re-authentication. + +### `WOODPECKER_PLUGINS_PRIVILEGED` + +Docker images to run in privileged mode. Only change if you are sure what you do! + +You should specify the tag of your images too, as this enforces exact matches. + +### WOODPECKER_PLUGINS_TRUSTED_CLONE + +> Defaults are defined in [shared/constant/constant.go](https://github.com/woodpecker-ci/woodpecker/blob/main/shared/constant/constant.go) + +Plugins which are trusted to handle the Git credential info in clone steps. +If a clone step use an image not in this list, Git credentials will not be injected and users have to use other methods (e.g. secrets) to clone non-public repos. + +You should specify the tag of your images too, as this enforces exact matches. + + + +### `WOODPECKER_DOCKER_CONFIG` + +> Default: empty + +Configures a specific private registry config for all pipelines. + +Example: `WOODPECKER_DOCKER_CONFIG=/home/user/.docker/config.json` + + + +### `WOODPECKER_AGENT_SECRET` + +> Default: empty + +A shared secret used by server and agents to authenticate communication. A secret can be generated by `openssl rand -hex 32`. + +### `WOODPECKER_AGENT_SECRET_FILE` + +> Default: empty + +Read the value for `WOODPECKER_AGENT_SECRET` from the specified filepath + +### `WOODPECKER_DISABLE_USER_AGENT_REGISTRATION` + +> Default: false + +By default, users can create new agents for their repos they have admin access to. +If an instance admin doesn't want this feature enabled, they can disable the API and hide the Web UI elements. + +:::note +You should set this option if you have, for example, +global secrets and don't trust your users to create a rogue agent and pipeline for secret extraction. +::: + +### `WOODPECKER_KEEPALIVE_MIN_TIME` + +> Default: empty + +Server-side enforcement policy on the minimum amount of time a client should wait before sending a keepalive ping. + +Example: `WOODPECKER_KEEPALIVE_MIN_TIME=10s` + +### `WOODPECKER_DATABASE_DRIVER` + +> Default: `sqlite3` + +The database driver name. Possible values are `sqlite3`, `mysql` or `postgres`. + +### `WOODPECKER_DATABASE_DATASOURCE` + +> Default: `woodpecker.sqlite` if not running inside a container, `/var/lib/woodpecker/woodpecker.sqlite` if running inside a container + +The database connection string. The default value is the path of the embedded SQLite database file. + +Example: + +```bash +# MySQL +# https://github.com/go-sql-driver/mysql#dsn-data-source-name +WOODPECKER_DATABASE_DATASOURCE=root:password@tcp(1.2.3.4:3306)/woodpecker?parseTime=true + +# PostgreSQL +# https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-CONNSTRING +WOODPECKER_DATABASE_DATASOURCE=postgres://root:password@1.2.3.4:5432/woodpecker?sslmode=disable +``` + +### `WOODPECKER_DATABASE_DATASOURCE_FILE` + +> Default: empty + +Read the value for `WOODPECKER_DATABASE_DATASOURCE` from the specified filepath + +### `WOODPECKER_PROMETHEUS_AUTH_TOKEN` + +> Default: empty + +Token to secure the Prometheus metrics endpoint. +Must be set to enable the endpoint. + +### `WOODPECKER_PROMETHEUS_AUTH_TOKEN_FILE` + +> Default: empty + +Read the value for `WOODPECKER_PROMETHEUS_AUTH_TOKEN` from the specified filepath + +### `WOODPECKER_STATUS_CONTEXT` + +> Default: `ci/woodpecker` + +Context prefix Woodpecker will use to publish status messages to SCM. You probably will only need to change it if you run multiple Woodpecker instances for a single repository. + +### `WOODPECKER_STATUS_CONTEXT_FORMAT` + +> Default: `{{ .context }}/{{ .event }}/{{ .workflow }}{{if not (eq .axis_id 0)}}/{{.axis_id}}{{end}}` + +Template for the status messages published to forges, uses [Go templates](https://pkg.go.dev/text/template) as template language. +Supported variables: + +- `context`: Woodpecker's context (see `WOODPECKER_STATUS_CONTEXT`) +- `event`: the event which started the pipeline +- `workflow`: the workflow's name +- `owner`: the repo's owner +- `repo`: the repo's name + +--- + +### `WOODPECKER_CONFIG_SERVICE_ENDPOINT` + +> Default: empty + +Specify a configuration service endpoint, see [Configuration Extension](#external-configuration-api) + +### `WOODPECKER_FORGE_TIMEOUT` + +> Default: 5s + +Specify timeout when fetching the Woodpecker configuration from forge. See for syntax reference. + +### `WOODPECKER_FORGE_RETRY` + +> Default: 3 + +Specify how many retries of fetching the Woodpecker configuration from a forge are done before we fail. + +### `WOODPECKER_ENABLE_SWAGGER` + +> Default: true + +Enable the Swagger UI for API documentation. + +### `WOODPECKER_DISABLE_VERSION_CHECK` + +> Default: false + +Disable version check in admin web UI. + +### `WOODPECKER_LOG_STORE` + +> Default: `database` + +Where to store logs. Possible values: `database` or `file`. + +### `WOODPECKER_LOG_STORE_FILE_PATH` + +> Default empty + +Directory to store logs in if [`WOODPECKER_LOG_STORE`](#woodpecker_log_store) is `file`. + +--- + +### `WOODPECKER_GITHUB_...` + +See [GitHub configuration](./12-forges/20-github.md#configuration) + +### `WOODPECKER_GITEA_...` + +See [Gitea configuration](./12-forges/30-gitea.md#configuration) + +### `WOODPECKER_BITBUCKET_...` + +See [Bitbucket configuration](./12-forges/50-bitbucket.md#configuration) + +### `WOODPECKER_GITLAB_...` + +See [GitLab configuration](./12-forges/40-gitlab.md#configuration) + +### `WOODPECKER_ADDON_FORGE` + +See [addon forges](./12-forges/100-addon.md). diff --git a/docs/versioned_docs/version-3.3/30-administration/10-configuration/11-backends/10-docker.md b/docs/versioned_docs/version-3.3/30-administration/10-configuration/11-backends/10-docker.md new file mode 100644 index 000000000..7320619d8 --- /dev/null +++ b/docs/versioned_docs/version-3.3/30-administration/10-configuration/11-backends/10-docker.md @@ -0,0 +1,125 @@ +--- +toc_max_heading_level: 2 +--- + +# Docker + +This is the original backend used with Woodpecker. The docker backend executes each step inside a separate container started on the agent. + +## Private registries + +Woodpecker supports [Docker credentials](https://github.com/docker/docker-credential-helpers) to securely store registry credentials. Install your corresponding credential helper and configure it in your Docker config file passed via [`WOODPECKER_DOCKER_CONFIG`](../10-server.md#woodpecker_docker_config). + +To add your credential helper to the Woodpecker server container you could use the following code to build a custom image: + +```dockerfile +FROM woodpeckerci/woodpecker-server:latest-alpine + +RUN apk add -U --no-cache docker-credential-ecr-login +``` + +## Step specific configuration + +### Run user + +By default the docker backend starts the step container without the `--user` flag. This means the step container will use the default user of the container. To change this behavior you can set the `user` backend option to the preferred user/group: + +```yaml +steps: + - name: example + image: alpine + commands: + - whoami + backend_options: + docker: + user: 65534:65534 +``` + +The syntax is the same as the [docker run](https://docs.docker.com/engine/reference/run/#user) `--user` flag. + +## Tips and tricks + +### Image cleanup + +The agent **will not** automatically remove images from the host. This task should be managed by the host system. For example, you can use a cron job to periodically do clean-up tasks for the CI runner. + +:::danger +The following commands **are destructive** and **irreversible** it is highly recommended that you test these commands on your system before running them in production via a cron job or other automation. +::: + +- Remove all unused images + + + + ```bash + docker image rm $(docker images --filter "dangling=true" -q --no-trunc) + ``` + +- Remove Woodpecker volumes + + ```bash + docker volume rm $(docker volume ls --filter name=^wp_* --filter dangling=true -q) + ``` + +### Podman + +There is no official support for Podman, but one can try to set the environment variable `DOCKER_HOST` to point to the Podman socket. It might work. See also the [Blog posts](https://woodpecker-ci.org/blog). + +## Environment variables + +### `WOODPECKER_BACKEND_DOCKER_NETWORK` + +> Default: empty + +Set to the name of an existing network which will be attached to all your pipeline containers (steps). Please be careful as this allows the containers of different pipelines to access each other! + +### `WOODPECKER_BACKEND_DOCKER_ENABLE_IPV6` + +> Default: `false` + +Enable IPv6 for the networks used by pipeline containers (steps). Make sure you configured your docker daemon to support IPv6. + +### `WOODPECKER_BACKEND_DOCKER_VOLUMES` + +> Default: empty + +List of default volumes separated by comma to be mounted to all pipeline containers (steps). For example to use custom CA +certificates installed on host and host timezone use `/etc/ssl/certs:/etc/ssl/certs:ro,/etc/timezone:/etc/timezone`. + +### `WOODPECKER_BACKEND_DOCKER_LIMIT_MEM_SWAP` + +> Default: `0` + +The maximum amount of memory a single pipeline container is allowed to swap to disk, configured in bytes. There is no limit if `0`. + +### `WOODPECKER_BACKEND_DOCKER_LIMIT_MEM` + +> Default: `0` + +The maximum amount of memory a single pipeline container can use, configured in bytes. There is no limit if `0`. + +### `WOODPECKER_BACKEND_DOCKER_LIMIT_SHM_SIZE` + +> Default: `0` + +The maximum amount of memory of `/dev/shm` allowed in bytes. There is no limit if `0`. + +### `WOODPECKER_BACKEND_DOCKER_LIMIT_CPU_QUOTA` + +> Default: `0` + +The number of microseconds per CPU period that the container is limited to before throttled. There is no limit if `0`. + +### `WOODPECKER_BACKEND_DOCKER_LIMIT_CPU_SHARES` + +> Default: `0` + +The relative weight vs. other containers. + +### `WOODPECKER_BACKEND_DOCKER_LIMIT_CPU_SET` + +> Default: empty + +Comma-separated list to limit the specific CPUs or cores a pipeline container can use. + +Example: `WOODPECKER_BACKEND_DOCKER_LIMIT_CPU_SET=1,2` diff --git a/docs/versioned_docs/version-2.7/30-administration/22-backends/40-kubernetes.md b/docs/versioned_docs/version-3.3/30-administration/10-configuration/11-backends/20-kubernetes.md similarity index 80% rename from docs/versioned_docs/version-2.7/30-administration/22-backends/40-kubernetes.md rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/11-backends/20-kubernetes.md index 72524946b..19334a0b9 100644 --- a/docs/versioned_docs/version-2.7/30-administration/22-backends/40-kubernetes.md +++ b/docs/versioned_docs/version-3.3/30-administration/10-configuration/11-backends/20-kubernetes.md @@ -2,17 +2,17 @@ toc_max_heading_level: 2 --- -# Kubernetes backend +# Kubernetes The Kubernetes backend executes steps inside standalone Pods. A temporary PVC is created for the lifetime of the pipeline to transfer files between steps. -## Images from private registries +## Private registries -In order to pull private container images defined in your pipeline YAML you must provide [registry credentials in Kubernetes Secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). -As the Secret is Agent-wide, it has to be placed in namespace defined by `WOODPECKER_BACKEND_K8S_NAMESPACE`. -Besides, you need to provide the Secret name to Agent via `WOODPECKER_BACKEND_K8S_PULL_SECRET_NAMES`. +In addition to [registries specified in the UI](../../../20-usage/41-registries.md), you may provide [registry credentials in Kubernetes Secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) to pull private container images defined in your pipeline YAML. -## Job specific configuration +Place these Secrets in namespace defined by `WOODPECKER_BACKEND_K8S_NAMESPACE` and provide the Secret names to Agents via `WOODPECKER_BACKEND_K8S_PULL_SECRET_NAMES`. + +## Step specific configuration ### Resources @@ -50,9 +50,24 @@ See the [Kubernetes documentation](https://kubernetes.io/docs/concepts/container `serviceAccountName` specifies the name of the ServiceAccount which the Pod will mount. This service account must be created externally. See the [Kubernetes documentation](https://kubernetes.io/docs/concepts/security/service-accounts/) for more information on using service accounts. +```yaml +steps: + - name: 'My kubernetes step' + image: alpine + commands: + - echo "Hello world" + backend_options: + kubernetes: + # Use the service account `default` in the current namespace. + # This usually the same as wherever woodpecker is deployed. + serviceAccountName: default +``` + +To give steps access to the Kubernetes API via service account, take a look at [RBAC Authorization](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) + ### Node selector -`nodeSelector` specifies the labels which are used to select the node on which the job will be executed. +`nodeSelector` specifies the labels which are used to select the node on which the step will be executed. Labels defined here will be appended to a list which already contains `"kubernetes.io/arch"`. By default `"kubernetes.io/arch"` is inferred from the agents' platform. One can override it by setting that label in the `nodeSelector` section of the `backend_options`. @@ -107,7 +122,7 @@ steps: limits: memory: 256Mi nodeSelector: - beta.kubernetes.io/instance-type: p3.8xlarge + beta.kubernetes.io/instance-type: Standard_D2_v3 tolerations: - key: 'key1' operator: 'Equal' @@ -119,7 +134,19 @@ steps: ### Volumes To mount volumes a PersistentVolume (PV) and PersistentVolumeClaim (PVC) are needed on the cluster which can be referenced in steps via the `volumes` option. -Assuming a PVC named `woodpecker-cache` exists, it can be referenced as follows in a step: + +Persistent volumes must be created manually. Use the Kubernetes [Persistent Volumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) documentation as a reference. + +_If your PVC is not highly available or NFS-based, you may also need to integrate affinity settings to ensure that your steps are executed on the correct node._ + +NOTE: If you plan to use this volume in more than one workflow concurrently, make sure you have configured the PVC in `RWX` mode. Keep in mind that this feature must be supported by the used CSI driver: + +```yaml +accessModes: + - ReadWriteMany +``` + +Assuming a PVC named `woodpecker-cache` exists, it can be referenced as follows in a plugin step: ```yaml steps: @@ -133,6 +160,19 @@ steps: [...] ``` +Or as follows when using a normal image: + +```yaml +steps: + - name: "Edit cache" + image: alpine:latest + volumes: + - woodpecker-cache:/woodpecker/src/cache + commands: + - echo "Hello World" > /woodpecker/src/cache/output.txt + [...] +``` + ### Security context Use the following configuration to set the [Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the Pod/container running a given pipeline step: @@ -156,6 +196,8 @@ Note that the `backend_options.kubernetes.securityContext` object allows you to By default, the properties will be set at the Pod level. Properties that are only supported on the container level will be set there instead. So, the configuration shown above will result in something like the following Pod spec: + + ```yaml kind: Pod spec: @@ -170,7 +212,9 @@ spec: [...] ``` -You can also restrict a container's syscalls with [seccomp](https://kubernetes.io/docs/tutorials/security/seccomp/) profile + + +You can also restrict a syscalls of containers with [seccomp](https://kubernetes.io/docs/tutorials/security/seccomp/) profile. ```yaml backend_options: @@ -193,7 +237,7 @@ backend_options: ``` :::note -AppArmor syntax follows [KEP-24](https://github.com/kubernetes/enhancements/blob/fddcbb9cbf3df39ded03bad71228265ac6e5215f/keps/sig-node/24-apparmor/README.md). +The feature requires Kubernetes v1.30 or above. ::: ### Annotations and labels @@ -235,7 +279,7 @@ It configures the address of the Kubernetes API server to connect to. If running the agent within Kubernetes, this will already be set and you don't have to add it manually. -## Configuration +## Environment variables These env vars can be set in the `env:` sections of the agent. @@ -293,7 +337,7 @@ Determines if Pod annotations can be defined from a step's backend options. Additional node selector to apply to worker pods. Must be a YAML object, e.g. `{"topology.kubernetes.io/region":"eu-central-1"}`. -### `WOODPECKER_BACKEND_K8S_SECCTX_NONROOT` +### `WOODPECKER_BACKEND_K8S_SECCTX_NONROOT` > Default: `false` diff --git a/docs/versioned_docs/version-3.0/30-administration/22-backends/20-local.md b/docs/versioned_docs/version-3.3/30-administration/10-configuration/11-backends/30-local.md similarity index 85% rename from docs/versioned_docs/version-3.0/30-administration/22-backends/20-local.md rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/11-backends/30-local.md index c0faf9c2f..a4582b1d8 100644 --- a/docs/versioned_docs/version-3.0/30-administration/22-backends/20-local.md +++ b/docs/versioned_docs/version-3.3/30-administration/10-configuration/11-backends/30-local.md @@ -1,15 +1,15 @@ --- -toc_max_heading_level: 3 +toc_max_heading_level: 2 --- -# Local backend +# Local :::danger The local backend executes pipelines on the local system without any isolation. ::: :::note -Currently we do not support [services](../../20-usage/60-services.md) for this backend. +Currently we do not support [services](../../../20-usage/60-services.md) for this backend. [Read more here](https://github.com/woodpecker-ci/woodpecker/issues/3095). ::: @@ -27,13 +27,7 @@ code and execute commands. In order to use this backend, you need to download (or build) the [agent](https://github.com/woodpecker-ci/woodpecker/releases/latest), configure it and run it on the host machine. -## Usage - -To enable the local backend, set the following: - -```ini -WOODPECKER_BACKEND=local -``` +## Step specific configuration ### Shell @@ -58,9 +52,9 @@ steps: If no commands are provided, plugins are treated in the usual manner. In the context of the local backend, plugins are simply executable binaries, which can be located using their name if they are listed in `$PATH`, or through an absolute path. -### Options +## Environment variables -#### `WOODPECKER_BACKEND_LOCAL_TEMP_DIR` +### `WOODPECKER_BACKEND_LOCAL_TEMP_DIR` > Default: default temp directory diff --git a/docs/versioned_docs/version-3.3/30-administration/10-configuration/11-backends/50-custom.md b/docs/versioned_docs/version-3.3/30-administration/10-configuration/11-backends/50-custom.md new file mode 100644 index 000000000..fdea0a1d6 --- /dev/null +++ b/docs/versioned_docs/version-3.3/30-administration/10-configuration/11-backends/50-custom.md @@ -0,0 +1,18 @@ +# Custom + +If none of our backends fit your use case, you can write your own. To do this, implement the interface `“go.woodpecker-ci.org/woodpecker/woodpecker/v3/pipeline/backend/types”.backend` and create a custom agent that uses your backend: + +```go +package main + +import ( + "go.woodpecker-ci.org/woodpecker/v3/cmd/agent/core" + backendTypes "go.woodpecker-ci.org/woodpecker/v3/pipeline/backend/types" +) + +func main() { + core.RunAgent([]backendTypes.Backend{ + yourBackend, + }) +} +``` diff --git a/docs/versioned_docs/version-3.0/30-administration/22-backends/_category_.yaml b/docs/versioned_docs/version-3.3/30-administration/10-configuration/11-backends/_category_.yaml similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/22-backends/_category_.yaml rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/11-backends/_category_.yaml diff --git a/docs/versioned_docs/version-2.7/30-administration/11-forges/100-addon.md b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/100-addon.md similarity index 58% rename from docs/versioned_docs/version-2.7/30-administration/11-forges/100-addon.md rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/100-addon.md index e280ed420..fecd662bc 100644 --- a/docs/versioned_docs/version-2.7/30-administration/11-forges/100-addon.md +++ b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/100-addon.md @@ -1,13 +1,13 @@ -# Addon forges +# Custom -If the forge you're using does not comply with [Woodpecker's requirements](../../92-development/02-core-ideas.md#forges) or your setup is too specific to be added to Woodpecker's core, you can write your own forge using an addon forge. +If the forge you are using does not meet the [Woodpecker requirements](../../../92-development/02-core-ideas.md#forges) or your setup is too specific to be included in the Woodpecker core, you can write an addon forge. :::warning Addon forges are still experimental. Their implementation can change and break at any time. ::: :::danger -You need to trust the author of the addon forge you use. It can access authentication codes and other possibly sensitive information. +You must trust the author of the addon forge you are using. They may have access to authentication codes and other potentially sensitive information. ::: ## Usage @@ -26,9 +26,7 @@ If you experience bugs, please check which component has the issue. If it's the ## List of addon forges -If you wrote or found an addon forge, please add it here so others can find it! - -_Be the first one to add your addon forge!_ +- [Radicle](https://radicle.xyz/): Open source, peer-to-peer code collaboration stack built on Git. Radicle addon for Woodpecker CI can be found at [this repo](https://explorer.radicle.gr/nodes/seed.radicle.gr/rad:z39Cf1XzrvCLRZZJRUZnx9D1fj5ws). ## Creating addon forges @@ -38,9 +36,9 @@ Addons use RPC to communicate to the server and are implemented using the [`go-p This example will use the Go language. -Directly import Woodpecker's Go packages (`go.woodpecker-ci.org/woodpecker/woodpecker/v2`) and use the interfaces and types defined there. +Directly import Woodpecker's Go packages (`go.woodpecker-ci.org/woodpecker/v3`) and use the interfaces and types defined there. -In the `main` function, just call `"go.woodpecker-ci.org/woodpecker/v2/server/forge/addon".Serve` with a `"go.woodpecker-ci.org/woodpecker/v2/server/forge".Forge` as argument. +In the `main` function, just call `"go.woodpecker-ci.org/woodpecker/v3/server/forge/addon".Serve` with a `"go.woodpecker-ci.org/woodpecker/v3/server/forge".Forge` as argument. This will take care of connecting the addon forge to the server. ### Example structure @@ -52,9 +50,9 @@ import ( "context" "net/http" - "go.woodpecker-ci.org/woodpecker/v2/server/forge/addon" - forgeTypes "go.woodpecker-ci.org/woodpecker/v2/server/forge/types" - "go.woodpecker-ci.org/woodpecker/v2/server/model" + "go.woodpecker-ci.org/woodpecker/v3/server/forge/addon" + forgeTypes "go.woodpecker-ci.org/woodpecker/v3/server/forge/types" + "go.woodpecker-ci.org/woodpecker/v3/server/model" ) func main() { @@ -64,5 +62,5 @@ func main() { type config struct { } -// `config` must implement `"go.woodpecker-ci.org/woodpecker/v2/server/forge".Forge`. You must directly use Woodpecker's packages - see imports above. +// `config` must implement `"go.woodpecker-ci.org/woodpecker/v3/server/forge".Forge`. You must directly use Woodpecker's packages - see imports above. ``` diff --git a/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/11-overview.md b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/11-overview.md new file mode 100644 index 000000000..701a7a489 --- /dev/null +++ b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/11-overview.md @@ -0,0 +1,15 @@ +# Forges + +## Supported features + +| Feature | [GitHub](20-github.md) | [Gitea](30-gitea.md) | [Forgejo](35-forgejo.md) | [Gitlab](40-gitlab.md) | [Bitbucket](50-bitbucket.md) | [Bitbucket Datacenter](60-bitbucket_datacenter.md) | +| ---------------------------------------------------------------- | :--------------------: | :------------------: | :----------------------: | :--------------------: | :--------------------------: | :------------------------------------------------: | +| Event: Push | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| Event: Tag | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| Event: Pull-Request | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| Event: Release | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | +| Event: Deploy¹ | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | +| [Multiple workflows](../../../20-usage/25-workflows.md) | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| [when.path filter](../../../20-usage/20-workflow-syntax.md#path) | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | + +¹ The deployment event can be triggered for all forges from Woodpecker directly. However, only GitHub can trigger them using webhooks. diff --git a/docs/versioned_docs/version-3.0/30-administration/11-forges/20-github.md b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/20-github.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/11-forges/20-github.md rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/20-github.md diff --git a/docs/versioned_docs/version-2.7/30-administration/11-forges/30-gitea.md b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/30-gitea.md similarity index 83% rename from docs/versioned_docs/version-2.7/30-administration/11-forges/30-gitea.md rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/30-gitea.md index bb8e93c2a..7c2930d45 100644 --- a/docs/versioned_docs/version-2.7/30-administration/11-forges/30-gitea.md +++ b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/30-gitea.md @@ -22,8 +22,6 @@ Otherwise, the communication should go via the `docker0` gateway (usually 172.17 To configure the Docker network if the network's name is `gitea`, configure it like this: ```diff title="docker-compose.yaml" - version: '3' - services: [...] woodpecker-agent: @@ -35,7 +33,7 @@ To configure the Docker network if the network's name is `gitea`, configure it l ## Registration -Register your application with Gitea to create your client id and secret. You can find the OAuth applications settings of Gitea at `https://gitea./user/settings/`. It is very import the authorization callback URL matches your http(s) scheme and hostname exactly with `https:///authorize` as the path. +Register your application with Gitea to create your client id and secret. You can find the OAuth applications settings of Gitea at `https://gitea./user/settings/`. It is very important that authorization callback URL matches your http(s) scheme and hostname exactly with `https:///authorize` as the path. If you run the Woodpecker CI server on the same host as the Gitea instance, you might also need to allow local connections in Gitea, since version `v1.16`. Otherwise webhooks will fail. Add the following lines to your Gitea configuration (usually at `/etc/gitea/conf/app.ini`). @@ -48,6 +46,10 @@ For reference see [Configuration Cheat Sheet](https://docs.gitea.io/en-us/config ![gitea oauth setup](gitea_oauth.gif) +:::warning +Make sure your Gitea configuration allows requesting the API with a fixed page length of 50. The default value for the maximum page size is 50, but if you set a value lower than 50, some Woodpecker features will not work properly. Also see the [Configuration Cheat Sheet](https://docs.gitea.com/administration/config-cheat-sheet#api-api). +::: + ## Configuration This is a full list of configuration options. Please note that many of these options use default configuration values that should work for the majority of installations. @@ -93,11 +95,3 @@ Read the value for `WOODPECKER_GITEA_SECRET` from the specified filepath > Default: `false` Configure if SSL verification should be skipped. - -## Advanced options - -### `WOODPECKER_DEV_GITEA_OAUTH_URL` - -> Default: value of `WOODPECKER_GITEA_URL` - -Configures the user-facing Gitea server address. Should be used if `WOODPECKER_GITEA_URL` points to an internal URL used for API requests. diff --git a/docs/versioned_docs/version-2.7/30-administration/11-forges/35-forgejo.md b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/35-forgejo.md similarity index 85% rename from docs/versioned_docs/version-2.7/30-administration/11-forges/35-forgejo.md rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/35-forgejo.md index df7793118..568c121c6 100644 --- a/docs/versioned_docs/version-2.7/30-administration/11-forges/35-forgejo.md +++ b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/35-forgejo.md @@ -4,10 +4,6 @@ toc_max_heading_level: 2 # Forgejo -:::warning -Forgejo support is experimental. -::: - Woodpecker comes with built-in support for Forgejo. To enable Forgejo you should configure the Woodpecker container using the following environment variables: ```ini @@ -37,7 +33,7 @@ To configure the Docker network if the network's name is `forgejo`, configure it ## Registration -Register your application with Forgejo to create your client id and secret. You can find the OAuth applications settings of Forgejo at `https://forgejo./user/settings/`. It is very import the authorization callback URL matches your http(s) scheme and hostname exactly with `https:///authorize` as the path. +Register your application with Forgejo to create your client id and secret. You can find the OAuth applications settings of Forgejo at `https://forgejo./user/settings/`. It is very important that authorization callback URL matches your http(s) scheme and hostname exactly with `https:///authorize` as the path. If you run the Woodpecker CI server on the same host as the Forgejo instance, you might also need to allow local connections in Forgejo. Otherwise webhooks will fail. Add the following lines to your Forgejo configuration (usually at `/etc/forgejo/conf/app.ini`). @@ -50,6 +46,10 @@ For reference see [Configuration Cheat Sheet](https://forgejo.org/docs/latest/ad ![forgejo oauth setup](gitea_oauth.gif) +:::warning +Make sure your Forgejo configuration allows requesting the API with a fixed page length of 50. The default value for the maximum page size is 50, but if you set a value lower than 50, some Woodpecker features will not work properly. Also see the [Configuration Cheat Sheet](https://forgejo.org/docs/latest/admin/config-cheat-sheet/#api-api). +::: + ## Configuration This is a full list of configuration options. Please note that many of these options use default configuration values that should work for the majority of installations. diff --git a/docs/versioned_docs/version-2.7/30-administration/11-forges/40-gitlab.md b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/40-gitlab.md similarity index 91% rename from docs/versioned_docs/version-2.7/30-administration/11-forges/40-gitlab.md rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/40-gitlab.md index 3fff410c6..67a862284 100644 --- a/docs/versioned_docs/version-2.7/30-administration/11-forges/40-gitlab.md +++ b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/40-gitlab.md @@ -4,7 +4,7 @@ toc_max_heading_level: 2 # GitLab -Woodpecker comes with built-in support for the GitLab version 8.2 and higher. To enable GitLab you should configure the Woodpecker container using the following environment variables: +Woodpecker comes with built-in support for the GitLab version 12.4 and higher. To enable GitLab you should configure the Woodpecker container using the following environment variables: ```ini WOODPECKER_GITLAB=true diff --git a/docs/versioned_docs/version-3.0/30-administration/11-forges/50-bitbucket.md b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/50-bitbucket.md similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/11-forges/50-bitbucket.md rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/50-bitbucket.md diff --git a/docs/versioned_docs/version-2.7/30-administration/11-forges/60-bitbucket_datacenter.md b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/60-bitbucket_datacenter.md similarity index 99% rename from docs/versioned_docs/version-2.7/30-administration/11-forges/60-bitbucket_datacenter.md rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/60-bitbucket_datacenter.md index 53926fa73..742180008 100644 --- a/docs/versioned_docs/version-2.7/30-administration/11-forges/60-bitbucket_datacenter.md +++ b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/60-bitbucket_datacenter.md @@ -11,8 +11,6 @@ Woodpecker comes with experimental support for Bitbucket Datacenter / Server, fo To enable Bitbucket Server you should configure the Woodpecker container using the following environment variables: ```diff title="docker-compose.yaml" - version: '3' - services: woodpecker-server: [...] diff --git a/docs/versioned_docs/version-3.0/30-administration/11-forges/_category_.yaml b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/_category_.yaml similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/11-forges/_category_.yaml rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/_category_.yaml diff --git a/docs/versioned_docs/version-3.0/30-administration/11-forges/bitbucket_oauth.png b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/bitbucket_oauth.png similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/11-forges/bitbucket_oauth.png rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/bitbucket_oauth.png diff --git a/docs/versioned_docs/version-3.0/30-administration/11-forges/bitbucket_permissions.png b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/bitbucket_permissions.png similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/11-forges/bitbucket_permissions.png rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/bitbucket_permissions.png diff --git a/docs/versioned_docs/version-3.0/30-administration/11-forges/gitea_oauth.gif b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/gitea_oauth.gif similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/11-forges/gitea_oauth.gif rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/gitea_oauth.gif diff --git a/docs/versioned_docs/version-3.0/30-administration/11-forges/github_oauth.png b/docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/github_oauth.png similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/11-forges/github_oauth.png rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/12-forges/github_oauth.png diff --git a/docs/versioned_docs/version-2.7/30-administration/15-agent-config.md b/docs/versioned_docs/version-3.3/30-administration/10-configuration/30-agent.md similarity index 84% rename from docs/versioned_docs/version-2.7/30-administration/15-agent-config.md rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/30-agent.md index 15792b38b..69a11ab5c 100644 --- a/docs/versioned_docs/version-2.7/30-administration/15-agent-config.md +++ b/docs/versioned_docs/version-3.3/30-administration/10-configuration/30-agent.md @@ -1,8 +1,8 @@ --- -toc_max_heading_level: 2 +toc_max_heading_level: 3 --- -# Agent configuration +# Agent Agents are configured by the command line or environment variables. At the minimum you need the following information: @@ -56,9 +56,7 @@ To get an _agent token_ you have to register the agent manually in the server us 1. The agent will connect to the server using the provided token and will update its status in the UI: ![Agent connected](./new-agent-connected.png) -## All agent configuration options - -Here is the full list of configuration options and their default variables. +## Environment variables ### `WOODPECKER_SERVER` @@ -120,11 +118,14 @@ Configures the path of the agent config file. Configures the number of parallel workflows. -### `WOODPECKER_FILTER_LABELS` +### `WOODPECKER_AGENT_LABELS` > Default: empty -Configures labels to filter pipeline pick up. Use a list of key-value pairs like `key=value,second-key=*`. `*` can be used as a wildcard. By default, agents provide three additional labels `platform=os/arch`, `hostname=my-agent` and `repo=*` which can be overwritten if needed. To learn how labels work, check out the [pipeline syntax page](../20-usage/20-workflow-syntax.md#labels). +Configures custom labels for the agent, to let workflows filter by it. +Use a list of key-value pairs like `key=value,second-key=*`. `*` can be used as a wildcard. +By default, agents provide three additional labels `platform=os/arch`, `hostname=my-agent` and `repo=*` which can be overwritten if needed. +To learn how labels work, check out the [pipeline syntax page](../../20-usage/20-workflow-syntax.md#labels). ### `WOODPECKER_HEALTHCHECK` @@ -170,29 +171,29 @@ Configures the backend engine to run pipelines on. Possible values are `auto-det ### `WOODPECKER_BACKEND_DOCKER_*` -See [Docker backend configuration](./22-backends/10-docker.md#configuration) +See [Docker backend configuration](./11-backends/10-docker.md#environment-variables) ### `WOODPECKER_BACKEND_K8S_*` -See [Kubernetes backend configuration](./22-backends/40-kubernetes.md#configuration) +See [Kubernetes backend configuration](./11-backends/20-kubernetes.md#environment-variables) ### `WOODPECKER_BACKEND_LOCAL_*` -See [Local backend configuration](./22-backends/20-local.md#options) +See [Local backend configuration](./11-backends/30-local.md#environment-variables) -## Advanced Settings +### Advanced Settings :::warning Only change these If you know what you do. ::: -### `WOODPECKER_CONNECT_RETRY_COUNT` +#### `WOODPECKER_CONNECT_RETRY_COUNT` > Default: `5` Configures number of times agent retries to connect to the server. -### `WOODPECKER_CONNECT_RETRY_DELAY` +#### `WOODPECKER_CONNECT_RETRY_DELAY` > Default: `2s` diff --git a/docs/versioned_docs/version-2.7/30-administration/40-advanced/30-autoscaler.md b/docs/versioned_docs/version-3.3/30-administration/10-configuration/40-autoscaler.md similarity index 93% rename from docs/versioned_docs/version-2.7/30-administration/40-advanced/30-autoscaler.md rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/40-autoscaler.md index ce9ee914a..0ad43a30b 100644 --- a/docs/versioned_docs/version-2.7/30-administration/40-advanced/30-autoscaler.md +++ b/docs/versioned_docs/version-3.3/30-administration/10-configuration/40-autoscaler.md @@ -6,13 +6,11 @@ Please note that the autoscaler is not feature-complete yet. You can follow the ## Setup -### docker-compose +### docker compose -If you are using docker-compose you can add the following to your `docker-compose.yaml` file: +If you are using docker compose you can add the following to your `docker-compose.yaml` file: ```yaml -version: '3' - services: woodpecker-server: image: woodpeckerci/woodpecker-server:next diff --git a/docs/versioned_docs/version-3.3/30-administration/10-configuration/_category_.yaml b/docs/versioned_docs/version-3.3/30-administration/10-configuration/_category_.yaml new file mode 100644 index 000000000..974350274 --- /dev/null +++ b/docs/versioned_docs/version-3.3/30-administration/10-configuration/_category_.yaml @@ -0,0 +1,3 @@ +label: 'Configuration' +collapsible: true +collapsed: true diff --git a/docs/versioned_docs/version-3.0/30-administration/new-agent-connected.png b/docs/versioned_docs/version-3.3/30-administration/10-configuration/new-agent-connected.png similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/new-agent-connected.png rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/new-agent-connected.png diff --git a/docs/versioned_docs/version-3.0/30-administration/new-agent-created.png b/docs/versioned_docs/version-3.3/30-administration/10-configuration/new-agent-created.png similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/new-agent-created.png rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/new-agent-created.png diff --git a/docs/versioned_docs/version-3.0/30-administration/new-agent-registration.png b/docs/versioned_docs/version-3.3/30-administration/10-configuration/new-agent-registration.png similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/new-agent-registration.png rename to docs/versioned_docs/version-3.3/30-administration/10-configuration/new-agent-registration.png diff --git a/docs/versioned_docs/version-3.0/30-administration/_category_.yaml b/docs/versioned_docs/version-3.3/30-administration/_category_.yaml similarity index 100% rename from docs/versioned_docs/version-3.0/30-administration/_category_.yaml rename to docs/versioned_docs/version-3.3/30-administration/_category_.yaml diff --git a/docs/versioned_docs/version-3.3/40-cli.md b/docs/versioned_docs/version-3.3/40-cli.md new file mode 100644 index 000000000..1a6fb2d96 --- /dev/null +++ b/docs/versioned_docs/version-3.3/40-cli.md @@ -0,0 +1,990 @@ +# CLI + +# NAME + +woodpecker-cli - command line utility + +# SYNOPSIS + +woodpecker-cli + +``` +[--config|-c]=[value] +[--disable-update-check] +[--log-file]=[value] +[--log-level]=[value] +[--nocolor] +[--pretty] +[--server|-s]=[value] +[--skip-verify] +[--socks-proxy-off] +[--socks-proxy]=[value] +[--token|-t]=[value] +``` + +# DESCRIPTION + +Woodpecker command line utility + +**Usage**: + +``` +woodpecker-cli [GLOBAL OPTIONS] [command [COMMAND OPTIONS]] [ARGUMENTS...] +``` + +# GLOBAL OPTIONS + +**--config, -c**="": path to config file + +**--disable-update-check**: disable update check + +**--log-file**="": Output destination for logs. 