github/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2025-09-01 20:14:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,921 Commits 32 Branches 91 Tags
main
Commit Graph

65 Commits

Author SHA1 Message Date
Robert Kaussow
dc7795e64b Add fsGroupChangePolicy option to Kubernetes backend (#5416) 
Co-authored-by: Lilly Sell <sell@b1-systems.de>
 2025-08-15 10:28:38 +02:00
scottshotgg
d7495357d5 Add Agent-level Tolerations setting (#5266) 
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
 2025-08-10 10:12:42 +02:00
Lilly
147256e3a8 feat(k8s): k8s priority class name config (#5391) 2025-08-09 16:33:47 +02:00
Henrik Huitti
79e4dd5380 feat(k8s): Kubernetes namespace per organization (#5309) 2025-07-22 17:22:26 +03:00
Harri Avellan
5c00b9d74b Prevent secrets from leaking to Kubernetes API Server logs (#5305) 2025-07-14 17:45:13 +03:00
Patrick Schratz
e92706bfd8 Revert "kubernetes: prevent secrets from leaking to api-server logs" (#5293) 
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
 2025-07-05 09:40:40 +03:00
Harri Avellan
5e052f5579 kube backend: prevent secrets from leaking to Kubernetes apiserver logs (#5196) 2025-06-14 22:44:33 +02:00
Robert Kaussow
286794a800 Bump golangci-lint to v2 (#5034) 2025-03-31 18:55:48 +02:00
Jener Rasmussen
c392250384 Replace illegal characters in Kubernetes labels (#5013) 
Co-authored-by: Robert Kaussow <xoxys@rknet.org>
 2025-03-25 20:24:55 +01:00
Jener Rasmussen
8d94071e2f Tag pipeline with source information (#4796) 
Co-authored-by: oauth <woodpecker-bot@obermui.de>
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
Co-authored-by: Robert Kaussow <xoxys@rknet.org>
 2025-03-22 13:45:44 +01:00
hhomar
f47165ff9f kubernetes: create service for detached steps (#4892) 
Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
 2025-02-25 07:16:43 +01:00
Robert Kaussow
00aa968afa Revert "Tag pipeline with source information (#4771)" (#4794) 2025-01-31 14:53:41 +02:00
Jener Rasmussen
846fd8dc51 Tag pipeline with source information (#4771) 
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
 2025-01-30 13:03:58 +01:00
qwerty287
81b74025d4 Update Go imports paths (#4605) 
Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
 2024-12-22 10:44:34 +01:00
tsufeki
db45794091 Fix apparmorProfile being ignored when it's the only field (#4507) 2024-12-03 17:29:03 +02:00
6543
ebf9f9ccbb Add dns config option to official feature set (#4418) 
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
 2024-11-25 17:59:00 +01:00
6543
bf5405b6cc Respect directory option for steps again (#4319) 2024-11-06 23:21:56 +01:00
Patrick Schratz
560eab96f0 Kubernetes | Docker: Add support for rootless images (#4151) 2024-11-02 18:07:27 +01:00
Andrew Melnick
b52b021acb Implement registries for Kubernetes backend (#4092) 
According to [the documentation](https://woodpecker-ci.org/docs/administration/backends/kubernetes#images-from-private-registries), per-organization and per-pipeline registries are currently unsupported for the Kubernetes backend.

This patch implements this missing functionality by creating and deleting a matching secret for each pod with a matched registry, using the same name, labels, and annotations as the pod, and appending it to its `imagePullSecrets` list.

This patch adds tests for the new functionality, and has been manually end-to-end-tested in KinD by using a private image hosted in the matching gitea instance.

This will require updating the matching helm charts to add the create/delete permissions to the agent role, which **is already done**.

close  #2987
 2024-09-30 01:03:05 +01:00
Thomas Anderson
ca41540151 Switched to profile-based AppArmor configuration (#4008) 
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
 2024-08-06 19:05:04 +02:00
Thomas Anderson
7bc38a1d8b K8s secrets reference from step (#3655) 2024-06-23 18:20:21 +02:00
Thomas Anderson
065eebd306 Agent-wide node selector (#3608) 
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
 2024-06-03 17:25:28 +02:00
Anbraten
f6904d6662 Fix privileged steps in kubernetes (#3711) 2024-05-30 18:53:03 +02:00
6543
42f2734308 cspell lint go code (#3706) 2024-05-24 22:35:04 +02:00
renovate[bot]
37ea906958 fix(deps): update golang-packages (#3713) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: qwerty287 <qwerty287@posteo.de>
 2024-05-23 17:37:21 +02:00
Robert Kaussow
89e100cfd1 Add godot linter to harmonitze toplevel comments (#3650) 2024-05-13 22:58:21 +02:00
Thomas Anderson
ae72102503 Ability to set pod annotations and labels from step (#3609) 
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
 2024-05-11 11:45:29 +02:00
qwerty287
225ddb586d Rework entrypoints (#3269) 
Co-authored-by: Thomas Anderson <127358482+zc-devs@users.noreply.github.com>
Co-authored-by: 6543 <m.huber@kithara.com>
 2024-05-02 14:52:01 +02:00
YR Chen
e1b574a4bc Add runtimeClassName in Kubernetes backend options (#3474) 
Resolves #3473

---------

Co-authored-by: Thomas Anderson <127358482+zc-devs@users.noreply.github.com>
 2024-03-29 10:29:07 +01:00
qwerty287
2029813fc2 Remove unused cache properties (#3567) 2024-03-29 09:48:28 +01:00
Anbraten
9db9c7116f Improve security context handling (#3482) 2024-03-13 22:41:13 +01:00
Elias
bffc9c8ff8 fix: can't run multiple services on k8s (#3395) 
Fix Issue: https://github.com/woodpecker-ci/woodpecker/issues/3288

The way the pod service starts up makes it impossible to run two or more
pipelines at the same time when we have a service section.

