From ee4841fcba8e85f1dbb26adffff1ab45a6e77ca6 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Sun, 25 Aug 2024 21:50:55 +0200 Subject: [PATCH 1/5] Remove all default privileged plugins re-add plugins to the list via config if needed --- docs/docs/91-migrations.md | 1 + shared/constant/constant.go | 8 +------- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/docs/docs/91-migrations.md b/docs/docs/91-migrations.md index db82b83b8e..1e860d8225 100644 --- a/docs/docs/91-migrations.md +++ b/docs/docs/91-migrations.md @@ -4,6 +4,7 @@ Some versions need some changes to the server configuration or the pipeline conf ## `next` +- Remove all default privileged plugins ([re-add plugins to the list via config if needed](./30-administration/10-server-config.md#woodpecker_escalate)). - Removed `WOODPECKER_DEV_OAUTH_HOST` and `WOODPECKER_DEV_GITEA_OAUTH_URL` use `WOODPECKER_EXPERT_FORGE_OAUTH_HOST` - Compatibility mode of deprecated `pipeline:`, `platform:` and `branches:` pipeline config options are now removed and pipeline will now fail if still in use. - Removed `steps.[name].group` in favor of `steps.[name].depends_on` (see [workflow syntax](./20-usage/20-workflow-syntax.md#depends_on) to learn how to set dependencies) diff --git a/shared/constant/constant.go b/shared/constant/constant.go index d4984725ae..41417fe617 100644 --- a/shared/constant/constant.go +++ b/shared/constant/constant.go @@ -15,13 +15,7 @@ package constant // PrivilegedPlugins can be changed by 'WOODPECKER_ESCALATE' at runtime. -var PrivilegedPlugins = []string{ - "plugins/docker", - "plugins/gcr", - "plugins/ecr", - "woodpeckerci/plugin-docker-buildx", - "codeberg.org/woodpecker-plugins/docker-buildx", -} +var PrivilegedPlugins = []string{} // DefaultConfigOrder represent the priority in witch woodpecker search for a pipeline config by default // folders are indicated by supplying a trailing slash. From 7874112f992852412528efa1e28dc3bdb914bb2a Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Sun, 25 Aug 2024 21:53:45 +0200 Subject: [PATCH 2/5] nit: more tests --- pipeline/frontend/yaml/utils/image_test.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pipeline/frontend/yaml/utils/image_test.go b/pipeline/frontend/yaml/utils/image_test.go index 17fab45d5b..6b81f8a412 100644 --- a/pipeline/frontend/yaml/utils/image_test.go +++ b/pipeline/frontend/yaml/utils/image_test.go @@ -199,6 +199,11 @@ func Test_matchImage(t *testing.T) { to: "gcr.io/golang", want: false, }, + { + from: "woodpeckerci/plugin-docker-buildx", + to: "docker.io/woodpeckerci/plugin-docker-buildx", + want: true, + }, } for _, test := range testdata { assert.Equal(t, test.want, MatchImage(test.from, test.to)) From dc78c9161666bbe70e3e17dd7dd353d7d580835a Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Sat, 31 Aug 2024 20:48:03 +0200 Subject: [PATCH 3/5] just break we do break anyway --- cmd/server/flags.go | 3 +-- docs/docs/91-migrations.md | 3 ++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/server/flags.go b/cmd/server/flags.go index 3056f41007..b58a8bd14d 100644 --- a/cmd/server/flags.go +++ b/cmd/server/flags.go @@ -159,9 +159,8 @@ var flags = append([]cli.Flag{ Value: time.Hour * 72, }, &cli.StringSliceFlag{ - Sources: cli.EnvVars("WOODPECKER_PLUGINS_PRIVILEGED", "WOODPECKER_ESCALATE"), + Sources: cli.EnvVars("WOODPECKER_PLUGINS_PRIVILEGED"), Name: "plugins-privileged", - Aliases: []string{"escalate"}, // TODO: remove in next version Usage: "Allow plugins to run in privileged mode, if environment variable is defined but empty there will be none", }, &cli.StringSliceFlag{ diff --git a/docs/docs/91-migrations.md b/docs/docs/91-migrations.md index c8f566820d..ccd50c65a2 100644 --- a/docs/docs/91-migrations.md +++ b/docs/docs/91-migrations.md @@ -4,7 +4,8 @@ Some versions need some changes to the server configuration or the pipeline conf ## `next` -- Remove all default privileged plugins ([re-add plugins to the list via config if needed](./30-administration/10-server-config.md#woodpecker_escalate)). +- Rename server environment variable `WOODPECKER_ESCALATE` to `WOODPECKER_PLUGINS_PRIVILEGED` +- Remove all default privileged plugins ([re-add plugins to the list via config if needed](./30-administration/10-server-config.md#woodpecker_plugins_privileged)). - Secret filters for plugins now check against tag if specified - Removed `WOODPECKER_DEV_OAUTH_HOST` and `WOODPECKER_DEV_GITEA_OAUTH_URL` use `WOODPECKER_EXPERT_FORGE_OAUTH_HOST` - Compatibility mode of deprecated `pipeline:`, `platform:` and `branches:` pipeline config options are now removed and pipeline will now fail if still in use. From de9dc0c74645777a07f75e438603dc68be00dd56 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Sat, 31 Aug 2024 20:48:50 +0200 Subject: [PATCH 4/5] Update cli/exec/flags.go --- cli/exec/flags.go | 1 - 1 file changed, 1 deletion(-) diff --git a/cli/exec/flags.go b/cli/exec/flags.go index b1e56a051a..c41111d3e8 100644 --- a/cli/exec/flags.go +++ b/cli/exec/flags.go @@ -58,7 +58,6 @@ var flags = []cli.Flag{ &cli.StringSliceFlag{ Sources: cli.EnvVars("WOODPECKER_PLUGINS_PRIVILEGED"), Name: "plugins-privileged", - Aliases: []string{"privileged"}, // TODO: remove in next version Usage: "Allow plugins to run in privileged mode, if environment variable is defined but empty there will be none", }, &cli.StringFlag{ From 4f407b7641fa092a95bdbb543f3d8616510a3d48 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Sat, 31 Aug 2024 22:10:37 +0200 Subject: [PATCH 5/5] kaniko --- pipeline/frontend/yaml/linter/linter_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pipeline/frontend/yaml/linter/linter_test.go b/pipeline/frontend/yaml/linter/linter_test.go index 1cd1aa4f6a..158853634b 100644 --- a/pipeline/frontend/yaml/linter/linter_test.go +++ b/pipeline/frontend/yaml/linter/linter_test.go @@ -39,7 +39,7 @@ steps: - go build - go test publish: - image: woodpeckerci/plugin-docker-buildx + image: woodpeckerci/plugin-kaniko settings: repo: foo/bar foo: bar @@ -61,7 +61,7 @@ steps: - go build - go test - name: publish - image: woodpeckerci/plugin-docker-buildx + image: woodpeckerci/plugin-kaniko settings: repo: foo/bar foo: bar