'stdout' and 'stderr' can be used as special keywords. (default: stderr) + +**--log-level**="": set logging level (default: info) + +**--nocolor**: disable colored debug output, only has effect if pretty output is set too + +**--pretty**: enable pretty-printed debug output + +**--server, -s**="": server address + +**--skip-verify**: skip ssl verification + +**--socks-proxy**="": socks proxy address + +**--socks-proxy-off**: socks proxy ignored + +**--token, -t**="": server auth token + + +# COMMANDS + +## admin + +manage server settings + +### log-level + +retrieve log level from server, or set it with [level] + +### registry + +manage global registries + +#### add + +add a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--password**="": registry password + +**--username**="": registry username + +#### rm + +remove a registry + +**--hostname**="": registry hostname (default: docker.io) + +#### ls + +list registries + +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + +#### show + +show registry information + +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + +**--hostname**="": registry hostname (default: docker.io) + +#### update + +update a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +**--password**="": registry password + +**--username**="": registry username + +### secret + +manage global secrets + +#### add + +add a secret + +**--event**="": secret limited to these events (default: []) + +**--image**="": secret limited to these images (default: []) + +**--value**="": secret value + +#### rm + +remove a secret + +**--name**="": secret name + +#### ls + +list secrets + +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + +#### show + +show secret information + +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + +**--name**="": secret name + +#### update + +update a secret + +**--event**="": secret limited to these events (default: []) + +**--image**="": secret limited to these images (default: []) + +**--name**="": secret name + +**--value**="": secret value + +### user + +manage users + +#### add + +add a user + +#### ls + +list all users + +**--format**="": format output (default: {{ .Login }}) + +#### rm + +remove a user + +#### show + +show user information + +**--format**="": format output (default: User: {{ .Login }} +Email: {{ .Email }}) + +## exec + +execute a local pipeline + +**--backend-docker-api-version**="": the version of the API to reach, leave empty for latest. + +**--backend-docker-cert**="": path to load the TLS certificates for connecting to docker server + +**--backend-docker-host**="": path to docker socket or url to the docker server + +**--backend-docker-ipv6**: backend docker enable IPV6 + +**--backend-docker-limit-cpu-quota**="": impose a cpu quota (default: 0) + +**--backend-docker-limit-cpu-set**="": set the cpus allowed to execute containers + +**--backend-docker-limit-cpu-shares**="": change the cpu shares (default: 0) + +**--backend-docker-limit-mem**="": maximum memory allowed in bytes (default: 0) + +**--backend-docker-limit-mem-swap**="": maximum memory used for swap in bytes (default: 0) + +**--backend-docker-limit-shm-size**="": docker /dev/shm allowed in bytes (default: 0) + +**--backend-docker-network**="": backend docker network + +**--backend-docker-tls-verify**: enable or disable TLS verification for connecting to docker server + +**--backend-docker-volumes**="": backend docker volumes (comma separated) + +**--backend-engine**="": backend engine to run pipelines on (default: auto-detect) + +**--backend-http-proxy**="": if set, pass the environment variable down as "HTTP_PROXY" to steps + +**--backend-https-proxy**="": if set, pass the environment variable down as "HTTPS_PROXY" to steps + +**--backend-k8s-allow-native-secrets**: whether to allow existing Kubernetes secrets to be referenced from steps + +**--backend-k8s-namespace**="": backend k8s namespace (default: woodpecker) + +**--backend-k8s-pod-annotations**="": backend k8s additional Agent-wide worker pod annotations + +**--backend-k8s-pod-annotations-allow-from-step**: whether to allow using annotations from step's backend options + +**--backend-k8s-pod-image-pull-secret-names**="": backend k8s pull secret names for private registries (default: []) + +**--backend-k8s-pod-labels**="": backend k8s additional Agent-wide worker pod labels + +**--backend-k8s-pod-labels-allow-from-step**: whether to allow using labels from step's backend options + +**--backend-k8s-pod-node-selector**="": backend k8s Agent-wide worker pod node selector + +**--backend-k8s-secctx-nonroot**: `run as non root` Kubernetes security context option + +**--backend-k8s-storage-class**="": backend k8s storage class + +**--backend-k8s-storage-rwx**: backend k8s storage access mode, should ReadWriteMany (RWX) instead of ReadWriteOnce (RWO) be used? (default: true) + +**--backend-k8s-volume-size**="": backend k8s volume size (default 10G) (default: 10G) + +**--backend-local-temp-dir**="": set a different temp dir to clone workflows into (default: /tmp) + +**--backend-no-proxy**="": if set, pass the environment variable down as "NO_PROXY" to steps + +**--commit-author-avatar**="": Set the metadata environment variable "CI_COMMIT_AUTHOR_AVATAR". + +**--commit-author-email**="": Set the metadata environment variable "CI_COMMIT_AUTHOR_EMAIL". + +**--commit-author-name**="": Set the metadata environment variable "CI_COMMIT_AUTHOR". + +**--commit-branch**="": Set the metadata environment variable "CI_COMMIT_BRANCH". (default: main) + +**--commit-message**="": Set the metadata environment variable "CI_COMMIT_MESSAGE". + +**--commit-pull-labels**="": Set the metadata environment variable "CI_COMMIT_PULL_REQUEST_LABELS". (default: []) + +**--commit-ref**="": Set the metadata environment variable "CI_COMMIT_REF". + +**--commit-refspec**="": Set the metadata environment variable "CI_COMMIT_REFSPEC". + +**--commit-release-is-pre**: Set the metadata environment variable "CI_COMMIT_PRERELEASE". + +**--commit-sha**="": Set the metadata environment variable "CI_COMMIT_SHA". + +**--env**="": Set the metadata environment variable "CI_ENV". (default: []) + +**--forge-type**="": Set the metadata environment variable "CI_FORGE_TYPE". + +**--forge-url**="": Set the metadata environment variable "CI_FORGE_URL". + +**--local**: run from local directory + +**--metadata-file**="": path to pipeline metadata file (normally downloaded from UI). Parameters can be adjusted by applying additional cli flags + +**--netrc-machine**="": + +**--netrc-password**="": + +**--netrc-username**="": + +**--network**="": external networks (default: []) + +**--pipeline-changed-files**="": Set the metadata environment variable "CI_PIPELINE_FILES", either json formatted list of strings, or comma separated string list. + +**--pipeline-created**="": Set the metadata environment variable "CI_PIPELINE_CREATED". (default: 0) + +**--pipeline-deploy-task**="": Set the metadata environment variable "CI_PIPELINE_DEPLOY_TASK". + +**--pipeline-deploy-to**="": Set the metadata environment variable "CI_PIPELINE_DEPLOY_TARGET". + +**--pipeline-event**="": Set the metadata environment variable "CI_PIPELINE_EVENT". (default: manual) + +**--pipeline-number**="": Set the metadata environment variable "CI_PIPELINE_NUMBER". (default: 0) + +**--pipeline-parent**="": Set the metadata environment variable "CI_PIPELINE_PARENT". (default: 0) + +**--pipeline-started**="": Set the metadata environment variable "CI_PIPELINE_STARTED". (default: 0) + +**--pipeline-url**="": Set the metadata environment variable "CI_PIPELINE_FORGE_URL". + +**--plugins-privileged**="": Allow plugins to run in privileged mode, if environment variable is defined but empty there will be none (default: []) + +**--prev-commit-author-avatar**="": Set the metadata environment variable "CI_PREV_COMMIT_AUTHOR_AVATAR". + +**--prev-commit-author-email**="": Set the metadata environment variable "CI_PREV_COMMIT_AUTHOR_EMAIL". + +**--prev-commit-author-name**="": Set the metadata environment variable "CI_PREV_COMMIT_AUTHOR". + +**--prev-commit-branch**="": Set the metadata environment variable "CI_PREV_COMMIT_BRANCH". + +**--prev-commit-message**="": Set the metadata environment variable "CI_PREV_COMMIT_MESSAGE". + +**--prev-commit-ref**="": Set the metadata environment variable "CI_PREV_COMMIT_REF". + +**--prev-commit-refspec**="": Set the metadata environment variable "CI_PREV_COMMIT_REFSPEC". + +**--prev-commit-sha**="": Set the metadata environment variable "CI_PREV_COMMIT_SHA". + +**--prev-pipeline-created**="": Set the metadata environment variable "CI_PREV_PIPELINE_CREATED". (default: 0) + +**--prev-pipeline-deploy-task**="": Set the metadata environment variable "CI_PREV_PIPELINE_DEPLOY_TASK". + +**--prev-pipeline-deploy-to**="": Set the metadata environment variable "CI_PREV_PIPELINE_DEPLOY_TARGET". + +**--prev-pipeline-event**="": Set the metadata environment variable "CI_PREV_PIPELINE_EVENT". + +**--prev-pipeline-finished**="": Set the metadata environment variable "CI_PREV_PIPELINE_FINISHED". (default: 0) + +**--prev-pipeline-number**="": Set the metadata environment variable "CI_PREV_PIPELINE_NUMBER". (default: 0) + +**--prev-pipeline-started**="": Set the metadata environment variable "CI_PREV_PIPELINE_STARTED". (default: 0) + +**--prev-pipeline-status**="": Set the metadata environment variable "CI_PREV_PIPELINE_STATUS". + +**--prev-pipeline-url**="": Set the metadata environment variable "CI_PREV_PIPELINE_FORGE_URL". + +**--repo**="": Set the full name to derive metadata environment variables "CI_REPO", "CI_REPO_NAME" and "CI_REPO_OWNER". + +**--repo-clone-ssh-url**="": Set the metadata environment variable "CI_REPO_CLONE_SSH_URL". + +**--repo-clone-url**="": Set the metadata environment variable "CI_REPO_CLONE_URL". + +**--repo-default-branch**="": Set the metadata environment variable "CI_REPO_DEFAULT_BRANCH". (default: main) + +**--repo-path**="": path to local repository + +**--repo-private**="": Set the metadata environment variable "CI_REPO_PRIVATE". + +**--repo-remote-id**="": Set the metadata environment variable "CI_REPO_REMOTE_ID". + +**--repo-trusted-network**: Set the metadata environment variable "CI_REPO_TRUSTED_NETWORK". + +**--repo-trusted-security**: Set the metadata environment variable "CI_REPO_TRUSTED_SECURITY". + +**--repo-trusted-volumes**: Set the metadata environment variable "CI_REPO_TRUSTED_VOLUMES". + +**--repo-url**="": Set the metadata environment variable "CI_REPO_URL". + +**--system-host**="": Set the metadata environment variable "CI_SYSTEM_HOST". + +**--system-name**="": Set the metadata environment variable "CI_SYSTEM_NAME". (default: woodpecker) + +**--system-platform**="": Set the metadata environment variable "CI_SYSTEM_PLATFORM". + +**--system-url**="": Set the metadata environment variable "CI_SYSTEM_URL". (default: https://github.com/woodpecker-ci/woodpecker) + +**--timeout**="": pipeline timeout (default: 1h0m0s) + +**--volumes**="": pipeline volumes (default: []) + +**--workflow-name**="": Set the metadata environment variable "CI_WORKFLOW_NAME". + +**--workflow-number**="": Set the metadata environment variable "CI_WORKFLOW_NUMBER". (default: 0) + +**--workspace-base**="": (default: /woodpecker) + +**--workspace-path**="": (default: src) + +## info + +show information about the current user + +**--format**="": format output (deprecated) (default: User: {{ .Login }} +Email: {{ .Email }}) + +## lint + +lint a pipeline configuration file + +**--plugins-privileged**="": allow plugins to run in privileged mode, if set empty, there is no (default: []) + +**--plugins-trusted-clone**="": plugins that are trusted to handle Git credentials in cloning steps (default: [docker.io/woodpeckerci/plugin-git:2.6.2 docker.io/woodpeckerci/plugin-git quay.io/woodpeckerci/plugin-git]) + +**--strict**: treat warnings as errors + +## org + +manage organizations + +### registry + +manage organization registries + +#### add + +add a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +**--password**="": registry password + +**--username**="": registry username + +#### rm + +remove a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +#### ls + +list registries + +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +#### show + +show registry information + +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + +**--hostname**="": registry hostname (default: docker.io) + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +#### update + +update a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +**--password**="": registry password + +**--username**="": registry username + +### secret + +manage secrets + +#### add + +add a secret + +**--event**="": secret limited to these events (default: []) + +**--image**="": secret limited to these images (default: []) + +**--name**="": secret name + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +**--value**="": secret value + +#### rm + +remove a secret + +**--name**="": secret name + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +#### ls + +list secrets + +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +#### show + +show secret information + +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + +**--name**="": secret name + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +#### update + +update a secret + +**--event**="": limit secret to these event (default: []) + +**--image**="": limit secret to these image (default: []) + +**--name**="": secret name + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +**--value**="": secret value + +## pipeline + +manage pipelines + +### approve + +approve a pipeline + +### create + +create new pipeline + +**--branch**="": branch to create pipeline from + +**--output**="": output format (default: table) + +**--output-no-headers**: don't print headers + +**--var**="": key=value (default: []) + +### decline + +decline a pipeline + +### deploy + +trigger a pipeline with the 'deployment' event + +**--branch**="": branch filter + +**--event**="": event filter (default: push) + +**--format**="": format output (default: Number: {{ .Number }} +Status: {{ .Status }} +Commit: {{ .Commit }} +Branch: {{ .Branch }} +Ref: {{ .Ref }} +Message: {{ .Message }} +Author: {{ .Author }} +Target: {{ .Deploy }} +) + +**--param, -p**="": custom parameters to inject into the step environment. Format: KEY=value (default: []) + +**--status**="": status filter (default: success) + +### last + +show latest pipeline information + +**--branch**="": branch name (default: main) + +**--output**="": output format (default: table) + +**--output-no-headers**: don't print headers + +### ls + +show pipeline history + +**--after**="": only return pipelines after this date (RFC3339) (default: 0001-01-01 00:00:00 +0000 UTC) + +**--before**="": only return pipelines before this date (RFC3339) (default: 0001-01-01 00:00:00 +0000 UTC) + +**--branch**="": branch filter + +**--event**="": event filter + +**--limit**="": limit the list size (default: 25) + +**--output**="": output format (default: table) + +**--output-no-headers**: don't print headers + +**--status**="": status filter + +### log + +manage logs + +#### purge + +purge a log + +#### show + +show pipeline logs + +### ps + +show pipeline steps + +**--format**="": format output (default: {{ .workflow.Name }} > {{ .step.Name }} (#{{ .step.PID }}): +Step: {{ .step.Name }} +Started: {{ .step.Started }} +Stopped: {{ .step.Stopped }} +Type: {{ .step.Type }} +State: {{ .step.State }} +) + +### purge + +purge pipelines + +**--dry-run**: disable non-read api calls + +**--keep-min**="": minimum number of pipelines to keep (default: 10) + +**--older-than**="": remove pipelines older than the specified time limit + +### queue + +show pipeline queue + +**--format**="": format output (default: {{ .FullName }} #{{ .Number }}  +Status: {{ .Status }} +Event: {{ .Event }} +Commit: {{ .Commit }} +Branch: {{ .Branch }} +Ref: {{ .Ref }} +Author: {{ .Author }} {{ if .Email }}<{{.Email}}>{{ end }} +Message: {{ .Message }} +) + +### show + +show pipeline information + +**--output**="": output format (default: table) + +**--output-no-headers**: don't print headers + +### start + +start a pipeline + +**--param, -p**="": custom parameters to inject into the step environment. Format: KEY=value (default: []) + +### stop + +stop a pipeline + +## repo + +manage repositories + +### add + +add a repository + +### chown + +assume ownership of a repository + +### cron + +manage cron jobs + +#### add + +add a cron job + +**--branch**="": cron branch + +**--format**="": format output (deprecated) (default: {{ .Name }}  +ID: {{ .ID }} +Branch: {{ .Branch }} +Schedule: {{ .Schedule }} +NextExec: {{ .NextExec }} +) + +**--name**="": cron name + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +**--schedule**="": cron schedule + +#### rm + +remove a cron job + +**--id**="": cron id + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### ls + +list cron jobs + +**--format**="": format output (deprecated) (default: {{ .Name }}  +ID: {{ .ID }} +Branch: {{ .Branch }} +Schedule: {{ .Schedule }} +NextExec: {{ .NextExec }} +) + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### show + +show cron job information + +**--format**="": format output (deprecated) (default: {{ .Name }}  +ID: {{ .ID }} +Branch: {{ .Branch }} +Schedule: {{ .Schedule }} +NextExec: {{ .NextExec }} +) + +**--id**="": cron id + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### update + +update a cron job + +**--branch**="": cron branch + +**--format**="": format output (deprecated) (default: {{ .Name }}  +ID: {{ .ID }} +Branch: {{ .Branch }} +Schedule: {{ .Schedule }} +NextExec: {{ .NextExec }} +) + +**--id**="": cron id + +**--name**="": cron name + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +**--schedule**="": cron schedule + +### ls + +list all repos + +**--all**: query all repos, including inactive ones + +**--format**="": format output (deprecated) + +**--org**="": filter by organization + +**--output**="": output format (default: table) + +**--output-no-headers**: don't print headers + +### registry + +manage registries + +#### add + +add a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--password**="": registry password + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +**--username**="": registry username + +#### rm + +remove a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### ls + +list registries + +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### show + +show registry information + +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + +**--hostname**="": registry hostname (default: docker.io) + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### update + +update a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--password**="": registry password + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +**--username**="": registry username + +### rm + +remove a repository + +### repair + +repair repository webhooks + +### secret + +manage secrets + +#### add + +add a secret + +**--event**="": limit secret to these events (default: []) + +**--image**="": limit secret to these images (default: []) + +**--name**="": secret name + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +**--value**="": secret value + +#### rm + +remove a secret + +**--name**="": secret name + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### ls + +list secrets + +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### show + +show secret information + +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + +**--name**="": secret name + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### update + +update a secret + +**--event**="": limit secret to these events (default: []) + +**--image**="": limit secret to these images (default: []) + +**--name**="": secret name + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +**--value**="": secret value + +### show + +show repository information + +**--output**="": output format (default: table) + +**--output-no-headers**: don't print headers + +### sync + +synchronize the repository list + +**--format**="": format output (default: {{ .FullName }} (id: {{ .ID }}, forgeRemoteID: {{ .ForgeRemoteID }}, isActive: {{ .IsActive }})) + +### update + +update a repository + +**--config**="": repository configuration path. Example: .woodpecker.yml + +**--pipeline-counter**="": repository starting pipeline number (default: 0) + +**--require-approval**="": repository requires approval for + +**--timeout**="": repository timeout (default: 0s) + +**--trusted**: repository is trusted + +**--unsafe**: allow unsafe operations + +**--visibility**="": repository visibility + +## setup + +setup the woodpecker-cli for the first time + +**--server**="": URL of the woodpecker server + +**--token**="": token to authenticate with the woodpecker server + +## update + +update the woodpecker-cli to the latest version + +**--force**: force update even if the latest version is already installed diff --git a/docs/versioned_docs/version-2.7/92-development/01-getting-started.md b/docs/versioned_docs/version-3.3/92-development/01-getting-started.md similarity index 83% rename from docs/versioned_docs/version-2.7/92-development/01-getting-started.md rename to docs/versioned_docs/version-3.3/92-development/01-getting-started.md index 255b92a48..89e5d960c 100644 --- a/docs/versioned_docs/version-2.7/92-development/01-getting-started.md +++ b/docs/versioned_docs/version-3.3/92-development/01-getting-started.md @@ -4,12 +4,12 @@ You can develop on your local computer by following the [steps below](#preparati ## Gitpod -If you want to start development or updating docs as easy as possible, you can use our preconfigured setup for Woodpecker using [Gitpod](https://github.com/gitpod-io/gitpod). Gitpod starts a complete development setup in the cloud containing: +If you want to start development or updating docs as easy as possible, you can use our pre-configured setup for Woodpecker using [Gitpod](https://github.com/gitpod-io/gitpod). Gitpod starts a complete development setup in the cloud containing: - An IDE in the browser or bridged to your local VS-Code or Jetbrains -- A preconfigured [Gitea](https://github.com/go-gitea/gitea) instance as forge -- A preconfigured Woodpecker server -- A single preconfigured Woodpecker agent node +- A pre-configured [Gitea](https://github.com/go-gitea/gitea) instance as forge +- A pre-configured Woodpecker server +- A single pre-configured Woodpecker agent node - Our docs preview server Start Woodpecker in Gitpod by clicking on the following badge. You can log in with `woodpecker` and `password`. @@ -34,7 +34,7 @@ Install make on: ### Install Node.js & `pnpm` -Install [Node.js (>=14)](https://nodejs.org/en/download/) if you want to build Woodpecker's UI or documentation. +Install [Node.js (>=20)](https://nodejs.org/en/download/package-manager) if you want to build Woodpecker's UI or documentation. For dependency installation (`node_modules`) of UI and documentation of Woodpecker the package manager pnpm is used. [This guide](https://pnpm.io/installation) describes the installation of `pnpm`. @@ -54,8 +54,7 @@ A common config for debugging would look like this: WOODPECKER_OPEN=true WOODPECKER_ADMIN=your-username -# if you want to test webhooks with an online forge like GitHub this address needs to be accessible from public server -WOODPECKER_HOST=http://your-dev-address.com +WOODPECKER_HOST=http://localhost:8000 # github (sample for a forge config - see /docs/administration/forge/overview for other forges) WOODPECKER_GITHUB=true @@ -70,8 +69,8 @@ WOODPECKER_MAX_WORKFLOWS=1 # enable if you want to develop the UI # WOODPECKER_DEV_WWW_PROXY=http://localhost:8010 -# used so you can login without using a public address -WOODPECKER_DEV_OAUTH_HOST=http://localhost:8000 +# if you want to test webhooks with an online forge like GitHub this address needs to be set and accessible from public server +WOODPECKER_EXPERT_WEBHOOK_HOST=http://your-address.com # disable health-checks while debugging (normally not needed while developing) WOODPECKER_HEALTHCHECK=false @@ -82,7 +81,7 @@ WOODPECKER_HEALTHCHECK=false ### Setup OAuth -Create an OAuth app for your forge as described in the [forges documentation](../30-administration/11-forges/11-overview.md). If you set `WOODPECKER_DEV_OAUTH_HOST=http://localhost:8000` you can use that address with the path as explained for the specific forge to login without the need for a public address. For example for GitHub you would use `http://localhost:8000/authorize` as authorization callback URL. +Create an OAuth app for your forge as described in the [forges documentation](../30-administration/10-configuration/12-forges/11-overview.md). ## Developing with VS Code @@ -129,7 +128,7 @@ make test-frontend If you want to test a specific Go file, you can also use: ```bash -go test -race -timeout 30s go.woodpecker-ci.org/woodpecker/v2/ +go test -race -timeout 30s go.woodpecker-ci.org/woodpecker/v3/ ``` Or you can open the test-file inside [VS-Code](#developing-with-vs-code) and run or debug the test by clicking on the inline commands: diff --git a/docs/versioned_docs/version-3.0/92-development/02-core-ideas.md b/docs/versioned_docs/version-3.3/92-development/02-core-ideas.md similarity index 76% rename from docs/versioned_docs/version-3.0/92-development/02-core-ideas.md rename to docs/versioned_docs/version-3.3/92-development/02-core-ideas.md index a88470f0a..fce17ab24 100644 --- a/docs/versioned_docs/version-3.0/92-development/02-core-ideas.md +++ b/docs/versioned_docs/version-3.3/92-development/02-core-ideas.md @@ -8,8 +8,8 @@ ## Addons and extensions If you are wondering whether your contribution will be accepted to be merged in the Woodpecker core, or whether it's better to write an -[addon forge](../30-administration/11-forges/100-addon.md), [extension](../30-administration/40-advanced/100-external-configuration-api.md) or an -[external custom backend](../30-administration/22-backends/50-custom-backends.md), please check these points: +[addon forge](../30-administration/10-configuration/12-forges/100-addon.md), [extension](../30-administration/10-configuration/10-server.md#external-configuration-api) or an +[external custom backend](../30-administration/10-configuration/11-backends/50-custom.md), please check these points: - Is your change very specific to your setup and unlikely to be used by anyone else? - Does your change violate the [guidelines](#guidelines)? diff --git a/docs/versioned_docs/version-2.7/92-development/03-ui.md b/docs/versioned_docs/version-3.3/92-development/03-ui.md similarity index 91% rename from docs/versioned_docs/version-2.7/92-development/03-ui.md rename to docs/versioned_docs/version-3.3/92-development/03-ui.md index 6a01584c2..1931ba99a 100644 --- a/docs/versioned_docs/version-2.7/92-development/03-ui.md +++ b/docs/versioned_docs/version-3.3/92-development/03-ui.md @@ -21,9 +21,10 @@ The following list contains some tools and frameworks used by the Woodpecker UI. - use `setup` and composition api - place (re-usable) components in `web/src/components/` - views should have a route in `web/src/router.ts` and are located in `web/src/views/` -- [Windicss](https://windicss.org/) (similar to Tailwind) - - use Windicss classes where possible - - if needed extend the Windicss config to use new classes +- [Tailwind CSS](https://tailwindcss.com/) + - use Tailwind classes where possible + - if needed extend the Tailwind config to use new classes + - classes are sorted following the [prettier tailwind sort plugin](https://tailwindcss.com/blog/automatic-class-sorting-with-prettier) - [Vite](https://vitejs.dev/) (similar to Webpack) - [Typescript](https://www.typescriptlang.org/) - avoid using `any` and `unknown` (the linter will prevent you from doing so anyways :wink:) diff --git a/docs/versioned_docs/version-3.0/92-development/04-docs.md b/docs/versioned_docs/version-3.3/92-development/04-docs.md similarity index 100% rename from docs/versioned_docs/version-3.0/92-development/04-docs.md rename to docs/versioned_docs/version-3.3/92-development/04-docs.md diff --git a/docs/versioned_docs/version-3.0/92-development/05-architecture.md b/docs/versioned_docs/version-3.3/92-development/05-architecture.md similarity index 100% rename from docs/versioned_docs/version-3.0/92-development/05-architecture.md rename to docs/versioned_docs/version-3.3/92-development/05-architecture.md diff --git a/docs/versioned_docs/version-3.0/92-development/06-conventions.md b/docs/versioned_docs/version-3.3/92-development/06-conventions.md similarity index 100% rename from docs/versioned_docs/version-3.0/92-development/06-conventions.md rename to docs/versioned_docs/version-3.3/92-development/06-conventions.md diff --git a/docs/versioned_docs/version-2.7/92-development/07-guides.md b/docs/versioned_docs/version-3.3/92-development/07-guides.md similarity index 55% rename from docs/versioned_docs/version-2.7/92-development/07-guides.md rename to docs/versioned_docs/version-3.3/92-development/07-guides.md index c70a9ec93..c8612f576 100644 --- a/docs/versioned_docs/version-2.7/92-development/07-guides.md +++ b/docs/versioned_docs/version-3.3/92-development/07-guides.md @@ -21,3 +21,49 @@ To automatically execute the migration after the start of the server, the new mi ## Constants of official images All official default images, are saved in [shared/constant/constant.go](https://github.com/woodpecker-ci/woodpecker/blob/main/shared/constant/constant.go) and must be pinned by an exact tag. + +## Building images locally + +### Server + +```sh +### build web component +make vendor +cd web/ +pnpm install --frozen-lockfile +pnpm build +cd .. + +### define the platforms to build for (e.g. linux/amd64) +# (the | is not a typo here) +export PLATFORMS='linux|amd64' +make cross-compile-server + +### build the image +docker buildx build --platform linux/amd64 -t username/repo:tag -f docker/Dockerfile.server.multiarch.rootless --push . +``` + +:::info +The `cross-compile-server` rule makes use of `xgo`, a go cross-compiler. You need to be on a `amd64` host to do this, as `xgo` is only available for `amd64` (see [xgo#213](https://github.com/techknowlogick/xgo/issues/213)). +You can try to use the `build-server` rule instead, however this one fails for some OS (e.g. macOS). +::: + +### Agent + +```sh +### build the agent +make build-agent + +### build the image +docker buildx build --platform linux/amd64 -t username/repo:tag -f docker/Dockerfile.agent.multiarch --push . +``` + +### CLI + +```sh +### build the CLI +make build-cli + +### build the image +docker buildx build --platform linux/amd64 -t username/repo:tag -f docker/Dockerfile.cli.multiarch.rootless --push . +``` diff --git a/docs/versioned_docs/version-3.0/92-development/08-translations.md b/docs/versioned_docs/version-3.3/92-development/08-translations.md similarity index 100% rename from docs/versioned_docs/version-3.0/92-development/08-translations.md rename to docs/versioned_docs/version-3.3/92-development/08-translations.md diff --git a/docs/versioned_docs/version-2.7/92-development/09-swagger.md b/docs/versioned_docs/version-3.3/92-development/09-openapi.md similarity index 88% rename from docs/versioned_docs/version-2.7/92-development/09-swagger.md rename to docs/versioned_docs/version-3.3/92-development/09-openapi.md index e167c4aed..8fc63d873 100644 --- a/docs/versioned_docs/version-2.7/92-development/09-swagger.md +++ b/docs/versioned_docs/version-3.3/92-development/09-openapi.md @@ -36,12 +36,12 @@ type User struct { } // @name User ``` -These guidelines aim to have consistent wording in the swagger doc: +These guidelines aim to have consistent wording in the OpenAPI doc: - first word after `@Summary` and `@Summary` are always uppercase - `@Summary` has no `.` (dot) at the end of the line - model structs shall use custom short names, to ease life for API consumers, using `@name` -- `@Success` object or array declarations shall be short, this means the actual `model.User` struct must have a `@name` annotation, so that the model can be rendered in Swagger +- `@Success` object or array declarations shall be short, this means the actual `model.User` struct must have a `@name` annotation, so that the model can be rendered in OpenAPI - when pagination is used, `@Param page` and `@Param perPage` must be added manually - `@Param Authorization` is almost always present, there are just a few un-protected endpoints @@ -50,14 +50,10 @@ More enhanced information you can find here + ```none 9:18PM DBG pipeline/pipeline.go:94 > executing 2 stages, in order of: CLI=exec 9:18PM DBG pipeline/pipeline.go:104 > stage CLI=exec StagePos=0 Steps=echo @@ -69,6 +71,8 @@ This could be executed via `woodpecker-cli --log-level trace exec --backend-engi 9:18PM TRC pipeline/backend/dummy/dummy.go:208 > delete workflow environment taskUUID=01J10P578JQE6E25VV1EQF0745 ``` + + There are also environment variables to alter step behavior: - `SLEEP: 10` will let the step wait 10 seconds diff --git a/docs/versioned_docs/version-3.0/92-development/_category_.yaml b/docs/versioned_docs/version-3.3/92-development/_category_.yaml similarity index 100% rename from docs/versioned_docs/version-3.0/92-development/_category_.yaml rename to docs/versioned_docs/version-3.3/92-development/_category_.yaml diff --git a/docs/versioned_docs/version-3.0/92-development/ui-proxy.svg b/docs/versioned_docs/version-3.3/92-development/ui-proxy.svg similarity index 100% rename from docs/versioned_docs/version-3.0/92-development/ui-proxy.svg rename to docs/versioned_docs/version-3.3/92-development/ui-proxy.svg diff --git a/docs/versioned_docs/version-3.0/92-development/vscode-debug.png b/docs/versioned_docs/version-3.3/92-development/vscode-debug.png similarity index 100% rename from docs/versioned_docs/version-3.0/92-development/vscode-debug.png rename to docs/versioned_docs/version-3.3/92-development/vscode-debug.png diff --git a/docs/versioned_docs/version-3.0/92-development/vscode-run-test.png b/docs/versioned_docs/version-3.3/92-development/vscode-run-test.png similarity index 100% rename from docs/versioned_docs/version-3.0/92-development/vscode-run-test.png rename to docs/versioned_docs/version-3.3/92-development/vscode-run-test.png diff --git a/docs/versioned_docs/version-3.0/92-development/woodpecker-architecture.png b/docs/versioned_docs/version-3.3/92-development/woodpecker-architecture.png similarity index 100% rename from docs/versioned_docs/version-3.0/92-development/woodpecker-architecture.png rename to docs/versioned_docs/version-3.3/92-development/woodpecker-architecture.png diff --git a/docs/versioned_docs/version-3.4/10-intro/index.md b/docs/versioned_docs/version-3.4/10-intro/index.md new file mode 100644 index 000000000..025bd1f85 --- /dev/null +++ b/docs/versioned_docs/version-3.4/10-intro/index.md @@ -0,0 +1,26 @@ +# Welcome to Woodpecker + +Woodpecker is a CI/CD tool. It is designed to be lightweight, simple to use and fast. Before we dive into the details, let's have a look at some of the basics. + +## Have you ever heard of CI/CD or pipelines? + +Don't worry if you haven't. We'll guide you through the basics. CI/CD stands for Continuous Integration and Continuous Deployment. It's basically like a conveyor belt that moves your code from development to production doing all kinds of +checks, tests and routines along the way. A typical pipeline might include the following steps: + +1. Running tests +2. Building your application +3. Deploying your application + +[Have a deeper look into the idea of CI/CD](https://www.redhat.com/en/topics/devops/what-is-ci-cd) + +## Do you know containers? + +If you are already using containers in your daily workflow, you'll for sure love Woodpecker. If not yet, you'll be amazed how easy it is to get started with [containers](https://opencontainers.org/). + +## Already have access to a Woodpecker instance? + +Then you might want to jump directly into it and [start creating your first pipelines](../20-usage/10-intro.md). + +## Want to start from scratch and deploy your own Woodpecker instance? + +Woodpecker is lightweight and even runs on a Raspberry Pi. You can follow the [deployment guide](../30-administration/00-general.md) to set up your own Woodpecker instance. diff --git a/docs/versioned_docs/version-3.4/20-usage/10-intro.md b/docs/versioned_docs/version-3.4/20-usage/10-intro.md new file mode 100644 index 000000000..095528b4e --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/10-intro.md @@ -0,0 +1,110 @@ +# Your first pipeline + +Let's get started and create your first pipeline. + +## 1. Repository Activation + +To activate your repository in Woodpecker navigate to the repository list and `New repository`. You will see a list of repositories from your forge (GitHub, Gitlab, ...) which can be activated with a simple click. + +![new repository list](repo-new.png) + +To enable a repository in Woodpecker you must have `Admin` rights on that repository, so that Woodpecker can add something +that is called a webhook (Woodpecker needs it to know about actions like pushes, pull requests, tags, etc.). + +## 2. Define first workflow + +After enabling a repository Woodpecker will listen for changes in your repository. When a change is detected, Woodpecker will check for a pipeline configuration. So let's create a file at `.woodpecker/my-first-workflow.yaml` inside your repository: + +```yaml title=".woodpecker/my-first-workflow.yaml" +when: + - event: push + branch: main + +steps: + - name: build + image: debian + commands: + - echo "This is the build step" + - echo "binary-data-123" > executable + - name: a-test-step + image: golang:1.16 + commands: + - echo "Testing ..." + - ./executable +``` + +**So what did we do here?** + +1. We defined your first workflow file `my-first-workflow.yaml`. +2. This workflow will be executed when a push event happens on the `main` branch, + because we added a filter using the `when` section: + + ```diff + + when: + + - event: push + + branch: main + + ... + ``` + +3. We defined two steps: `build` and `a-test-step` + +The steps are executed in the order they are defined, so `build` will be executed first and then `a-test-step`. + +In the `build` step we use the `debian` image and build a "binary file" called `executable`. + +In the `a-test-step` we use the `golang:1.16` image and run the `executable` file to test it. + +You can use any image from registries like the [Docker Hub](https://hub.docker.com/search?type=image) you have access to: + +```diff + steps: + - name: build +- image: debian ++ image: my-company/image-with-aws_cli + commands: + - aws help +``` + +## 3. Push the file and trigger first pipeline + +If you push this file to your repository now, Woodpecker will already execute your first pipeline. + +You can check the pipeline execution in the Woodpecker UI by navigating to the `Pipelines` section of your repository. + +![pipeline view](./pipeline.png) + +As you probably noticed, there is another step in called `clone` which is executed before your steps. This step clones your repository into a folder called `workspace` which is available throughout all steps. + +This for example allows the first step to build your application using your source code and as the second step will receive +the same workspace it can use the previously built binary and test it. + +## 4. Use a plugin for reusable tasks + +Sometimes you have some tasks that you need to do in every project. For example, deploying to Kubernetes or sending a Slack message. Therefore you can use one of the [official and community plugins](/plugins) or simply [create your own](./51-plugins/20-creating-plugins.md). + +If you want to publish a file to an S3 bucket, you can add an S3 plugin to your pipeline: + +```yaml +steps: + # ... + - name: upload + image: woodpeckerci/plugin-s3 + settings: + bucket: my-bucket-name + access_key: a50d28f4dd477bc184fbd10b376de753 + secret_key: + from_secret: aws_secret_key + source: public/**/* + target: /target/location +``` + +To configure a plugin you can use the `settings` section. + +Sometime you need to provide secrets to the plugin. You can do this by using the `from_secret` key. The secret must be defined in the Woodpecker UI. You can find more information about secrets [here](./40-secrets.md). + +Similar to the `when` section at the top of the file which is for the complete workflow, you can use the `when` section for each step to define when a step should be executed. + +Learn more about [plugins](./51-plugins/51-overview.md). + +As you now have a basic understanding of how to create a pipeline, you can dive deeper into the [workflow syntax](./20-workflow-syntax.md) and [plugins](./51-plugins/51-overview.md). diff --git a/docs/versioned_docs/version-3.4/20-usage/100-troubleshooting.md b/docs/versioned_docs/version-3.4/20-usage/100-troubleshooting.md new file mode 100644 index 000000000..b961530f4 --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/100-troubleshooting.md @@ -0,0 +1,37 @@ +# Troubleshooting + +## How to debug clone issues + +(And what to do with an error message like `fatal: could not read Username for 'https://': No such device or address`) + +This error can have multiple causes. If you use internal repositories you might have to enable `WOODPECKER_AUTHENTICATE_PUBLIC_REPOS`: + +```ini +WOODPECKER_AUTHENTICATE_PUBLIC_REPOS=true +``` + +If that does not work, try to make sure the container can reach your git server. In order to do that disable git checkout and make the container "hang": + +```yaml +skip_clone: true + +steps: + build: + image: debian:stable-backports + commands: + - apt update + - apt install -y inetutils-ping wget + - ping -c 4 git.example.com + - wget git.example.com + - sleep 9999999 +``` + +Get the container id using `docker ps` and copy the id from the first column. Enter the container with: `docker exec -it 1234asdf bash` (replace `1234asdf` with the docker id). Then try to clone the git repository with the commands from the failing pipeline: + +```bash +git init +git remote add origin https://git.example.com/username/repo.git +git fetch --no-tags origin +refs/heads/branch: +``` + +(replace the url AND the branch with the correct values, use your username and password as log in values) diff --git a/docs/versioned_docs/version-3.4/20-usage/15-terminology/architecture.excalidraw b/docs/versioned_docs/version-3.4/20-usage/15-terminology/architecture.excalidraw new file mode 100644 index 000000000..b3eba1aab --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/15-terminology/architecture.excalidraw @@ -0,0 +1,1549 @@ +{ + "type": "excalidraw", + "version": 2, + "source": "https://excalidraw.com", + "elements": [ + { + "type": "rectangle", + "version": 226, + "versionNonce": 1002880859, + "isDeleted": false, + "id": "UczUX5VuNnCB1rVvUJVfm", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 487.098092529257, + "y": 320.8758615860986, + "strokeColor": "#1971c2", + "backgroundColor": "#e7f5ff", + "width": 472.8823858375721, + "height": 183.19688715994928, + "seed": 917720693, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "id": "Kqbwk_qfkALJfhtCIr2eS", + "type": "arrow" + } + ], + "updated": 1697530113380, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 161, + "versionNonce": 286006267, + "isDeleted": false, + "id": "sKPZmBSWUdAYfBs4ByItH", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 539.5451038202509, + "y": 345.2419383247636, + "strokeColor": "#1971c2", + "backgroundColor": "transparent", + "width": 82.46875, + "height": 32.199999999999996, + "seed": 1485551573, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113380, + "link": null, + "locked": false, + "fontSize": 28, + "fontFamily": 2, + "text": "Server", + "textAlign": "right", + "verticalAlign": "top", + "containerId": null, + "originalText": "Server", + "lineHeight": 1.15, + "baseline": 25 + }, + { + "type": "rectangle", + "version": 333, + "versionNonce": 448586907, + "isDeleted": false, + "id": "_A8uznhnpXuQBYzjP-iVx", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 649.8080506852966, + "y": 427.60908869342575, + "strokeColor": "#c2255c", + "backgroundColor": "transparent", + "width": 136, + "height": 60, + "seed": 1783625013, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "type": "text", + "id": "r90dckf8trHemYzEwCgCW" + }, + { + "id": "XxfJWnHonmvNOJzMFSlie", + "type": "arrow" + } + ], + "updated": 1697530113380, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 298, + "versionNonce": 1244067771, + "isDeleted": false, + "id": "r90dckf8trHemYzEwCgCW", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 703.8080506852966, + "y": 441.5090886934257, + "strokeColor": "#c2255c", + "backgroundColor": "transparent", + "width": 28, + "height": 32.199999999999996, + "seed": 660965013, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113383, + "link": null, + "locked": false, + "fontSize": 28, + "fontFamily": 2, + "text": "UI", + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "_A8uznhnpXuQBYzjP-iVx", + "originalText": "UI", + "lineHeight": 1.15, + "baseline": 25 + }, + { + "type": "rectangle", + "version": 105, + "versionNonce": 265992667, + "isDeleted": false, + "id": "v2eEwSOSRQBZ79O6wyzGf", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 800.9240766836483, + "y": 421.4987043996123, + "strokeColor": "#2f9e44", + "backgroundColor": "transparent", + "width": 135.3671503686619, + "height": 62.2689029398432, + "seed": 1115810805, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "type": "text", + "id": "svsVhxCbatcLj7lQLch0P" + }, + { + "id": "TvtonmlV0W8__pnTG-wVZ", + "type": "arrow" + }, + { + "id": "5tl702dfcvJDLz9aIFU0P", + "type": "arrow" + } + ], + "updated": 1697530113380, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 83, + "versionNonce": 1706870395, + "isDeleted": false, + "id": "svsVhxCbatcLj7lQLch0P", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 828.1594096804793, + "y": 436.53315586953386, + "strokeColor": "#2f9e44", + "backgroundColor": "transparent", + "width": 80.896484375, + "height": 32.199999999999996, + "seed": 2074781013, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113380, + "link": null, + "locked": false, + "fontSize": 28, + "fontFamily": 2, + "text": "GRPC", + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "v2eEwSOSRQBZ79O6wyzGf", + "originalText": "GRPC", + "lineHeight": 1.15, + "baseline": 25 + }, + { + "type": "rectangle", + "version": 270, + "versionNonce": 418660123, + "isDeleted": false, + "id": "hSrrwwnm9y7R-_CnJtaK1", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 1065.567103519039, + "y": 556.4146894573112, + "strokeColor": "#2f9e44", + "backgroundColor": "#ebfbee", + "width": 601.932705468054, + "height": 175.07489600604117, + "seed": 1983197877, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "id": "TvtonmlV0W8__pnTG-wVZ", + "type": "arrow" + } + ], + "updated": 1697530113380, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 154, + "versionNonce": 871605179, + "isDeleted": false, + "id": "8tsYgVssKnBd_Zw1QuqNz", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 1298.4367898442752, + "y": 566.567242947784, + "strokeColor": "#2f9e44", + "backgroundColor": "transparent", + "width": 96.5234375, + "height": 32.199999999999996, + "seed": 1321669653, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false, + "fontSize": 28, + "fontFamily": 2, + "text": "Agent 1", + "textAlign": "right", + "verticalAlign": "top", + "containerId": null, + "originalText": "Agent 1", + "lineHeight": 1.15, + "baseline": 25 + }, + { + "type": "text", + "version": 182, + "versionNonce": 1323136091, + "isDeleted": false, + "id": "eeugZg73_yD_6uLBBgmcX", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 