The idea is to set the name of the service in the same way we did for
the pod name.

Pipeline: 

```yaml

services:
  mydb:
    image: mysql
    environment:
      - MYSQL_DATABASE=test
      - MYSQL_ROOT_PASSWORD=example
    ports:
      - 3306/tcp
steps:
  get-version:
    image: ubuntu
    commands:
      - ( apt update && apt dist-upgrade -y && apt install -y mysql-client 2>&1 )> /dev/null
      - sleep 30s # need to wait for mysql-server init
      - echo 'SHOW VARIABLES LIKE "version"' | mysql -uroot -hmydb test -pexample
```

Running more than one pipeline result:


![image](https://github.com/woodpecker-ci/woodpecker/assets/22245125/e512309f-0d1e-4125-bab9-2357a710fedd)

---------

Co-authored-by: elias.souza <elias.souza@quintoandar.com.br>
 2024-02-17 12:30:06 +01:00
qwerty287
6892a9ca57 Parse backend options in backend (#3227) 
Currently, backend options are parsed in the yaml parser.
This has some issues:
- backend specific code should be in the backend folders
- it is not possible to add backend options for backends added via
addons
 2024-02-08 18:39:32 +01:00
Thomas Anderson
e5c83190c7 Sanitize pod's step label (#3275) 
Closes #3272
 2024-01-26 13:42:21 +01:00
Elias
1c3159ebb7 fix: bug pod service without label service (#3256) 2024-01-23 07:42:47 +01:00
Thomas Anderson
072fa29f4a Fixed Pods creation of WP services (#3236) 
Closes #3178
 2024-01-21 03:56:37 +01:00
qwerty287
d1d2e9723d Support custom steps entrypoint (#2985) 
Closes https://github.com/woodpecker-ci/woodpecker/issues/278

---------

Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: 6543 <6543@obermui.de>
 2024-01-19 05:34:02 +01:00
Thomas Anderson
10f2e209d6 Secured kubernetes backend configuration (#3204) 
Follow up of #3165
 2024-01-15 03:59:08 +01:00
Thomas Anderson
0611fa9b32 Added protocol in port configuration (#2993) 
Closes  #2727
 2024-01-12 23:57:24 +01:00
Thomas Anderson
9bbc446009 Kubernetes AppArmor and seccomp (#3123) 
Closes #2545

seccomp
https://kubernetes.io/docs/tutorials/security/seccomp/

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/135-seccomp/README.md

AppArmor
https://kubernetes.io/docs/tutorials/security/apparmor/

fddcbb9cbf/keps/sig-node/24-apparmor/README.md
Went ahead and implemented API from KEP-24 above.
 2024-01-12 23:32:24 +01:00
qwerty287
b0a2b1cf2d Lowercase all log strings (#3173) 
from #3161

---------

Co-authored-by: 6543 <6543@obermui.de>
 2024-01-11 19:17:07 +01:00
6543
d1fe86b7be Use UUID as podName and cleanup arguments for Kubernetes backend (#3135) 
to much args are just horrible to maintain. And we already have it nice
structured stored as step.
 2024-01-11 16:32:37 +01:00
qwerty287
00df53e941 Clean up logging (#3161) 
- use `Err` method instead of format strings
- use `Msg` if no format string is used
 2024-01-10 20:57:12 +01:00
6543
31614d0e38 Use step type to detect services in Kubernetes backend (#3141) 
and use the correct name for tail log

---------

Co-authored-by: Anbraten <anton@ju60.de>
 2024-01-09 05:42:36 +01:00
Thomas Anderson
c0fc4828ff Flexible image pull secret reference (#3016) 
Co-authored-by: pat-s <patrick.schratz@gmail.com>
 2024-01-05 08:33:56 +01:00
Thomas Anderson
253d702bc7 Fix IPv6 host aliases for kubernetes (#2992) 
Closes #2991


[Tests](https://github.com/woodpecker-ci/woodpecker/pull/2993#issuecomment-1868048169)

---------

Co-authored-by: 6543 <6543@obermui.de>
 2023-12-23 00:42:30 +01:00
Thomas Anderson
01a955ed0e Kubernetes refactor (#2794) 
Kubernetes backend refactoring and tests

---------
Co-authored-by: 6543 <6543@obermui.de>
 2023-12-19 04:53:52 +01:00
runephilosof-karnovgroup
adb2c82790 Update go module path for major version 2 (#2905) 
https://go.dev/doc/modules/release-workflow#breaking

Fixes https://github.com/woodpecker-ci/woodpecker/issues/2913 fixes
#2654
```
runephilosof@fedora:~/code/platform-woodpecker/woodpecker-repo-configurator (master)$ go get go.woodpecker-ci.org/woodpecker@v2.0.0
go: go.woodpecker-ci.org/woodpecker@v2.0.0: invalid version: module contains a go.mod file, so module path must match major version ("go.woodpecker-ci.org/woodpecker/v2")
```

---------

Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
 2023-12-08 08:15:08 +01:00
Thomas Anderson
3adb98b287 Simple security context options (Kubernetes) (#2550) 2023-11-26 08:46:06 +01:00
6543
5a7b689e30 Switch to go vanity urls (#2706) 
Co-authored-by: Anbraten <anton@ju60.de>
 2023-11-07 08:04:33 +01:00