404.5001910129067, + "y": 707.1233710221009, + "strokeColor": "#c2255c", + "backgroundColor": "transparent", + "width": 210.068359375, + "height": 32.199999999999996, + "seed": 1901447541, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false, + "fontSize": 28, + "fontFamily": 2, + "text": "User => Browser", + "textAlign": "right", + "verticalAlign": "top", + "containerId": null, + "originalText": "User => Browser", + "lineHeight": 1.15, + "baseline": 25 + }, + { + "type": "ellipse", + "version": 106, + "versionNonce": 1501835515, + "isDeleted": false, + "id": "mlDhl4OOc-H1tNgh77AAW", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 482.5857164810477, + "y": 602.4394551739279, + "strokeColor": "#c2255c", + "backgroundColor": "transparent", + "width": 46.024748503793035, + "height": 44.21988070606176, + "seed": 791073493, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false + }, + { + "type": "line", + "version": 166, + "versionNonce": 627726747, + "isDeleted": false, + "id": "ADEXzdYAhvj-_wVRftTIg", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 459.12202200277807, + "y": 697.1964604319912, + "strokeColor": "#c2255c", + "backgroundColor": "transparent", + "width": 80.31792517362464, + "height": 31.585599568061298, + "seed": 349155381, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false, + "startBinding": null, + "endBinding": null, + "lastCommittedPoint": null, + "startArrowhead": null, + "endArrowhead": null, + "points": [ + [ + 0, + 0 + ], + [ + 42.415150610916044, + -28.87829787146393 + ], + [ + 80.31792517362464, + 2.7073016965973693 + ] + ] + }, + { + "type": "rectangle", + "version": 231, + "versionNonce": 801271355, + "isDeleted": false, + "id": "xmz4J-rxLIjfUQ4q19PjD", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 516.8788931508789, + "y": 870.4664542146543, + "strokeColor": "#f08c00", + "backgroundColor": "#fff4e6", + "width": 385.34512717560705, + "height": 60.464035142111264, + "seed": 3531157, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "id": "05EJzh4NLXxemaKAmdi5n", + "type": "arrow" + } + ], + "updated": 1697530113381, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 93, + "versionNonce": 728690395, + "isDeleted": false, + "id": "gSbpry_947XArfI7b6AAL", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 636.1468430141358, + "y": 878.5884970070326, + "strokeColor": "#f08c00", + "backgroundColor": "transparent", + "width": 132.2890625, + "height": 32.199999999999996, + "seed": 1989076725, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false, + "fontSize": 28, + "fontFamily": 2, + "text": "Autoscaler", + "textAlign": "right", + "verticalAlign": "top", + "containerId": null, + "originalText": "Autoscaler", + "lineHeight": 1.15, + "baseline": 25 + }, + { + "type": "text", + "version": 118, + "versionNonce": 1258445691, + "isDeleted": false, + "id": "WVy0mdTGbUx08RuxdQUH8", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 523.3741602213286, + "y": 907.372811672524, + "strokeColor": "#f08c00", + "backgroundColor": "transparent", + "width": 369.1484375, + "height": 18.4, + "seed": 979386453, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false, + "fontSize": 16, + "fontFamily": 2, + "text": "Starts agents based on amount of pending pipelines", + "textAlign": "right", + "verticalAlign": "top", + "containerId": null, + "originalText": "Starts agents based on amount of pending pipelines", + "lineHeight": 1.15, + "baseline": 14 + }, + { + "type": "text", + "version": 373, + "versionNonce": 1254044699, + "isDeleted": false, + "id": "0Y1RcqzVFBFqh-wy-APMI", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 1232.1955835481922, + "y": 605.8737363119278, + "strokeColor": "#2f9e44", + "backgroundColor": "transparent", + "width": 292.6171875, + "height": 18.4, + "seed": 561999285, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false, + "fontSize": 16, + "fontFamily": 2, + "text": "Executes pending workflows of a pipeline", + "textAlign": "right", + "verticalAlign": "top", + "containerId": null, + "originalText": "Executes pending workflows of a pipeline", + "lineHeight": 1.15, + "baseline": 14 + }, + { + "type": "text", + "version": 630, + "versionNonce": 983038139, + "isDeleted": false, + "id": "lGumbhMs3xx1vU2632hli", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 505.62283787078286, + "y": 383.42044095379515, + "strokeColor": "#1971c2", + "backgroundColor": "transparent", + "width": 158.015625, + "height": 36.8, + "seed": 722595605, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false, + "fontSize": 16, + "fontFamily": 2, + "text": "Central unit of a \nWoodpecker instance ", + "textAlign": "center", + "verticalAlign": "top", + "containerId": null, + "originalText": "Central unit of a \nWoodpecker instance ", + "lineHeight": 1.15, + "baseline": 32 + }, + { + "type": "rectangle", + "version": 131, + "versionNonce": 137308507, + "isDeleted": false, + "id": "PbSQXehWVLYcQGXYFpd-B", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 971.7123256059622, + "y": 171.06951064323448, + "strokeColor": "#be4bdb", + "backgroundColor": "#f8f0fc", + "width": 274.3443117379593, + "height": 74.90311522655017, + "seed": 1435321461, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "id": "Kqbwk_qfkALJfhtCIr2eS", + "type": "arrow" + } + ], + "updated": 1697530113381, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 96, + "versionNonce": 1222067707, + "isDeleted": false, + "id": "2P2tz29C_2sUzVNSpaG17", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 1065.5206131439782, + "y": 183.12082907329545, + "strokeColor": "#be4bdb", + "backgroundColor": "transparent", + "width": 73.14453125, + "height": 32.199999999999996, + "seed": 884403669, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false, + "fontSize": 28, + "fontFamily": 2, + "text": "Forge", + "textAlign": "right", + "verticalAlign": "top", + "containerId": null, + "originalText": "Forge", + "lineHeight": 1.15, + "baseline": 25 + }, + { + "type": "text", + "version": 141, + "versionNonce": 1133694619, + "isDeleted": false, + "id": "0eYhFYPuRanZ7wkR2OlHO", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 986.864582863368, + "y": 225.1223531590797, + "strokeColor": "#be4bdb", + "backgroundColor": "transparent", + "width": 247.234375, + "height": 18.4, + "seed": 1201957685, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [ + { + "id": "HK1jmIcPmM6Us6Jrynobb", + "type": "arrow" + } + ], + "updated": 1697530113381, + "link": null, + "locked": false, + "fontSize": 16, + "fontFamily": 2, + "text": "Github, Gitea, Github, Bitbucket, ...", + "textAlign": "right", + "verticalAlign": "top", + "containerId": null, + "originalText": "Github, Gitea, Github, Bitbucket, ...", + "lineHeight": 1.15, + "baseline": 14 + }, + { + "type": "rectangle", + "version": 55, + "versionNonce": 991183675, + "isDeleted": false, + "id": "dihpRzuIc-UoRSsOI33SZ", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 820.419424341303, + "y": 340.29123237109366, + "strokeColor": "#be4bdb", + "backgroundColor": "transparent", + "width": 117, + "height": 60, + "seed": 247151765, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "type": "text", + "id": "bcUL-u4zkLA9CLG2YdaeN" + } + ], + "updated": 1697530113381, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 38, + "versionNonce": 2008949723, + "isDeleted": false, + "id": "bcUL-u4zkLA9CLG2YdaeN", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 831.853994653803, + "y": 358.79123237109366, + "strokeColor": "#be4bdb", + "backgroundColor": "transparent", + "width": 94.130859375, + "height": 23, + "seed": 1638982133, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 2, + "text": "Webhooks", + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "dihpRzuIc-UoRSsOI33SZ", + "originalText": "Webhooks", + "lineHeight": 1.15, + "baseline": 18 + }, + { + "type": "rectangle", + "version": 93, + "versionNonce": 295891067, + "isDeleted": false, + "id": "Bphhue86mMXHN4klGamM3", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 697.3018309300141, + "y": 339.607928999312, + "strokeColor": "#be4bdb", + "backgroundColor": "transparent", + "width": 117, + "height": 60, + "seed": 92986197, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "type": "text", + "id": "0YxY2hEPyDWFqR8_-f6bn" + } + ], + "updated": 1697530113381, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 87, + "versionNonce": 2055547163, + "isDeleted": false, + "id": "0YxY2hEPyDWFqR8_-f6bn", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 727.4522215550141, + "y": 358.107928999312, + "strokeColor": "#be4bdb", + "backgroundColor": "transparent", + "width": 56.69921875, + "height": 23, + "seed": 43952309, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 2, + "text": "OAuth", + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "Bphhue86mMXHN4klGamM3", + "originalText": "OAuth", + "lineHeight": 1.15, + "baseline": 18 + }, + { + "type": "arrow", + "version": 284, + "versionNonce": 1205292475, + "isDeleted": false, + "id": "HK1jmIcPmM6Us6Jrynobb", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 1205.6453201409104, + "y": 250.4849674923464, + "strokeColor": "#be4bdb", + "backgroundColor": "transparent", + "width": 272.1094712799886, + "height": 94.31865813977868, + "seed": 982632981, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [ + { + "type": "text", + "id": "uDIWJ5K5mEBL9QaiNk3cS" + } + ], + "updated": 1697530113381, + "link": null, + "locked": false, + "startBinding": { + "elementId": "0eYhFYPuRanZ7wkR2OlHO", + "focus": -0.8418551162334328, + "gap": 6.962614333266799 + }, + "endBinding": null, + "lastCommittedPoint": null, + "startArrowhead": null, + "endArrowhead": "triangle", + "points": [ + [ + 0, + 0 + ], + [ + -69.68740859223726, + 65.87860410965993 + ], + [ + -272.1094712799886, + 94.31865813977868 + ] + ] + }, + { + "type": "text", + "version": 53, + "versionNonce": 1803962459, + "isDeleted": false, + "id": "uDIWJ5K5mEBL9QaiNk3cS", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 1050.575099048673, + "y": 297.96357160200637, + "strokeColor": "#be4bdb", + "backgroundColor": "#b2f2bb", + "width": 170.765625, + "height": 36.8, + "seed": 1046069109, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113385, + "link": null, + "locked": false, + "fontSize": 16, + "fontFamily": 2, + "text": "sends events like push, \ntag, ...", + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "HK1jmIcPmM6Us6Jrynobb", + "originalText": "sends events like push, tag, ...", + "lineHeight": 1.15, + "baseline": 32 + }, + { + "type": "arrow", + "version": 487, + "versionNonce": 335895291, + "isDeleted": false, + "id": "Kqbwk_qfkALJfhtCIr2eS", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 792.0835609101814, + "y": 316.38601649373913, + "strokeColor": "#be4bdb", + "backgroundColor": "transparent", + "width": 176.92139414789008, + "height": 122.73778943055902, + "seed": 1681656021, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [ + { + "type": "text", + "id": "yvJTQ64RU50N6-hxEQlkl" + } + ], + "updated": 1697530113381, + "link": null, + "locked": false, + "startBinding": { + "elementId": "UczUX5VuNnCB1rVvUJVfm", + "focus": -0.03867359238356983, + "gap": 4.489845092359474 + }, + "endBinding": { + "elementId": "PbSQXehWVLYcQGXYFpd-B", + "focus": 0.7798878042817562, + "gap": 2.707370547890605 + }, + "lastCommittedPoint": null, + "startArrowhead": "triangle", + "endArrowhead": "triangle", + "points": [ + [ + 0, + 0 + ], + [ + 60.422360349016344, + -71.97786730696657 + ], + [ + 176.92139414789008, + -122.73778943055902 + ] + ] + }, + { + "type": "text", + "version": 62, + "versionNonce": 301106427, + "isDeleted": false, + "id": "yvJTQ64RU50N6-hxEQlkl", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 773.7910775091977, + "y": 226.00814918677256, + "strokeColor": "#be4bdb", + "backgroundColor": "#b2f2bb", + "width": 157.4296875, + "height": 36.8, + "seed": 500049461, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113385, + "link": null, + "locked": false, + "fontSize": 16, + "fontFamily": 2, + "text": "allows users to login \nusing existing account", + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "Kqbwk_qfkALJfhtCIr2eS", + "originalText": "allows users to login using existing account", + "lineHeight": 1.15, + "baseline": 32 + }, + { + "type": "arrow", + "version": 393, + "versionNonce": 598459861, + "isDeleted": false, + "id": "TvtonmlV0W8__pnTG-wVZ", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 936.9267543177084, + "y": 458.95033086418084, + "strokeColor": "#2f9e44", + "backgroundColor": "transparent", + "width": 215.17788326846676, + "height": 93.99151368376693, + "seed": 234198933, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [ + { + "type": "text", + "id": "rFf6NIofw6UBOyAFwg0Kn" + } + ], + "updated": 1697530127259, + "link": null, + "locked": false, + "startBinding": { + "elementId": "v2eEwSOSRQBZ79O6wyzGf", + "focus": -0.30339107267010673, + "gap": 1 + }, + "endBinding": { + "elementId": "hSrrwwnm9y7R-_CnJtaK1", + "focus": -0.14057158065513534, + "gap": 3.4728449093634026 + }, + "lastCommittedPoint": null, + "startArrowhead": "triangle", + "endArrowhead": "triangle", + "points": [ + [ + 0, + 0 + ], + [ + 130.0760301643047, + 42.90930518030268 + ], + [ + 215.17788326846676, + 93.99151368376693 + ] + ] + }, + { + "type": "text", + "version": 8, + "versionNonce": 1693330843, + "isDeleted": false, + "id": "rFf6NIofw6UBOyAFwg0Kn", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 997.4942845557462, + "y": 473.9409015069133, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 161.4140625, + "height": 36.8, + "seed": 1592253685, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113386, + "link": null, + "locked": false, + "fontSize": 16, + "fontFamily": 2, + "text": "receives workflows & \nreturns logs + statuses", + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "TvtonmlV0W8__pnTG-wVZ", + "originalText": "receives workflows & returns logs + statuses", + "lineHeight": 1.15, + "baseline": 32 + }, + { + "type": "arrow", + "version": 270, + "versionNonce": 1855882619, + "isDeleted": false, + "id": "5tl702dfcvJDLz9aIFU0P", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 886.0581619083632, + "y": 485.67004123832135, + "strokeColor": "#2f9e44", + "backgroundColor": "transparent", + "width": 174.09447592006472, + "height": 326.4905563076211, + "seed": 1479177813, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [ + { + "type": "text", + "id": "apyMCAv2GIN_yzHXwX4tY" + } + ], + "updated": 1697530113381, + "link": null, + "locked": false, + "startBinding": { + "elementId": "v2eEwSOSRQBZ79O6wyzGf", + "focus": -0.1341191028023529, + "gap": 1.9024338988657519 + }, + "endBinding": { + "elementId": "pxF49EKDNO6IZq_34i7bY", + "focus": -0.7088661407505865, + "gap": 4.060573862784622 + }, + "lastCommittedPoint": null, + "startArrowhead": "triangle", + "endArrowhead": "triangle", + "points": [ + [ + 0, + 0 + ], + [ + 44.14165353942735, + 196.18483635907205 + ], + [ + 174.09447592006472, + 326.4905563076211 + ] + ] + }, + { + "type": "text", + "version": 66, + "versionNonce": 2007745083, + "isDeleted": false, + "id": "apyMCAv2GIN_yzHXwX4tY", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 849.4927841977906, + "y": 663.4548775973934, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 161.4140625, + "height": 36.8, + "seed": 882041781, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113386, + "link": null, + "locked": false, + "fontSize": 16, + "fontFamily": 2, + "text": "receives workflows & \nreturns logs + statuses", + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "5tl702dfcvJDLz9aIFU0P", + "originalText": "receives workflows & returns logs + statuses", + "lineHeight": 1.15, + "baseline": 32 + }, + { + "type": "arrow", + "version": 347, + "versionNonce": 1353818811, + "isDeleted": false, + "id": "XxfJWnHonmvNOJzMFSlie", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 534.9278465333664, + "y": 595.2199151317081, + "strokeColor": "#c2255c", + "backgroundColor": "transparent", + "width": 113.88020415193023, + "height": 119.81968366814112, + "seed": 944153877, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false, + "startBinding": null, + "endBinding": { + "elementId": "_A8uznhnpXuQBYzjP-iVx", + "focus": 0.5397285671082249, + "gap": 1 + }, + "lastCommittedPoint": null, + "startArrowhead": null, + "endArrowhead": "triangle", + "points": [ + [ + 0, + 0 + ], + [ + 113.88020415193023, + -119.81968366814112 + ] + ] + }, + { + "type": "rectangle", + "version": 61, + "versionNonce": 1099141979, + "isDeleted": false, + "id": "j56ZKRwmXk72nHrZzLz_1", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 1081.8110514012087, + "y": 652.5253283508498, + "strokeColor": "#2f9e44", + "backgroundColor": "#ebfbee", + "width": 566.7373014532342, + "height": 68.58600908319681, + "seed": 112933493, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 82, + "versionNonce": 1879994363, + "isDeleted": false, + "id": "cAVYXfBRnfuGAv7QTQVow", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 1300.6584159706863, + "y": 658.8425033454967, + "strokeColor": "#2f9e44", + "backgroundColor": "transparent", + "width": 77.83203125, + "height": 23, + "seed": 951460821, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 2, + "text": "Backend", + "textAlign": "right", + "verticalAlign": "top", + "containerId": null, + "originalText": "Backend", + "lineHeight": 1.15, + "baseline": 18 + }, + { + "type": "text", + "version": 376,- add some images explaining the architecture & terminology with +pipeline -> workflow -> step +- combine advanced config usage +- rename pipeline syntax to workflow syntax (and most references to +pipeline steps etc as well) +- update agent registration part +- add bug note to secrets encryption setting +- remove usage from readme to point to up-to-date docs page +- typos +- closes #1408 + +--------- + "angle": 0, + "x": 1094.1972977313717, + "y": 681.8988272758752, + "strokeColor": "#2f9e44", + "backgroundColor": "transparent", + "width": 530.9453125, + "height": 55.199999999999996, + "seed": 843899189, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false, + "fontSize": 16, + "fontFamily": 2, + "text": "The backend is the environment (exp. Docker / Kubernetes / local) used to \nexecute workflows in.\n", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "The backend is the environment (exp. Docker / Kubernetes / local) used to \nexecute workflows in.\n", + "lineHeight": 1.15, + "baseline": 50 + }, + { + "type": "rectangle", + "version": 384, + "versionNonce": 1778969915, + "isDeleted": false, + "id": "pxF49EKDNO6IZq_34i7bY", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 1064.2132116912126, + "y": 754.5018564383092, + "strokeColor": "#2f9e44", + "backgroundColor": "#ebfbee", + "width": 601.932705468054, + "height": 175.07489600604117, + "seed": 954528405, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "id": "05EJzh4NLXxemaKAmdi5n", + "type": "arrow" + }, + { + "id": "5tl702dfcvJDLz9aIFU0P", + "type": "arrow" + } + ], + "updated": 1697530113381, + "link": null, + "locked": false + }, + { + "type": "arrow", + "version": 154, + "versionNonce": 1988988379, + "isDeleted": false, + "id": "05EJzh4NLXxemaKAmdi5n", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 904.0288881242177, + "y": 882.4966027880746, + "strokeColor": "#f08c00", + "backgroundColor": "transparent", + "width": 158.83070714434325, + "height": 32.735025983189644, + "seed": 1228134389, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [ + { + "type": "text", + "id": "yNxAOEPZu_Jl7mnI01OXs" + } + ], + "updated": 1697530113381, + "link": null, + "locked": false, + "startBinding": { + "elementId": "xmz4J-rxLIjfUQ4q19PjD", + "gap": 1.8048677977312764, + "focus": 0.31250963573550006 + }, + "endBinding": { + "elementId": "pxF49EKDNO6IZq_34i7bY", + "gap": 1.353616422651612, + "focus": 0.36496042109885213 + }, + "lastCommittedPoint": null, + "startArrowhead": null, + "endArrowhead": "triangle", + "points": [ + [ + 0, + 0 + ], + [ + 158.83070714434325, + -32.735025983189644 + ] + ] + }, + { + "type": "text", + "version": 25, + "versionNonce": 1393410779, + "isDeleted": false, + "id": "yNxAOEPZu_Jl7mnI01OXs", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 963.8856479463893, + "y": 856.9290897964797, + "strokeColor": "#f08c00", + "backgroundColor": "#b2f2bb", + "width": 39.1171875, + "height": 18.4, + "seed": 759107925, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113387, + "link": null, + "locked": false, + "fontSize": 16, + "fontFamily": 2, + "text": "starts", + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "05EJzh4NLXxemaKAmdi5n", + "originalText": "starts", + "lineHeight": 1.15, + "baseline": 14 + }, + { + "type": "text", + "version": 187, + "versionNonce": 671224603, + "isDeleted": false, + "id": "sSj4Pda-fo-BBYM_dzml6", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 1296.0854928322988, + "y": 776.6118140041631, + "strokeColor": "#2f9e44", + "backgroundColor": "transparent", + "width": 104.2890625, + "height": 32.199999999999996, + "seed": 1381768885, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530113381, + "link": null, + "locked": false, + "fontSize": 28, + "fontFamily": 2, + "text": "Agent ...", + "textAlign": "right", + "verticalAlign": "top", + "containerId": null, + "originalText": "Agent ...", + "lineHeight": 1.15, + "baseline": 25 + } + ], + "appState": { + "gridSize": null, + "viewBackgroundColor": "#ffffff" + }, + "files": {} +} diff --git a/docs/versioned_docs/version-3.4/20-usage/15-terminology/architecture.svg b/docs/versioned_docs/version-3.4/20-usage/15-terminology/architecture.svg new file mode 100644 index 000000000..b34e96fdd --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/15-terminology/architecture.svg @@ -0,0 +1,17 @@ + + + + + + + + ServerUIGRPCAgent 1User => BrowserAutoscalerStarts agents based on amount of pending pipelinesExecutes pending workflows of a pipelineCentral unit of a Woodpecker instance ForgeGithub, Gitea, Github, Bitbucket, ...WebhooksOAuthsends events like push, tag, ...allows users to login using existing accountreceives workflows & returns logs + statusesreceives workflows & returns logs + statusesBackendThe backend is the environment (exp. Docker / Kubernetes / local) used to execute workflows in.startsAgent ... diff --git a/docs/versioned_docs/version-3.4/20-usage/15-terminology/index.md b/docs/versioned_docs/version-3.4/20-usage/15-terminology/index.md new file mode 100644 index 000000000..e64d4565f --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/15-terminology/index.md @@ -0,0 +1,55 @@ +# Terminology + +## Glossary + +- **Woodpecker CI**: The project name around Woodpecker. +- **Woodpecker**: An open-source tool that executes [pipelines][Pipeline] on your code. +- **Server**: The component of Woodpecker that handles webhooks from forges, orchestrates agents, and sends status back. It also serves the API and web UI for administration and configuration. +- **Agent**: A component of Woodpecker that executes [pipelines][Pipeline] (specifically one or more [workflows][Workflow]) with a specific backend (e.g. [Docker][], Kubernetes, [local][Local]). It connects to the server via GRPC. +- **CLI**: The Woodpecker command-line interface (CLI) is a terminal tool used to administer the server, to execute pipelines locally for debugging / testing purposes, and to perform tasks like linting pipelines. +- **[Pipeline][Pipeline]**: A sequence of [workflows][Workflow] that are executed on the code. Pipelines are triggered by events. +- **[Workflow][Workflow]**: A sequence of steps and services that are executed as part of a [pipeline][Pipeline]. Workflows are represented by YAML files. Each workflow has its own isolated [workspace][Workspace], and often additional resources like a shared network (docker). +- **Steps**: Individual commands, actions or tasks within a [workflow][Workflow]. +- **Code**: Refers to the files tracked by the version control system used by the [forge][Forge]. +- **Repos**: Short for repositories, these are storage locations where code is stored. +- **[Forge][Forge]**: The hosting platform or service where the repositories are hosted. +- **[Workspace][workspace]**: A folder shared between all steps of a [workflow][Workflow] containing the repository and all the generated data from previous steps. +- **[Event][Event]**: Triggers the execution of a [pipeline][Pipeline], such as a [forge][Forge] event like `push`, or `manual` triggered manually from the UI. +- **Commit**: A defined state of the code, usually associated with a version control system like Git. +- **[Matrix][Matrix]**: A configuration option that allows the execution of [workflows][Workflow] for each value in the matrix. +- **Service**: A service is a step that is executed from the start of a [workflow][Workflow] until its end. It can be accessed by name via the network from other steps within the same [workflow][Workflow]. +- **[Plugins][Plugin]**: Plugins are extensions that provide pre-defined actions or commands for a step in a [workflow][Workflow]. They can be configured via settings. +- **Container**: A lightweight and isolated environment where commands are executed. +- **YAML File**: A file format used to define and configure [workflows][Workflow]. +- **Dependency**: [Workflows][Workflow] can depend on each other, and if possible, they are executed in parallel. +- **Status**: Status refers to the outcome of a step or [workflow][Workflow] after it has been executed, determined by the internal command exit code. At the end of a [workflow][Workflow], its status is sent to the [forge][Forge]. +- **Service extension**: Some parts of Woodpecker internal services like secrets storage or config fetcher can be replaced through service extensions. + +## Woodpecker architecture + +![Woodpecker architecture](architecture.svg) + +## Pipeline, workflow & step + +![Relation between pipelines, workflows and steps](pipeline-workflow-step.svg) + +## Conventions + +Sometimes there are multiple terms that can be used to describe something. This section lists the preferred terms to use in Woodpecker: + +- Environment variables `*_LINK` should be called `*_URL`. In the code use `URL()` instead of `Link()` +- Use the term **pipelines** instead of the previous **builds** +- Use the term **steps** instead of the previous **jobs** +- Use the prefix `WOODPECKER_EXPERT_` for advanced environment variables that are normally not required to be set by users + + + +[Event]: ../20-workflow-syntax.md#event +[Pipeline]: ../20-workflow-syntax.md +[Workflow]: ../25-workflows.md +[Forge]: ../../30-administration/10-configuration/12-forges/11-overview.md +[Plugin]: ../51-plugins/51-overview.md +[Workspace]: ../20-workflow-syntax.md#workspace +[Matrix]: ../30-matrix-workflows.md +[Docker]: ../../30-administration/10-configuration/11-backends/10-docker.md +[Local]: ../../30-administration/10-configuration/11-backends/30-local.md diff --git a/docs/versioned_docs/version-3.4/20-usage/15-terminology/pipeline-workflow-step.excalidraw b/docs/versioned_docs/version-3.4/20-usage/15-terminology/pipeline-workflow-step.excalidraw new file mode 100644 index 000000000..28704cff5 --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/15-terminology/pipeline-workflow-step.excalidraw @@ -0,0 +1,1077 @@ +{ + "type": "excalidraw", + "version": 2, + "source": "https://excalidraw.com", + "elements": [ + { + "type": "rectangle", + "version": 97, + "versionNonce": 257762037, + "isDeleted": false, + "id": "Y3hYdpX9r1qWfyHWs7AXT", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 393.622323134362, + "y": 336.02197155458475, + "strokeColor": "#1971c2", + "backgroundColor": "#e7f5ff", + "width": 366.3936710429598, + "height": 499.95605689083004, + "seed": 875444373, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [], + "updated": 1697530083427, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 67, + "versionNonce": 369556565, + "isDeleted": false, + "id": "g1Eb010Kx_KFryVqNYWBQ", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 520.0116988873679, + "y": 363.32095846456355, + "strokeColor": "#1971c2", + "backgroundColor": "#b2f2bb", + "width": 99.626953125, + "height": 32.199999999999996, + "seed": 1466195445, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [ + { + "id": "9laL3864YWOna6NQlVDqq", + "type": "arrow" + } + ], + "updated": 1697530083427, + "link": null, + "locked": false, + "fontSize": 28, + "fontFamily": 2, + "text": "Pipeline", + "textAlign": "center", + "verticalAlign": "top", + "containerId": null, + "originalText": "Pipeline", + "lineHeight": 1.15, + "baseline": 25 + }, + { + "type": "rectangle", + "version": 314, + "versionNonce": 1983028731, + "isDeleted": false, + "id": "9o-DNP0YdlIGVz1kEm_hW", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 407.1590381712276, + "y": 410.9252244837219, + "strokeColor": "#be4bdb", + "backgroundColor": "#f8f0fc", + "width": 340.12211164367193, + "height": 199, + "seed": 1869535061, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "id": "FU4jk6Tz6duLaaZE0Z55A", + "type": "arrow" + }, + { + "id": "9laL3864YWOna6NQlVDqq", + "type": "arrow" + } + ], + "updated": 1697530083624, + "link": null, + "locked": false + }, + { + "type": "rectangle", + "version": 156, + "versionNonce": 1495247317, + "isDeleted": false, + "id": "q4TKpiq2KAwPaz19GdhtK", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 490.3194993196821, + "y": 473.52959018719525, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 247, + "height": 33, + "seed": 111355061, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "type": "text", + "id": "ya0JzDo-4oscHIq87TZ_D" + }, + { + "id": "1ZbDRqbETCkEx62nCmnpJ", + "type": "arrow" + }, + { + "id": "FU4jk6Tz6duLaaZE0Z55A", + "type": "arrow" + } + ], + "updated": 1697530083427, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 156, + "versionNonce": 1469425461, + "isDeleted": false, + "id": "ya0JzDo-4oscHIq87TZ_D", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 566.0118821321821, + "y": 478.52959018719525, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 95.615234375, + "height": 23, + "seed": 1084671509, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530083427, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 2, + "text": "Clone step", + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "q4TKpiq2KAwPaz19GdhtK", + "originalText": "Clone step", + "lineHeight": 1.15, + "baseline": 18 + }, + { + "type": "rectangle", + "version": 236, + "versionNonce": 1535319541, + "isDeleted": false, + "id": "AOJLQFldoHd2vxVtB2jrS", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 491.2218643672577, + "y": 519.7800332298218, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 247, + "height": 33, + "seed": 812596085, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "type": "text", + "id": "FRby8A9aUiKvHpM5mCdDN" + } + ], + "updated": 1697530083427, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 231, + "versionNonce": 28677973, + "isDeleted": false, + "id": "FRby8A9aUiKvHpM5mCdDN", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 583.0324112422577, + "y": 524.7800332298218, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 63.37890625, + "height": 23, + "seed": 1849820373, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530083427, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 2, + "text": "1. Step", + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "AOJLQFldoHd2vxVtB2jrS", + "originalText": "1. Step", + "lineHeight": 1.15, + "baseline": 18 + }, + { + "type": "rectangle", + "version": 291, + "versionNonce": 571598005, + "isDeleted": false, + "id": "2WwuMWX7YawqK0i1rDPJo", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 489.6426911083554, + "y": 567.609787233933, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 247, + "height": 33, + "seed": 1840554549, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "type": "text", + "id": "UOwxmKIS0W62CFt_ffEy4" + }, + { + "id": "379hO6Dc5rygB38JgDbVo", + "type": "arrow" + } + ], + "updated": 1697530083427, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 289, + "versionNonce": 4032021, + "isDeleted": false, + "id": "UOwxmKIS0W62CFt_ffEy4", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 581.4532379833554, + "y": 572.609787233933, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 63.37890625, + "height": 23, + "seed": 330077077, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530083427, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 2, + "text": "2. Step", + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "2WwuMWX7YawqK0i1rDPJo", + "originalText": "2. Step", + "lineHeight": 1.15, + "baseline": 18 + }, + { + "type": "arrow", + "version": 296, + "versionNonce": 1539516059, + "isDeleted": false, + "id": "9laL3864YWOna6NQlVDqq", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 630.0635849044402, + "y": 383.14314287821776, + "strokeColor": "#1971c2", + "backgroundColor": "transparent", + "width": 294.3024370154917, + "height": 36.656016722015465, + "seed": 207575285, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [], + "updated": 1697530083624, + "link": null, + "locked": false, + "startBinding": { + "elementId": "9o-DNP0YdlIGVz1kEm_hW", + "focus": -1.000156025347643, + "gap": 27.782081605504118 + }, + "endBinding": { + "elementId": "vS2PNUbmeBe3EPxl-dID8", + "focus": 0.7761987167055517, + "gap": 8.978940924346716 + }, + "lastCommittedPoint": null, + "startArrowhead": "triangle", + "endArrowhead": null, + "points": [ + [ + 0, + 0 + ], + [ + 294.3024370154917, + -36.656016722015465 + ] + ] + }, + { + "type": "text", + "version": 249, + "versionNonce": 2076402229, + "isDeleted": false, + "id": "vS2PNUbmeBe3EPxl-dID8", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 933.3449628442786, + "y": 336.02200598023114, + "strokeColor": "#1971c2", + "backgroundColor": "transparent", + "width": 301.298828125, + "height": 46, + "seed": 1632793173, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [ + { + "id": "9laL3864YWOna6NQlVDqq", + "type": "arrow" + } + ], + "updated": 1697530083427, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 2, + "text": "A pipeline is triggered by an event\nlike a push, tag, manual", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "A pipeline is triggered by an event\nlike a push, tag, manual", + "lineHeight": 1.15, + "baseline": 41 + }, + { + "type": "arrow", + "version": 751, + "versionNonce": 1371044827, + "isDeleted": false, + "id": "FU4jk6Tz6duLaaZE0Z55A", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 751.1619011845514, + "y": 440.8355079324799, + "strokeColor": "#be4bdb", + "backgroundColor": "transparent", + "width": 160.46519124360202, + "height": 2.2452348338335923, + "seed": 1331388341, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [], + "updated": 1697530083624, + "link": null, + "locked": false, + "startBinding": { + "elementId": "9o-DNP0YdlIGVz1kEm_hW", + "focus": -0.6591700594229558, + "gap": 3.8807513696519322 + }, + "endBinding": { + "elementId": "wfFvnFZuh0npL9hh0ez7o", + "focus": 0.7652411053273549, + "gap": 20.75618622779257 + }, + "lastCommittedPoint": null, + "startArrowhead": "triangle", + "endArrowhead": null, + "points": [ + [ + 0, + 0 + ], + [ + 160.46519124360202, + -2.2452348338335923 + ] + ] + }, + { + "type": "rectangle", + "version": 440, + "versionNonce": 819540565, + "isDeleted": false, + "id": "TbejdIYo_qNDw15yLP2IB", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 406.0812257713851, + "y": 626.8305540252475, + "strokeColor": "#be4bdb", + "backgroundColor": "#f8f0fc", + "width": 340.12211164367193, + "height": 199, + "seed": 1553965333, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [], + "updated": 1697530083427, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 466, + "versionNonce": 663477, + "isDeleted": false, + "id": "wfFvnFZuh0npL9hh0ez7o", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 932.383278655946, + "y": 424.0107569968011, + "strokeColor": "#be4bdb", + "backgroundColor": "transparent", + "width": 481.2890625, + "height": 115, + "seed": 781497973, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [ + { + "id": "FU4jk6Tz6duLaaZE0Z55A", + "type": "arrow" + } + ], + "updated": 1697530083427, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 2, + "text": "Every pipeline consists of multiple workflows.\nEach defined by a separate YAML file and is named \nafter the filename.\nEach workflow has its own workspace (folder) which is\nused by all steps of that workflow.", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "Every pipeline consists of multiple workflows.\nEach defined by a separate YAML file and is named \nafter the filename.\nEach workflow has its own workspace (folder) which is\nused by all steps of that workflow.", + "lineHeight": 1.15, + "baseline": 110 + }, + { + "type": "arrow", + "version": 464, + "versionNonce": 734626075, + "isDeleted": false, + "id": "1ZbDRqbETCkEx62nCmnpJ", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 741.0645380446722, + "y": 492.31283255558515, + "strokeColor": "#2f9e44", + "backgroundColor": "transparent", + "width": 178.4459423531871, + "height": 83.08707392565111, + "seed": 536879061, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [], + "updated": 1697530083624, + "link": null, + "locked": false, + "startBinding": { + "elementId": "q4TKpiq2KAwPaz19GdhtK", + "focus": -0.7697471991854113, + "gap": 3.7450387249900814 + }, + "endBinding": { + "elementId": "Vu0JJ6ZWuEhEyCfxeHPtc", + "focus": -0.7822252364700005, + "gap": 8.360835317635974 + }, + "lastCommittedPoint": null, + "startArrowhead": "triangle", + "endArrowhead": null, + "points": [ + [ + 0, + 0 + ], + [ + 178.4459423531871, + 83.08707392565111 + ] + ] + }, + { + "type": "text", + "version": 327, + "versionNonce": 371646421, + "isDeleted": false, + "id": "Vu0JJ6ZWuEhEyCfxeHPtc", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 927.8713157154953, + "y": 563.2132686484658, + "strokeColor": "#2f9e44", + "backgroundColor": "transparent", + "width": 491.357421875, + "height": 46, + "seed": 385310005, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [ + { + "id": "1ZbDRqbETCkEx62nCmnpJ", + "type": "arrow" + } + ], + "updated": 1697530083427, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 2, + "text": "The default first step of each workflow is the clone step.\nIts fetches the specific code version for a pipeline.", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "The default first step of each workflow is the clone step.\nIts fetches the specific code version for a pipeline.", + "lineHeight": 1.15, + "baseline": 41 + }, + { + "type": "text", + "version": 91, + "versionNonce": 1180085909, + "isDeleted": false, + "id": "0tGx2VdJLNf7W6HD76dtO", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 427.6895298601876, + "y": 432.3583566254258, + "strokeColor": "#9c36b5", + "backgroundColor": "#a5d8ff", + "width": 143.876953125, + "height": 23, + "seed": 450883221, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530083427, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 2, + "text": "Workflow \"build\"", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "Workflow \"build\"", + "lineHeight": 1.15, + "baseline": 18 + }, + { + "type": "rectangle", + "version": 338, + "versionNonce": 957223925, + "isDeleted": false, + "id": "LQ2h2aO9uzDWyLG6OLn70", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 487.7251825950889, + "y": 685.3516128043414, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 247, + "height": 33, + "seed": 711939061, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "type": "text", + "id": "8EqaPnZX2CgLaF08UNZZg" + } + ], + "updated": 1697530083427, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 340, + "versionNonce": 510774613, + "isDeleted": false, + "id": "8EqaPnZX2CgLaF08UNZZg", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 563.4175654075889, + "y": 690.3516128043414, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 95.615234375, + "height": 23, + "seed": 1370164565, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530083427, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 2, + "text": "Clone step", + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "LQ2h2aO9uzDWyLG6OLn70", + "originalText": "Clone step", + "lineHeight": 1.15, + "baseline": 18 + }, + { + "type": "rectangle", + "version": 421, + "versionNonce": 97999541, + "isDeleted": false, + "id": "St9t4nwHuXXVlmjDqfn_Z", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 488.62754764266447, + "y": 731.6020558469675, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 247, + "height": 33, + "seed": 2145950389, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "type": "text", + "id": "DX10t075MMDu7BLtuUaij" + } + ], + "updated": 1697530083427, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 417, + "versionNonce": 2011446293, + "isDeleted": false, + "id": "DX10t075MMDu7BLtuUaij", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 580.4380945176645, + "y": 736.6020558469675, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 63.37890625, + "height": 23, + "seed": 500005909, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530083427, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 2, + "text": "1. Step", + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "St9t4nwHuXXVlmjDqfn_Z", + "originalText": "1. Step", + "lineHeight": 1.15, + "baseline": 18 + }, + { + "type": "rectangle", + "version": 475, + "versionNonce": 1284370805, + "isDeleted": false, + "id": "XVGBz_X5yN6xjWTosVH2n", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 487.04837438376217, + "y": 779.4318098510787, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 247, + "height": 33, + "seed": 1666134389, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [ + { + "type": "text", + "id": "-xogFSFcP-Vv5cuOSFm8T" + } + ], + "updated": 1697530083427, + "link": null, + "locked": false + }, + { + "type": "text", + "version": 476, + "versionNonce": 1092221653, + "isDeleted": false, + "id": "-xogFSFcP-Vv5cuOSFm8T", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 578.8589212587622, + "y": 784.4318098510787, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 63.37890625, + "height": 23, + "seed": 1840462549, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530083427, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 2, + "text": "2. Step", + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "XVGBz_X5yN6xjWTosVH2n", + "originalText": "2. Step", + "lineHeight": 1.15, + "baseline": 18 + }, + { + "type": "text", + "version": 125, + "versionNonce": 1310578741, + "isDeleted": false, + "id": "N1a9yL7Pts16hUKY9-vhw", + "fillStyle": "hachure", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 424.78852030984035, + "y": 646.2446482189896, + "strokeColor": "#be4bdb", + "backgroundColor": "#a5d8ff", + "width": 133.857421875, + "height": 23, + "seed": 361699381, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [], + "updated": 1697530083427, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 2, + "text": "Workflow \"test\"", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "Workflow \"test\"", + "lineHeight": 1.15, + "baseline": 18 + }, + { + "type": "arrow", + "version": 184, + "versionNonce": 2127603131, + "isDeleted": false, + "id": "O-YmtRLb8uFNqCAz22EoG", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 737.454940151797, + "y": 535.9141784615474, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 190.41665096887027, + "height": 112.96427727851824, + "seed": 80234901, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [], + "updated": 1697530083624, + "link": null, + "locked": false, + "startBinding": null, + "endBinding": { + "elementId": "0TjxOfERekC91N3yciQIq", + "focus": -0.8392895251910331, + "gap": 2.0300115262207328 + }, + "lastCommittedPoint": null, + "startArrowhead": "triangle", + "endArrowhead": null, + "points": [ + [ + 0, + 0 + ], + [ + 190.41665096887027, + 112.96427727851824 + ] + ] + }, + { + "type": "arrow", + "version": 327, + "versionNonce": 780710651, + "isDeleted": false, + "id": "379hO6Dc5rygB38JgDbVo", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 738.8084877231549, + "y": 591.3526691276127, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 186.8066399682357, + "height": 57.68023784868956, + "seed": 211046133, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 2 + }, + "boundElements": [], + "updated": 1697530083624, + "link": null, + "locked": false, + "startBinding": { + "elementId": "2WwuMWX7YawqK0i1rDPJo", + "focus": -0.5776522830934517, + "gap": 2.1657966147995467 + }, + "endBinding": { + "elementId": "0TjxOfERekC91N3yciQIq", + "focus": -0.7269489945238884, + "gap": 4.286474955497397 + }, + "lastCommittedPoint": null, + "startArrowhead": "triangle", + "endArrowhead": null, + "points": [ + [ + 0, + 0 + ], + [ + 186.8066399682357, + 57.68023784868956 + ] + ] + }, + { + "type": "text", + "version": 285, + "versionNonce": 1165977685, + "isDeleted": false, + "id": "0TjxOfERekC91N3yciQIq", + "fillStyle": "solid", + "strokeWidth": 4, + "strokeStyle": "solid", + "roughness": 0, + "opacity": 100, + "angle": 0, + "x": 929.901602646888, + "y": 632.4760859429873, + "strokeColor": "#2f9e44", + "backgroundColor": "#b2f2bb", + "width": 518.076171875, + "height": 46, + "seed": 997763157, + "groupIds": [], + "frameId": null, + "roundness": null, + "boundElements": [ + { + "id": "O-YmtRLb8uFNqCAz22EoG", + "type": "arrow" + }, + { + "id": "379hO6Dc5rygB38JgDbVo", + "type": "arrow" + } + ], + "updated": 1697530083427, + "link": null, + "locked": false, + "fontSize": 20, + "fontFamily": 2, + "text": "Additional steps are used to execute commands or plugins\nlike `make install` or release-to-github", + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "Additional steps are used to execute commands or plugins\nlike `make install` or release-to-github", + "lineHeight": 1.15, + "baseline": 41 + } + ], + "appState": { + "gridSize": null, + "viewBackgroundColor": "#ffffff" + }, + "files": {} +} diff --git a/docs/versioned_docs/version-3.4/20-usage/15-terminology/pipeline-workflow-step.svg b/docs/versioned_docs/version-3.4/20-usage/15-terminology/pipeline-workflow-step.svg new file mode 100644 index 000000000..4ea3aab0a --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/15-terminology/pipeline-workflow-step.svg @@ -0,0 +1,17 @@ + + + + + + + + PipelineClone step1. Step2. StepA pipeline is triggered by an eventlike a push, tag, manualEvery pipeline consists of multiple workflows.Each defined by a separate YAML file and is named after the filename.Each workflow has its own workspace (folder) which isused by all steps of that workflow.The default first step of each workflow is the clone step.Its fetches the specific code version for a pipeline.Workflow "build"Clone step1. Step2. StepWorkflow "test"Additional steps are used to execute commands or pluginslike `make install` or release-to-github diff --git a/docs/versioned_docs/version-2.7/20-usage/20-workflow-syntax.md b/docs/versioned_docs/version-3.4/20-usage/20-workflow-syntax.md similarity index 90% rename from docs/versioned_docs/version-2.7/20-usage/20-workflow-syntax.md rename to docs/versioned_docs/version-3.4/20-usage/20-workflow-syntax.md index 956401c7e..2f988790d 100644 --- a/docs/versioned_docs/version-2.7/20-usage/20-workflow-syntax.md +++ b/docs/versioned_docs/version-3.4/20-usage/20-workflow-syntax.md @@ -104,7 +104,7 @@ When using the `local` backend, the `image` entry is used to specify the shell, - go test - name: publish -+ image: plugins/docker ++ image: woodpeckerci/plugin-kaniko repo: foo/bar services: @@ -179,12 +179,6 @@ Woodpecker provides the ability to pass environment variables to individual step For more details, check the [environment docs](./50-environment.md). -### `secrets` - -Woodpecker provides the ability to store named parameters external to the YAML configuration file, in a central secret store. These secrets can be passed to individual steps of the workflow at runtime. - -For more details, check the [secrets docs](./40-secrets.md). - ### `failure` Some of the steps may be allowed to fail without causing the whole workflow and therefore pipeline to report a failure (e.g., a step executing a linting check). To enable this, add `failure: ignore` to your step. If Woodpecker encounters an error while executing the step, it will report it as failed but still executes the next steps of the workflow, if any, without affecting the status of the workflow. @@ -201,15 +195,13 @@ Some of the steps may be allowed to fail without causing the whole workflow and ### `when` - Conditional Execution -Woodpecker supports defining a list of conditions for a step by using a `when` block. If at least one of the conditions in the `when` block evaluate to true the step is executed, otherwise it is skipped. A condition is evaluated to true if _all_ subconditions are true. +Woodpecker supports defining a list of conditions for a step by using a `when` block. If at least one of the conditions in the `when` block evaluate to true the step is executed, otherwise it is skipped. A condition is evaluated to true if _all_ sub-conditions are true. A condition can be a check like: ```diff steps: - - name: slack - image: plugins/slack - settings: - channel: dev + - name: prettier + image: woodpeckerci/plugin-prettier + when: + - event: pull_request + repo: test/test @@ -217,7 +209,7 @@ A condition can be a check like: + branch: main ``` -The `slack` step is executed if one of these conditions is met: +The `prettier` step is executed if one of these conditions is met: 1. The pipeline is executed from a pull request in the repo `test/test` 2. The pipeline is executed from a push to `main` @@ -228,10 +220,8 @@ Example conditional execution by repository: ```diff steps: - - name: slack - image: plugins/slack - settings: - channel: dev + - name: prettier + image: woodpeckerci/plugin-prettier + when: + - repo: test/test ``` @@ -246,10 +236,8 @@ Example conditional execution by branch: ```diff steps: - - name: slack - image: plugins/slack - settings: - channel: dev + - name: prettier + image: woodpeckerci/plugin-prettier + when: + - branch: main ``` @@ -288,7 +276,16 @@ when: #### `event` -Available events: `push`, `pull_request`, `pull_request_closed`, `tag`, `release`, `deployment`, `cron`, `manual` +The available events are: + +- `push`: triggered when a commit is pushed to a branch. +- `pull_request`: triggered when a pull request is opened or a new commit is pushed to it. +- `pull_request_closed`: triggered when a pull request is closed or merged. +- `tag`: triggered when a tag is pushed. +- `release`: triggered when a release, pre-release or draft is created. (You can apply further filters using [evaluate](#evaluate) with [environment variables](./50-environment.md#built-in-environment-variables).) +- `deployment`: triggered when a deployment is created in the repository. (This event can be triggered from Woodpecker directly. GitHub also supports webhook triggers.) +- `cron`: triggered when a cron job is executed. +- `manual`: triggered when a user manually triggers a pipeline. Execute a step if the build event is a `tag`: @@ -339,14 +336,12 @@ when: #### `status` -There are use cases for executing steps on failure, such as sending notifications for failed workflow / pipeline. Use the status constraint to execute steps even when the workflow fails: +There are use cases for executing steps on failure, such as sending notifications for failed workflow/pipeline. Use the status constraint to execute steps even when the workflow fails: ```diff steps: - - name: slack - image: plugins/slack - settings: - channel: dev + - name: notify + image: alpine + when: + - status: [ success, failure ] ``` @@ -475,7 +470,7 @@ Normally steps of a workflow are executed serially in the order in which they ar - go build - name: deploy - image: plugins/docker + image: woodpeckerci/plugin-kaniko settings: repo: foo/bar + depends_on: [build, test] # deploy will be executed after build and test finished @@ -601,7 +596,7 @@ For more details check the [matrix build docs](./30-matrix-workflows.md). You can set labels for your workflow to select an agent to execute the workflow on. An agent will pick up and run a workflow when **every** label assigned to it matches the agents labels. -To set additional agent labels, check the [agent configuration options](../30-administration/15-agent-config.md#woodpecker_filter_labels). Agents will have at least four default labels: `platform=agent-os/agent-arch`, `hostname=my-agent`, `backend=docker` (type of the agent backend) and `repo=*`. Agents can use a `*` as a wildcard for a label. For example `repo=*` will match every repo. +To set additional agent labels, check the [agent configuration options](../30-administration/10-configuration/30-agent.md#agent_labels). Agents will have at least four default labels: `platform=agent-os/agent-arch`, `hostname=my-agent`, `backend=docker` (type of the agent backend) and `repo=*`. Agents can use a `*` as a wildcard for a label. For example `repo=*` will match every repo. Workflow labels with an empty value will be ignored. By default, each workflow has at least the `repo=your-user/your-repo-name` label. If you have set the [platform attribute](#platform) for your workflow it will have a label like `platform=your-os/your-arch` as well. @@ -683,16 +678,6 @@ Example configuration to use a custom clone plugin: + image: octocat/custom-git-plugin ``` -Example configuration to clone Mercurial repository: - -```diff - clone: - - name: hg -+ image: plugins/hg -+ settings: -+ path: bitbucket.org/foo/bar -``` - ### Git Submodules To use the credentials that cloned the repository to clone it's submodules, update `.gitmodules` to use `https` instead of `git`: @@ -740,10 +725,8 @@ Example conditional execution by branch: + branch: main + steps: - - name: slack - image: plugins/slack - settings: - channel: dev + - name: prettier + image: woodpeckerci/plugin-prettier ``` The workflow now triggers on `main`, but also if the target branch of a pull request is `main`. @@ -760,6 +743,25 @@ Woodpecker supports to define multiple workflows for a repository. Those workflo Workflows that should run even on failure should set the `runs_on` tag. See [here](./25-workflows.md#flow-control) for an example. +## Advanced network options for steps + +:::warning +Only allowed if 'Trusted Network' option is enabled in repo settings by an admin. +::: + +### `dns` + +If the backend engine understands to change the DNS server and lookup domain, +this options will be used to alter the default DNS config to a custom one for a specific step. + +```yaml +steps: + - name: build + image: plugin/abc + dns: 1.2.3.4 + dns_search: 'internal.company' +``` + ## Privileged mode Woodpecker gives the ability to configure privileged mode in the YAML. You can use this parameter to launch containers with escalated capabilities. @@ -777,8 +779,8 @@ Privileged mode is only available to trusted repositories and for security reaso commands: - docker --tls=false ps - - name: services - docker: + services: + - name: docker image: docker:dind commands: dockerd-entrypoint.sh --storage-driver=vfs --tls=false + privileged: true diff --git a/docs/versioned_docs/version-3.4/20-usage/25-workflows.md b/docs/versioned_docs/version-3.4/20-usage/25-workflows.md new file mode 100644 index 000000000..ef09d485e --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/25-workflows.md @@ -0,0 +1,118 @@ +# Workflows + +A pipeline has at least one workflow. A workflow is a set of steps that are executed in sequence using the same workspace which is a shared folder containing the repository and all the generated data from previous steps. + +In case there is a single configuration in `.woodpecker.yaml` Woodpecker will create a pipeline with a single workflow. + +By placing the configurations in a folder which is by default named `.woodpecker/` Woodpecker will create a pipeline with multiple workflows each named by the file they are defined in. Only `.yml` and `.yaml` files will be used and files in any subfolders like `.woodpecker/sub-folder/test.yaml` will be ignored. + +You can also set some custom path like `.my-ci/pipelines/` instead of `.woodpecker/` in the [project settings](./75-project-settings.md). + +## Benefits of using workflows + +- faster lint/test feedback, the workflow doesn't have to run fully to have a lint status pushed to the remote +- better organization of a pipeline along various concerns using one workflow for: testing, linting, building and deploying +- utilizing more agents to speed up the execution of the whole pipeline + +## Example workflow definition + +:::warning +Please note that files are only shared between steps of the same workflow (see [File changes are incremental](./20-workflow-syntax.md#file-changes-are-incremental)). That means you cannot access artifacts e.g. from the `build` workflow in the `deploy` workflow. +If you still need to pass artifacts between the workflows you need use some storage [plugin](./51-plugins/51-overview.md) (e.g. one which stores files in an Amazon S3 bucket). +::: + +```bash +.woodpecker/ +├── build.yaml +├── deploy.yaml +├── lint.yaml +└── test.yaml +``` + +```yaml title=".woodpecker/build.yaml" +steps: + - name: build + image: debian:stable-slim + commands: + - echo building + - sleep 5 +``` + +```yaml title=".woodpecker/deploy.yaml" +steps: + - name: deploy + image: debian:stable-slim + commands: + - echo deploying + +depends_on: + - lint + - build + - test +``` + +```yaml title=".woodpecker/test.yaml" +steps: + - name: test + image: debian:stable-slim + commands: + - echo testing + - sleep 5 + +depends_on: + - build +``` + +```yaml title=".woodpecker/lint.yaml" +steps: + - name: lint + image: debian:stable-slim + commands: + - echo linting + - sleep 5 +``` + +## Status lines + +Each workflow will report its own status back to your forge. + +## Flow control + +The workflows run in parallel on separate agents and share nothing. + +Dependencies between workflows can be set with the `depends_on` element. A workflow doesn't execute until all of its dependencies finished successfully. + +The name for a `depends_on` entry is the filename without the path, leading dots and without the file extension `.yml` or `.yaml`. If the project config for example uses `.woodpecker/` as path for CI files with a file named `.woodpecker/.lint.yaml` the corresponding `depends_on` entry would be `lint`. + +```diff + steps: + - name: deploy + image: debian:stable-slim + commands: + - echo deploying + ++depends_on: ++ - lint ++ - build ++ - test +``` + +Workflows that need to run even on failures should set the `runs_on` tag. + +```diff + steps: + - name: notify + image: debian:stable-slim + commands: + - echo notifying + + depends_on: + - deploy + ++runs_on: [ success, failure ] +``` + +:::info +Some workflows don't need the source code, like creating a notification on failure. +Read more about `skip_clone` at [pipeline syntax](./20-workflow-syntax.md#skip_clone) +::: diff --git a/docs/versioned_docs/version-3.4/20-usage/30-matrix-workflows.md b/docs/versioned_docs/version-3.4/20-usage/30-matrix-workflows.md new file mode 100644 index 000000000..54dcafadd --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/30-matrix-workflows.md @@ -0,0 +1,143 @@ +# Matrix workflows + +Woodpecker has integrated support for matrix workflows. Woodpecker executes a separate workflow for each combination in the matrix, allowing you to build and test against multiple configurations. + +Example matrix definition: + +```yaml +matrix: + GO_VERSION: + - 1.4 + - 1.3 + REDIS_VERSION: + - 2.6 + - 2.8 + - 3.0 +``` + +Example matrix definition containing only specific combinations: + +```yaml +matrix: + include: + - GO_VERSION: 1.4 + REDIS_VERSION: 2.8 + - GO_VERSION: 1.5 + REDIS_VERSION: 2.8 + - GO_VERSION: 1.6 + REDIS_VERSION: 3.0 +``` + +## Interpolation + +Matrix variables are interpolated in the YAML using the `${VARIABLE}` syntax, before the YAML is parsed. This is an example YAML file before interpolating matrix parameters: + +```yaml +matrix: + GO_VERSION: + - 1.4 + - 1.3 + DATABASE: + - mysql:8 + - mysql:5 + - mariadb:10.1 + +steps: + - name: build + image: golang:${GO_VERSION} + commands: + - go get + - go build + - go test + +services: + - name: database + image: ${DATABASE} +``` + +Example YAML file after injecting the matrix parameters: + +```diff + steps: + - name: build +- image: golang:${GO_VERSION} ++ image: golang:1.4 + commands: + - go get + - go build + - go test ++ environment: ++ - GO_VERSION=1.4 ++ - DATABASE=mysql:8 + + services: + - name: database +- image: ${DATABASE} ++ image: mysql:8 +``` + +## Examples + +### Example matrix pipeline based on Docker image tag + +```yaml +matrix: + TAG: + - 1.7 + - 1.8 + - latest + +steps: + - name: build + image: golang:${TAG} + commands: + - go build + - go test +``` + +### Example matrix pipeline based on container image + +```yaml +matrix: + IMAGE: + - golang:1.7 + - golang:1.8 + - golang:latest + +steps: + - name: build + image: ${IMAGE} + commands: + - go build + - go test +``` + +### Example matrix pipeline using multiple platforms + +```yaml +matrix: + platform: + - linux/amd64 + - linux/arm64 + +labels: + platform: ${platform} + +steps: + - name: test + image: alpine + commands: + - echo "I am running on ${platform}" + + - name: test-arm-only + image: alpine + commands: + - echo "I am running on ${platform}" + - echo "Arm is cool!" + when: + platform: linux/arm* +``` + +:::note +If you want to control the architecture of a pipeline on a Kubernetes runner, see [the nodeSelector documentation of the Kubernetes backend](../30-administration/10-configuration/11-backends/20-kubernetes.md#node-selector). +::: diff --git a/docs/versioned_docs/version-3.4/20-usage/40-secrets.md b/docs/versioned_docs/version-3.4/20-usage/40-secrets.md new file mode 100644 index 000000000..059bb52dd --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/40-secrets.md @@ -0,0 +1,156 @@ +# Secrets + +Woodpecker provides the ability to store named variables in a central secret store. +These secrets can be passed securely to individual pipeline steps using the `from_secret` keyword. + +Three different levels of secrets are available. +The following list shows the priority of these. +If a secret is defined in multiple levels, the following precedence applies: Repository secrets > Organization secrets > Global secrets. + +1. **Repository secrets**: Available to all pipelines of a repository. +1. **Organization secrets**: Available to all pipelines of an organization. +1. **Global secrets**: Can only be set by instance admins. + Global secret are available to all pipelines of the **entire** Woodpecker instance and should therefore be used with caution. + +:::tip +In addition to the native secret integration, external secret providers can be utilized by interacting with them directly within pipeline steps. +Access to these providers can be configured using Woodpecker secrets, enabling the retrieval of secrets from the respective external sources. +::: + +:::warning +Woodpecker can mask secrets from its native secret store, but it cannot apply the same protection to external secrets. As a result, these external secrets may be exposed in the pipeline logs. +::: + +## Usage + +You can set a setting or environment value from Woodpecker secrets using the `from_secret` syntax. + +The example below passes a secret called `secret_token` which will be stored in an environment variable named `TOKEN_ENV`: + +```diff + steps: + - name: 'step name' + image: registry/repo/image:tag + commands: ++ - echo "The secret is $TOKEN_ENV" ++ environment: ++ TOKEN_ENV: ++ from_secret: secret_token +``` + +The same syntax can be used to pass secrets to (plugin) settings. +A secret named `secret_token` is assigned to the setting `TOKEN`, which will then be available in the plugin as environment variable `PLUGIN_TOKEN` (see [plugins](./51-plugins/20-creating-plugins.md#settings) for details). +`PLUGIN_TOKEN` is then internally consumed by the plugin itself and will be honored during execution. + +```diff + steps: + - name: 'step name' + image: registry/repo/image:tag ++ settings: ++ TOKEN: ++ from_secret: secret_token +``` + +### Note about parameter pre-processing + +Please note that parameter expressions undergo pre-processing, meaning they are evaluated before the pipeline starts. +If secrets are to be used in expressions, they must be properly escaped (using `$$`) to ensure correct handling. + +```diff + steps: + - name: docker + image: docker + commands: +- - echo ${TOKEN_ENV} ++ - echo $${TOKEN_ENV} + environment: + TOKEN_ENV: + from_secret: secret_token +``` + +### Use in Pull Requests events + +By default, secrets are not exposed to pull requests. +However, you can change this behavior by creating the secret and enabling the `pull_request` event type. +This can be configured either through the UI or via the CLI, as demonstrated below. + +:::warning +Be cautious when exposing secrets to pull requests. +If your repository is public and initiates pull request runs without requiring approval, your secrets may be at risk. +Malicious actors could potentially exploit this to expose or transmit your secrets to an external location. +::: + +## Plugins filter + +To prevent abusing your secrets from malicious usage, you can limit a secret to a list of plugins. +If enabled they are not available to any other plugin (steps without user-defined commands). +Plugins have the advantage that they cannot run arbitrary commands, hence they cannot be used to expose secrets (in contrast to arbitrary steps). + +:::note +If you specify a tag, the filter will honor it. +However, if the same image appears multiple times in the list, the least privileged entry takes precedence. +For example, an image without a tag will permit all tags, even if another entry with a pinned tag is included. +::: + +![plugins filter](./secrets-plugins-filter.png) + +## Adding Secrets + +Secrets can be added through the UI or via the CLI. + +### CLI Examples + +Create the secret using default settings. +The secret will be available to all images in your pipeline, and will be available to all `push`, `tag`, and `deployment` events (not `pull_request` events). + +```bash +woodpecker-cli repo secret add \ + --repository octocat/hello-world \ + --name aws_access_key_id \ + --value +``` + +Create the secret and limit it to a single image: + +```diff + woodpecker-cli secret add \ + --repository octocat/hello-world \ ++ --image woodpeckerci/plugin-s3 \ + --name aws_access_key_id \ + --value +``` + +Create the secrets and limit it to a set of images: + +```diff + woodpecker-cli repo secret add \ + --repository octocat/hello-world \ ++ --image woodpeckerci/plugin-s3 \ ++ --image woodpeckerci/plugin-docker-buildx \ + --name aws_access_key_id \ + --value +``` + +Create the secret and enable it for multiple hook events: + +```diff + woodpecker-cli repo secret add \ + --repository octocat/hello-world \ + --image woodpeckerci/plugin-s3 \ ++ --event pull_request \ ++ --event push \ ++ --event tag \ + --name aws_access_key_id \ + --value +``` + +Secrets can be loaded from a file using the `@` syntax. +This method is recommended for loading secrets from a file, as it ensures that newlines are preserved (this is for example important for SSH keys). +Here’s an example: + +```diff + woodpecker-cli repo secret add \ + -repository octocat/hello-world \ + -name ssh_key \ ++ -value @/root/ssh/id_rsa +``` diff --git a/docs/versioned_docs/version-3.4/20-usage/41-registries.md b/docs/versioned_docs/version-3.4/20-usage/41-registries.md new file mode 100644 index 000000000..ebbdbbea4 --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/41-registries.md @@ -0,0 +1,69 @@ +# Registries + +Woodpecker provides the ability to add container registries in the settings of your repository. Adding a registry allows you to authenticate and pull private images from a container registry when using these images as a step inside your pipeline. Using registry credentials can also help you avoid rate limiting when pulling images from public registries. + +## Images from private registries + +You must provide registry credentials in the UI in order to pull private container images defined in your YAML configuration file. + +These credentials are never exposed to your steps, which means they cannot be used to push, and are safe to use with pull requests, for example. Pushing to a registry still requires setting credentials for the appropriate plugin. + +Example configuration using a private image: + +```diff + steps: + - name: build ++ image: gcr.io/custom/golang + commands: + - go build + - go test +``` + +Woodpecker matches the registry hostname to each image in your YAML. If the hostnames match, the registry credentials are used to authenticate to your registry and pull the image. Note that registry credentials are used by the Woodpecker agent and are never exposed to your build containers. + +Example registry hostnames: + +- Image `gcr.io/foo/bar` has hostname `gcr.io` +- Image `foo/bar` has hostname `docker.io` +- Image `qux.com:8000/foo/bar` has hostname `qux.com:8000` + +Example registry hostname matching logic: + +- Hostname `gcr.io` matches image `gcr.io/foo/bar` +- Hostname `docker.io` matches `golang` +- Hostname `docker.io` matches `library/golang` +- Hostname `docker.io` matches `bradrydzewski/golang` +- Hostname `docker.io` matches `bradrydzewski/golang:latest` + +## Global registry support + +To make a private registry globally available, check the [server configuration docs](../30-administration/10-configuration/10-server.md#docker_config). + +## GCR registry support + +For specific details on configuring access to Google Container Registry, please view the docs [here](https://cloud.google.com/container-registry/docs/advanced-authentication#using_a_json_key_file). + +## Local Images + +:::warning +For this, privileged rights are needed only available to admins. In addition, this only works when using a single agent. +::: + +It's possible to build a local image by mounting the docker socket as a volume. + +With a `Dockerfile` at the root of the project: + +```yaml +steps: + - name: build-image + image: docker + commands: + - docker build --rm -t local/project-image . + volumes: + - /var/run/docker.sock:/var/run/docker.sock + + - name: build-project + image: local/project-image + commands: + - ./build.sh +``` diff --git a/docs/versioned_docs/version-3.4/20-usage/45-cron.md b/docs/versioned_docs/version-3.4/20-usage/45-cron.md new file mode 100644 index 000000000..2cb088122 --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/45-cron.md @@ -0,0 +1,28 @@ +# Cron + +To configure cron jobs you need at least push access to the repository. + +## Add a new cron job + +1. To create a new cron job adjust your pipeline config(s) and add the event filter to all steps you would like to run by the cron job: + + ```diff + steps: + - name: sync_locales + image: weblate_sync + settings: + url: example.com + token: + from_secret: weblate_token + + when: + + event: cron + + cron: "name of the cron job" # if you only want to execute this step by a specific cron job + ``` + +2. Create a new cron job in the repository settings: + + ![cron settings](./cron-settings.png) + + The supported schedule syntax can be found at . If you need general understanding of the cron syntax is a good place to start and experiment. + + Examples: `@every 5m`, `@daily`, `30 * * * *` ... diff --git a/docs/versioned_docs/version-3.4/20-usage/50-environment.md b/docs/versioned_docs/version-3.4/20-usage/50-environment.md new file mode 100644 index 000000000..746cb7634 --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/50-environment.md @@ -0,0 +1,223 @@ +# Environment variables + +Woodpecker provides the ability to pass environment variables to individual pipeline steps. Note that these can't overwrite any existing, built-in variables. Example pipeline step with custom environment variables: + +```diff + steps: + - name: build + image: golang ++ environment: ++ CGO: 0 ++ GOOS: linux ++ GOARCH: amd64 + commands: + - go build + - go test +``` + +Please note that the environment section is not able to expand environment variables. If you need to expand variables they should be exported in the commands section. + +```diff + steps: + - name: build + image: golang +- environment: +- - PATH=$PATH:/go + commands: ++ - export PATH=$PATH:/go + - go build + - go test +``` + +:::warning +`${variable}` expressions are subject to pre-processing. If you do not want the pre-processor to evaluate your expression it must be escaped: +::: + +```diff + steps: + - name: build + image: golang + commands: +- - export PATH=${PATH}:/go ++ - export PATH=$${PATH}:/go + - go build + - go test +``` + +## Built-in environment variables + +This is the reference list of all environment variables available to your pipeline containers. These are injected into your pipeline step and plugins containers, at runtime. + +| NAME | Description | Example | +| -------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------ | +| `CI` | CI environment name | `woodpecker` | +| | **Repository** | | +| `CI_REPO` | repository full name `/` | `john-doe/my-repo` | +| `CI_REPO_OWNER` | repository owner | `john-doe` | +| `CI_REPO_NAME` | repository name | `my-repo` | +| `CI_REPO_REMOTE_ID` | repository remote ID, is the UID it has in the forge | `82` | +| `CI_REPO_URL` | repository web URL | `https://git.example.com/john-doe/my-repo` | +| `CI_REPO_CLONE_URL` | repository clone URL | `https://git.example.com/john-doe/my-repo.git` | +| `CI_REPO_CLONE_SSH_URL` | repository SSH clone URL | `git@git.example.com:john-doe/my-repo.git` | +| `CI_REPO_DEFAULT_BRANCH` | repository default branch | `main` | +| `CI_REPO_PRIVATE` | repository is private | `true` | +| `CI_REPO_TRUSTED_NETWORK` | repository has trusted network access | `false` | +| `CI_REPO_TRUSTED_VOLUMES` | repository has trusted volumes access | `false` | +| `CI_REPO_TRUSTED_SECURITY` | repository has trusted security access | `false` | +| | **Current Commit** | | +| `CI_COMMIT_SHA` | commit SHA | `eba09b46064473a1d345da7abf28b477468e8dbd` | +| `CI_COMMIT_REF` | commit ref | `refs/heads/main` | +| `CI_COMMIT_REFSPEC` | commit ref spec | `issue-branch:main` | +| `CI_COMMIT_BRANCH` | commit branch (equals target branch for pull requests) | `main` | +| `CI_COMMIT_SOURCE_BRANCH` | commit source branch (set only for `pull_request` and `pull_request_closed` events) | `issue-branch` | +| `CI_COMMIT_TARGET_BRANCH` | commit target branch (set only for `pull_request` and `pull_request_closed` events) | `main` | +| `CI_COMMIT_TAG` | commit tag name (empty if event is not `tag`) | `v1.10.3` | +| `CI_COMMIT_PULL_REQUEST` | commit pull request number (set only for `pull_request` and `pull_request_closed` events) | `1` | +| `CI_COMMIT_PULL_REQUEST_LABELS` | labels assigned to pull request (set only for `pull_request` and `pull_request_closed` events) | `server` | +| `CI_COMMIT_MESSAGE` | commit message | `Initial commit` | +| `CI_COMMIT_AUTHOR` | commit author username | `john-doe` | +| `CI_COMMIT_AUTHOR_EMAIL` | commit author email address | `john-doe@example.com` | +| `CI_COMMIT_AUTHOR_AVATAR` | commit author avatar | `https://git.example.com/avatars/5dcbcadbce6f87f8abef` | +| `CI_COMMIT_PRERELEASE` | release is a pre-release (empty if event is not `release`) | `false` | +| | **Current pipeline** | | +| `CI_PIPELINE_NUMBER` | pipeline number | `8` | +| `CI_PIPELINE_PARENT` | number of parent pipeline | `0` | +| `CI_PIPELINE_EVENT` | pipeline event (see [`event`](../20-usage/20-workflow-syntax.md#event)) | `push`, `pull_request`, `pull_request_closed`, `tag`, `release`, `manual`, `cron` | +| `CI_PIPELINE_URL` | link to the web UI for the pipeline | `https://ci.example.com/repos/7/pipeline/8` | +| `CI_PIPELINE_FORGE_URL` | link to the forge's web UI for the commit(s) or tag that triggered the pipeline | `https://git.example.com/john-doe/my-repo/commit/eba09b46064473a1d345da7abf28b477468e8dbd` | +| `CI_PIPELINE_DEPLOY_TARGET` | pipeline deploy target for `deployment` events | `production` | +| `CI_PIPELINE_DEPLOY_TASK` | pipeline deploy task for `deployment` events | `migration` | +| `CI_PIPELINE_CREATED` | pipeline created UNIX timestamp | `1722617519` | +| `CI_PIPELINE_STARTED` | pipeline started UNIX timestamp | `1722617519` | +| `CI_PIPELINE_FILES` | changed files (empty if event is not `push` or `pull_request`), it is undefined if more than 500 files are touched | `[]`, `[".woodpecker.yml","README.md"]` | +| | **Current workflow** | | +| `CI_WORKFLOW_NAME` | workflow name | `release` | +| | **Current step** | | +| `CI_STEP_NAME` | step name | `build package` | +| `CI_STEP_NUMBER` | step number | `0` | +| `CI_STEP_STARTED` | step started UNIX timestamp | `1722617519` | +| `CI_STEP_URL` | URL to step in UI | `https://ci.example.com/repos/7/pipeline/8` | +| | **Previous commit** | | +| `CI_PREV_COMMIT_SHA` | previous commit SHA | `15784117e4e103f36cba75a9e29da48046eb82c4` | +| `CI_PREV_COMMIT_REF` | previous commit ref | `refs/heads/main` | +| `CI_PREV_COMMIT_REFSPEC` | previous commit ref spec | `issue-branch:main` | +| `CI_PREV_COMMIT_BRANCH` | previous commit branch | `main` | +| `CI_PREV_COMMIT_SOURCE_BRANCH` | previous commit source branch (set only for `pull_request` and `pull_request_closed` events) | `issue-branch` | +| `CI_PREV_COMMIT_TARGET_BRANCH` | previous commit target branch (set only for `pull_request` and `pull_request_closed` events) | `main` | +| `CI_PREV_COMMIT_URL` | previous commit link in forge | `https://git.example.com/john-doe/my-repo/commit/15784117e4e103f36cba75a9e29da48046eb82c4` | +| `CI_PREV_COMMIT_MESSAGE` | previous commit message | `test` | +| `CI_PREV_COMMIT_AUTHOR` | previous commit author username | `john-doe` | +| `CI_PREV_COMMIT_AUTHOR_EMAIL` | previous commit author email address | `john-doe@example.com` | +| `CI_PREV_COMMIT_AUTHOR_AVATAR` | previous commit author avatar | `https://git.example.com/avatars/12` | +| | **Previous pipeline** | | +| `CI_PREV_PIPELINE_NUMBER` | previous pipeline number | `7` | +| `CI_PREV_PIPELINE_PARENT` | previous pipeline number of parent pipeline | `0` | +| `CI_PREV_PIPELINE_EVENT` | previous pipeline event (see [`event`](../20-usage/20-workflow-syntax.md#event)) | `push`, `pull_request`, `pull_request_closed`, `tag`, `release`, `manual`, `cron` | +| `CI_PREV_PIPELINE_URL` | previous pipeline link in CI | `https://ci.example.com/repos/7/pipeline/7` | +| `CI_PREV_PIPELINE_FORGE_URL` | previous pipeline link to event in forge | `https://git.example.com/john-doe/my-repo/commit/15784117e4e103f36cba75a9e29da48046eb82c4` | +| `CI_PREV_PIPELINE_DEPLOY_TARGET` | previous pipeline deploy target for `deployment` events | `production` | +| `CI_PREV_PIPELINE_DEPLOY_TASK` | previous pipeline deploy task for `deployment` events | `migration` | +| `CI_PREV_PIPELINE_STATUS` | previous pipeline status | `success`, `failure` | +| `CI_PREV_PIPELINE_CREATED` | previous pipeline created UNIX timestamp | `1722610173` | +| `CI_PREV_PIPELINE_STARTED` | previous pipeline started UNIX timestamp | `1722610173` | +| `CI_PREV_PIPELINE_FINISHED` | previous pipeline finished UNIX timestamp | `1722610383` | +| |   | | +| `CI_WORKSPACE` | Path of the workspace where source code gets cloned to | `/woodpecker/src/git.example.com/john-doe/my-repo` | +| | **System** | | +| `CI_SYSTEM_NAME` | name of the CI system | `woodpecker` | +| `CI_SYSTEM_URL` | link to CI system | `https://ci.example.com` | +| `CI_SYSTEM_HOST` | hostname of CI server | `ci.example.com` | +| `CI_SYSTEM_VERSION` | version of the server | `2.7.0` | +| | **Forge** | | +| `CI_FORGE_TYPE` | name of forge | `bitbucket` , `bitbucket_dc` , `forgejo` , `gitea` , `github` , `gitlab` | +| `CI_FORGE_URL` | root URL of configured forge | `https://git.example.com` | +| | **Internal** - Please don't use! | | +| `CI_SCRIPT` | Internal script path. Used to call pipeline step commands. | | +| `CI_NETRC_USERNAME` | Credentials for private repos to be able to clone data. (Only available for specific images) | | +| `CI_NETRC_PASSWORD` | Credentials for private repos to be able to clone data. (Only available for specific images) | | +| `CI_NETRC_MACHINE` | Credentials for private repos to be able to clone data. (Only available for specific images) | | + +## Global environment variables + +If you want specific environment variables to be available in all of your pipelines use the `WOODPECKER_ENVIRONMENT` setting on the Woodpecker server. Note that these can't overwrite any existing, built-in variables. + +```ini +WOODPECKER_ENVIRONMENT=first_var:value1,second_var:value2 +``` + +These can be used, for example, to manage the image tag used by multiple projects. + +```ini +WOODPECKER_ENVIRONMENT=GOLANG_VERSION:1.18 +``` + +```diff + steps: + - name: build +- image: golang:1.18 ++ image: golang:${GOLANG_VERSION} + commands: + - [...] +``` + +## String Substitution + +Woodpecker provides the ability to substitute environment variables at runtime. This gives us the ability to use dynamic settings, commands and filters in our pipeline configuration. + +Example commit substitution: + +```diff + steps: + - name: docker + image: woodpeckerci/plugin-kaniko + settings: ++ tags: ${CI_COMMIT_SHA} +``` + +Example tag substitution: + +```diff + steps: + - name: docker + image: woodpeckerci/plugin-kaniko + settings: ++ tags: ${CI_COMMIT_TAG} +``` + +## String Operations + +Woodpecker also emulates bash string operations. This gives us the ability to manipulate the strings prior to substitution. Example use cases might include substring and stripping prefix or suffix values. + +| OPERATION | DESCRIPTION | +| ------------------ | ------------------------------------------------ | +| `${param}` | parameter substitution | +| `${param,}` | parameter substitution with lowercase first char | +| `${param,,}` | parameter substitution with lowercase | +| `${param^}` | parameter substitution with uppercase first char | +| `${param^^}` | parameter substitution with uppercase | +| `${param:pos}` | parameter substitution with substring | +| `${param:pos:len}` | parameter substitution with substring and length | +| `${param=default}` | parameter substitution with default | +| `${param##prefix}` | parameter substitution with prefix removal | +| `${param%%suffix}` | parameter substitution with suffix removal | +| `${param/old/new}` | parameter substitution with find and replace | + +Example variable substitution with substring: + +```diff + steps: + - name: docker + image: woodpeckerci/plugin-kaniko + settings: ++ tags: ${CI_COMMIT_SHA:0:8} +``` + +Example variable substitution strips `v` prefix from `v.1.0.0`: + +```diff + steps: + - name: docker + image: woodpeckerci/plugin-kaniko + settings: ++ tags: ${CI_COMMIT_TAG##v} +``` diff --git a/docs/versioned_docs/version-3.4/20-usage/51-plugins/20-creating-plugins.md b/docs/versioned_docs/version-3.4/20-usage/51-plugins/20-creating-plugins.md new file mode 100644 index 000000000..4591a1d1a --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/51-plugins/20-creating-plugins.md @@ -0,0 +1,139 @@ +# Creating plugins + +Creating a new plugin is simple: Build a Docker container which uses your plugin logic as the ENTRYPOINT. + +## Settings + +To allow users to configure the behavior of your plugin, you should use `settings:`. + +These are passed to your plugin as uppercase env vars with a `PLUGIN_` prefix. +Using a setting like `url` results in an env var named `PLUGIN_URL`. + +Characters like `-` are converted to an underscore (`_`). `some_String` gets `PLUGIN_SOME_STRING`. +CamelCase is not respected, `anInt` get `PLUGIN_ANINT`. + +### Basic settings + +Using any basic YAML type (scalar) will be converted into a string: + +| Setting | Environment value | +| -------------------- | ---------------------------- | +| `some-bool: false` | `PLUGIN_SOME_BOOL="false"` | +| `some_String: hello` | `PLUGIN_SOME_STRING="hello"` | +| `anInt: 3` | `PLUGIN_ANINT="3"` | + +### Complex settings + +It's also possible to use complex settings like this: + +```yaml +steps: + - name: plugin + image: foo/plugin + settings: + complex: + abc: 2 + list: + - 2 + - 3 +``` + +Values like this are converted to JSON and then passed to your plugin. In the example above, the environment variable `PLUGIN_COMPLEX` would contain `{"abc": "2", "list": [ "2", "3" ]}`. + +### Secrets + +Secrets should be passed as settings too. Therefore, users should use [`from_secret`](../40-secrets.md#usage). + +## Plugin library + +For Go, we provide a plugin library you can use to get easy access to internal env vars and your settings. See . + +## Metadata + +In your documentation, you can use a Markdown header to define metadata for your plugin. This data is used by [our plugin index](/plugins). + +Supported metadata: + +- `name`: The plugin's full name +- `icon`: URL to your plugin's icon +- `description`: A short description of what it's doing +- `author`: Your name +- `tags`: List of keywords (e.g. `[git, clone]` for the clone plugin) +- `containerImage`: name of the container image +- `containerImageUrl`: link to the container image +- `url`: homepage or repository of your plugin + +If you want your plugin to be listed in the index, you should add as many fields as possible, but only `name` is required. + +## Example plugin + +This provides a brief tutorial for creating a Woodpecker webhook plugin, using simple shell scripting, to make HTTP requests during the build pipeline. + +### What end users will see + +The below example demonstrates how we might configure a webhook plugin in the YAML file: + +```yaml +steps: + - name: webhook + image: foo/webhook + settings: + url: https://example.com + method: post + body: | + hello world +``` + +### Write the logic + +Create a simple shell script that invokes curl using the YAML configuration parameters, which are passed to the script as environment variables in uppercase and prefixed with `PLUGIN_`. + +```bash +#!/bin/sh + +curl \ + -X ${PLUGIN_METHOD} \ + -d ${PLUGIN_BODY} \ + ${PLUGIN_URL} +``` + +### Package it + +Create a Dockerfile that adds your shell script to the image, and configures the image to execute your shell script as the main entrypoint. + +```dockerfile +# please pin the version, e.g. alpine:3.19 +FROM alpine +ADD script.sh /bin/ +RUN chmod +x /bin/script.sh +RUN apk -Uuv add curl ca-certificates +ENTRYPOINT /bin/script.sh +``` + +Build and publish your plugin to the Docker registry. Once published, your plugin can be shared with the broader Woodpecker community. + +```shell +docker build -t foo/webhook . +docker push foo/webhook +``` + +Execute your plugin locally from the command line to verify it is working: + +```shell +docker run --rm \ + -e PLUGIN_METHOD=post \ + -e PLUGIN_URL=https://example.com \ + -e PLUGIN_BODY="hello world" \ + foo/webhook +``` + +## Best practices + +- Build your plugin for different architectures to allow many users to use them. + At least, you should support `amd64` and `arm64`. +- Provide binaries for users using the `local` backend. + These should also be built for different OS/architectures. +- Use [built-in env vars](../50-environment.md#built-in-environment-variables) where possible. +- Do not use any configuration except settings (and internal env vars). This means: Don't require using [`environment`](../50-environment.md) and don't require specific secret names. +- Add a `docs.md` file, listing all your settings and plugin metadata ([example](https://github.com/woodpecker-ci/plugin-git/blob/main/docs.md)). +- Add your plugin to the [plugin index](/plugins) using your `docs.md` ([the example above in the index](https://woodpecker-ci.org/plugins/Git%20Clone)). diff --git a/docs/versioned_docs/version-3.4/20-usage/51-plugins/51-overview.md b/docs/versioned_docs/version-3.4/20-usage/51-plugins/51-overview.md new file mode 100644 index 000000000..7da822a47 --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/51-plugins/51-overview.md @@ -0,0 +1,68 @@ +# Plugins + +Plugins are pipeline steps that perform pre-defined tasks and are configured as steps in your pipeline. +Plugins can be used to deploy code, publish artifacts, send notification, and more. + +They are automatically pulled from the default container registry the agent's have configured. + +```dockerfile title="Dockerfile" +FROM cloud/kubectl +COPY deploy /usr/local/deploy +ENTRYPOINT ["/usr/local/deploy"] +``` + +```bash title="deploy" +kubectl apply -f $PLUGIN_TEMPLATE +``` + +```yaml title=".woodpecker.yaml" +steps: + - name: deploy-to-k8s + image: cloud/my-k8s-plugin + settings: + template: config/k8s/service.yaml +``` + +Example pipeline using the Docker and Prettier plugins: + +```yaml +steps: + - name: build + image: golang + commands: + - go build + - go test + + - name: prettier + image: woodpeckerci/plugin-prettier + + - name: publish + image: woodpeckerci/plugin-kaniko + settings: + repo: foo/bar + tags: latest +``` + +## Plugin Isolation + +Plugins are just pipeline steps. They share the build workspace, mounted as a volume, and therefore have access to your source tree. +While normal steps are all about arbitrary code execution, plugins should only allow the functions intended by the plugin author. + +That's why there are a few limitations. The workspace base is always mounted at `/woodpecker`, but the working directory is dynamically +adjusted accordingly, as user of a plugin you should not have to care about this. Also, you cannot use the plugin together with `commands` +or `entrypoint` which will fail. Using `environment` is possible, but in this case, the plugin is internally not treated as plugin +anymore. The container then cannot access secrets with plugin filter anymore and the containers won't be privileged without explicit definition. + +## Finding Plugins + +For official plugins, you can use the Woodpecker plugin index: + +- [Official Woodpecker Plugins](https://woodpecker-ci.org/plugins) + +:::tip +There are also other plugin lists with additional plugins. Keep in mind that [Drone](https://www.drone.io/) plugins are generally supported, but could need some adjustments and tweaking. + +- [Drone Plugins](http://plugins.drone.io) +- [Geeklab Woodpecker Plugins](https://woodpecker-plugins.geekdocs.de/) + +::: diff --git a/docs/versioned_docs/version-3.4/20-usage/51-plugins/_category_.yaml b/docs/versioned_docs/version-3.4/20-usage/51-plugins/_category_.yaml new file mode 100644 index 000000000..ecdc198db --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/51-plugins/_category_.yaml @@ -0,0 +1,7 @@ +label: 'Plugins' +# position: 2 +collapsible: true +collapsed: true +link: + type: 'doc' + id: 'overview' diff --git a/docs/versioned_docs/version-3.4/20-usage/60-services.md b/docs/versioned_docs/version-3.4/20-usage/60-services.md new file mode 100644 index 000000000..14262855c --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/60-services.md @@ -0,0 +1,114 @@ +# Services + +Woodpecker provides a services section in the YAML file used for defining service containers. +The below configuration composes database and cache containers. + +Services are accessed using custom hostnames. +In the example below, the MySQL service is assigned the hostname `database` and is available at `database:3306`. + +```yaml +steps: + - name: build + image: golang + commands: + - go build + - go test + +services: + - name: database + image: mysql + + - name: cache + image: redis +``` + +You can define a port and a protocol explicitly: + +```yaml +services: + - name: database + image: mysql + ports: + - 3306 + + - name: wireguard + image: wg + ports: + - 51820/udp +``` + +## Configuration + +Service containers generally expose environment variables to customize service startup such as default usernames, passwords and ports. Please see the official image documentation to learn more. + +```diff + services: + - name: database + image: mysql ++ environment: ++ - MYSQL_DATABASE=test ++ - MYSQL_ALLOW_EMPTY_PASSWORD=yes + + - name: cache + image: redis +``` + +## Detachment + +Service and long running containers can also be included in the pipeline section of the configuration using the detach parameter without blocking other steps. This should be used when explicit control over startup order is required. + +```diff + steps: + - name: build + image: golang + commands: + - go build + - go test + + - name: database + image: redis ++ detach: true + + - name: test + image: golang + commands: + - go test +``` + +Containers from detached steps will terminate when the pipeline ends. + +## Initialization + +Service containers require time to initialize and begin to accept connections. If you are unable to connect to a service you may need to wait a few seconds or implement a backoff. + +```diff + steps: + - name: test + image: golang + commands: ++ - sleep 15 + - go get + - go test + + services: + - name: database + image: mysql +``` + +## Complete Pipeline Example + +```yaml +services: + - name: database + image: mysql + environment: + - MYSQL_DATABASE=test + - MYSQL_ROOT_PASSWORD=example +steps: + - name: get-version + image: ubuntu + commands: + - ( apt update && apt dist-upgrade -y && apt install -y mysql-client 2>&1 )> /dev/null + - sleep 30s # need to wait for mysql-server init + - echo 'SHOW VARIABLES LIKE "version"' | mysql -u root -h database test -p example +``` diff --git a/docs/versioned_docs/version-3.4/20-usage/70-volumes.md b/docs/versioned_docs/version-3.4/20-usage/70-volumes.md new file mode 100644 index 000000000..6897053fb --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/70-volumes.md @@ -0,0 +1,27 @@ +# Volumes + +Woodpecker gives the ability to define Docker volumes in the YAML. You can use this parameter to mount files or folders on the host machine into your containers. + +:::note +Volumes are only available to trusted repositories and for security reasons should only be used in private environments. See [project settings](./75-project-settings.md#trusted) to enable trusted mode. +::: + +```diff + steps: + - name: build + image: docker + commands: + - docker build --rm -t octocat/hello-world . + - docker run --rm octocat/hello-world --test + - docker push octocat/hello-world + - docker rmi octocat/hello-world + volumes: ++ - /var/run/docker.sock:/var/run/docker.sock +``` + +Please note that Woodpecker mounts volumes on the host machine. This means you must use absolute paths when you configure volumes. Attempting to use relative paths will result in an error. + +```diff +-volumes: [ ./certs:/etc/ssl/certs ] ++volumes: [ /etc/ssl/certs:/etc/ssl/certs ] +``` diff --git a/docs/versioned_docs/version-3.4/20-usage/72-linter.md b/docs/versioned_docs/version-3.4/20-usage/72-linter.md new file mode 100644 index 000000000..4fae3d643 --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/72-linter.md @@ -0,0 +1,62 @@ +# Linter + +Woodpecker automatically lints your workflow files for errors, deprecations and bad habits. Errors and warnings are shown in the UI for any pipelines. + +![errors and warnings in UI](./linter-warnings-errors.png) + +## Running the linter from CLI + +You can run the linter also manually from the CLI: + +```shell +woodpecker-cli lint +``` + +## Bad habit warnings + +Woodpecker warns you if your configuration contains some bad habits. + +### Event filter for all steps + +All your items in `when` blocks should have an `event` filter, so no step runs on all events. This is recommended because if new events are added, your steps probably shouldn't run on those as well. + +Examples of an **incorrect** config for this rule: + +```yaml +when: + - branch: main + - event: tag +``` + +This will trigger the warning because the first item (`branch: main`) does not filter with an event. + +```yaml +steps: + - name: test + when: + branch: main + + - name: deploy + when: + event: tag +``` + +Examples of a **correct** config for this rule: + +```yaml +when: + - branch: main + event: push + - event: tag +``` + +```yaml +steps: + - name: test + when: + event: [tag, push] + + - name: deploy + when: + - event: tag +``` diff --git a/docs/versioned_docs/version-3.4/20-usage/75-project-settings.md b/docs/versioned_docs/version-3.4/20-usage/75-project-settings.md new file mode 100644 index 000000000..d4495c41b --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/75-project-settings.md @@ -0,0 +1,72 @@ +# Project settings + +As the owner of a project in Woodpecker you can change project related settings via the web interface. + +![project settings](./project-settings.png) + +## Pipeline path + +The path to the pipeline config file or folder. By default it is left empty which will use the following configuration resolution `.woodpecker/*.{yaml,yml}` -> `.woodpecker.yaml` -> `.woodpecker.yml`. If you set a custom path Woodpecker tries to load your configuration or fails if no configuration could be found at the specified location. To use a [multiple workflows](./25-workflows.md) with a custom path you have to change it to a folder path ending with a `/` like `.woodpecker/`. + +## Repository hooks + +Your Version-Control-System will notify Woodpecker about events via webhooks. If you want your pipeline to only run on specific webhooks, you can check them with this setting. + +## Allow pull requests + +Enables handling webhook's pull request event. If disabled, then pipeline won't run for pull requests. + +## Allow deployments + +Enables a pipeline to be started with the `deploy` event from a successful pipeline. + +:::danger +Only activate this option if you trust all users who have push access to your repository. +Otherwise, these users will be able to steal secrets that are only available for `deploy` events. +::: + +## Require approval for + +To prevent malicious pipelines from extracting secrets or running harmful commands or to prevent accidental pipeline runs, you can require approval for an additional review process. Depending on the enabled option, a pipeline will be put on hold after creation and will only continue after approval. The default restrictive setting is `Approvals for forked repositories`. + +## Trusted + +If you set your project to trusted, a pipeline step and by this the underlying containers gets access to escalated capabilities like mounting volumes. + +:::note + +Only server admins can set this option. If you are not a server admin this option won't be shown in your project settings. + +::: + +## Custom trusted clone plugins + +During the clone process, Git credentials (e.g., for private repositories) may be required. +These credentials are provided via [`netrc`](https://everything.curl.dev/usingcurl/netrc.html). + +These credentials are injected only into trusted plugins specified in the environment variable `WOODPECKER_PLUGINS_TRUSTED_CLONE` (an instance-wide Woodpecker server setting) or declared in this repository-level setting. + +With these credentials, it’s possible to perform any Git operations, including pushing changes back to the repo. +To prevent unauthorized access or misuse, a plugin allowlist is required, either on the instance level or the repository level. +Without an explicit allowlist, a malicious contributor could exploit a custom clone plugin in a Pull Request to reveal or transfer these credentials during the clone step. + +:::info +This setting does not affect subsequent steps, nor does it allow direct pushes to the repository. +To enable pushing changes, you can inject Git credentials as a secret or use a dedicated plugin, such as [appleboy/drone-git-push](https://woodpecker-ci.org/plugins/Git%20Push). +::: + +## Project visibility + +You can change the visibility of your project by this setting. If a user has access to a project they can see all builds and their logs and artifacts. Settings, Secrets and Registries can only be accessed by owners. + +- `Public` Every user can see your project without being logged in. +- `Internal` Only authenticated users of the Woodpecker instance can see this project. +- `Private` Only you and other owners of the repository can see this project. + +## Timeout + +After this timeout a pipeline has to finish or will be treated as timed out. + +## Cancel previous pipelines + +By enabling this option for a pipeline event previous pipelines of the same event and context will be canceled before starting the newly triggered one. diff --git a/docs/versioned_docs/version-3.4/20-usage/80-badges.md b/docs/versioned_docs/version-3.4/20-usage/80-badges.md new file mode 100644 index 000000000..1bee62a58 --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/80-badges.md @@ -0,0 +1,18 @@ +# Status Badges + +Woodpecker has integrated support for repository status badges. These badges can be added to your website or project readme file to display the status of your code. + +## Badge endpoint + +```uri +:///api/badges//status.svg +``` + +The status badge displays the status for the latest build to your default branch (e.g. main). You can customize the branch by adding the `branch` query parameter. + +```diff +-:///api/badges//status.svg ++:///api/badges//status.svg?branch= +``` + +Please note status badges do not include pull request results, since the status of a pull request does not provide an accurate representation of your repository state. diff --git a/docs/versioned_docs/version-3.4/20-usage/90-advanced-usage.md b/docs/versioned_docs/version-3.4/20-usage/90-advanced-usage.md new file mode 100644 index 000000000..e8a691de0 --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/90-advanced-usage.md @@ -0,0 +1,222 @@ +# Advanced usage + +## Advanced YAML syntax + +YAML has some advanced syntax features that can be used like variables to reduce duplication in your pipeline config: + +### Anchors & aliases + +You can use [YAML anchors & aliases](https://yaml.org/spec/1.2.2/#3222-anchors-and-aliases) as variables in your pipeline config. + +To convert this: + +```yaml +steps: + - name: test + image: golang:1.18 + commands: go test ./... + - name: build + image: golang:1.18 + commands: build +``` + +Just add a new section called **variables** like this: + +```diff ++variables: ++ - &golang_image 'golang:1.18' + + steps: + - name: test +- image: golang:1.18 ++ image: *golang_image + commands: go test ./... + - name: build +- image: golang:1.18 ++ image: *golang_image + commands: build +``` + +### Map merges and overwrites + +```yaml +variables: + - &base-plugin-settings + target: dist + recursive: false + try: true + - &special-setting + special: true + - &some-plugin codeberg.org/6543/docker-images/print_env + +steps: + - name: develop + image: *some-plugin + settings: + <<: [*base-plugin-settings, *special-setting] # merge two maps into an empty map + when: + branch: develop + + - name: main + image: *some-plugin + settings: + <<: *base-plugin-settings # merge one map and ... + try: false # ... overwrite original value + ongoing: false # ... adding a new value + when: + branch: main +``` + +### Sequence merges + +```yaml +variables: + pre_cmds: &pre_cmds + - echo start + - whoami + post_cmds: &post_cmds + - echo stop + hello_cmd: &hello_cmd + - echo hello + +steps: + - name: step1 + image: debian + commands: + - <<: *pre_cmds # prepend a sequence + - echo exec step now do dedicated things + - <<: *post_cmds # append a sequence + - name: step2 + image: debian + commands: + - <<: [*pre_cmds, *hello_cmd] # prepend two sequences + - echo echo from second step + - <<: *post_cmds +``` + +### References + +- [Official YAML specification](https://yaml.org/spec/1.2.2/#3222-anchors-and-aliases) +- [YAML cheat sheet](https://learnxinyminutes.com/docs/yaml) + +## Persisting environment data between steps + +One can create a file containing environment variables, and then source it in each step that needs them. + +```yaml +steps: + - name: init + image: bash + commands: + - echo "FOO=hello" >> envvars + - echo "BAR=world" >> envvars + + - name: debug + image: bash + commands: + - source envvars + - echo $FOO +``` + +## Declaring global variables + +As described in [Global environment variables](./50-environment.md#global-environment-variables), you can define global variables: + +```ini +WOODPECKER_ENVIRONMENT=first_var:value1,second_var:value2 +``` + +Note that this tightly couples the server and app configurations (where the app is a completely separate application). But this is a good option for truly global variables which should apply to all steps in all pipelines for all apps. + +## Docker in docker (dind) setup + +:::warning +This set up will only work on trusted repositories and for security reasons should only be used in private environments. +See [project settings](./75-project-settings.md#trusted) to enable "trusted" mode. +::: + +The snippet below shows how a step can communicate with the docker daemon running in a `docker:dind` service. + +:::note +If your goal is to build/publish OCI images, consider using the [Docker Buildx Plugin](https://woodpecker-ci.org/plugins/Docker%20Buildx) instead. +::: + +First we need to define a service running a docker with the `dind` tag. +This service must run in `privileged` mode: + +```yaml +services: + - name: docker + image: docker:dind # use 'docker:-dind' or similar in production + privileged: true + ports: + - 2376 +``` + +Next, we need to set up TLS communication between the `dind` service and the step that wants to communicate with the docker daemon (unauthenticated TCP connections have been deprecated [as of docker v27](https://github.com/docker/cli/blob/v27.4.0/docs/deprecated.md#unauthenticated-tcp-connections) and will result in an error in v28). + +This can be achieved by letting the daemon generate TLS certificates and share them with the client through an agent volume mount (`/opt/woodpeckerci/dind-certs` in the example below). + +```diff +services: + - name: docker + image: docker:dind # use 'docker:-dind' or similar in production + privileged: true ++ environment: ++ DOCKER_TLS_CERTDIR: /dind-certs ++ volumes: ++ - /opt/woodpeckerci/dind-certs:/dind-certs + ports: + - 2376 +``` + +In the docker client step: + +1. Set the `DOCKER_*` environment variables shown below to configure the connection with the daemon. + These generic docker environment variables that are framework-agnostic (e.g. frameworks like [TestContainers](https://testcontainers.com/), [Spring Boot Docker Compose](https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-docker-compose) do all respect them). +2. Mount the volume to the location where the daemon has created the certificates (`/opt/woodpeckerci/dind-certs`) + +Test the connection with the docker client: + +```diff +steps: + - name: test + image: docker:cli # in production use something like 'docker:-cli' ++ environment: ++ DOCKER_HOST: "tcp://docker:2376" ++ DOCKER_CERT_PATH: "/dind-certs/client" ++ DOCKER_TLS_VERIFY: "1" ++ volumes: ++ - /opt/woodpeckerci/dind-certs:/dind-certs + commands: + - docker version +``` + +This step should output the server and client version information if everything has been set up correctly. + +Full example: + +```yaml +steps: + - name: test + image: docker:cli # use 'docker:-cli' or similar in production + environment: + DOCKER_HOST: 'tcp://docker:2376' + DOCKER_CERT_PATH: '/dind-certs/client' + DOCKER_TLS_VERIFY: '1' + volumes: + - /opt/woodpeckerci/dind-certs:/dind-certs + commands: + - docker version + +services: + - name: docker + image: docker:dind # use 'docker:-dind' or similar in production + privileged: true + environment: + DOCKER_TLS_CERTDIR: /dind-certs + volumes: + - /opt/woodpeckerci/dind-certs:/dind-certs + ports: + - 2376 +``` diff --git a/docs/versioned_docs/version-3.4/20-usage/_category_.yaml b/docs/versioned_docs/version-3.4/20-usage/_category_.yaml new file mode 100644 index 000000000..ba9f729ed --- /dev/null +++ b/docs/versioned_docs/version-3.4/20-usage/_category_.yaml @@ -0,0 +1,4 @@ +label: 'Usage' +# position: 2 +collapsible: true +collapsed: false diff --git a/docs/versioned_docs/version-3.4/20-usage/cron-settings.png b/docs/versioned_docs/version-3.4/20-usage/cron-settings.png new file mode 100644 index 000000000..d11c507af Binary files /dev/null and b/docs/versioned_docs/version-3.4/20-usage/cron-settings.png differ diff --git a/docs/versioned_docs/version-3.4/20-usage/linter-warnings-errors.png b/docs/versioned_docs/version-3.4/20-usage/linter-warnings-errors.png new file mode 100644 index 000000000..663e49704 Binary files /dev/null and b/docs/versioned_docs/version-3.4/20-usage/linter-warnings-errors.png differ diff --git a/docs/versioned_docs/version-3.4/20-usage/pipeline.png b/docs/versioned_docs/version-3.4/20-usage/pipeline.png new file mode 100644 index 000000000..dd4063c9a Binary files /dev/null and b/docs/versioned_docs/version-3.4/20-usage/pipeline.png differ diff --git a/docs/versioned_docs/version-3.4/20-usage/project-settings.png b/docs/versioned_docs/version-3.4/20-usage/project-settings.png new file mode 100644 index 000000000..f3ce025f2 Binary files /dev/null and b/docs/versioned_docs/version-3.4/20-usage/project-settings.png differ diff --git a/docs/versioned_docs/version-3.4/20-usage/repo-new.png b/docs/versioned_docs/version-3.4/20-usage/repo-new.png new file mode 100644 index 000000000..e6136bc12 Binary files /dev/null and b/docs/versioned_docs/version-3.4/20-usage/repo-new.png differ diff --git a/docs/versioned_docs/version-3.4/20-usage/secrets-plugins-filter.png b/docs/versioned_docs/version-3.4/20-usage/secrets-plugins-filter.png new file mode 100644 index 000000000..460d852fb Binary files /dev/null and b/docs/versioned_docs/version-3.4/20-usage/secrets-plugins-filter.png differ diff --git a/docs/versioned_docs/version-3.4/30-administration/00-general.md b/docs/versioned_docs/version-3.4/30-administration/00-general.md new file mode 100644 index 000000000..0ce0ee088 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/00-general.md @@ -0,0 +1,43 @@ +# General + +Woodpecker consists of essential components (`server` and `agent`) and an optional component (`autoscaler`). + +The **server** provides the user interface, processes webhook requests to the underlying forge, serves the API and analyzes the pipeline configurations from the YAML files. + +The **agent** executes the [workflows](../20-usage/15-terminology/index.md) via a specific [backend](../20-usage/15-terminology/index.md) (Docker, Kubernetes, local) and connects to the server via GRPC. Multiple agents can coexist so that the job limits, choice of backend and other agent-related settings can be fine-tuned for a single instance. + +The **autoscaler** allows spinning up new VMs on a cloud provider of choice to process pending builds. After the builds finished, the VMs are destroyed again (after a short transition time). + +:::tip +You can add more agents to increase the number of parallel workflows or set the agent's [`WOODPECKER_MAX_WORKFLOWS=1`](./10-configuration/30-agent.md#max_workflows) environment variable to increase the number of parallel workflows per agent. +::: + +## Database + +Woodpecker uses a SQLite database by default, which requires no installation or configuration. For larger instances it is recommended to use it with a Postgres or MariaDB instance. For more details take a look at the [database settings](./10-configuration/10-server.md#databases) page. + +## Forge + +What would a CI/CD system be without any code. By connecting Woodpecker to your [forge](../20-usage/15-terminology/index.md), you can start pipelines on events like pushes or pull requests. Woodpecker will also use your forge to authenticate and report back the status of your pipelines. For more details take a look at the [forge settings](./10-configuration/12-forges/11-overview.md) page. + +## Container images + +:::info +No `latest` tag exists to prevent accidental major version upgrades. Either use a SemVer tag or one of the rolling major/minor version tags. Alternatively, the `next` tag can be used for rolling builds from the `main` branch. +::: + +- `vX.Y.Z`: SemVer tags for specific releases, no entrypoint shell (scratch image) + - `vX.Y` + - `vX` +- `vX.Y.Z-alpine`: SemVer tags for specific releases, rootless for Server and CLI (as of v3.0). + - `vX.Y-alpine` + - `vX-alpine` +- `next`: Built from the `main` branch +- `pull_`: Images built from Pull Request branches. + +Images are pushed to DockerHub and Quay. + +- woodpecker-server ([DockerHub](https://hub.docker.com/r/woodpeckerci/woodpecker-server) or [Quay](https://quay.io/repository/woodpeckerci/woodpecker-server)) +- woodpecker-agent ([DockerHub](https://hub.docker.com/r/woodpeckerci/woodpecker-agent) or [Quay](https://quay.io/repository/woodpeckerci/woodpecker-agent)) +- woodpecker-cli ([DockerHub](https://hub.docker.com/r/woodpeckerci/woodpecker-cli) or [Quay](https://quay.io/repository/woodpeckerci/woodpecker-cli)) +- woodpecker-autoscaler ([DockerHub](https://hub.docker.com/r/woodpeckerci/autoscaler)) diff --git a/docs/versioned_docs/version-3.4/30-administration/05-installation/10-docker-compose.md b/docs/versioned_docs/version-3.4/30-administration/05-installation/10-docker-compose.md new file mode 100644 index 000000000..3ac2400e3 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/05-installation/10-docker-compose.md @@ -0,0 +1,142 @@ +# Docker Compose + +This example [docker-compose](https://docs.docker.com/compose/) setup shows the deployment of a Woodpecker instance connected to GitHub (`WOODPECKER_GITHUB=true`). If you are using another forge, please change this including the respective secret settings. + +It creates persistent volumes for the server and agent config directories. The bundled SQLite DB is stored in `/var/lib/woodpecker` and is the most important part to be persisted as it holds all users and repository information. + +The server uses the default port `8000` and gets exposed to the host here, so WoodpeckerWO can be accessed through this port on the host or by a reverse proxy sitting in front of it. + +```yaml title="docker-compose.yaml" +services: + woodpecker-server: + image: woodpeckerci/woodpecker-server:v3 + ports: + - 8000:8000 + volumes: + - woodpecker-server-data:/var/lib/woodpecker/ + environment: + - WOODPECKER_OPEN=true + - WOODPECKER_HOST=${WOODPECKER_HOST} + - WOODPECKER_GITHUB=true + - WOODPECKER_GITHUB_CLIENT=${WOODPECKER_GITHUB_CLIENT} + - WOODPECKER_GITHUB_SECRET=${WOODPECKER_GITHUB_SECRET} + - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} + + woodpecker-agent: + image: woodpeckerci/woodpecker-agent:v3 + command: agent + restart: always + depends_on: + - woodpecker-server + volumes: + - woodpecker-agent-config:/etc/woodpecker + - /var/run/docker.sock:/var/run/docker.sock + environment: + - WOODPECKER_SERVER=woodpecker-server:9000 + - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} + +volumes: + woodpecker-server-data: + woodpecker-agent-config: +``` + +Woodpecker must know its own address. You must therefore specify the public address in the format `://`. Please omit any trailing slashes: + +```diff title="docker-compose.yaml" + services: + woodpecker-server: + [...] + environment: + - [...] ++ - WOODPECKER_HOST=${WOODPECKER_HOST} +``` + +It is also possible to customize the ports used. Woodpecker uses a separate port for gRPC and for HTTP. The agent makes gRPC calls and connects to the gRPC port. They can be configured with `*_ADDR` variables: + +```diff title="docker-compose.yaml" + services: + woodpecker-server: + [...] + environment: + - [...] ++ - WOODPECKER_GRPC_ADDR=${WOODPECKER_GRPC_ADDR} ++ - WOODPECKER_SERVER_ADDR=${WOODPECKER_HTTP_ADDR} +``` + +If the agents establish a connection via the Internet, TLS encryption should be activated for gRPC. The agent must then be configured properly: + +```diff title="docker-compose.yaml" + services: + woodpecker-agent: + [...] + environment: + - [...] ++ - WOODPECKER_GRPC_SECURE=true # defaults to false ++ - WOODPECKER_GRPC_VERIFY=true # default +``` + +As agents execute pipeline steps as Docker containers, they require access to the Docker daemon of the host machine: + +```diff title="docker-compose.yaml" + services: + [...] + woodpecker-agent: + [...] ++ volumes: ++ - /var/run/docker.sock:/var/run/docker.sock +``` + +Agents require the server address for communication between agents and servers. The agent connects to the gRPC port of the server: + +```diff title="docker-compose.yaml" + services: + woodpecker-agent: + [...] + environment: ++ - WOODPECKER_SERVER=woodpecker-server:9000 +``` + +The server and the agents use a shared secret to authenticate the communication. This should be a random string, which you should keep secret. You can create such a string with `openssl rand -hex 32`: + +```diff title="docker-compose.yaml" + services: + woodpecker-server: + [...] + environment: + - [...] ++ - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} + woodpecker-agent: + [...] + environment: + - [...] ++ - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} +``` + +## Handling sensitive data + +There are several options for handling sensitive data in `docker compose` or `docker swarm` configurations: + +For Docker Compose, you can use an `.env` file next to your compose configuration to store the secrets outside the compose file. Although this separates the configuration from the secrets, it is still not very secure. + +Alternatively, you can also use `docker-secrets`. As it can be difficult to use `docker-secrets` for environment variables, Woodpecker allows reading sensitive data from files by providing a `*_FILE` option for all sensitive configuration variables. Woodpecker will then attempt to read the value directly from this file. Note that the original environment variable will overwrite the value read from the file if it is specified at the same time. + +```diff title="docker-compose.yaml" + services: + woodpecker-server: + [...] + environment: + - [...] ++ - WOODPECKER_AGENT_SECRET_FILE=/run/secrets/woodpecker-agent-secret ++ secrets: ++ - woodpecker-agent-secret ++ ++ secrets: ++ woodpecker-agent-secret: ++ external: true +``` + +To store values in a docker secret you can use the following command: + +```bash +echo "my_agent_secret_key" | docker secret create woodpecker-agent-secret - +``` diff --git a/docs/versioned_docs/version-3.4/30-administration/05-installation/20-helm-chart.md b/docs/versioned_docs/version-3.4/30-administration/05-installation/20-helm-chart.md new file mode 100644 index 000000000..d421f8959 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/05-installation/20-helm-chart.md @@ -0,0 +1,45 @@ +# Helm Chart + +Woodpecker provides a [Helm chart](https://github.com/woodpecker-ci/helm) for Kubernetes environments: + +```bash +helm repo add woodpecker oci://ghcr.io/woodpecker-ci/helm +helm install woodpecker woodpecker/woodpecker +``` + +## Metrics + +To enable metrics gathering, set the following in values.yml: + +```yaml +metrics: + enabled: true + port: 9001 +``` + +This activates the `/metrics` endpoint on port `9001` without authentication. This port is not exposed externally by default. Use the instructions at Prometheus if you want to enable authenticated external access to metrics. + +To enable both Prometheus pod monitoring discovery, set: + + + +```yaml +prometheus: + podmonitor: + enabled: true + interval: 60s + labels: {} +``` + + + +If you are not receiving metrics after following the steps above, verify that your Prometheus configuration includes your namespace explicitly in the podMonitorNamespaceSelector or that the selectors are disabled: + +```yaml +# Search all available namespaces +podMonitorNamespaceSelector: + matchLabels: {} +# Enable all available pod monitors +podMonitorSelector: + matchLabels: {} +``` diff --git a/docs/versioned_docs/version-3.4/30-administration/05-installation/30-packages.md b/docs/versioned_docs/version-3.4/30-administration/05-installation/30-packages.md new file mode 100644 index 000000000..e54e2b093 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/05-installation/30-packages.md @@ -0,0 +1,176 @@ +# Distribution packages + +## Official packages + +- DEB +- RPM + +The pre-built packages are available on the [GitHub releases](https://github.com/woodpecker-ci/woodpecker/releases/latest) page. The packages can be installed using the package manager of your distribution. + +```Shell +# Debian/Ubuntu +curl -L https://github.com/woodpecker-ci/woodpecker/releases/download/${RELEASE_VERSION}/woodpecker_${RELEASE_VERSION}_amd64.deb -o woodpecker-server.deb +sudo apt --fix-broken install ./woodpecker-server.deb + +# CentOS/RHEL +sudo dnf install https://github.com/woodpecker-ci/woodpecker/releases/download/${RELEASE_VERSION}/woodpecker_${RELEASE_VERSION}_amd64.rpm +``` + +The package installation will create a systemd service file for the Woodpecker server and agent along with an example environment file. To configure the server, copy the example environment file `/etc/woodpecker/woodpecker-server.env.example` to `/etc/woodpecker/woodpecker-server.env` and adjust the values. + +```ini title="/usr/local/lib/systemd/system/woodpecker-server.service" +[Unit] +Description=WoodpeckerCI server +Documentation=https://woodpecker-ci.org/docs/administration/server-config +Requires=network.target +After=network.target +ConditionFileNotEmpty=/etc/woodpecker/woodpecker-server.env +ConditionPathExists=/etc/woodpecker/woodpecker-server.env + +[Service] +Type=simple +EnvironmentFile=/etc/woodpecker/woodpecker-server.env +User=woodpecker +Group=woodpecker +ExecStart=/usr/local/bin/woodpecker-server +WorkingDirectory=/var/lib/woodpecker/ +StateDirectory=woodpecker + +[Install] +WantedBy=multi-user.target +``` + +```shell title="/etc/woodpecker/woodpecker-server.env" +WOODPECKER_OPEN=true +WOODPECKER_HOST=${WOODPECKER_HOST} +WOODPECKER_GITHUB=true +WOODPECKER_GITHUB_CLIENT=${WOODPECKER_GITHUB_CLIENT} +WOODPECKER_GITHUB_SECRET=${WOODPECKER_GITHUB_SECRET} +WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} +``` + +After installing the agent, copy the example environment file `/etc/woodpecker/woodpecker-agent.env.example` to `/etc/woodpecker/woodpecker-agent.env` and adjust the values as well. The agent will automatically register itself with the server. + +```ini title="/usr/local/lib/systemd/system/woodpecker-agent.service" +[Unit] +Description=WoodpeckerCI agent +Documentation=https://woodpecker-ci.org/docs/administration/agent-config +Requires=network.target +After=network.target +ConditionFileNotEmpty=/etc/woodpecker/woodpecker-agent.env +ConditionPathExists=/etc/woodpecker/woodpecker-agent.env + +[Service] +Type=simple +EnvironmentFile=/etc/woodpecker/woodpecker-agent.env +User=woodpecker +Group=woodpecker +ExecStart=/usr/local/bin/woodpecker-agent +WorkingDirectory=/var/lib/woodpecker/ +StateDirectory=woodpecker + +[Install] +WantedBy=multi-user.target +``` + +```shell title="/etc/woodpecker/woodpecker-agent.env" +WOODPECKER_SERVER=localhost:9000 +WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} +``` + +## Community packages + +:::info +Woodpecker itself is not responsible for creating these packages. Please reach out to the people responsible for packaging Woodpecker for the individual distributions. +::: + +- [Alpine (Edge)](https://pkgs.alpinelinux.org/packages?name=woodpecker&branch=edge&repo=&arch=&maintainer=) +- [Arch Linux](https://archlinux.org/packages/?q=woodpecker) +- [openSUSE](https://software.opensuse.org/package/woodpecker) +- [YunoHost](https://apps.yunohost.org/app/woodpecker) +- [Cloudron](https://www.cloudron.io/store/org.woodpecker_ci.cloudronapp.html) + +### NixOS + +:::info +This module is not maintained by the Woodpecker developers. +If you experience issues please open a bug report in the [nixpkgs repo](https://github.com/NixOS/nixpkgs/issues/new/choose) where the module is maintained. +::: + +In theory, the NixOS installation is very similar to the binary installation and supports multiple backends. +In practice, the settings are specified declaratively in the NixOS configuration and no manual steps need to be taken. + + + +```nix +{ config +, ... +}: +let + domain = "woodpecker.example.org"; +in +{ + # This automatically sets up certificates via let's encrypt + security.acme.defaults.email = "acme@example.com"; + security.acme.acceptTerms = true; + security.acme.certs."${domain}" = { }; + + # Setting up a nginx proxy that handles tls for us + networking.firewall.allowedTCPPorts = [ 80 443 ]; + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:3007"; + }; + }; + }; + + services.woodpecker-server = { + enable = true; + environment = { + WOODPECKER_HOST = "https://${domain}"; + WOODPECKER_SERVER_ADDR = ":3007"; + WOODPECKER_OPEN = "true"; + }; + # You can pass a file with env vars to the system it could look like: + # WOODPECKER_AGENT_SECRET=XXXXXXXXXXXXXXXXXXXXXX + environmentFile = "/path/to/my/secrets/file"; + }; + + # This sets up a woodpecker agent + services.woodpecker-agents.agents."docker" = { + enable = true; + # We need this to talk to the podman socket + extraGroups = [ "podman" ]; + environment = { + WOODPECKER_SERVER = "localhost:9000"; + WOODPECKER_MAX_WORKFLOWS = "4"; + DOCKER_HOST = "unix:///run/podman/podman.sock"; + WOODPECKER_BACKEND = "docker"; + }; + # Same as with woodpecker-server + environmentFile = [ "/var/lib/secrets/woodpecker.env" ]; + }; + + # Here we setup podman and enable dns + virtualisation.podman = { + enable = true; + defaultNetwork.settings = { + dns_enabled = true; + }; + }; + # This is needed for podman to be able to talk over dns + networking.firewall.interfaces."podman0" = { + allowedUDPPorts = [ 53 ]; + allowedTCPPorts = [ 53 ]; + }; +} +``` + +All configuration options can be found via [NixOS Search](https://search.nixos.org/options?channel=unstable&size=200&sort=relevance&query=woodpecker). There are also some additional resources on how to utilize Woodpecker more effectively with NixOS on the [Awesome Woodpecker](/awesome) page, like using the runners nix-store in the pipeline. diff --git a/docs/versioned_docs/version-3.4/30-administration/05-installation/_category_.yaml b/docs/versioned_docs/version-3.4/30-administration/05-installation/_category_.yaml new file mode 100644 index 000000000..59d884127 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/05-installation/_category_.yaml @@ -0,0 +1,3 @@ +label: 'Installation' +collapsible: true +collapsed: true diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/10-server.md b/docs/versioned_docs/version-3.4/30-administration/10-configuration/10-server.md new file mode 100644 index 000000000..18f85e5cf --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/10-server.md @@ -0,0 +1,1141 @@ +--- +toc_max_heading_level: 3 +--- + +# Server + +## Forge and User configuration + +Woodpecker does not have its own user registration. Users are provided by your [forge](./12-forges/11-overview.md) (using OAuth2). The registration is closed by default (`WOODPECKER_OPEN=false`). If the registration is open, any user with an account can log in to Woodpecker with the configured forge. + +You can also restrict the registration: + +- closed registration and manually managing users with the CLI `woodpecker-cli user` +- open registration and allowing certain admin users with the setting `WOODPECKER_ADMIN` + + ```ini + WOODPECKER_OPEN=false + WOODPECKER_ADMIN=john.smith,jane_doe + ``` + +- open registration and filtering by organizational affiliation with the setting `WOODPECKER_ORGS` + + ```ini + WOODPECKER_OPEN=true + WOODPECKER_ORGS=dolores,dog-patch + ``` + +Administrators should also be explicitly set in your configuration. + +```ini +WOODPECKER_ADMIN=john.smith,jane_doe +``` + +## Repository configuration + +Woodpecker works with the user's OAuth permissions on the forge. By default Woodpecker will synchronize all repositories the user has access to. Use the variable `WOODPECKER_REPO_OWNERS` to filter which repos should only be synchronized by GitHub users. Normally you should enter the GitHub name of your company here. + +```ini +WOODPECKER_REPO_OWNERS=my_company,my_company_oss_github_user +``` + +## Databases + +The default database engine of Woodpecker is an embedded SQLite database which requires zero installation or configuration. But you can replace it with a MySQL/MariaDB or PostgreSQL database. There are also some fundamentals to keep in mind: + +- Woodpecker does not create your database automatically. If you are using the MySQL or Postgres driver you will need to manually create your database using `CREATE DATABASE`. + +- Woodpecker does not perform data archival; it considered out-of-scope for the project. Woodpecker is rather conservative with the amount of data it stores, however, you should expect the database logs to grow the size of your database considerably. + +- Woodpecker automatically handles database migration, including the initial creation of tables and indexes. New versions of Woodpecker will automatically upgrade the database unless otherwise specified in the release notes. + +- Woodpecker does not perform database backups. This should be handled by separate third party tools provided by your database vendor of choice. + +### SQLite + +By default Woodpecker uses a SQLite database stored under `/var/lib/woodpecker/`. If using containers, you can mount a [data volume](https://docs.docker.com/storage/volumes/#create-and-manage-volumes) to persist the SQLite database. + +```diff title="docker-compose.yaml" + services: + woodpecker-server: + [...] ++ volumes: ++ - woodpecker-server-data:/var/lib/woodpecker/ +``` + +### MySQL/MariaDB + +The below example demonstrates MySQL database configuration. See the official driver [documentation](https://github.com/go-sql-driver/mysql#dsn-data-source-name) for configuration options and examples. +The minimum version of MySQL/MariaDB required is determined by the `go-sql-driver/mysql` - see [it's README](https://github.com/go-sql-driver/mysql#requirements) for more information. + +```ini +WOODPECKER_DATABASE_DRIVER=mysql +WOODPECKER_DATABASE_DATASOURCE=root:password@tcp(1.2.3.4:3306)/woodpecker?parseTime=true +``` + +### PostgreSQL + +The below example demonstrates Postgres database configuration. See the official driver [documentation](https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-CONNSTRING) for configuration options and examples. +Please use Postgres versions equal or higher than **11**. + +```ini +WOODPECKER_DATABASE_DRIVER=postgres +WOODPECKER_DATABASE_DATASOURCE=postgres://root:password@1.2.3.4:5432/postgres?sslmode=disable +``` + +## TLS + +Woodpecker supports SSL configuration by mounting certificates into your container. + +```ini +WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt +WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key +``` + +TLS support is provided using the [ListenAndServeTLS](https://golang.org/pkg/net/http/#ListenAndServeTLS) function from the Go standard library. + +### Container configuration + +In addition to the ports shown in the [docker-compose](../05-installation/10-docker-compose.md) installation, port `443` must be exposed: + +```diff title="docker-compose.yaml" + services: + woodpecker-server: + [...] + ports: ++ - 80:80 ++ - 443:443 + - 9000:9000 +``` + +Additionally, the certificate and key must be mounted and referenced: + +```diff title="docker-compose.yaml" + services: + woodpecker-server: + [...] + environment: ++ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt ++ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key + volumes: ++ - /etc/certs/woodpecker.example.com/server.crt:/etc/certs/woodpecker.example.com/server.crt ++ - /etc/certs/woodpecker.example.com/server.key:/etc/certs/woodpecker.example.com/server.key +``` + +## Reverse Proxy + +### Apache + +This guide provides a brief overview for installing Woodpecker server behind the Apache2 web-server. This is an example configuration: + + + +```apacheconf +ProxyPreserveHost On + +RequestHeader set X-Forwarded-Proto "https" + +ProxyPass / http://127.0.0.1:8000/ +ProxyPassReverse / http://127.0.0.1:8000/ +``` + +You must have these Apache modules installed: + +- `proxy` +- `proxy_http` + +You must configure Apache to set `X-Forwarded-Proto` when using https. + +```diff + ProxyPreserveHost On + ++RequestHeader set X-Forwarded-Proto "https" + + ProxyPass / http://127.0.0.1:8000/ + ProxyPassReverse / http://127.0.0.1:8000/ +``` + +### Nginx + +This guide provides a basic overview for installing Woodpecker server behind the Nginx web-server. For more advanced configuration options please consult the official Nginx [documentation](https://docs.nginx.com/nginx/admin-guide). + +Example configuration: + +```nginx +server { + listen 80; + server_name woodpecker.example.com; + + location / { + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + + proxy_pass http://127.0.0.1:8000; + proxy_redirect off; + proxy_http_version 1.1; + proxy_buffering off; + + chunked_transfer_encoding off; + } +} +``` + +You must configure the proxy to set `X-Forwarded` proxy headers: + +```diff + server { + listen 80; + server_name woodpecker.example.com; + + location / { ++ proxy_set_header X-Forwarded-For $remote_addr; ++ proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://127.0.0.1:8000; + proxy_redirect off; + proxy_http_version 1.1; + proxy_buffering off; + + chunked_transfer_encoding off; + } + } +``` + +### Caddy + +This guide provides a brief overview for installing Woodpecker server behind the [Caddy web-server](https://caddyserver.com/). This is an example caddyfile proxy configuration: + +```caddy +# expose WebUI and API +woodpecker.example.com { + reverse_proxy woodpecker-server:8000 +} + +# expose gRPC +woodpecker-agent.example.com { + reverse_proxy h2c://woodpecker-server:9000 +} +``` + +### Tunnelmole + +[Tunnelmole](https://github.com/robbie-cahill/tunnelmole-client) is an open source tunneling tool. + +Start by [installing tunnelmole](https://github.com/robbie-cahill/tunnelmole-client#installation). + +After the installation, run the following command to start tunnelmole: + +```bash +tmole 8000 +``` + +It will start a tunnel and will give a response like this: + +```bash +➜ ~ tmole 8000 +http://bvdo5f-ip-49-183-170-144.tunnelmole.net is forwarding to localhost:8000 +https://bvdo5f-ip-49-183-170-144.tunnelmole.net is forwarding to localhost:8000 +``` + +Set `WOODPECKER_HOST` to the Tunnelmole URL (`xxx.tunnelmole.net`) and start the server. + +### Ngrok + +[Ngrok](https://ngrok.com/) is a popular closed source tunnelling tool. After installing ngrok, open a new console and run the following command: + +```bash +ngrok http 8000 +``` + +Set `WOODPECKER_HOST` to the ngrok URL (usually xxx.ngrok.io) and start the server. + +### Traefik + +To install the Woodpecker server behind a [Traefik](https://traefik.io/) load balancer, you must expose both the `http` and the `gRPC` ports. Here is a comprehensive example, considering you are running Traefik with docker swarm and want to do TLS termination and automatic redirection from http to https. + + + +```yaml +services: + server: + image: woodpeckerci/woodpecker-server:latest + environment: + - WOODPECKER_OPEN=true + - WOODPECKER_ADMIN=your_admin_user + # other settings ... + + networks: + - dmz # externally defined network, so that traefik can connect to the server + volumes: + - woodpecker-server-data:/var/lib/woodpecker/ + + deploy: + labels: + - traefik.enable=true + + # web server + - traefik.http.services.woodpecker-service.loadbalancer.server.port=8000 + + - traefik.http.routers.woodpecker-secure.rule=Host(`ci.example.com`) + - traefik.http.routers.woodpecker-secure.tls=true + - traefik.http.routers.woodpecker-secure.tls.certresolver=letsencrypt + - traefik.http.routers.woodpecker-secure.entrypoints=web-secure + - traefik.http.routers.woodpecker-secure.service=woodpecker-service + + - traefik.http.routers.woodpecker.rule=Host(`ci.example.com`) + - traefik.http.routers.woodpecker.entrypoints=web + - traefik.http.routers.woodpecker.service=woodpecker-service + + - traefik.http.middlewares.woodpecker-redirect.redirectscheme.scheme=https + - traefik.http.middlewares.woodpecker-redirect.redirectscheme.permanent=true + - traefik.http.routers.woodpecker.middlewares=woodpecker-redirect@docker + + # gRPC service + - traefik.http.services.woodpecker-grpc.loadbalancer.server.port=9000 + - traefik.http.services.woodpecker-grpc.loadbalancer.server.scheme=h2c + + - traefik.http.routers.woodpecker-grpc-secure.rule=Host(`woodpecker-grpc.example.com`) + - traefik.http.routers.woodpecker-grpc-secure.tls=true + - traefik.http.routers.woodpecker-grpc-secure.tls.certresolver=letsencrypt + - traefik.http.routers.woodpecker-grpc-secure.entrypoints=web-secure + - traefik.http.routers.woodpecker-grpc-secure.service=woodpecker-grpc + + - traefik.http.routers.woodpecker-grpc.rule=Host(`woodpecker-grpc.example.com`) + - traefik.http.routers.woodpecker-grpc.entrypoints=web + - traefik.http.routers.woodpecker-grpc.service=woodpecker-grpc + + - traefik.http.middlewares.woodpecker-grpc-redirect.redirectscheme.scheme=https + - traefik.http.middlewares.woodpecker-grpc-redirect.redirectscheme.permanent=true + - traefik.http.routers.woodpecker-grpc.middlewares=woodpecker-grpc-redirect@docker + +volumes: + woodpecker-server-data: + driver: local + +networks: + dmz: + external: true +``` + +## Metrics + +### Endpoint + +Woodpecker is compatible with Prometheus and exposes a `/metrics` endpoint if the environment variable `WOODPECKER_PROMETHEUS_AUTH_TOKEN` is set. Please note that access to the metrics endpoint is restricted and requires the authorization token from the environment variable mentioned above. + +```yaml +global: + scrape_interval: 60s + +scrape_configs: + - job_name: 'woodpecker' + bearer_token: dummyToken... + + static_configs: + - targets: ['woodpecker.domain.com'] +``` + +### Authorization + +An administrator will need to generate a user API token and configure in the Prometheus configuration file as a bearer token. Please see the following example: + +```diff + global: + scrape_interval: 60s + + scrape_configs: + - job_name: 'woodpecker' ++ bearer_token: dummyToken... + + static_configs: + - targets: ['woodpecker.domain.com'] +``` + +As an alternative, the token can also be read from a file: + +```diff + global: + scrape_interval: 60s + + scrape_configs: + - job_name: 'woodpecker' ++ bearer_token_file: /etc/secrets/woodpecker-monitoring-token + + static_configs: + - targets: ['woodpecker.domain.com'] +``` + +### Reference + +List of Prometheus metrics specific to Woodpecker: + +```yaml +# HELP woodpecker_pipeline_count Pipeline count. +# TYPE woodpecker_pipeline_count counter +woodpecker_pipeline_count{branch="main",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 3 +woodpecker_pipeline_count{branch="dev",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 3 +# HELP woodpecker_pipeline_time Build time. +# TYPE woodpecker_pipeline_time gauge +woodpecker_pipeline_time{branch="main",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 116 +woodpecker_pipeline_time{branch="dev",pipeline="total",repo="woodpecker-ci/woodpecker",status="success"} 155 +# HELP woodpecker_pipeline_total_count Total number of builds. +# TYPE woodpecker_pipeline_total_count gauge +woodpecker_pipeline_total_count 1025 +# HELP woodpecker_pending_steps Total number of pending pipeline steps. +# TYPE woodpecker_pending_steps gauge +woodpecker_pending_steps 0 +# HELP woodpecker_repo_count Total number of repos. +# TYPE woodpecker_repo_count gauge +woodpecker_repo_count 9 +# HELP woodpecker_running_steps Total number of running pipeline steps. +# TYPE woodpecker_running_steps gauge +woodpecker_running_steps 0 +# HELP woodpecker_user_count Total number of users. +# TYPE woodpecker_user_count gauge +woodpecker_user_count 1 +# HELP woodpecker_waiting_steps Total number of pipeline waiting on deps. +# TYPE woodpecker_waiting_steps gauge +woodpecker_waiting_steps 0 +# HELP woodpecker_worker_count Total number of workers. +# TYPE woodpecker_worker_count gauge +woodpecker_worker_count 4 +``` + +## External Configuration API + +To provide additional management and preprocessing capabilities for pipeline configurations Woodpecker supports an HTTP API which can be enabled to call an external config service. +Before the run or restart of any pipeline Woodpecker will make a POST request to an external HTTP API sending the current repository, build information and all current config files retrieved from the repository. The external API can then send back new pipeline configurations that will be used immediately or respond with `HTTP 204` to tell the system to use the existing configuration. + +Every request sent by Woodpecker is signed using a [http-signature](https://datatracker.ietf.org/doc/html/rfc9421) by a private key (ed25519) generated on the first start of the Woodpecker server. You can get the public key for the verification of the http-signature from `http(s)://your-woodpecker-server/api/signature/public-key`. + +A simplistic example configuration service can be found here: [https://github.com/woodpecker-ci/example-config-service](https://github.com/woodpecker-ci/example-config-service) + +:::warning +You need to trust the external config service as it is getting secret information about the repository and pipeline and has the ability to change pipeline configs that could run malicious tasks. +::: + +### Configuration + +```ini title="Server" +WOODPECKER_CONFIG_SERVICE_ENDPOINT=https://example.com/ciconfig +``` + +#### Example request made by Woodpecker + +```json +{ + "repo": { + "id": 100, + "uid": "", + "user_id": 0, + "namespace": "", + "name": "woodpecker-test-pipe", + "slug": "", + "scm": "git", + "git_http_url": "", + "git_ssh_url": "", + "link": "", + "default_branch": "", + "private": true, + "visibility": "private", + "active": true, + "config": "", + "trusted": false, + "protected": false, + "ignore_forks": false, + "ignore_pulls": false, + "cancel_pulls": false, + "timeout": 60, + "counter": 0, + "synced": 0, + "created": 0, + "updated": 0, + "version": 0 + }, + "pipeline": { + "author": "myUser", + "author_avatar": "https://myforge.com/avatars/d6b3f7787a685fcdf2a44e2c685c7e03", + "author_email": "my@email.com", + "branch": "main", + "changed_files": ["some-file-name.txt"], + "commit": "2fff90f8d288a4640e90f05049fe30e61a14fd50", + "created_at": 0, + "deploy_to": "", + "enqueued_at": 0, + "error": "", + "event": "push", + "finished_at": 0, + "id": 0, + "link_url": "https://myforge.com/myUser/woodpecker-testpipe/commit/2fff90f8d288a4640e90f05049fe30e61a14fd50", + "message": "test old config\n", + "number": 0, + "parent": 0, + "ref": "refs/heads/main", + "refspec": "", + "clone_url": "", + "reviewed_at": 0, + "reviewed_by": "", + "sender": "myUser", + "signed": false, + "started_at": 0, + "status": "", + "timestamp": 1645962783, + "title": "", + "updated_at": 0, + "verified": false + }, + "netrc": { + "machine": "https://example.com", + "login": "user", + "password": "password" + } +} +``` + +#### Example response structure + +```json +{ + "configs": [ + { + "name": "central-override", + "data": "steps:\n - name: backend\n image: alpine\n commands:\n - echo \"Hello there from ConfigAPI\"\n" + } + ] +} +``` + +## UI customization + +Woodpecker supports custom JS and CSS files. These files must be present in the server's filesystem. +They can be backed in a Docker image or mounted from a ConfigMap inside a Kubernetes environment. +The configuration variables are independent of each other, which means it can be just one file present, or both. + +```ini +WOODPECKER_CUSTOM_CSS_FILE=/usr/local/www/woodpecker.css +WOODPECKER_CUSTOM_JS_FILE=/usr/local/www/woodpecker.js +``` + +The examples below show how to place a banner message in the top navigation bar of Woodpecker. + +```css title="woodpecker.css" +.banner-message { + position: absolute; + width: 280px; + height: 40px; + margin-left: 240px; + margin-top: 5px; + padding-top: 5px; + font-weight: bold; + background: red no-repeat; + text-align: center; +} +``` + +```javascript title="woodpecker.js" +// place/copy a minified version of your preferred lightweight JavaScript library here ... +!(function () { + 'use strict'; + function e() {} /*...*/ +})(); + +$().ready(function () { + $('.app nav img').first().htmlAfter(""); +}); +``` + +## Environment variables + +### LOG_LEVEL + +- Name: `WOODPECKER_LOG_LEVEL` +- Default: `info` + +Configures the logging level. Possible values are `trace`, `debug`, `info`, `warn`, `error`, `fatal`, `panic`, `disabled` and empty. + +--- + +### LOG_FILE + +- Name: `WOODPECKER_LOG_FILE` +- Default: `stderr` + +Output destination for logs. +'stdout' and 'stderr' can be used as special keywords. + +--- + +### DATABASE_LOG + +- Name: `WOODPECKER_DATABASE_LOG` +- Default: `false` + +Enable logging in database engine (currently xorm). + +--- + +### DATABASE_LOG_SQL + +- Name: `WOODPECKER_DATABASE_LOG_SQL` +- Default: `false` + +Enable logging of sql commands. + +--- + +### DATABASE_MAX_CONNECTIONS + +- Name: `WOODPECKER_DATABASE_MAX_CONNECTIONS` +- Default: `100` + +Max database connections xorm is allowed create. + +--- + +### DATABASE_IDLE_CONNECTIONS + +- Name: `WOODPECKER_DATABASE_IDLE_CONNECTIONS` +- Default: `2` + +Amount of database connections xorm will hold open. + +--- + +### DATABASE_CONNECTION_TIMEOUT + +- Name: `WOODPECKER_DATABASE_CONNECTION_TIMEOUT` +- Default: `3 Seconds` + +Time an active database connection is allowed to stay open. + +--- + +### DEBUG_PRETTY + +- Name: `WOODPECKER_DEBUG_PRETTY` +- Default: `false` + +Enable pretty-printed debug output. + +--- + +### DEBUG_NOCOLOR + +- Name: `WOODPECKER_DEBUG_NOCOLOR` +- Default: `true` + +Disable colored debug output. + +--- + +### HOST + +- Name: `WOODPECKER_HOST` +- Default: none + +Server fully qualified URL of the user-facing hostname, port (if not default for HTTP/HTTPS) and path prefix. + +Examples: + +- `WOODPECKER_HOST=http://woodpecker.example.org` +- `WOODPECKER_HOST=http://example.org/woodpecker` +- `WOODPECKER_HOST=http://example.org:1234/woodpecker` + +--- + +### SERVER_ADDR + +- Name: `WOODPECKER_SERVER_ADDR` +- Default: `:8000` + +Configures the HTTP listener port. + +--- + +### SERVER_ADDR_TLS + +- Name: `WOODPECKER_SERVER_ADDR_TLS` +- Default: `:443` + +Configures the HTTPS listener port when SSL is enabled. + +--- + +### SERVER_CERT + +- Name: `WOODPECKER_SERVER_CERT` +- Default: none + +Path to an SSL certificate used by the server to accept HTTPS requests. + +Example: `WOODPECKER_SERVER_CERT=/path/to/cert.pem` + +--- + +### SERVER_KEY + +- Name: `WOODPECKER_SERVER_KEY` +- Default: none + +Path to an SSL certificate key used by the server to accept HTTPS requests. + +Example: `WOODPECKER_SERVER_KEY=/path/to/key.pem` + +--- + +### CUSTOM_CSS_FILE + +- Name: `WOODPECKER_CUSTOM_CSS_FILE` +- Default: none + +File path for the server to serve a custom .CSS file, used for customizing the UI. +Can be used for showing banner messages, logos, or environment-specific hints (a.k.a. white-labeling). +The file must be UTF-8 encoded, to ensure all special characters are preserved. + +Example: `WOODPECKER_CUSTOM_CSS_FILE=/usr/local/www/woodpecker.css` + +--- + +### CUSTOM_JS_FILE + +- Name: `WOODPECKER_CUSTOM_JS_FILE` +- Default: none + +File path for the server to serve a custom .JS file, used for customizing the UI. +Can be used for showing banner messages, logos, or environment-specific hints (a.k.a. white-labeling). +The file must be UTF-8 encoded, to ensure all special characters are preserved. + +Example: `WOODPECKER_CUSTOM_JS_FILE=/usr/local/www/woodpecker.js` + +--- + +### GRPC_ADDR + +- Name: `WOODPECKER_GRPC_ADDR` +- Default: `:9000` + +Configures the gRPC listener port. + +--- + +### GRPC_SECRET + +- Name: `WOODPECKER_GRPC_SECRET` +- Default: `secret` + +Configures the gRPC JWT secret. + +--- + +### GRPC_SECRET_FILE + +- Name: `WOODPECKER_GRPC_SECRET_FILE` +- Default: none + +Read the value for `WOODPECKER_GRPC_SECRET` from the specified filepath. + +--- + +### METRICS_SERVER_ADDR + +- Name: `WOODPECKER_METRICS_SERVER_ADDR` +- Default: none + +Configures an unprotected metrics endpoint. An empty value disables the metrics endpoint completely. + +Example: `:9001` + +--- + +### ADMIN + +- Name: `WOODPECKER_ADMIN` +- Default: none + +Comma-separated list of admin accounts. + +Example: `WOODPECKER_ADMIN=user1,user2` + +--- + +### ORGS + +- Name: `WOODPECKER_ORGS` +- Default: none + +Comma-separated list of approved organizations. + +Example: `org1,org2` + +--- + +### REPO_OWNERS + +- Name: `WOODPECKER_REPO_OWNERS` +- Default: none + +Repositories by those owners will be allowed to be used in woodpecker. + +Example: `user1,user2` + +--- + +### OPEN + +- Name: `WOODPECKER_OPEN` +- Default: `false` + +Enable to allow user registration. + +--- + +### AUTHENTICATE_PUBLIC_REPOS + +- Name: `WOODPECKER_AUTHENTICATE_PUBLIC_REPOS` +- Default: `false` + +Always use authentication to clone repositories even if they are public. Needed if the forge requires to always authenticate as used by many companies. + +--- + +### DEFAULT_ALLOW_PULL_REQUESTS + +- Name: `WOODPECKER_DEFAULT_ALLOW_PULL_REQUESTS` +- Default: `true` + +The default setting for allowing pull requests on a repo. + +--- + +### DEFAULT_CANCEL_PREVIOUS_PIPELINE_EVENTS + +- Name: `WOODPECKER_DEFAULT_CANCEL_PREVIOUS_PIPELINE_EVENTS` +- Default: `pull_request, push` + +List of event names that will be canceled when a new pipeline for the same context (tag, branch) is created. + +--- + +### DEFAULT_CLONE_PLUGIN + +- Name: `WOODPECKER_DEFAULT_CLONE_PLUGIN` +- Default: `docker.io/woodpeckerci/plugin-git` + +The default docker image to be used when cloning the repo. + +It is also added to the trusted clone plugin list. + +### DEFAULT_WORKFLOW_LABELS + +- Name: `WOODPECKER_DEFAULT_WORKFLOW_LABELS` +- Default: none + +You can specify default label/platform conditions that will be used for agent selection for workflows that does not have labels conditions set. + +Example: `platform=linux/amd64,backend=docker` + +### DEFAULT_PIPELINE_TIMEOUT + +- Name: `WOODPECKER_DEFAULT_PIPELINE_TIMEOUT` +- Default: 60 + +The default time for a repo in minutes before a pipeline gets killed + +### MAX_PIPELINE_TIMEOUT + +- Name: `WOODPECKER_MAX_PIPELINE_TIMEOUT` +- Default: 120 + +The maximum time in minutes you can set in the repo settings before a pipeline gets killed + +--- + +### SESSION_EXPIRES + +- Name: `WOODPECKER_SESSION_EXPIRES` +- Default: `72h` + +Configures the session expiration time. +Context: when someone does log into Woodpecker, a temporary session token is created. +As long as the session is valid (until it expires or log-out), +a user can log into Woodpecker, without re-authentication. + +### PLUGINS_PRIVILEGED + +- Name: `WOODPECKER_PLUGINS_PRIVILEGED` +- Default: none + +Docker images to run in privileged mode. Only change if you are sure what you do! + +You should specify the tag of your images too, as this enforces exact matches. + +### PLUGINS_TRUSTED_CLONE + +- Name: `WOODPECKER_PLUGINS_TRUSTED_CLONE` +- Default: `docker.io/woodpeckerci/plugin-git,docker.io/woodpeckerci/plugin-git,quay.io/woodpeckerci/plugin-git` + +Plugins which are trusted to handle the Git credential info in clone steps. +If a clone step use an image not in this list, Git credentials will not be injected and users have to use other methods (e.g. secrets) to clone non-public repos. + +You should specify the tag of your images too, as this enforces exact matches. + + + +--- + +### DOCKER_CONFIG + +- Name: `WOODPECKER_DOCKER_CONFIG` +- Default: none + +Configures a specific private registry config for all pipelines. + +Example: `WOODPECKER_DOCKER_CONFIG=/home/user/.docker/config.json` + +--- + +### ENVIRONMENT + +- Name: `WOODPECKER_ENVIRONMENT` +- Default: none + +If you want specific environment variables to be available in all of your pipelines use the `WOODPECKER_ENVIRONMENT` setting on the Woodpecker server. Note that these can't overwrite any existing, built-in variables. + +Example: `WOODPECKER_ENVIRONMENT=first_var:value1,second_var:value2` + + + +--- + +### AGENT_SECRET + +- Name: `WOODPECKER_AGENT_SECRET` +- Default: none + +A shared secret used by server and agents to authenticate communication. A secret can be generated by `openssl rand -hex 32`. + +--- + +### AGENT_SECRET_FILE + +- Name: `WOODPECKER_AGENT_SECRET_FILE` +- Default: none + +Read the value for `WOODPECKER_AGENT_SECRET` from the specified filepath + +--- + +### DISABLE_USER_AGENT_REGISTRATION + +- Name: `WOODPECKER_DISABLE_USER_AGENT_REGISTRATION` +- Default: false + +By default, users can create new agents for their repos they have admin access to. +If an instance admin doesn't want this feature enabled, they can disable the API and hide the Web UI elements. + +:::note +You should set this option if you have, for example, +global secrets and don't trust your users to create a rogue agent and pipeline for secret extraction. +::: + +--- + +### KEEPALIVE_MIN_TIME + +- Name: `WOODPECKER_KEEPALIVE_MIN_TIME` +- Default: none + +Server-side enforcement policy on the minimum amount of time a client should wait before sending a keepalive ping. + +Example: `WOODPECKER_KEEPALIVE_MIN_TIME=10s` + +--- + +### DATABASE_DRIVER + +- Name: `WOODPECKER_DATABASE_DRIVER` +- Default: `sqlite3` + +The database driver name. Possible values are `sqlite3`, `mysql` or `postgres`. + +--- + +### DATABASE_DATASOURCE + +- Name: `WOODPECKER_DATABASE_DATASOURCE` +- Default: `woodpecker.sqlite` if not running inside a container, `/var/lib/woodpecker/woodpecker.sqlite` if running inside a container + +The database connection string. The default value is the path of the embedded SQLite database file. + +Example: + +```bash +# MySQL +# https://github.com/go-sql-driver/mysql#dsn-data-source-name +WOODPECKER_DATABASE_DATASOURCE=root:password@tcp(1.2.3.4:3306)/woodpecker?parseTime=true + +# PostgreSQL +# https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-CONNSTRING +WOODPECKER_DATABASE_DATASOURCE=postgres://root:password@1.2.3.4:5432/woodpecker?sslmode=disable +``` + +--- + +### DATABASE_DATASOURCE_FILE + +- Name: `WOODPECKER_DATABASE_DATASOURCE_FILE` +- Default: none + +Read the value for `WOODPECKER_DATABASE_DATASOURCE` from the specified filepath + +--- + +### PROMETHEUS_AUTH_TOKEN + +- Name: `WOODPECKER_PROMETHEUS_AUTH_TOKEN` +- Default: none + +Token to secure the Prometheus metrics endpoint. +Must be set to enable the endpoint. + +--- + +### PROMETHEUS_AUTH_TOKEN_FILE + +- Name: `WOODPECKER_PROMETHEUS_AUTH_TOKEN_FILE` +- Default: none + +Read the value for `WOODPECKER_PROMETHEUS_AUTH_TOKEN` from the specified filepath + +--- + +### STATUS_CONTEXT + +- Name: `WOODPECKER_STATUS_CONTEXT` +- Default: `ci/woodpecker` + +Context prefix Woodpecker will use to publish status messages to SCM. You probably will only need to change it if you run multiple Woodpecker instances for a single repository. + +--- + +### STATUS_CONTEXT_FORMAT + +- Name: `WOODPECKER_STATUS_CONTEXT_FORMAT` +- Default: `{{ .context }}/{{ .event }}/{{ .workflow }}{{if not (eq .axis_id 0)}}/{{.axis_id}}{{end}}` + +Template for the status messages published to forges, uses [Go templates](https://pkg.go.dev/text/template) as template language. +Supported variables: + +- `context`: Woodpecker's context (see `WOODPECKER_STATUS_CONTEXT`) +- `event`: the event which started the pipeline +- `workflow`: the workflow's name +- `owner`: the repo's owner +- `repo`: the repo's name + +--- + +--- + +### CONFIG_SERVICE_ENDPOINT + +- Name: `WOODPECKER_CONFIG_SERVICE_ENDPOINT` +- Default: none + +Specify a configuration service endpoint, see [Configuration Extension](#external-configuration-api) + +--- + +### FORGE_TIMEOUT + +- Name: `WOODPECKER_FORGE_TIMEOUT` +- Default: 5s + +Specify timeout when fetching the Woodpecker configuration from forge. See for syntax reference. + +--- + +### FORGE_RETRY + +- Name: `WOODPECKER_FORGE_RETRY` +- Default: 3 + +Specify how many retries of fetching the Woodpecker configuration from a forge are done before we fail. + +--- + +### ENABLE_SWAGGER + +- Name: `WOODPECKER_ENABLE_SWAGGER` +- Default: true + +Enable the Swagger UI for API documentation. + +--- + +### DISABLE_VERSION_CHECK + +- Name: `WOODPECKER_DISABLE_VERSION_CHECK` +- Default: false + +Disable version check in admin web UI. + +--- + +### LOG_STORE + +- Name: `WOODPECKER_LOG_STORE` +- Default: `database` + +Where to store logs. Possible values: `database` or `file`. + +--- + +### LOG_STORE_FILE_PATH + +- Name: `WOODPECKER_LOG_STORE_FILE_PATH` +- Default: none + +Directory to store logs in if [`WOODPECKER_LOG_STORE`](#log_store) is `file`. + +--- + +### GITHUB\_\* + +See [GitHub configuration](./12-forges/20-github.md#configuration) + +--- + +### GITEA\_\* + +See [Gitea configuration](./12-forges/30-gitea.md#configuration) + +--- + +### BITBUCKET\_\* + +See [Bitbucket configuration](./12-forges/50-bitbucket.md#configuration) + +--- + +### GITLAB\_\* + +See [GitLab configuration](./12-forges/40-gitlab.md#configuration) diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/11-backends/10-docker.md b/docs/versioned_docs/version-3.4/30-administration/10-configuration/11-backends/10-docker.md new file mode 100644 index 000000000..1885258f8 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/11-backends/10-docker.md @@ -0,0 +1,150 @@ +--- +toc_max_heading_level: 2 +--- + +# Docker + +This is the original backend used with Woodpecker. The docker backend executes each step inside a separate container started on the agent. + +## Private registries + +Woodpecker supports [Docker credentials](https://github.com/docker/docker-credential-helpers) to securely store registry credentials. Install your corresponding credential helper and configure it in your Docker config file passed via [`WOODPECKER_DOCKER_CONFIG`](../10-server.md#docker_config). + +To add your credential helper to the Woodpecker server container you could use the following code to build a custom image: + +```dockerfile +FROM woodpeckerci/woodpecker-server:latest-alpine + +RUN apk add -U --no-cache docker-credential-ecr-login +``` + +## Step specific configuration + +### Run user + +By default the docker backend starts the step container without the `--user` flag. This means the step container will use the default user of the container. To change this behavior you can set the `user` backend option to the preferred user/group: + +```yaml +steps: + - name: example + image: alpine + commands: + - whoami + backend_options: + docker: + user: 65534:65534 +``` + +The syntax is the same as the [docker run](https://docs.docker.com/engine/reference/run/#user) `--user` flag. + +## Tips and tricks + +### Image cleanup + +The agent **will not** automatically remove images from the host. This task should be managed by the host system. For example, you can use a cron job to periodically do clean-up tasks for the CI runner. + +:::danger +The following commands **are destructive** and **irreversible** it is highly recommended that you test these commands on your system before running them in production via a cron job or other automation. +::: + +- Remove all unused images + + + + ```bash + docker image rm $(docker images --filter "dangling=true" -q --no-trunc) + ``` + +- Remove Woodpecker volumes + + ```bash + docker volume rm $(docker volume ls --filter name=^wp_* --filter dangling=true -q) + ``` + +### Podman + +There is no official support for Podman, but one can try to set the environment variable `DOCKER_HOST` to point to the Podman socket. It might work. See also the [Blog posts](https://woodpecker-ci.org/blog). + +## Environment variables + +### BACKEND_DOCKER_NETWORK + +- Name: `WOODPECKER_BACKEND_DOCKER_NETWORK` +- Default: none + +Set to the name of an existing network which will be attached to all your pipeline containers (steps). Please be careful as this allows the containers of different pipelines to access each other! + +--- + +### BACKEND_DOCKER_ENABLE_IPV6 + +- Name: `WOODPECKER_BACKEND_DOCKER_ENABLE_IPV6` +- Default: `false` + +Enable IPv6 for the networks used by pipeline containers (steps). Make sure you configured your docker daemon to support IPv6. + +--- + +### BACKEND_DOCKER_VOLUMES + +- Name: `WOODPECKER_BACKEND_DOCKER_VOLUMES` +- Default: none + +List of default volumes separated by comma to be mounted to all pipeline containers (steps). For example to use custom CA +certificates installed on host and host timezone use `/etc/ssl/certs:/etc/ssl/certs:ro,/etc/timezone:/etc/timezone`. + +--- + +### BACKEND_DOCKER_LIMIT_MEM_SWAP + +- Name: `WOODPECKER_BACKEND_DOCKER_LIMIT_MEM_SWAP` +- Default: `0` + +The maximum amount of memory a single pipeline container is allowed to swap to disk, configured in bytes. There is no limit if `0`. + +--- + +### BACKEND_DOCKER_LIMIT_MEM + +- Name: `WOODPECKER_BACKEND_DOCKER_LIMIT_MEM` +- Default: `0` + +The maximum amount of memory a single pipeline container can use, configured in bytes. There is no limit if `0`. + +--- + +### BACKEND_DOCKER_LIMIT_SHM_SIZE + +- Name: `WOODPECKER_BACKEND_DOCKER_LIMIT_SHM_SIZE` +- Default: `0` + +The maximum amount of memory of `/dev/shm` allowed in bytes. There is no limit if `0`. + +--- + +### BACKEND_DOCKER_LIMIT_CPU_QUOTA + +- Name: `WOODPECKER_BACKEND_DOCKER_LIMIT_CPU_QUOTA` +- Default: `0` + +The number of microseconds per CPU period that the container is limited to before throttled. There is no limit if `0`. + +--- + +### BACKEND_DOCKER_LIMIT_CPU_SHARES + +- Name: `WOODPECKER_BACKEND_DOCKER_LIMIT_CPU_SHARES` +- Default: `0` + +The relative weight vs. other containers. + +--- + +### BACKEND_DOCKER_LIMIT_CPU_SET + +- Name: `WOODPECKER_BACKEND_DOCKER_LIMIT_CPU_SET` +- Default: none + +Comma-separated list to limit the specific CPUs or cores a pipeline container can use. + +Example: `WOODPECKER_BACKEND_DOCKER_LIMIT_CPU_SET=1,2` diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/11-backends/20-kubernetes.md b/docs/versioned_docs/version-3.4/30-administration/10-configuration/11-backends/20-kubernetes.md new file mode 100644 index 000000000..cfd76a779 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/11-backends/20-kubernetes.md @@ -0,0 +1,383 @@ +--- +toc_max_heading_level: 2 +--- + +# Kubernetes + +The Kubernetes backend executes steps inside standalone Pods. A temporary PVC is created for the lifetime of the pipeline to transfer files between steps. + +## Private registries + +In addition to [registries specified in the UI](../../../20-usage/41-registries.md), you may provide [registry credentials in Kubernetes Secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) to pull private container images defined in your pipeline YAML. + +Place these Secrets in namespace defined by `WOODPECKER_BACKEND_K8S_NAMESPACE` and provide the Secret names to Agents via `WOODPECKER_BACKEND_K8S_PULL_SECRET_NAMES`. + +## Step specific configuration + +### Resources + +The Kubernetes backend also allows for specifying requests and limits on a per-step basic, most commonly for CPU and memory. +We recommend to add a `resources` definition to all steps to ensure efficient scheduling. + +Here is an example definition with an arbitrary `resources` definition below the `backend_options` section: + +```yaml +steps: + - name: 'My kubernetes step' + image: alpine + commands: + - echo "Hello world" + backend_options: + kubernetes: + resources: + requests: + memory: 200Mi + cpu: 100m + limits: + memory: 400Mi + cpu: 1000m +``` + +You can use [Limit Ranges](https://kubernetes.io/docs/concepts/policy/limit-range/) if you want to set the limits by per-namespace basis. + +### Runtime class + +`runtimeClassName` specifies the name of the RuntimeClass which will be used to run this Pod. If no `runtimeClassName` is specified, the default RuntimeHandler will be used. +See the [Kubernetes documentation](https://kubernetes.io/docs/concepts/containers/runtime-class/) for more information on specifying runtime classes. + +### Service account + +`serviceAccountName` specifies the name of the ServiceAccount which the Pod will mount. This service account must be created externally. +See the [Kubernetes documentation](https://kubernetes.io/docs/concepts/security/service-accounts/) for more information on using service accounts. + +```yaml +steps: + - name: 'My kubernetes step' + image: alpine + commands: + - echo "Hello world" + backend_options: + kubernetes: + # Use the service account `default` in the current namespace. + # This usually the same as wherever woodpecker is deployed. + serviceAccountName: default +``` + +To give steps access to the Kubernetes API via service account, take a look at [RBAC Authorization](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) + +### Node selector + +`nodeSelector` specifies the labels which are used to select the node on which the step will be executed. + +Labels defined here will be appended to a list which already contains `"kubernetes.io/arch"`. +By default `"kubernetes.io/arch"` is inferred from the agents' platform. One can override it by setting that label in the `nodeSelector` section of the `backend_options`. +Without a manual overwrite, builds will be randomly assigned to the runners and inherit their respective architectures. + +To overwrite this, one needs to set the label in the `nodeSelector` section of the `backend_options`. +A practical example for this is when running a matrix-build and delegating specific elements of the matrix to run on a specific architecture. +In this case, one must define an arbitrary key in the matrix section of the respective matrix element: + +```yaml +matrix: + include: + - NAME: runner1 + ARCH: arm64 +``` + +And then overwrite the `nodeSelector` in the `backend_options` section of the step(s) using the name of the respective env var: + +```yaml +[...] + backend_options: + kubernetes: + nodeSelector: + kubernetes.io/arch: "${ARCH}" +``` + +You can use [WOODPECKER_BACKEND_K8S_POD_NODE_SELECTOR](#backend_k8s_pod_node_selector) if you want to set the node selector per Agent +or [PodNodeSelector](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#podnodeselector) admission controller if you want to set the node selector by per-namespace basis. + +### Tolerations + +When you use `nodeSelector` and the node pool is configured with Taints, you need to specify the Tolerations. Tolerations allow the scheduler to schedule Pods with matching taints. +See the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information on using tolerations. + +Example pipeline configuration: + +```yaml +steps: + - name: build + image: golang + commands: + - go get + - go build + - go test + backend_options: + kubernetes: + serviceAccountName: 'my-service-account' + resources: + requests: + memory: 128Mi + cpu: 1000m + limits: + memory: 256Mi + nodeSelector: + beta.kubernetes.io/instance-type: Standard_D2_v3 + tolerations: + - key: 'key1' + operator: 'Equal' + value: 'value1' + effect: 'NoSchedule' + tolerationSeconds: 3600 +``` + +### Volumes + +To mount volumes a PersistentVolume (PV) and PersistentVolumeClaim (PVC) are needed on the cluster which can be referenced in steps via the `volumes` option. + +Persistent volumes must be created manually. Use the Kubernetes [Persistent Volumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) documentation as a reference. + +_If your PVC is not highly available or NFS-based, you may also need to integrate affinity settings to ensure that your steps are executed on the correct node._ + +NOTE: If you plan to use this volume in more than one workflow concurrently, make sure you have configured the PVC in `RWX` mode. Keep in mind that this feature must be supported by the used CSI driver: + +```yaml +accessModes: + - ReadWriteMany +``` + +Assuming a PVC named `woodpecker-cache` exists, it can be referenced as follows in a plugin step: + +```yaml +steps: + - name: "Restore Cache" + image: meltwater/drone-cache + volumes: + - woodpecker-cache:/woodpecker/src/cache + settings: + mount: + - "woodpecker-cache" + [...] +``` + +Or as follows when using a normal image: + +```yaml +steps: + - name: "Edit cache" + image: alpine:latest + volumes: + - woodpecker-cache:/woodpecker/src/cache + commands: + - echo "Hello World" > /woodpecker/src/cache/output.txt + [...] +``` + +### Security context + +Use the following configuration to set the [Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the Pod/container running a given pipeline step: + +```yaml +steps: + - name: test + image: alpine + commands: + - echo Hello world + backend_options: + kubernetes: + securityContext: + runAsUser: 999 + runAsGroup: 999 + privileged: true + [...] +``` + +Note that the `backend_options.kubernetes.securityContext` object allows you to set both Pod and container level security context options in one object. +By default, the properties will be set at the Pod level. Properties that are only supported on the container level will be set there instead. So, the +configuration shown above will result in something like the following Pod spec: + + + +```yaml +kind: Pod +spec: + securityContext: + runAsUser: 999 + runAsGroup: 999 + containers: + - name: wp-01hcd83q7be5ymh89k5accn3k6-0-step-0 + image: alpine + securityContext: + privileged: true + [...] +``` + + + +You can also restrict a syscalls of containers with [seccomp](https://kubernetes.io/docs/tutorials/security/seccomp/) profile. + +```yaml +backend_options: + kubernetes: + securityContext: + seccompProfile: + type: Localhost + localhostProfile: profiles/audit.json +``` + +or restrict a container's access to resources by specifying [AppArmor](https://kubernetes.io/docs/tutorials/security/apparmor/) profile + +```yaml +backend_options: + kubernetes: + securityContext: + apparmorProfile: + type: Localhost + localhostProfile: k8s-apparmor-example-deny-write +``` + +:::note +The feature requires Kubernetes v1.30 or above. +::: + +### Annotations and labels + +You can specify arbitrary [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) and [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) to be set on the Pod definition for a given workflow step using the following configuration: + +```yaml +backend_options: + kubernetes: + annotations: + workflow-group: alpha + io.kubernetes.cri-o.Devices: /dev/fuse + labels: + environment: ci + app.kubernetes.io/name: builder +``` + +In order to enable this configuration you need to set the appropriate environment variables to `true` on the woodpecker agent: +[WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS_ALLOW_FROM_STEP](#backend_k8s_pod_annotations_allow_from_step) and/or [WOODPECKER_BACKEND_K8S_POD_LABELS_ALLOW_FROM_STEP](#backend_k8s_pod_labels_allow_from_step). + +## Tips and tricks + +### CRI-O + +CRI-O users currently need to configure the workspace for all workflows in order for them to run correctly. Add the following at the beginning of your configuration: + +```yaml +workspace: + base: '/woodpecker' + path: '/' +``` + +See [this issue](https://github.com/woodpecker-ci/woodpecker/issues/2510) for more details. + +### `KUBERNETES_SERVICE_HOST` environment variable + +Like the below env vars used for configuration, this can be set in the environment for configuration of the agent. +It configures the address of the Kubernetes API server to connect to. + +If running the agent within Kubernetes, this will already be set and you don't have to add it manually. + +## Environment variables + +These env vars can be set in the `env:` sections of the agent. + +--- + +### BACKEND_K8S_NAMESPACE + +- Name: `WOODPECKER_BACKEND_K8S_NAMESPACE` +- Default: `woodpecker` + +The namespace to create worker Pods in. + +--- + +### BACKEND_K8S_VOLUME_SIZE + +- Name: `WOODPECKER_BACKEND_K8S_VOLUME_SIZE` +- Default: `10G` + +The volume size of the pipeline volume. + +--- + +### BACKEND_K8S_STORAGE_CLASS + +- Name: `WOODPECKER_BACKEND_K8S_STORAGE_CLASS` +- Default: none + +The storage class to use for the pipeline volume. + +--- + +### BACKEND_K8S_STORAGE_RWX + +- Name: `WOODPECKER_BACKEND_K8S_STORAGE_RWX` +- Default: `true` + +Determines if `RWX` should be used for the pipeline volume's [access mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes). If false, `RWO` is used instead. + +--- + +### BACKEND_K8S_POD_LABELS + +- Name: `WOODPECKER_BACKEND_K8S_POD_LABELS` +- Default: none + +Additional labels to apply to worker Pods. Must be a YAML object, e.g. `{"example.com/test-label":"test-value"}`. + +--- + +### BACKEND_K8S_POD_LABELS_ALLOW_FROM_STEP + +- Name: `WOODPECKER_BACKEND_K8S_POD_LABELS_ALLOW_FROM_STEP` +- Default: `false` + +Determines if additional Pod labels can be defined from a step's backend options. + +--- + +### BACKEND_K8S_POD_ANNOTATIONS + +- Name: `WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS` +- Default: none + +Additional annotations to apply to worker Pods. Must be a YAML object, e.g. `{"example.com/test-annotation":"test-value"}`. + +--- + +### BACKEND_K8S_POD_ANNOTATIONS_ALLOW_FROM_STEP + +- Name: `WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS_ALLOW_FROM_STEP` +- Default: `false` + +Determines if Pod annotations can be defined from a step's backend options. + +--- + +### BACKEND_K8S_POD_NODE_SELECTOR + +- Name: `WOODPECKER_BACKEND_K8S_POD_NODE_SELECTOR` +- Default: none + +Additional node selector to apply to worker pods. Must be a YAML object, e.g. `{"topology.kubernetes.io/region":"eu-central-1"}`. + +--- + +### BACKEND_K8S_SECCTX_NONROOT + +- Name: `WOODPECKER_BACKEND_K8S_SECCTX_NONROOT` +- Default: `false` + +Determines if containers must be required to run as non-root users. + +--- + +### BACKEND_K8S_PULL_SECRET_NAMES + +- Name: `WOODPECKER_BACKEND_K8S_PULL_SECRET_NAMES` +- Default: none + +Secret names to pull images from private repositories. See, how to [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/11-backends/30-local.md b/docs/versioned_docs/version-3.4/30-administration/10-configuration/11-backends/30-local.md new file mode 100644 index 000000000..fe5f66149 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/11-backends/30-local.md @@ -0,0 +1,62 @@ +--- +toc_max_heading_level: 2 +--- + +# Local + +:::danger +The local backend executes pipelines on the local system without any isolation. +::: + +:::note +Currently we do not support [services](../../../20-usage/60-services.md) for this backend. +[Read more here](https://github.com/woodpecker-ci/woodpecker/issues/3095). +::: + +Since the commands run directly in the same context as the agent (same user, same +filesystem), a malicious pipeline could be used to access the agent +configuration especially the `WOODPECKER_AGENT_SECRET` variable. + +It is recommended to use this backend only for private setup where the code and +pipeline can be trusted. It should not be used in a public instance where +anyone can submit code or add new repositories. The agent should not run as a privileged user (root). + +The local backend will use a random directory in `$TMPDIR` to store the cloned +code and execute commands. + +In order to use this backend, you need to download (or build) the +[agent](https://github.com/woodpecker-ci/woodpecker/releases/latest), configure it and run it on the host machine. + +## Step specific configuration + +### Shell + +The `image` entrypoint is used to specify the shell, such as `bash` or `fish`, that is +used to run the commands. + +```yaml title=".woodpecker.yaml" +steps: + - name: build + image: bash + commands: [...] +``` + +### Plugins + +```yaml +steps: + - name: build + image: /usr/bin/tree +``` + +If no commands are provided, plugins are treated in the usual manner. +In the context of the local backend, plugins are simply executable binaries, which can be located using their name if they are listed in `$PATH`, or through an absolute path. + +## Environment variables + +### BACKEND_LOCAL_TEMP_DIR + +- Name: `WOODPECKER_BACKEND_LOCAL_TEMP_DIR` +- Default: default temp directory + +Directory to create folders for workflows. diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/11-backends/50-custom.md b/docs/versioned_docs/version-3.4/30-administration/10-configuration/11-backends/50-custom.md new file mode 100644 index 000000000..fdea0a1d6 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/11-backends/50-custom.md @@ -0,0 +1,18 @@ +# Custom + +If none of our backends fit your use case, you can write your own. To do this, implement the interface `“go.woodpecker-ci.org/woodpecker/woodpecker/v3/pipeline/backend/types”.backend` and create a custom agent that uses your backend: + +```go +package main + +import ( + "go.woodpecker-ci.org/woodpecker/v3/cmd/agent/core" + backendTypes "go.woodpecker-ci.org/woodpecker/v3/pipeline/backend/types" +) + +func main() { + core.RunAgent([]backendTypes.Backend{ + yourBackend, + }) +} +``` diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/11-backends/_category_.yaml b/docs/versioned_docs/version-3.4/30-administration/10-configuration/11-backends/_category_.yaml new file mode 100644 index 000000000..556444f02 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/11-backends/_category_.yaml @@ -0,0 +1,4 @@ +label: 'Backends' +# position: 3 +collapsible: true +collapsed: true diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/100-addon.md b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/100-addon.md new file mode 100644 index 000000000..2434fee06 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/100-addon.md @@ -0,0 +1,70 @@ +# Custom + +If the forge you are using does not meet the [Woodpecker requirements](../../../92-development/02-core-ideas.md#forges) or your setup is too specific to be included in the Woodpecker core, you can write an addon forge. + +:::warning +Addon forges are still experimental. Their implementation can change and break at any time. +::: + +:::danger +You must trust the author of the addon forge you are using. They may have access to authentication codes and other potentially sensitive information. +::: + +## Usage + +To use an addon forge, download the correct addon version. Then, you can add the following to your configuration: + +```ini +WOODPECKER_ADDON_FORGE=/path/to/your/addon/forge/file +``` + +In case you run Woodpecker as container, you probably want to mount the addon binary to `/opt/addons/`. + +### Bug reports + +If you experience bugs, please check which component has the issue. If it's the addon, **do not raise an issue in the main repository**, but rather use the separate addon repositories. To check which component is responsible for the bug, look at the logs. Logs from addons are marked with a special field `addon` containing their addon file name. + +## List of addon forges + +- [Radicle](https://radicle.xyz/): Open source, peer-to-peer code collaboration stack built on Git. Radicle addon for Woodpecker CI can be found at [this repo](https://explorer.radicle.gr/nodes/seed.radicle.gr/rad:z39Cf1XzrvCLRZZJRUZnx9D1fj5ws). + +## Creating addon forges + +Addons use RPC to communicate to the server and are implemented using the [`go-plugin` library](https://github.com/hashicorp/go-plugin). + +### Writing your code + +This example will use the Go language. + +Directly import Woodpecker's Go packages (`go.woodpecker-ci.org/woodpecker/v3`) and use the interfaces and types defined there. + +In the `main` function, just call `"go.woodpecker-ci.org/woodpecker/v3/server/forge/addon".Serve` with a `"go.woodpecker-ci.org/woodpecker/v3/server/forge".Forge` as argument. +This will take care of connecting the addon forge to the server. + +:::note +It is not possible to access global variables from Woodpecker, for example the server configuration. You must therefore parse the environment variables in your addon. The reason for this is that the addon runs in a completely separate process. +::: + +### Example structure + +```go +package main + +import ( + "context" + "net/http" + + "go.woodpecker-ci.org/woodpecker/v3/server/forge/addon" + forgeTypes "go.woodpecker-ci.org/woodpecker/v3/server/forge/types" + "go.woodpecker-ci.org/woodpecker/v3/server/model" +) + +func main() { + addon.Serve(config{}) +} + +type config struct { +} + +// `config` must implement `"go.woodpecker-ci.org/woodpecker/v3/server/forge".Forge`. You must directly use Woodpecker's packages - see imports above. +``` diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/11-overview.md b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/11-overview.md new file mode 100644 index 000000000..701a7a489 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/11-overview.md @@ -0,0 +1,15 @@ +# Forges + +## Supported features + +| Feature | [GitHub](20-github.md) | [Gitea](30-gitea.md) | [Forgejo](35-forgejo.md) | [Gitlab](40-gitlab.md) | [Bitbucket](50-bitbucket.md) | [Bitbucket Datacenter](60-bitbucket_datacenter.md) | +| ---------------------------------------------------------------- | :--------------------: | :------------------: | :----------------------: | :--------------------: | :--------------------------: | :------------------------------------------------: | +| Event: Push | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| Event: Tag | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| Event: Pull-Request | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| Event: Release | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | +| Event: Deploy¹ | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | +| [Multiple workflows](../../../20-usage/25-workflows.md) | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| [when.path filter](../../../20-usage/20-workflow-syntax.md#path) | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | + +¹ The deployment event can be triggered for all forges from Woodpecker directly. However, only GitHub can trigger them using webhooks. diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/20-github.md b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/20-github.md new file mode 100644 index 000000000..fd360b724 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/20-github.md @@ -0,0 +1,116 @@ +--- +toc_max_heading_level: 2 +--- + +# GitHub + +Woodpecker comes with built-in support for GitHub and GitHub Enterprise. +To use Woodpecker with GitHub the following environment variables should be set for the server component: + +```ini +WOODPECKER_GITHUB=true +WOODPECKER_GITHUB_CLIENT=YOUR_GITHUB_CLIENT_ID +WOODPECKER_GITHUB_SECRET=YOUR_GITHUB_CLIENT_SECRET +``` + +You will get these values from GitHub when you register your OAuth application. +To do so, go to Settings -> Developer Settings -> GitHub Apps -> New Oauth2 App. + +:::warning +Do not use a "GitHub App" instead of an Oauth2 app as the former will not work correctly with Woodpecker right now (because user access tokens are not being refreshed automatically) +::: + +## App Settings + +- Name: An arbitrary name for your App +- Homepage URL: The URL of your Woodpecker instance +- Callback URL: `https:///authorize` +- (optional) Upload the Woodpecker Logo: + +## Client Secret Creation + +After your App has been created, you can generate a client secret. +Use this one for the `WOODPECKER_GITHUB_SECRET` environment variable. + +## Configuration + +This is a full list of configuration options. Please note that many of these options use default configuration values that should work for the majority of installations. + +--- + +### GITHUB + +- Name: `WOODPECKER_GITHUB` +- Default: `false` + +Enables the GitHub driver. + +--- + +### GITHUB_URL + +- Name: `WOODPECKER_GITHUB_URL` +- Default: `https://github.com` + +Configures the GitHub server address. + +--- + +### GITHUB_CLIENT + +- Name: `WOODPECKER_GITHUB_CLIENT` +- Default: none + +Configures the GitHub OAuth client id to authorize access. + +--- + +### GITHUB_CLIENT_FILE + +- Name: `WOODPECKER_GITHUB_CLIENT_FILE` +- Default: none + +Read the value for `WOODPECKER_GITHUB_CLIENT` from the specified filepath. + +--- + +### GITHUB_SECRET + +- Name: `WOODPECKER_GITHUB_SECRET` +- Default: none + +Configures the GitHub OAuth client secret. This is used to authorize access. + +--- + +### GITHUB_SECRET_FILE + +- Name: `WOODPECKER_GITHUB_SECRET_FILE` +- Default: none + +Read the value for `WOODPECKER_GITHUB_SECRET` from the specified filepath. + +--- + +### GITHUB_MERGE_REF + +- Name: `WOODPECKER_GITHUB_MERGE_REF` +- Default: `true` + +--- + +### GITHUB_SKIP_VERIFY + +- Name: `WOODPECKER_GITHUB_SKIP_VERIFY` +- Default: `false` + +Configure if SSL verification should be skipped. + +--- + +### GITHUB_PUBLIC_ONLY + +- Name: `WOODPECKER_GITHUB_PUBLIC_ONLY` +- Default: `false` + +Configures the GitHub OAuth client to only obtain a token that can manage public repositories. diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/30-gitea.md b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/30-gitea.md new file mode 100644 index 000000000..ad2f92e62 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/30-gitea.md @@ -0,0 +1,118 @@ +--- +toc_max_heading_level: 2 +--- + +# Gitea + +Woodpecker comes with built-in support for Gitea. To enable Gitea you should configure the Woodpecker container using the following environment variables: + +```ini +WOODPECKER_GITEA=true +WOODPECKER_GITEA_URL=YOUR_GITEA_URL +WOODPECKER_GITEA_CLIENT=YOUR_GITEA_CLIENT +WOODPECKER_GITEA_SECRET=YOUR_GITEA_CLIENT_SECRET +``` + +## Gitea on the same host with containers + +If you have Gitea also running on the same host within a container, make sure the agent does have access to it. +The agent tries to clone using the URL which Gitea reports through its API. For simplified connectivity, you should add the Woodpecker agent to the same docker network as Gitea is in. +Otherwise, the communication should go via the `docker0` gateway (usually 172.17.0.1). + +To configure the Docker network if the network's name is `gitea`, configure it like this: + +```diff title="docker-compose.yaml" + services: + [...] + woodpecker-agent: + [...] + environment: + - [...] ++ - WOODPECKER_BACKEND_DOCKER_NETWORK=gitea +``` + +## Registration + +Register your application with Gitea to create your client id and secret. You can find the OAuth applications settings of Gitea at `https://gitea./user/settings/`. It is very important that authorization callback URL matches your http(s) scheme and hostname exactly with `https:///authorize` as the path. + +If you run the Woodpecker CI server on the same host as the Gitea instance, you might also need to allow local connections in Gitea, since version `v1.16`. Otherwise webhooks will fail. Add the following lines to your Gitea configuration (usually at `/etc/gitea/conf/app.ini`). + +```ini +[webhook] +ALLOWED_HOST_LIST=external,loopback +``` + +For reference see [Configuration Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/#webhook-webhook). + +![gitea oauth setup](gitea_oauth.gif) + +:::warning +Make sure your Gitea configuration allows requesting the API with a fixed page length of 50. The default value for the maximum page size is 50, but if you set a value lower than 50, some Woodpecker features will not work properly. Also see the [Configuration Cheat Sheet](https://docs.gitea.com/administration/config-cheat-sheet#api-api). +::: + +## Configuration + +This is a full list of configuration options. Please note that many of these options use default configuration values that should work for the majority of installations. + +--- + +### GITEA + +- Name: `WOODPECKER_GITEA` +- Default: `false` + +Enables the Gitea driver. + +--- + +### GITEA_URL + +- Name: `WOODPECKER_GITEA_URL` +- Default: `https://try.gitea.io` + +Configures the Gitea server address. + +--- + +### GITEA_CLIENT + +- Name: `WOODPECKER_GITEA_CLIENT` +- Default: none + +Configures the Gitea OAuth client id. This is used to authorize access. + +--- + +### GITEA_CLIENT_FILE + +- Name: `WOODPECKER_GITEA_CLIENT_FILE` +- Default: none + +Read the value for `WOODPECKER_GITEA_CLIENT` from the specified filepath + +--- + +### GITEA_SECRET + +- Name: `WOODPECKER_GITEA_SECRET` +- Default: none + +Configures the Gitea OAuth client secret. This is used to authorize access. + +--- + +### GITEA_SECRET_FILE + +- Name: `WOODPECKER_GITEA_SECRET_FILE` +- Default: none + +Read the value for `WOODPECKER_GITEA_SECRET` from the specified filepath + +--- + +### GITEA_SKIP_VERIFY + +- Name: `WOODPECKER_GITEA_SKIP_VERIFY` +- Default: `false` + +Configure if SSL verification should be skipped. diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/35-forgejo.md b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/35-forgejo.md new file mode 100644 index 000000000..bd45c2aac --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/35-forgejo.md @@ -0,0 +1,118 @@ +--- +toc_max_heading_level: 2 +--- + +# Forgejo + +Woodpecker comes with built-in support for Forgejo. To enable Forgejo you should configure the Woodpecker container using the following environment variables: + +```ini +WOODPECKER_FORGEJO=true +WOODPECKER_FORGEJO_URL=YOUR_FORGEJO_URL +WOODPECKER_FORGEJO_CLIENT=YOUR_FORGEJO_CLIENT +WOODPECKER_FORGEJO_SECRET=YOUR_FORGEJO_CLIENT_SECRET +``` + +## Forgejo on the same host with containers + +If you have Forgejo also running on the same host within a container, make sure the agent does have access to it. +The agent tries to clone using the URL which Forgejo reports through its API. For simplified connectivity, you should add the Woodpecker agent to the same docker network as Forgejo is in. +Otherwise, the communication should go via the `docker0` gateway (usually 172.17.0.1). + +To configure the Docker network if the network's name is `forgejo`, configure it like this: + +```diff title="docker-compose.yaml" + services: + [...] + woodpecker-agent: + [...] + environment: + - [...] ++ - WOODPECKER_BACKEND_DOCKER_NETWORK=forgejo +``` + +## Registration + +Register your application with Forgejo to create your client id and secret. You can find the OAuth applications settings of Forgejo at `https://forgejo./user/settings/`. It is very important that authorization callback URL matches your http(s) scheme and hostname exactly with `https:///authorize` as the path. + +If you run the Woodpecker CI server on the same host as the Forgejo instance, you might also need to allow local connections in Forgejo. Otherwise webhooks will fail. Add the following lines to your Forgejo configuration (usually at `/etc/forgejo/conf/app.ini`). + +```ini +[webhook] +ALLOWED_HOST_LIST=external,loopback +``` + +For reference see [Configuration Cheat Sheet](https://forgejo.org/docs/latest/admin/config-cheat-sheet/#webhook-webhook). + +![forgejo oauth setup](gitea_oauth.gif) + +:::warning +Make sure your Forgejo configuration allows requesting the API with a fixed page length of 50. The default value for the maximum page size is 50, but if you set a value lower than 50, some Woodpecker features will not work properly. Also see the [Configuration Cheat Sheet](https://forgejo.org/docs/latest/admin/config-cheat-sheet/#api-api). +::: + +## Configuration + +This is a full list of configuration options. Please note that many of these options use default configuration values that should work for the majority of installations. + +--- + +### FORGEJO + +- Name: `WOODPECKER_FORGEJO` +- Default: `false` + +Enables the Forgejo driver. + +--- + +### FORGEJO_URL + +- Name: `WOODPECKER_FORGEJO_URL` +- Default: `https://next.forgejo.org` + +Configures the Forgejo server address. + +--- + +### FORGEJO_CLIENT + +- Name: `WOODPECKER_FORGEJO_CLIENT` +- Default: none + +Configures the Forgejo OAuth client id. This is used to authorize access. + +--- + +### FORGEJO_CLIENT_FILE + +- Name: `WOODPECKER_FORGEJO_CLIENT_FILE` +- Default: none + +Read the value for `WOODPECKER_FORGEJO_CLIENT` from the specified filepath + +--- + +### FORGEJO_SECRET + +- Name: `WOODPECKER_FORGEJO_SECRET` +- Default: none + +Configures the Forgejo OAuth client secret. This is used to authorize access. + +--- + +### FORGEJO_SECRET_FILE + +- Name: `WOODPECKER_FORGEJO_SECRET_FILE` +- Default: none + +Read the value for `WOODPECKER_FORGEJO_SECRET` from the specified filepath + +--- + +### FORGEJO_SKIP_VERIFY + +- Name: `WOODPECKER_FORGEJO_SKIP_VERIFY` +- Default: `false` + +Configure if SSL verification should be skipped. diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/40-gitlab.md b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/40-gitlab.md new file mode 100644 index 000000000..896030e33 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/40-gitlab.md @@ -0,0 +1,89 @@ +--- +toc_max_heading_level: 2 +--- + +# GitLab + +Woodpecker comes with built-in support for the GitLab version 12.4 and higher. To enable GitLab you should configure the Woodpecker container using the following environment variables: + +```ini +WOODPECKER_GITLAB=true +WOODPECKER_GITLAB_URL=http://gitlab.mycompany.com +WOODPECKER_GITLAB_CLIENT=95c0282573633eb25e82 +WOODPECKER_GITLAB_SECRET=30f5064039e6b359e075 +``` + +## Registration + +You must register your application with GitLab in order to generate a Client and Secret. Navigate to your account settings and choose Applications from the menu, and click New Application. + +Please use `http://woodpecker.mycompany.com/authorize` as the Authorization callback URL. Grant `api` scope to the application. + +If you run the Woodpecker CI server on a private IP (RFC1918) or use a non standard TLD (e.g. `.local`, `.intern`) with your GitLab instance, you might also need to allow local connections in GitLab, otherwise API requests will fail. In GitLab, navigate to the Admin dashboard, then go to `Settings > Network > Outbound requests` and enable `Allow requests to the local network from web hooks and services`. + +## Configuration + +This is a full list of configuration options. Please note that many of these options use default configuration values that should work for the majority of installations. + +--- + +### GITLAB + +- Name: `WOODPECKER_GITLAB` +- Default: `false` + +Enables the GitLab driver. + +--- + +### GITLAB_URL + +- Name: `WOODPECKER_GITLAB_URL` +- Default: `https://gitlab.com` + +Configures the GitLab server address. + +--- + +### GITLAB_CLIENT + +- Name: `WOODPECKER_GITLAB_CLIENT` +- Default: none + +Configures the GitLab OAuth client id. This is used to authorize access. + +--- + +### GITLAB_CLIENT_FILE + +- Name: `WOODPECKER_GITLAB_CLIENT_FILE` +- Default: none + +Read the value for `WOODPECKER_GITLAB_CLIENT` from the specified filepath + +--- + +### GITLAB_SECRET + +- Name: `WOODPECKER_GITLAB_SECRET` +- Default: none + +Configures the GitLab OAuth client secret. This is used to authorize access. + +--- + +### GITLAB_SECRET_FILE + +- Name: `WOODPECKER_GITLAB_SECRET_FILE` +- Default: none + +Read the value for `WOODPECKER_GITLAB_SECRET` from the specified filepath + +--- + +### GITLAB_SKIP_VERIFY + +- Name: `WOODPECKER_GITLAB_SKIP_VERIFY` +- Default: `false` + +Configure if SSL verification should be skipped. diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/50-bitbucket.md b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/50-bitbucket.md new file mode 100644 index 000000000..7df547193 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/50-bitbucket.md @@ -0,0 +1,90 @@ +--- +toc_max_heading_level: 2 +--- + +# Bitbucket + +Woodpecker comes with built-in support for Bitbucket Cloud. To enable Bitbucket Cloud you should configure the Woodpecker container using the following environment variables: + +```ini +WOODPECKER_BITBUCKET=true +WOODPECKER_BITBUCKET_CLIENT=... # called "Key" in Bitbucket +WOODPECKER_BITBUCKET_SECRET=... +``` + +## Registration + +You must register an OAuth application at Bitbucket in order to get a key and secret combination for Woodpecker. Navigate to your workspace settings and choose `OAuth consumers` from the menu, and finally click `Add Consumer` (the url should be like: `https://bitbucket.org/[your-project-name]/workspace/settings/api`). + +Please set a name and set the `Callback URL` like this: + +```uri +https:///authorize +``` + +![bitbucket oauth setup](bitbucket_oauth.png) + +Please also be sure to check the following permissions: + +- Account: Email, Read +- Workspace membership: Read +- Projects: Read +- Repositories: Read +- Pull requests: Read +- Webhooks: Read and Write + +![bitbucket permissions](bitbucket_permissions.png) + +## Configuration + +This is a full list of configuration options. Please note that many of these options use default configuration values that should work for the majority of installations. + +--- + +### BITBUCKET + +- Name: `WOODPECKER_BITBUCKET` +- Default: `false` + +Enables the Bitbucket driver. + +--- + +### BITBUCKET_CLIENT + +- Name: `WOODPECKER_BITBUCKET_CLIENT` +- Default: none + +Configures the Bitbucket OAuth client key. This is used to authorize access. + +--- + +### BITBUCKET_CLIENT_FILE + +- Name: `WOODPECKER_BITBUCKET_CLIENT_FILE` +- Default: none + +Read the value for `WOODPECKER_BITBUCKET_CLIENT` from the specified filepath + +--- + +### BITBUCKET_SECRET + +- Name: `WOODPECKER_BITBUCKET_SECRET` +- Default: none + +Configures the Bitbucket OAuth client secret. This is used to authorize access. + +--- + +### BITBUCKET_SECRET_FILE + +- Name: `WOODPECKER_BITBUCKET_SECRET_FILE` +- Default: none + +Read the value for `WOODPECKER_BITBUCKET_SECRET` from the specified filepath + +## Missing Features + +Path filters for pull requests are not supported. We are interested in patches to include this functionality. +If you are interested in contributing to Woodpecker and submitting a patch please **contact us** via [Discord](https://discord.gg/fcMQqSMXJy) or [Matrix](https://matrix.to/#/#WoodpeckerCI-Develop:obermui.de). diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/60-bitbucket_datacenter.md b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/60-bitbucket_datacenter.md new file mode 100644 index 000000000..0b6927a38 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/60-bitbucket_datacenter.md @@ -0,0 +1,126 @@ +--- +toc_max_heading_level: 2 +--- + +# Bitbucket Datacenter / Server + +:::warning +Woodpecker comes with experimental support for Bitbucket Datacenter / Server, formerly known as Atlassian Stash. +::: + +To enable Bitbucket Server you should configure the Woodpecker container using the following environment variables: + +```diff title="docker-compose.yaml" + services: + woodpecker-server: + [...] + environment: + - [...] ++ - WOODPECKER_BITBUCKET_DC=true ++ - WOODPECKER_BITBUCKET_DC_GIT_USERNAME=foo ++ - WOODPECKER_BITBUCKET_DC_GIT_PASSWORD=bar ++ - WOODPECKER_BITBUCKET_DC_CLIENT_ID=xxx ++ - WOODPECKER_BITBUCKET_DC_CLIENT_SECRET=yyy ++ - WOODPECKER_BITBUCKET_DC_URL=http://stash.mycompany.com + + woodpecker-agent: + [...] +``` + +## Service Account + +Woodpecker uses `git+https` to clone repositories, however, Bitbucket Server does not currently support cloning repositories with an OAuth token. To work around this limitation, you must create a service account and provide the username and password to Woodpecker. This service account will be used to authenticate and clone private repositories. + +## Registration + +Woodpecker must be registered with Bitbucket Datacenter / Server. +In the administration section of Bitbucket choose "Application Links" and then "Create link". +Woodpecker should be listed as "External Application" and the direction should be set to "Incoming". +Note the client id and client secret of the registration to be used in the configuration of Woodpecker. + +See also [Configure an incoming link](https://confluence.atlassian.com/bitbucketserver/configure-an-incoming-link-1108483657.html). + +## Configuration + +This is a full list of configuration options. Please note that many of these options use default configuration values that should work for the majority of installations. + +--- + +### BITBUCKET_DC + +- Name: `WOODPECKER_BITBUCKET_DC` +- Default: `false` + +Enables the Bitbucket Server driver. + +--- + +### BITBUCKET_DC_URL + +- Name: `WOODPECKER_BITBUCKET_DC_URL` +- Default: none + +Configures the Bitbucket Server address. + +--- + +### BITBUCKET_DC_CLIENT_ID + +- Name: `WOODPECKER_BITBUCKET_DC_CLIENT_ID` +- Default: none + +Configures your Bitbucket Server OAUth 2.0 client id. + +--- + +### BITBUCKET_DC_CLIENT_SECRET + +- Name: `WOODPECKER_BITBUCKET_DC_CLIENT_SECRET` +- Default: none + +Configures your Bitbucket Server OAUth 2.0 client secret. + +--- + +### BITBUCKET_DC_GIT_USERNAME + +- Name: `WOODPECKER_BITBUCKET_DC_GIT_USERNAME` +- Default: none + +This username is used to authenticate and clone all private repositories. + +--- + +### BITBUCKET_DC_GIT_USERNAME_FILE + +- Name: `WOODPECKER_BITBUCKET_DC_GIT_USERNAME_FILE` +- Default: none + +Read the value for `WOODPECKER_BITBUCKET_DC_GIT_USERNAME` from the specified filepath + +--- + +### BITBUCKET_DC_GIT_PASSWORD + +- Name: `WOODPECKER_BITBUCKET_DC_GIT_PASSWORD` +- Default: none + +The password is used to authenticate and clone all private repositories. + +--- + +### BITBUCKET_DC_GIT_PASSWORD_FILE + +- Name: `WOODPECKER_BITBUCKET_DC_GIT_PASSWORD_FILE` +- Default: none + +Read the value for `WOODPECKER_BITBUCKET_DC_GIT_PASSWORD` from the specified filepath + +--- + +### BITBUCKET_DC_SKIP_VERIFY + +- Name: `WOODPECKER_BITBUCKET_DC_SKIP_VERIFY` +- Default: `false` + +Configure if SSL verification should be skipped. diff --git a/docs/versioned_docs/version-3.0/30-administration/40-advanced/_category_.yaml b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/_category_.yaml similarity index 60% rename from docs/versioned_docs/version-3.0/30-administration/40-advanced/_category_.yaml rename to docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/_category_.yaml index e6c6ba0f7..e240bfc51 100644 --- a/docs/versioned_docs/version-3.0/30-administration/40-advanced/_category_.yaml +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/_category_.yaml @@ -1,6 +1,6 @@ -label: 'Advanced' +label: 'Forges' collapsible: true collapsed: true link: type: 'doc' - id: 'advanced' + id: 'overview' diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/bitbucket_oauth.png b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/bitbucket_oauth.png new file mode 100644 index 000000000..17ecf38ab Binary files /dev/null and b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/bitbucket_oauth.png differ diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/bitbucket_permissions.png b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/bitbucket_permissions.png new file mode 100644 index 000000000..0269f98b0 Binary files /dev/null and b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/bitbucket_permissions.png differ diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/gitea_oauth.gif b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/gitea_oauth.gif new file mode 100644 index 000000000..7478f9385 Binary files /dev/null and b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/gitea_oauth.gif differ diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/github_oauth.png b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/github_oauth.png new file mode 100644 index 000000000..6b0edef0f Binary files /dev/null and b/docs/versioned_docs/version-3.4/30-administration/10-configuration/12-forges/github_oauth.png differ diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/30-agent.md b/docs/versioned_docs/version-3.4/30-administration/10-configuration/30-agent.md new file mode 100644 index 000000000..2b88600e0 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/30-agent.md @@ -0,0 +1,258 @@ +--- +toc_max_heading_level: 3 +--- + +# Agent + +Agents are configured by the command line or environment variables. At the minimum you need the following information: + +```ini +WOODPECKER_SERVER=localhost:9000 +WOODPECKER_AGENT_SECRET="your-shared-secret-goes-here" +``` + +The following are automatically set and can be overridden: + +- `WOODPECKER_HOSTNAME` if not set, becomes the OS' hostname +- `WOODPECKER_MAX_WORKFLOWS` if not set, defaults to 1 + +## Workflows per agent + +By default, the maximum workflows that are executed in parallel on an agent is 1. If required, you can add `WOODPECKER_MAX_WORKFLOWS` to increase your parallel processing for an agent. + +```ini +WOODPECKER_SERVER=localhost:9000 +WOODPECKER_AGENT_SECRET="your-shared-secret-goes-here" +WOODPECKER_MAX_WORKFLOWS=4 +``` + +## Agent registration + +When the agent starts it connects to the server using the token from `WOODPECKER_AGENT_SECRET`. The server identifies the agent and registers the agent in its database if it wasn't connected before. + +There are two types of tokens to connect an agent to the server: + +### Using system token + +A _system token_ is a token that is used system-wide, e.g. when you set the same token in `WOODPECKER_AGENT_SECRET` on both the server and the agents. + +In that case registration process would be as following: + +1. The first time the agent communicates with the server, it is using the system token +1. The server registers the agent in its database if not done before and generates a unique ID which is then sent back to the agent +1. The agent stores the received ID in a file (configured by `WOODPECKER_AGENT_CONFIG_FILE`) +1. At the following startups, the agent uses the system token **and** its received ID to identify itself to the server + +### Using agent token + +An _agent token_ is a token that is used by only one particular agent. This unique token is applied to the agent by `WOODPECKER_AGENT_SECRET`. + +To get an _agent token_ you have to register the agent manually in the server using the UI: + +1. The administrator registers a new agent manually at `Settings -> Agents -> Add agent` + ![Agent creation](./new-agent-registration.png) + ![Agent created](./new-agent-created.png) +1. The generated token from the previous step has to be provided to the agent using `WOODPECKER_AGENT_SECRET` +1. The agent will connect to the server using the provided token and will update its status in the UI: + ![Agent connected](./new-agent-connected.png) + +## Environment variables + +### SERVER + +- Name: `WOODPECKER_SERVER` +- Default: `localhost:9000` + +Configures gRPC address of the server. + +--- + +### USERNAME + +- Name: `WOODPECKER_USERNAME` +- Default: `x-oauth-basic` + +The gRPC username. + +--- + +### AGENT_SECRET + +- Name: `WOODPECKER_AGENT_SECRET` +- Default: none + +A shared secret used by server and agents to authenticate communication. A secret can be generated by `openssl rand -hex 32`. + +--- + +### AGENT_SECRET_FILE + +- Name: `WOODPECKER_AGENT_SECRET_FILE` +- Default: none + +Read the value for `WOODPECKER_AGENT_SECRET` from the specified filepath, e.g. `/etc/woodpecker/agent-secret.conf` + +--- + +### LOG_LEVEL + +- Name: `WOODPECKER_LOG_LEVEL` +- Default: `info` + +Configures the logging level. Possible values are `trace`, `debug`, `info`, `warn`, `error`, `fatal`, `panic`, `disabled` and empty. + +--- + +### DEBUG_PRETTY + +- Name: `WOODPECKER_DEBUG_PRETTY` +- Default: `false` + +Enable pretty-printed debug output. + +--- + +### DEBUG_NOCOLOR + +- Name: `WOODPECKER_DEBUG_NOCOLOR` +- Default: `true` + +Disable colored debug output. + +--- + +### HOSTNAME + +- Name: `WOODPECKER_HOSTNAME` +- Default: none + +Configures the agent hostname. + +--- + +### AGENT_CONFIG_FILE + +- Name: `WOODPECKER_AGENT_CONFIG_FILE` +- Default: `/etc/woodpecker/agent.conf` + +Configures the path of the agent config file. + +--- + +### MAX_WORKFLOWS + +- Name: `WOODPECKER_MAX_WORKFLOWS` +- Default: `1` + +Configures the number of parallel workflows. + +--- + +### AGENT_LABELS + +- Name: `WOODPECKER_AGENT_LABELS` +- Default: none + +Configures custom labels for the agent, to let workflows filter by it. +Use a list of key-value pairs like `key=value,second-key=*`. `*` can be used as a wildcard. +By default, agents provide three additional labels `platform=os/arch`, `hostname=my-agent` and `repo=*` which can be overwritten if needed. +To learn how labels work, check out the [pipeline syntax page](../../20-usage/20-workflow-syntax.md#labels). + +--- + +### HEALTHCHECK + +- Name: `WOODPECKER_HEALTHCHECK` +- Default: `true` + +Enable healthcheck endpoint. + +--- + +### HEALTHCHECK_ADDR + +- Name: `WOODPECKER_HEALTHCHECK_ADDR` +- Default: `:3000` + +Configures healthcheck endpoint address. + +--- + +### KEEPALIVE_TIME + +- Name: `WOODPECKER_KEEPALIVE_TIME` +- Default: none + +After a duration of this time of no activity, the agent pings the server to check if the transport is still alive. + +--- + +### KEEPALIVE_TIMEOUT + +- Name: `WOODPECKER_KEEPALIVE_TIMEOUT` +- Default: `20s` + +After pinging for a keepalive check, the agent waits for a duration of this time before closing the connection if no activity. + +--- + +### GRPC_SECURE + +- Name: `WOODPECKER_GRPC_SECURE` +- Default: `false` + +Configures if the connection to `WOODPECKER_SERVER` should be made using a secure transport. + +--- + +### GRPC_VERIFY + +- Name: `WOODPECKER_GRPC_VERIFY` +- Default: `true` + +Configures if the gRPC server certificate should be verified, only valid when `WOODPECKER_GRPC_SECURE` is `true`. + +--- + +### BACKEND + +- Name: `WOODPECKER_BACKEND` +- Default: `auto-detect` + +Configures the backend engine to run pipelines on. Possible values are `auto-detect`, `docker`, `local` or `kubernetes`. + +### BACKEND_DOCKER\_\* + +See [Docker backend configuration](./11-backends/10-docker.md#environment-variables) + +--- + +### BACKEND_K8S\_\* + +See [Kubernetes backend configuration](./11-backends/20-kubernetes.md#environment-variables) + +--- + +### BACKEND_LOCAL\_\* + +See [Local backend configuration](./11-backends/30-local.md#environment-variables) + +### Advanced Settings + +:::warning +Only change these If you know what you do. +::: + +#### CONNECT_RETRY_COUNT + +- Name: `WOODPECKER_CONNECT_RETRY_COUNT` +- Default: `5` + +Configures number of times agent retries to connect to the server. + +#### CONNECT_RETRY_DELAY + +- Name: `WOODPECKER_CONNECT_RETRY_DELAY` +- Default: `2s` + +Configures delay between agent connection retries to the server. diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/40-autoscaler.md b/docs/versioned_docs/version-3.4/30-administration/10-configuration/40-autoscaler.md new file mode 100644 index 000000000..0ad43a30b --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/40-autoscaler.md @@ -0,0 +1,35 @@ +# Autoscaler + +If your would like dynamically scale your agents with the load, you can use [our autoscaler](https://github.com/woodpecker-ci/autoscaler). + +Please note that the autoscaler is not feature-complete yet. You can follow the progress [here](https://github.com/woodpecker-ci/autoscaler#roadmap). + +## Setup + +### docker compose + +If you are using docker compose you can add the following to your `docker-compose.yaml` file: + +```yaml +services: + woodpecker-server: + image: woodpeckerci/woodpecker-server:next + [...] + + woodpecker-autoscaler: + image: woodpeckerci/autoscaler:next + restart: always + depends_on: + - woodpecker-server + environment: + - WOODPECKER_SERVER=https://your-woodpecker-server.tld # the url of your woodpecker server / could also be a public url + - WOODPECKER_TOKEN=${WOODPECKER_TOKEN} # the api token you can get from the UI https://your-woodpecker-server.tld/user + - WOODPECKER_MIN_AGENTS=0 + - WOODPECKER_MAX_AGENTS=3 + - WOODPECKER_WORKFLOWS_PER_AGENT=2 # the number of workflows each agent can run at the same time + - WOODPECKER_GRPC_ADDR=https://grpc.your-woodpecker-server.tld # the grpc address of your woodpecker server, publicly accessible from the agents + - WOODPECKER_GRPC_SECURE=true + - WOODPECKER_AGENT_ENV= # optional environment variables to pass to the agents + - WOODPECKER_PROVIDER=hetznercloud # set the provider, you can find all the available ones down below + - WOODPECKER_HETZNERCLOUD_API_TOKEN=${WOODPECKER_HETZNERCLOUD_API_TOKEN} # your api token for the Hetzner cloud +``` diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/_category_.yaml b/docs/versioned_docs/version-3.4/30-administration/10-configuration/_category_.yaml new file mode 100644 index 000000000..974350274 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/10-configuration/_category_.yaml @@ -0,0 +1,3 @@ +label: 'Configuration' +collapsible: true +collapsed: true diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/new-agent-connected.png b/docs/versioned_docs/version-3.4/30-administration/10-configuration/new-agent-connected.png new file mode 100644 index 000000000..9d19153d9 Binary files /dev/null and b/docs/versioned_docs/version-3.4/30-administration/10-configuration/new-agent-connected.png differ diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/new-agent-created.png b/docs/versioned_docs/version-3.4/30-administration/10-configuration/new-agent-created.png new file mode 100644 index 000000000..dc561d887 Binary files /dev/null and b/docs/versioned_docs/version-3.4/30-administration/10-configuration/new-agent-created.png differ diff --git a/docs/versioned_docs/version-3.4/30-administration/10-configuration/new-agent-registration.png b/docs/versioned_docs/version-3.4/30-administration/10-configuration/new-agent-registration.png new file mode 100644 index 000000000..71117771d Binary files /dev/null and b/docs/versioned_docs/version-3.4/30-administration/10-configuration/new-agent-registration.png differ diff --git a/docs/versioned_docs/version-3.4/30-administration/_category_.yaml b/docs/versioned_docs/version-3.4/30-administration/_category_.yaml new file mode 100644 index 000000000..4f3138359 --- /dev/null +++ b/docs/versioned_docs/version-3.4/30-administration/_category_.yaml @@ -0,0 +1,4 @@ +label: 'Administration' +# position: 3 +collapsible: true +collapsed: true diff --git a/docs/versioned_docs/version-3.4/40-cli.md b/docs/versioned_docs/version-3.4/40-cli.md new file mode 100644 index 000000000..1a6fb2d96 --- /dev/null +++ b/docs/versioned_docs/version-3.4/40-cli.md @@ -0,0 +1,990 @@ +# CLI + +# NAME + +woodpecker-cli - command line utility + +# SYNOPSIS + +woodpecker-cli + +``` +[--config|-c]=[value] +[--disable-update-check] +[--log-file]=[value] +[--log-level]=[value] +[--nocolor] +[--pretty] +[--server|-s]=[value] +[--skip-verify] +[--socks-proxy-off] +[--socks-proxy]=[value] +[--token|-t]=[value] +``` + +# DESCRIPTION + +Woodpecker command line utility + +**Usage**: + +``` +woodpecker-cli [GLOBAL OPTIONS] [command [COMMAND OPTIONS]] [ARGUMENTS...] +``` + +# GLOBAL OPTIONS + +**--config, -c**="": path to config file + +**--disable-update-check**: disable update check + +**--log-file**="": Output destination for logs. 'stdout' and 'stderr' can be used as special keywords. (default: stderr) + +**--log-level**="": set logging level (default: info) + +**--nocolor**: disable colored debug output, only has effect if pretty output is set too + +**--pretty**: enable pretty-printed debug output + +**--server, -s**="": server address + +**--skip-verify**: skip ssl verification + +**--socks-proxy**="": socks proxy address + +**--socks-proxy-off**: socks proxy ignored + +**--token, -t**="": server auth token + + +# COMMANDS + +## admin + +manage server settings + +### log-level + +retrieve log level from server, or set it with [level] + +### registry + +manage global registries + +#### add + +add a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--password**="": registry password + +**--username**="": registry username + +#### rm + +remove a registry + +**--hostname**="": registry hostname (default: docker.io) + +#### ls + +list registries + +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + +#### show + +show registry information + +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + +**--hostname**="": registry hostname (default: docker.io) + +#### update + +update a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +**--password**="": registry password + +**--username**="": registry username + +### secret + +manage global secrets + +#### add + +add a secret + +**--event**="": secret limited to these events (default: []) + +**--image**="": secret limited to these images (default: []) + +**--value**="": secret value + +#### rm + +remove a secret + +**--name**="": secret name + +#### ls + +list secrets + +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + +#### show + +show secret information + +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + +**--name**="": secret name + +#### update + +update a secret + +**--event**="": secret limited to these events (default: []) + +**--image**="": secret limited to these images (default: []) + +**--name**="": secret name + +**--value**="": secret value + +### user + +manage users + +#### add + +add a user + +#### ls + +list all users + +**--format**="": format output (default: {{ .Login }}) + +#### rm + +remove a user + +#### show + +show user information + +**--format**="": format output (default: User: {{ .Login }} +Email: {{ .Email }}) + +## exec + +execute a local pipeline + +**--backend-docker-api-version**="": the version of the API to reach, leave empty for latest. + +**--backend-docker-cert**="": path to load the TLS certificates for connecting to docker server + +**--backend-docker-host**="": path to docker socket or url to the docker server + +**--backend-docker-ipv6**: backend docker enable IPV6 + +**--backend-docker-limit-cpu-quota**="": impose a cpu quota (default: 0) + +**--backend-docker-limit-cpu-set**="": set the cpus allowed to execute containers + +**--backend-docker-limit-cpu-shares**="": change the cpu shares (default: 0) + +**--backend-docker-limit-mem**="": maximum memory allowed in bytes (default: 0) + +**--backend-docker-limit-mem-swap**="": maximum memory used for swap in bytes (default: 0) + +**--backend-docker-limit-shm-size**="": docker /dev/shm allowed in bytes (default: 0) + +**--backend-docker-network**="": backend docker network + +**--backend-docker-tls-verify**: enable or disable TLS verification for connecting to docker server + +**--backend-docker-volumes**="": backend docker volumes (comma separated) + +**--backend-engine**="": backend engine to run pipelines on (default: auto-detect) + +**--backend-http-proxy**="": if set, pass the environment variable down as "HTTP_PROXY" to steps + +**--backend-https-proxy**="": if set, pass the environment variable down as "HTTPS_PROXY" to steps + +**--backend-k8s-allow-native-secrets**: whether to allow existing Kubernetes secrets to be referenced from steps + +**--backend-k8s-namespace**="": backend k8s namespace (default: woodpecker) + +**--backend-k8s-pod-annotations**="": backend k8s additional Agent-wide worker pod annotations + +**--backend-k8s-pod-annotations-allow-from-step**: whether to allow using annotations from step's backend options + +**--backend-k8s-pod-image-pull-secret-names**="": backend k8s pull secret names for private registries (default: []) + +**--backend-k8s-pod-labels**="": backend k8s additional Agent-wide worker pod labels + +**--backend-k8s-pod-labels-allow-from-step**: whether to allow using labels from step's backend options + +**--backend-k8s-pod-node-selector**="": backend k8s Agent-wide worker pod node selector + +**--backend-k8s-secctx-nonroot**: `run as non root` Kubernetes security context option + +**--backend-k8s-storage-class**="": backend k8s storage class + +**--backend-k8s-storage-rwx**: backend k8s storage access mode, should ReadWriteMany (RWX) instead of ReadWriteOnce (RWO) be used? (default: true) + +**--backend-k8s-volume-size**="": backend k8s volume size (default 10G) (default: 10G) + +**--backend-local-temp-dir**="": set a different temp dir to clone workflows into (default: /tmp) + +**--backend-no-proxy**="": if set, pass the environment variable down as "NO_PROXY" to steps + +**--commit-author-avatar**="": Set the metadata environment variable "CI_COMMIT_AUTHOR_AVATAR". + +**--commit-author-email**="": Set the metadata environment variable "CI_COMMIT_AUTHOR_EMAIL". + +**--commit-author-name**="": Set the metadata environment variable "CI_COMMIT_AUTHOR". + +**--commit-branch**="": Set the metadata environment variable "CI_COMMIT_BRANCH". (default: main) + +**--commit-message**="": Set the metadata environment variable "CI_COMMIT_MESSAGE". + +**--commit-pull-labels**="": Set the metadata environment variable "CI_COMMIT_PULL_REQUEST_LABELS". (default: []) + +**--commit-ref**="": Set the metadata environment variable "CI_COMMIT_REF". + +**--commit-refspec**="": Set the metadata environment variable "CI_COMMIT_REFSPEC". + +**--commit-release-is-pre**: Set the metadata environment variable "CI_COMMIT_PRERELEASE". + +**--commit-sha**="": Set the metadata environment variable "CI_COMMIT_SHA". + +**--env**="": Set the metadata environment variable "CI_ENV". (default: []) + +**--forge-type**="": Set the metadata environment variable "CI_FORGE_TYPE". + +**--forge-url**="": Set the metadata environment variable "CI_FORGE_URL". + +**--local**: run from local directory + +**--metadata-file**="": path to pipeline metadata file (normally downloaded from UI). Parameters can be adjusted by applying additional cli flags + +**--netrc-machine**="": + +**--netrc-password**="": + +**--netrc-username**="": + +**--network**="": external networks (default: []) + +**--pipeline-changed-files**="": Set the metadata environment variable "CI_PIPELINE_FILES", either json formatted list of strings, or comma separated string list. + +**--pipeline-created**="": Set the metadata environment variable "CI_PIPELINE_CREATED". (default: 0) + +**--pipeline-deploy-task**="": Set the metadata environment variable "CI_PIPELINE_DEPLOY_TASK". + +**--pipeline-deploy-to**="": Set the metadata environment variable "CI_PIPELINE_DEPLOY_TARGET". + +**--pipeline-event**="": Set the metadata environment variable "CI_PIPELINE_EVENT". (default: manual) + +**--pipeline-number**="": Set the metadata environment variable "CI_PIPELINE_NUMBER". (default: 0) + +**--pipeline-parent**="": Set the metadata environment variable "CI_PIPELINE_PARENT". (default: 0) + +**--pipeline-started**="": Set the metadata environment variable "CI_PIPELINE_STARTED". (default: 0) + +**--pipeline-url**="": Set the metadata environment variable "CI_PIPELINE_FORGE_URL". + +**--plugins-privileged**="": Allow plugins to run in privileged mode, if environment variable is defined but empty there will be none (default: []) + +**--prev-commit-author-avatar**="": Set the metadata environment variable "CI_PREV_COMMIT_AUTHOR_AVATAR". + +**--prev-commit-author-email**="": Set the metadata environment variable "CI_PREV_COMMIT_AUTHOR_EMAIL". + +**--prev-commit-author-name**="": Set the metadata environment variable "CI_PREV_COMMIT_AUTHOR". + +**--prev-commit-branch**="": Set the metadata environment variable "CI_PREV_COMMIT_BRANCH". + +**--prev-commit-message**="": Set the metadata environment variable "CI_PREV_COMMIT_MESSAGE". + +**--prev-commit-ref**="": Set the metadata environment variable "CI_PREV_COMMIT_REF". + +**--prev-commit-refspec**="": Set the metadata environment variable "CI_PREV_COMMIT_REFSPEC". + +**--prev-commit-sha**="": Set the metadata environment variable "CI_PREV_COMMIT_SHA". + +**--prev-pipeline-created**="": Set the metadata environment variable "CI_PREV_PIPELINE_CREATED". (default: 0) + +**--prev-pipeline-deploy-task**="": Set the metadata environment variable "CI_PREV_PIPELINE_DEPLOY_TASK". + +**--prev-pipeline-deploy-to**="": Set the metadata environment variable "CI_PREV_PIPELINE_DEPLOY_TARGET". + +**--prev-pipeline-event**="": Set the metadata environment variable "CI_PREV_PIPELINE_EVENT". + +**--prev-pipeline-finished**="": Set the metadata environment variable "CI_PREV_PIPELINE_FINISHED". (default: 0) + +**--prev-pipeline-number**="": Set the metadata environment variable "CI_PREV_PIPELINE_NUMBER". (default: 0) + +**--prev-pipeline-started**="": Set the metadata environment variable "CI_PREV_PIPELINE_STARTED". (default: 0) + +**--prev-pipeline-status**="": Set the metadata environment variable "CI_PREV_PIPELINE_STATUS". + +**--prev-pipeline-url**="": Set the metadata environment variable "CI_PREV_PIPELINE_FORGE_URL". + +**--repo**="": Set the full name to derive metadata environment variables "CI_REPO", "CI_REPO_NAME" and "CI_REPO_OWNER". + +**--repo-clone-ssh-url**="": Set the metadata environment variable "CI_REPO_CLONE_SSH_URL". + +**--repo-clone-url**="": Set the metadata environment variable "CI_REPO_CLONE_URL". + +**--repo-default-branch**="": Set the metadata environment variable "CI_REPO_DEFAULT_BRANCH". (default: main) + +**--repo-path**="": path to local repository + +**--repo-private**="": Set the metadata environment variable "CI_REPO_PRIVATE". + +**--repo-remote-id**="": Set the metadata environment variable "CI_REPO_REMOTE_ID". + +**--repo-trusted-network**: Set the metadata environment variable "CI_REPO_TRUSTED_NETWORK". + +**--repo-trusted-security**: Set the metadata environment variable "CI_REPO_TRUSTED_SECURITY". + +**--repo-trusted-volumes**: Set the metadata environment variable "CI_REPO_TRUSTED_VOLUMES". + +**--repo-url**="": Set the metadata environment variable "CI_REPO_URL". + +**--system-host**="": Set the metadata environment variable "CI_SYSTEM_HOST". + +**--system-name**="": Set the metadata environment variable "CI_SYSTEM_NAME". (default: woodpecker) + +**--system-platform**="": Set the metadata environment variable "CI_SYSTEM_PLATFORM". + +**--system-url**="": Set the metadata environment variable "CI_SYSTEM_URL". (default: https://github.com/woodpecker-ci/woodpecker) + +**--timeout**="": pipeline timeout (default: 1h0m0s) + +**--volumes**="": pipeline volumes (default: []) + +**--workflow-name**="": Set the metadata environment variable "CI_WORKFLOW_NAME". + +**--workflow-number**="": Set the metadata environment variable "CI_WORKFLOW_NUMBER". (default: 0) + +**--workspace-base**="": (default: /woodpecker) + +**--workspace-path**="": (default: src) + +## info + +show information about the current user + +**--format**="": format output (deprecated) (default: User: {{ .Login }} +Email: {{ .Email }}) + +## lint + +lint a pipeline configuration file + +**--plugins-privileged**="": allow plugins to run in privileged mode, if set empty, there is no (default: []) + +**--plugins-trusted-clone**="": plugins that are trusted to handle Git credentials in cloning steps (default: [docker.io/woodpeckerci/plugin-git:2.6.2 docker.io/woodpeckerci/plugin-git quay.io/woodpeckerci/plugin-git]) + +**--strict**: treat warnings as errors + +## org + +manage organizations + +### registry + +manage organization registries + +#### add + +add a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +**--password**="": registry password + +**--username**="": registry username + +#### rm + +remove a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +#### ls + +list registries + +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +#### show + +show registry information + +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + +**--hostname**="": registry hostname (default: docker.io) + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +#### update + +update a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +**--password**="": registry password + +**--username**="": registry username + +### secret + +manage secrets + +#### add + +add a secret + +**--event**="": secret limited to these events (default: []) + +**--image**="": secret limited to these images (default: []) + +**--name**="": secret name + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +**--value**="": secret value + +#### rm + +remove a secret + +**--name**="": secret name + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +#### ls + +list secrets + +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +#### show + +show secret information + +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + +**--name**="": secret name + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +#### update + +update a secret + +**--event**="": limit secret to these event (default: []) + +**--image**="": limit secret to these image (default: []) + +**--name**="": secret name + +**--organization, --org**="": organization id or full name (e.g. 123 or octocat) + +**--value**="": secret value + +## pipeline + +manage pipelines + +### approve + +approve a pipeline + +### create + +create new pipeline + +**--branch**="": branch to create pipeline from + +**--output**="": output format (default: table) + +**--output-no-headers**: don't print headers + +**--var**="": key=value (default: []) + +### decline + +decline a pipeline + +### deploy + +trigger a pipeline with the 'deployment' event + +**--branch**="": branch filter + +**--event**="": event filter (default: push) + +**--format**="": format output (default: Number: {{ .Number }} +Status: {{ .Status }} +Commit: {{ .Commit }} +Branch: {{ .Branch }} +Ref: {{ .Ref }} +Message: {{ .Message }} +Author: {{ .Author }} +Target: {{ .Deploy }} +) + +**--param, -p**="": custom parameters to inject into the step environment. Format: KEY=value (default: []) + +**--status**="": status filter (default: success) + +### last + +show latest pipeline information + +**--branch**="": branch name (default: main) + +**--output**="": output format (default: table) + +**--output-no-headers**: don't print headers + +### ls + +show pipeline history + +**--after**="": only return pipelines after this date (RFC3339) (default: 0001-01-01 00:00:00 +0000 UTC) + +**--before**="": only return pipelines before this date (RFC3339) (default: 0001-01-01 00:00:00 +0000 UTC) + +**--branch**="": branch filter + +**--event**="": event filter + +**--limit**="": limit the list size (default: 25) + +**--output**="": output format (default: table) + +**--output-no-headers**: don't print headers + +**--status**="": status filter + +### log + +manage logs + +#### purge + +purge a log + +#### show + +show pipeline logs + +### ps + +show pipeline steps + +**--format**="": format output (default: {{ .workflow.Name }} > {{ .step.Name }} (#{{ .step.PID }}): +Step: {{ .step.Name }} +Started: {{ .step.Started }} +Stopped: {{ .step.Stopped }} +Type: {{ .step.Type }} +State: {{ .step.State }} +) + +### purge + +purge pipelines + +**--dry-run**: disable non-read api calls + +**--keep-min**="": minimum number of pipelines to keep (default: 10) + +**--older-than**="": remove pipelines older than the specified time limit + +### queue + +show pipeline queue + +**--format**="": format output (default: {{ .FullName }} #{{ .Number }}  +Status: {{ .Status }} +Event: {{ .Event }} +Commit: {{ .Commit }} +Branch: {{ .Branch }} +Ref: {{ .Ref }} +Author: {{ .Author }} {{ if .Email }}<{{.Email}}>{{ end }} +Message: {{ .Message }} +) + +### show + +show pipeline information + +**--output**="": output format (default: table) + +**--output-no-headers**: don't print headers + +### start + +start a pipeline + +**--param, -p**="": custom parameters to inject into the step environment. Format: KEY=value (default: []) + +### stop + +stop a pipeline + +## repo + +manage repositories + +### add + +add a repository + +### chown + +assume ownership of a repository + +### cron + +manage cron jobs + +#### add + +add a cron job + +**--branch**="": cron branch + +**--format**="": format output (deprecated) (default: {{ .Name }}  +ID: {{ .ID }} +Branch: {{ .Branch }} +Schedule: {{ .Schedule }} +NextExec: {{ .NextExec }} +) + +**--name**="": cron name + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +**--schedule**="": cron schedule + +#### rm + +remove a cron job + +**--id**="": cron id + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### ls + +list cron jobs + +**--format**="": format output (deprecated) (default: {{ .Name }}  +ID: {{ .ID }} +Branch: {{ .Branch }} +Schedule: {{ .Schedule }} +NextExec: {{ .NextExec }} +) + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### show + +show cron job information + +**--format**="": format output (deprecated) (default: {{ .Name }}  +ID: {{ .ID }} +Branch: {{ .Branch }} +Schedule: {{ .Schedule }} +NextExec: {{ .NextExec }} +) + +**--id**="": cron id + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### update + +update a cron job + +**--branch**="": cron branch + +**--format**="": format output (deprecated) (default: {{ .Name }}  +ID: {{ .ID }} +Branch: {{ .Branch }} +Schedule: {{ .Schedule }} +NextExec: {{ .NextExec }} +) + +**--id**="": cron id + +**--name**="": cron name + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +**--schedule**="": cron schedule + +### ls + +list all repos + +**--all**: query all repos, including inactive ones + +**--format**="": format output (deprecated) + +**--org**="": filter by organization + +**--output**="": output format (default: table) + +**--output-no-headers**: don't print headers + +### registry + +manage registries + +#### add + +add a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--password**="": registry password + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +**--username**="": registry username + +#### rm + +remove a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### ls + +list registries + +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### show + +show registry information + +**--format**="": format output (deprecated) (default: {{ .Address }}  +Username: {{ .Username }} +Email: {{ .Email }} +) + +**--hostname**="": registry hostname (default: docker.io) + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### update + +update a registry + +**--hostname**="": registry hostname (default: docker.io) + +**--password**="": registry password + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +**--username**="": registry username + +### rm + +remove a repository + +### repair + +repair repository webhooks + +### secret + +manage secrets + +#### add + +add a secret + +**--event**="": limit secret to these events (default: []) + +**--image**="": limit secret to these images (default: []) + +**--name**="": secret name + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +**--value**="": secret value + +#### rm + +remove a secret + +**--name**="": secret name + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### ls + +list secrets + +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### show + +show secret information + +**--format**="": format output (deprecated) (default: {{ .Name }}  +Events: {{ list .Events }} +{{- if .Images }} +Images: {{ list .Images }} +{{- else }} +Images: +{{- end }} +) + +**--name**="": secret name + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +#### update + +update a secret + +**--event**="": limit secret to these events (default: []) + +**--image**="": limit secret to these images (default: []) + +**--name**="": secret name + +**--repository, --repo**="": repository id or full name (e.g. 134 or octocat/hello-world) + +**--value**="": secret value + +### show + +show repository information + +**--output**="": output format (default: table) + +**--output-no-headers**: don't print headers + +### sync + +synchronize the repository list + +**--format**="": format output (default: {{ .FullName }} (id: {{ .ID }}, forgeRemoteID: {{ .ForgeRemoteID }}, isActive: {{ .IsActive }})) + +### update + +update a repository + +**--config**="": repository configuration path. Example: .woodpecker.yml + +**--pipeline-counter**="": repository starting pipeline number (default: 0) + +**--require-approval**="": repository requires approval for + +**--timeout**="": repository timeout (default: 0s) + +**--trusted**: repository is trusted + +**--unsafe**: allow unsafe operations + +**--visibility**="": repository visibility + +## setup + +setup the woodpecker-cli for the first time + +**--server**="": URL of the woodpecker server + +**--token**="": token to authenticate with the woodpecker server + +## update + +update the woodpecker-cli to the latest version + +**--force**: force update even if the latest version is already installed diff --git a/docs/versioned_docs/version-3.4/92-development/01-getting-started.md b/docs/versioned_docs/version-3.4/92-development/01-getting-started.md new file mode 100644 index 000000000..89e5d960c --- /dev/null +++ b/docs/versioned_docs/version-3.4/92-development/01-getting-started.md @@ -0,0 +1,152 @@ +# Getting started + +You can develop on your local computer by following the [steps below](#preparation-for-local-development) or you can start with a fully prepared online setup using [Gitpod](https://github.com/gitpod-io/gitpod) and [Gitea](https://github.com/go-gitea/gitea). + +## Gitpod + +If you want to start development or updating docs as easy as possible, you can use our pre-configured setup for Woodpecker using [Gitpod](https://github.com/gitpod-io/gitpod). Gitpod starts a complete development setup in the cloud containing: + +- An IDE in the browser or bridged to your local VS-Code or Jetbrains +- A pre-configured [Gitea](https://github.com/go-gitea/gitea) instance as forge +- A pre-configured Woodpecker server +- A single pre-configured Woodpecker agent node +- Our docs preview server + +Start Woodpecker in Gitpod by clicking on the following badge. You can log in with `woodpecker` and `password`. + +[![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/woodpecker-ci/woodpecker) + +## Preparation for local development + +### Install Go + +Install Golang (>=1.20) as described by [this guide](https://go.dev/doc/install). + +### Install make + +> GNU Make is a tool which controls the generation of executables and other non-source files of a program from the program's source files (). + +Install make on: + +- Ubuntu: `apt install make` - [Docs](https://wiki.ubuntuusers.de/Makefile/) +- [Windows](https://stackoverflow.com/a/32127632/8461267) +- Mac OS: `brew install make` + +### Install Node.js & `pnpm` + +Install [Node.js (>=20)](https://nodejs.org/en/download/package-manager) if you want to build Woodpecker's UI or documentation. + +For dependency installation (`node_modules`) of UI and documentation of Woodpecker the package manager pnpm is used. +[This guide](https://pnpm.io/installation) describes the installation of `pnpm`. + +### Install `pre-commit` (optional) + +Woodpecker uses [`pre-commit`](https://pre-commit.com/) to allow you to easily autofix your code. +To apply it during local development, take a look at [`pre-commit`s documentation](https://pre-commit.com/#usage). + +### Create a `.env` file with your development configuration + +Similar to the environment variables you can set for your production setup of Woodpecker, you can create a `.env` file in the root of the Woodpecker project and add any needed config to it. + +A common config for debugging would look like this: + +```ini +WOODPECKER_OPEN=true +WOODPECKER_ADMIN=your-username + +WOODPECKER_HOST=http://localhost:8000 + +# github (sample for a forge config - see /docs/administration/forge/overview for other forges) +WOODPECKER_GITHUB=true +WOODPECKER_GITHUB_CLIENT= +WOODPECKER_GITHUB_SECRET= + +# agent +WOODPECKER_SERVER=localhost:9000 +WOODPECKER_AGENT_SECRET=a-long-and-secure-password-used-for-the-local-development-system +WOODPECKER_MAX_WORKFLOWS=1 + +# enable if you want to develop the UI +# WOODPECKER_DEV_WWW_PROXY=http://localhost:8010 + +# if you want to test webhooks with an online forge like GitHub this address needs to be set and accessible from public server +WOODPECKER_EXPERT_WEBHOOK_HOST=http://your-address.com + +# disable health-checks while debugging (normally not needed while developing) +WOODPECKER_HEALTHCHECK=false + +# WOODPECKER_LOG_LEVEL=debug +# WOODPECKER_LOG_LEVEL=trace +``` + +### Setup OAuth + +Create an OAuth app for your forge as described in the [forges documentation](../30-administration/10-configuration/12-forges/11-overview.md). + +## Developing with VS Code + +You can use different methods for debugging the Woodpecker applications. One of the currently recommended ways to debug and test the Woodpecker application is using [VS-Code](https://code.visualstudio.com/) or [VS-Codium](https://vscodium.com/) (Open-Source binaries of VS-Code) as most maintainers are using it and Woodpecker already includes the needed debug configurations for it. + +To launch all needed services for local development, you can use "Woodpecker CI" debugging configuration that will launch UI, server and agent in debugging mode. Then open `http://localhost:8000` to access it. + +As a starting guide for programming Go with VS Code, you can use this video guide: +[![Getting started with Go in VS Code](https://img.youtube.com/vi/1MXIGYrMk80/0.jpg)](https://www.youtube.com/watch?v=1MXIGYrMk80) + +### Debugging Woodpecker + +The Woodpecker source code already includes launch configurations for the Woodpecker server and agent. To start debugging you can click on the debug icon in the navigation bar of VS-Code (ctrl-shift-d). On that page you will see the existing launch jobs at the top. Simply select the agent or server and click on the play button. You can set breakpoints in the source files to stop at specific points. + +![Woodpecker debugging with VS Code](./vscode-debug.png) + +## Testing & linting code + +To test or lint parts of Woodpecker, you can run one of the following commands: + +```bash +# test server code +make test-server + +# test agent code +make test-agent + +# test cli code +make test-cli + +# test datastore / database related code like migrations of the server +make test-server-datastore + +# lint go code +make lint + +# lint UI code +make lint-frontend + +# test UI code +make test-frontend +``` + +If you want to test a specific Go file, you can also use: + +```bash +go test -race -timeout 30s go.woodpecker-ci.org/woodpecker/v3/ +``` + +Or you can open the test-file inside [VS-Code](#developing-with-vs-code) and run or debug the test by clicking on the inline commands: + +![Run test via VS-Code](./vscode-run-test.png) + +## Run applications from terminal + +If you want to run a Woodpecker applications from your terminal, you can use one of the following commands from the base of the Woodpecker project. They will execute Woodpecker in a similar way as described in [debugging Woodpecker](#debugging-woodpecker) without the ability to really debug it in your editor. + +```bash title="start server" +go run ./cmd/server +``` + +```bash title="start agent" +go run ./cmd/agent +``` + +```bash title="execute cli command" +go run ./cmd/cli [command] +``` diff --git a/docs/versioned_docs/version-3.4/92-development/02-core-ideas.md b/docs/versioned_docs/version-3.4/92-development/02-core-ideas.md new file mode 100644 index 000000000..fce17ab24 --- /dev/null +++ b/docs/versioned_docs/version-3.4/92-development/02-core-ideas.md @@ -0,0 +1,26 @@ +# Core ideas + +- A configuration (e.g. of a pipeline) should never be [turing complete](https://en.wikipedia.org/wiki/Turing_completeness) (We have agents to exec things 🙂). +- If possible, follow the [KISS principle](https://en.wikipedia.org/wiki/KISS_principle). +- What is used most often should be default. +- Keep different topics separated, so you can write plugins, port new ideas ... more easily, see [Architecture](./05-architecture.md). + +## Addons and extensions + +If you are wondering whether your contribution will be accepted to be merged in the Woodpecker core, or whether it's better to write an +[addon forge](../30-administration/10-configuration/12-forges/100-addon.md), [extension](../30-administration/10-configuration/10-server.md#external-configuration-api) or an +[external custom backend](../30-administration/10-configuration/11-backends/50-custom.md), please check these points: + +- Is your change very specific to your setup and unlikely to be used by anyone else? +- Does your change violate the [guidelines](#guidelines)? + +Both should be false when you open a pull request to get your change into the core repository. + +### Guidelines + +#### Forges + +A new forge must support these features: + +- OAuth2 +- Webhooks diff --git a/docs/versioned_docs/version-3.4/92-development/03-ui.md b/docs/versioned_docs/version-3.4/92-development/03-ui.md new file mode 100644 index 000000000..1931ba99a --- /dev/null +++ b/docs/versioned_docs/version-3.4/92-development/03-ui.md @@ -0,0 +1,40 @@ +# UI Development + +To develop the UI you need to install [Node.js and pnpm](./01-getting-started.md#install-nodejs--pnpm). In addition it is recommended to use VS-Code with the recommended plugin selection to get features like auto-formatting, linting and typechecking. The UI is written with [Vue 3](https://v3.vuejs.org/) as Single-Page-Application accessing the Woodpecker REST api. + +## Setup + +The UI code is placed in `web/`. Change to that folder in your terminal with `cd web/` and install all dependencies by running `pnpm install`. For production builds the generated UI code is integrated into the Woodpecker server by using [go-embed](https://pkg.go.dev/embed). + +Testing UI changes would require us to rebuild the UI after each adjustment to the code by running `pnpm build` and restarting the Woodpecker server. To avoid this you can make use of the dev-proxy integrated into the Woodpecker server. This integrated dev-proxy will forward all none api request to a separate http-server which will only serve the UI files. + +![UI Proxy architecture](./ui-proxy.svg) + +Start the UI server locally with [hot-reloading](https://stackoverflow.com/a/41429055/8461267) by running: `pnpm start`. To enable the forwarding of requests to the UI server you have to enable the dev-proxy inside the Woodpecker server by adding `WOODPECKER_DEV_WWW_PROXY=http://localhost:8010` to your `.env` file. +After starting the Woodpecker server as explained in the [debugging](./01-getting-started.md#debugging-woodpecker) section, you should now be able to access the UI under [http://localhost:8000](http://localhost:8000). + +## Tools and frameworks + +The following list contains some tools and frameworks used by the Woodpecker UI. For some points we added some guidelines / hints to help you developing. + +- [Vue 3](https://v3.vuejs.org/) + - use `setup` and composition api + - place (re-usable) components in `web/src/components/` + - views should have a route in `web/src/router.ts` and are located in `web/src/views/` +- [Tailwind CSS](https://tailwindcss.com/) + - use Tailwind classes where possible + - if needed extend the Tailwind config to use new classes + - classes are sorted following the [prettier tailwind sort plugin](https://tailwindcss.com/blog/automatic-class-sorting-with-prettier) +- [Vite](https://vitejs.dev/) (similar to Webpack) +- [Typescript](https://www.typescriptlang.org/) + - avoid using `any` and `unknown` (the linter will prevent you from doing so anyways :wink:) +- [eslint](https://eslint.org/) +- [Volar & vue-tsc](https://github.com/johnsoncodehk/volar/) for type-checking in .vue file + - use the take-over mode of Volar as described by [this guide](https://github.com/johnsoncodehk/volar/discussions/471) + +## Messages and Translations + +Woodpecker uses [Vue I18n](https://vue-i18n.intlify.dev/) as translation library. New translations have to be added to `web/src/assets/locales/en.json`. The English source file will be automatically imported into [Weblate](https://translate.woodpecker-ci.org/) (the translation system used by Woodpecker) where all other languages will be translated by the community based on the English source. +You must not provide translations except English in PRs, otherwise weblate could put git into conflicts (when someone has translated in that language file and changes are not into main branch yet) + +For more information about translations see [Translations](./08-translations.md). diff --git a/docs/versioned_docs/version-3.4/92-development/04-docs.md b/docs/versioned_docs/version-3.4/92-development/04-docs.md new file mode 100644 index 000000000..55ccb5b7d --- /dev/null +++ b/docs/versioned_docs/version-3.4/92-development/04-docs.md @@ -0,0 +1,20 @@ +# Documentation + +The documentation is using docusaurus as framework. You can learn more about it from its [official documentation](https://docusaurus.io/docs/). + +If you only want to change some text it probably is enough if you just search for the corresponding [Markdown](https://www.markdownguide.org/basic-syntax/) file inside the `docs/docs/` folder and adjust it. If you want to change larger parts and test the rendered documentation you can run docusaurus locally. Similarly to the UI you need to install [Node.js and pnpm](./01-getting-started.md#install-nodejs--pnpm). After that you can run and build docusaurus locally by using the following commands: + +```bash +cd docs/ + +pnpm install + +# build plugins used by the docs +pnpm build:woodpecker-plugins + +# start docs with hot-reloading, so you can change the docs and directly see the changes in the browser without reloading it manually +pnpm start + +# or build the docs to deploy it to some static page hosting +pnpm build +``` diff --git a/docs/versioned_docs/version-3.4/92-development/05-architecture.md b/docs/versioned_docs/version-3.4/92-development/05-architecture.md new file mode 100644 index 000000000..535ec6a80 --- /dev/null +++ b/docs/versioned_docs/version-3.4/92-development/05-architecture.md @@ -0,0 +1,48 @@ +# Architecture + +## Package architecture + +![Woodpecker architecture](./woodpecker-architecture.png) + +## System architecture + +### main package hierarchy + +| package | meaning | imports | +| ------------------ | -------------------------------------------------------------- | ------------------------------------- | +| `cmd/**` | parse command-line args & environment to stat server/cli/agent | all other | +| `agent/**` | code only agent (remote worker) will need | `pipeline`, `shared` | +| `cli/**` | code only cli tool does need | `pipeline`, `shared`, `woodpecker-go` | +| `server/**` | code only server will need | `pipeline`, `shared` | +| `shared/**` | code shared for all three main tools (go help utils) | only std and external libs | +| `woodpecker-go/**` | go client for server rest api | std | + +### Server + +| package | meaning | imports | +| -------------------- | ----------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `server/api/**` | handle web requests from `server/router` | `pipeline`, `../badges`, `../ccmenu`, `../logging`, `../model`, `../pubsub`, `../queue`, `../forge`, `../shared`, `../store`, `shared`, (TODO: mv `server/router/middleware/session`) | +| `server/badges/**` | generate svg badges for pipelines | `../model` | +| `server/ccmenu/**` | generate xml ccmenu for pipelines | `../model` | +| `server/grpc/**` | gRPC server agents can connect to | `pipeline/rpc/**`, `../logging`, `../model`, `../pubsub`, `../queue`, `../forge`, `../pipeline`, `../store` | +| `server/logging/**` | logging lib for gPRC server to stream logs while running | std | +| `server/model/**` | structs for store (db) and api (json) | std | +| `server/plugins/**` | plugins for server | `../model`, `../forge` | +| `server/pipeline/**` | orchestrate pipelines | `pipeline`, `../model`, `../pubsub`, `../queue`, `../forge`, `../store`, `../plugins` | +| `server/pubsub/**` | pubsub lib for server to push changes to the WebUI | std | +| `server/queue/**` | queue lib for server where agents pull new pipelines from via gRPC | `server/model` | +| `server/forge/**` | forge lib for server to connect and handle forge specific stuff | `shared`, `server/model` | +| `server/router/**` | handle requests to REST API (and all middleware) and serve UI and WebUI config | `shared`, `../api`, `../model`, `../forge`, `../store`, `../web` | +| `server/store/**` | handle database | `server/model` | +| `server/shared/**` | TODO: move and split [#974](https://github.com/woodpecker-ci/woodpecker/issues/974) | | +| `server/web/**` | server SPA | | + +- `../` = `server/` + +### Agent + +TODO + +### CLI + +TODO diff --git a/docs/versioned_docs/version-3.4/92-development/06-conventions.md b/docs/versioned_docs/version-3.4/92-development/06-conventions.md new file mode 100644 index 000000000..e94a90c43 --- /dev/null +++ b/docs/versioned_docs/version-3.4/92-development/06-conventions.md @@ -0,0 +1,7 @@ +# Conventions + +## Database naming + +Database tables are named plural, columns don't have any prefix. + +Example: Table name `agent`, columns `id`, `name`. diff --git a/docs/versioned_docs/version-3.4/92-development/07-guides.md b/docs/versioned_docs/version-3.4/92-development/07-guides.md new file mode 100644 index 000000000..c8612f576 --- /dev/null +++ b/docs/versioned_docs/version-3.4/92-development/07-guides.md @@ -0,0 +1,69 @@ +# Guides + +## ORM + +Woodpecker uses [Xorm](https://xorm.io/) as ORM for the database connection. + +## Add a new migration + +Woodpecker uses migrations to change the database schema if a database model has been changed. Add the new migration task into `server/store/datastore/migration/`. + +:::info +Adding new properties to models will be handled automatically by the underlying [ORM](#orm) based on the [struct field tags](https://stackoverflow.com/questions/10858787/what-are-the-uses-for-tags-in-go) of the model. If you add a completely new model, you have to add it to the `allBeans` variable at `server/store/datastore/migration/migration.go` to get a new table created. +::: + +:::warning +You should not use `sess.Begin()`, `sess.Commit()` or `sess.Close()` inside a migration. Session / transaction handling will be done by the underlying migration manager. +::: + +To automatically execute the migration after the start of the server, the new migration needs to be added to the end of `migrationTasks` in `server/store/datastore/migration/migration.go`. After a successful execution of that transaction the server will automatically add the migration to a list, so it won't be executed again on the next start. + +## Constants of official images + +All official default images, are saved in [shared/constant/constant.go](https://github.com/woodpecker-ci/woodpecker/blob/main/shared/constant/constant.go) and must be pinned by an exact tag. + +## Building images locally + +### Server + +```sh +### build web component +make vendor +cd web/ +pnpm install --frozen-lockfile +pnpm build +cd .. + +### define the platforms to build for (e.g. linux/amd64) +# (the | is not a typo here) +export PLATFORMS='linux|amd64' +make cross-compile-server + +### build the image +docker buildx build --platform linux/amd64 -t username/repo:tag -f docker/Dockerfile.server.multiarch.rootless --push . +``` + +:::info +The `cross-compile-server` rule makes use of `xgo`, a go cross-compiler. You need to be on a `amd64` host to do this, as `xgo` is only available for `amd64` (see [xgo#213](https://github.com/techknowlogick/xgo/issues/213)). +You can try to use the `build-server` rule instead, however this one fails for some OS (e.g. macOS). +::: + +### Agent + +```sh +### build the agent +make build-agent + +### build the image +docker buildx build --platform linux/amd64 -t username/repo:tag -f docker/Dockerfile.agent.multiarch --push . +``` + +### CLI + +```sh +### build the CLI +make build-cli + +### build the image +docker buildx build --platform linux/amd64 -t username/repo:tag -f docker/Dockerfile.cli.multiarch.rootless --push . +``` diff --git a/docs/versioned_docs/version-3.4/92-development/08-translations.md b/docs/versioned_docs/version-3.4/92-development/08-translations.md new file mode 100644 index 000000000..6ddd9f1eb --- /dev/null +++ b/docs/versioned_docs/version-3.4/92-development/08-translations.md @@ -0,0 +1,9 @@ +# Translations + +To translate the web UI into your language, we have [our own Weblate instance](https://translate.woodpecker-ci.org/). Please register there and translate Woodpecker into your language. **We won't accept PRs changing any language except English.** + + + Translation status + + +Woodpecker uses [Vue I18n](https://vue-i18n.intlify.dev/) as translation library. diff --git a/docs/versioned_docs/version-3.4/92-development/09-openapi.md b/docs/versioned_docs/version-3.4/92-development/09-openapi.md new file mode 100644 index 000000000..8fc63d873 --- /dev/null +++ b/docs/versioned_docs/version-3.4/92-development/09-openapi.md @@ -0,0 +1,59 @@ +# Swagger, API Spec and Code Generation + +Woodpecker uses [gin-swagger](https://github.com/swaggo/gin-swagger) middleware to automatically +generate Swagger v2 API specifications and a nice looking Web UI from the source code. +Also, the generated spec will be transformed into Markdown, using [go-swagger](https://github.com/go-swagger/go-swagger) +and then being using on the community's website documentation. + +It's paramount important to keep the gin handler function's godoc documentation up-to-date, +to always have accurate API documentation. +Whenever you change, add or enhance an API endpoint, please update the godoc. + +You don't require any extra tools on your machine, all Swagger tooling is automatically fetched by standard Go tools. + +## Gin-Handler API documentation guideline + +Here's a typical example of how annotations for Swagger documentation look like... + +```go title="server/api/user.go" +// @Summary Get a user +// @Description Returns a user with the specified login name. Requires admin rights. +// @Router /users/{login} [get] +// @Produce json +// @Success 200 {object} User +// @Tags Users +// @Param Authorization header string true "Insert your personal access token" default(Bearer ) +// @Param login path string true "the user's login name" +// @Param foobar query string false "optional foobar parameter" +// @Param page query int false "for response pagination, page offset number" default(1) +// @Param perPage query int false "for response pagination, max items per page" default(50) +``` + +```go title="server/model/user.go" +type User struct { + ID int64 `json:"id" xorm:"pk autoincr 'user_id'"` +// ... +} // @name User +``` + +These guidelines aim to have consistent wording in the OpenAPI doc: + +- first word after `@Summary` and `@Summary` are always uppercase +- `@Summary` has no `.` (dot) at the end of the line +- model structs shall use custom short names, to ease life for API consumers, using `@name` +- `@Success` object or array declarations shall be short, this means the actual `model.User` struct must have a `@name` annotation, so that the model can be rendered in OpenAPI +- when pagination is used, `@Param page` and `@Param perPage` must be added manually +- `@Param Authorization` is almost always present, there are just a few un-protected endpoints + +There are many examples in the `server/api` package, which you can use a blueprint. +More enhanced information you can find here + +### Manual code generation + +```bash title="generate the server's Go code containing the OpenAPI" +make generate-openapi +``` + +```bash title="update the Markdown in the ./docs folder" +make generate-docs +``` diff --git a/docs/versioned_docs/version-3.4/92-development/09-testing.md b/docs/versioned_docs/version-3.4/92-development/09-testing.md new file mode 100644 index 000000000..f27f71130 --- /dev/null +++ b/docs/versioned_docs/version-3.4/92-development/09-testing.md @@ -0,0 +1,85 @@ +# Testing + +## Backend + +### Unit Tests + +[We use default golang unit tests](https://go.dev/doc/tutorial/add-a-test) +with [`"github.com/stretchr/testify/assert"`](https://pkg.go.dev/github.com/stretchr/testify@v1.9.0/assert) to simplify testing. + +### Integration Tests + +### Dummy backend + +There is a special backend called **`dummy`** which does not execute any commands, but emulates how a typical backend should behave. +To enable it you need to build the agent or cli with the `test` build tag. + +An example pipeline config would be: + +```yaml +when: + event: manual + +steps: + - name: echo + image: dummy + commands: echo "hello woodpecker" + environment: + SLEEP: '1s' + +services: + echo: + image: dummy + commands: echo "i am a service" +``` + +This could be executed via `woodpecker-cli --log-level trace exec --backend-engine dummy example.yaml`: + + + +```none +9:18PM DBG pipeline/pipeline.go:94 > executing 2 stages, in order of: CLI=exec +9:18PM DBG pipeline/pipeline.go:104 > stage CLI=exec StagePos=0 Steps=echo +9:18PM DBG pipeline/pipeline.go:104 > stage CLI=exec StagePos=1 Steps=echo +9:18PM TRC pipeline/backend/dummy/dummy.go:75 > create workflow environment taskUUID=01J10P578JQE6E25VV1EQF0745 +9:18PM DBG pipeline/pipeline.go:176 > prepare CLI=exec step=echo +9:18PM DBG pipeline/pipeline.go:203 > executing CLI=exec step=echo +9:18PM TRC pipeline/backend/dummy/dummy.go:81 > start step echo taskUUID=01J10P578JQE6E25VV1EQF0745 +9:18PM TRC pipeline/backend/dummy/dummy.go:167 > tail logs of step echo taskUUID=01J10P578JQE6E25VV1EQF0745 +9:18PM DBG pipeline/pipeline.go:209 > complete CLI=exec step=echo +[echo:L0:0s] StepName: echo +[echo:L1:0s] StepType: service +[echo:L2:0s] StepUUID: 01J10P578JQE6E25VV1A2DNQN9 +[echo:L3:0s] StepCommands: +[echo:L4:0s] ------------------ +[echo:L5:0s] echo ja +[echo:L6:0s] ------------------ +[echo:L7:0s] 9:18PM DBG pipeline/pipeline.go:176 > prepare CLI=exec step=echo +9:18PM DBG pipeline/pipeline.go:203 > executing CLI=exec step=echo +9:18PM TRC pipeline/backend/dummy/dummy.go:81 > start step echo taskUUID=01J10P578JQE6E25VV1EQF0745 +9:18PM TRC pipeline/backend/dummy/dummy.go:167 > tail logs of step echo taskUUID=01J10P578JQE6E25VV1EQF0745 +[echo:L0:0s] StepName: echo +[echo:L1:0s] StepType: commands +[echo:L2:0s] StepUUID: 01J10P578JQE6E25VV1DFSXX1Y +[echo:L3:0s] StepCommands: +[echo:L4:0s] ------------------ +[echo:L5:0s] echo ja +[echo:L6:0s] ------------------ +[echo:L7:0s] 9:18PM TRC pipeline/backend/dummy/dummy.go:108 > wait for step echo taskUUID=01J10P578JQE6E25VV1EQF0745 +9:18PM TRC pipeline/backend/dummy/dummy.go:187 > stop step echo taskUUID=01J10P578JQE6E25VV1EQF0745 +9:18PM DBG pipeline/pipeline.go:209 > complete CLI=exec step=echo +9:18PM TRC pipeline/backend/dummy/dummy.go:208 > delete workflow environment taskUUID=01J10P578JQE6E25VV1EQF0745 +``` + + + +There are also environment variables to alter step behavior: + +- `SLEEP: 10` will let the step wait 10 seconds +- `EXPECT_TYPE` allows to check if a step is a `clone`, `service`, `plugin` or `commands` +- `STEP_START_FAIL: true` if set will simulate a step to fail before actually being started (e.g. happens when the container image can not be pulled) +- `STEP_TAIL_FAIL: true` if set will error when we simulate to read from stdout for logs +- `STEP_EXIT_CODE: 2` if set will be used as exit code, default is 0 +- `STEP_OOM_KILLED: true` simulates a step being killed by memory constrains + +You can let the setup of a whole workflow fail by setting it's UUID to `WorkflowSetupShouldFail`. diff --git a/docs/versioned_docs/version-3.4/92-development/_category_.yaml b/docs/versioned_docs/version-3.4/92-development/_category_.yaml new file mode 100644 index 000000000..02d70e09b --- /dev/null +++ b/docs/versioned_docs/version-3.4/92-development/_category_.yaml @@ -0,0 +1,4 @@ +label: 'Development' +# position: 3 +collapsible: true +collapsed: true diff --git a/docs/versioned_docs/version-3.4/92-development/ui-proxy.svg b/docs/versioned_docs/version-3.4/92-development/ui-proxy.svg new file mode 100644 index 000000000..79809ffa1 --- /dev/null +++ b/docs/versioned_docs/version-3.4/92-development/ui-proxy.svg @@ -0,0 +1,16 @@ + + + + + + + forward requestin dev modeUI Server Port 8010Woodpecker ServerBrowserPort 8000/login/logout/api/.../api/web-config.js/streamEvery other request(404 Handler) diff --git a/docs/versioned_docs/version-3.4/92-development/vscode-debug.png b/docs/versioned_docs/version-3.4/92-development/vscode-debug.png new file mode 100644 index 000000000..58861dbde Binary files /dev/null and b/docs/versioned_docs/version-3.4/92-development/vscode-debug.png differ diff --git a/docs/versioned_docs/version-3.4/92-development/vscode-run-test.png b/docs/versioned_docs/version-3.4/92-development/vscode-run-test.png new file mode 100644 index 000000000..6d163f8b8 Binary files /dev/null and b/docs/versioned_docs/version-3.4/92-development/vscode-run-test.png differ diff --git a/docs/versioned_docs/version-3.4/92-development/woodpecker-architecture.png b/docs/versioned_docs/version-3.4/92-development/woodpecker-architecture.png new file mode 100644 index 000000000..22f6a054a Binary files /dev/null and b/docs/versioned_docs/version-3.4/92-development/woodpecker-architecture.png differ diff --git a/docs/versioned_sidebars/version-2.7-sidebars.json b/docs/versioned_sidebars/version-3.2-sidebars.json similarity index 100% rename from docs/versioned_sidebars/version-2.7-sidebars.json rename to docs/versioned_sidebars/version-3.2-sidebars.json diff --git a/docs/versioned_sidebars/version-3.0-sidebars.json b/docs/versioned_sidebars/version-3.3-sidebars.json similarity index 100% rename from docs/versioned_sidebars/version-3.0-sidebars.json rename to docs/versioned_sidebars/version-3.3-sidebars.json diff --git a/docs/versioned_sidebars/version-3.4-sidebars.json b/docs/versioned_sidebars/version-3.4-sidebars.json new file mode 100644 index 000000000..caea0c03b --- /dev/null +++ b/docs/versioned_sidebars/version-3.4-sidebars.json @@ -0,0 +1,8 @@ +{ + "tutorialSidebar": [ + { + "type": "autogenerated", + "dirName": "." + } + ] +} diff --git a/docs/versions.json b/docs/versions.json index b702f22be..6212c9088 100644 --- a/docs/versions.json +++ b/docs/versions.json @@ -1,5 +1,6 @@ [ - "3.0", - "2.8", - "2.7" + "3.4", + "3.3", + "3.2", + "2.8" ]