From 697efb64f9d53e74c75b1edf99ebf6e8c38d302f Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 9 Nov 2024 11:08:38 +0100 Subject: [PATCH 1/9] docs: update netrc option description --- docs/docs/20-usage/75-project-settings.md | 9 ++++++++- .../version-1.0/20-usage/71-project-settings.md | 9 ++++++++- .../version-2.5/20-usage/75-project-settings.md | 9 ++++++++- .../version-2.6/20-usage/75-project-settings.md | 9 ++++++++- .../version-2.7/20-usage/75-project-settings.md | 9 ++++++++- web/src/assets/locales/en.json | 4 ++-- 6 files changed, 42 insertions(+), 7 deletions(-) diff --git a/docs/docs/20-usage/75-project-settings.md b/docs/docs/20-usage/75-project-settings.md index 24bdbe605a..520495117e 100644 --- a/docs/docs/20-usage/75-project-settings.md +++ b/docs/docs/20-usage/75-project-settings.md @@ -42,7 +42,14 @@ Only server admins can set this option. If you are not a server admin this optio ## Only inject netrc credentials into trusted containers -Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step. +The "clone" step may need git credentials (e.g. for private repos). +These are injected via `netrc`. +By default, they're only injected into "trusted" clone plugins listed in env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +If this option is unchecked, git credentials will be injected into any plugin used in the clone step, regardless of being listed in `WOODPECKER_PLUGINS_TRUSTED_CLONE`. + +:::note +This option does not have any effect for other steps than the "clone" step. +::: ## Project visibility diff --git a/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md b/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md index 319a07e610..88c7ef64f7 100644 --- a/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md +++ b/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md @@ -35,7 +35,14 @@ Only server admins can set this option. If you are not a server admin this optio ### Only inject netrc credentials into trusted containers -Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step. +The "clone" step may need git credentials (e.g. for private repos). +These are injected via `netrc`. +By default, they're only injected into "trusted" clone plugins listed in env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +If this option is unchecked, git credentials will be injected into any plugin used in the clone step, regardless of being listed in `WOODPECKER_PLUGINS_TRUSTED_CLONE`. + +:::note +This option does not have any effect for other steps than the "clone" step. +::: ## Project visibility diff --git a/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md b/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md index 24bdbe605a..520495117e 100644 --- a/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md +++ b/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md @@ -42,7 +42,14 @@ Only server admins can set this option. If you are not a server admin this optio ## Only inject netrc credentials into trusted containers -Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step. +The "clone" step may need git credentials (e.g. for private repos). +These are injected via `netrc`. +By default, they're only injected into "trusted" clone plugins listed in env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +If this option is unchecked, git credentials will be injected into any plugin used in the clone step, regardless of being listed in `WOODPECKER_PLUGINS_TRUSTED_CLONE`. + +:::note +This option does not have any effect for other steps than the "clone" step. +::: ## Project visibility diff --git a/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md b/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md index 24bdbe605a..520495117e 100644 --- a/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md +++ b/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md @@ -42,7 +42,14 @@ Only server admins can set this option. If you are not a server admin this optio ## Only inject netrc credentials into trusted containers -Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step. +The "clone" step may need git credentials (e.g. for private repos). +These are injected via `netrc`. +By default, they're only injected into "trusted" clone plugins listed in env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +If this option is unchecked, git credentials will be injected into any plugin used in the clone step, regardless of being listed in `WOODPECKER_PLUGINS_TRUSTED_CLONE`. + +:::note +This option does not have any effect for other steps than the "clone" step. +::: ## Project visibility diff --git a/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md b/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md index 24bdbe605a..520495117e 100644 --- a/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md +++ b/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md @@ -42,7 +42,14 @@ Only server admins can set this option. If you are not a server admin this optio ## Only inject netrc credentials into trusted containers -Cloning pipeline step may need git credentials. They are injected via netrc. By default, they're only injected if this option is enabled, the repo is trusted ([see above](#trusted)) or the image is a trusted clone image. If you uncheck the option, git credentials will be injected into any container in clone step. +The "clone" step may need git credentials (e.g. for private repos). +These are injected via `netrc`. +By default, they're only injected into "trusted" clone plugins listed in env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +If this option is unchecked, git credentials will be injected into any plugin used in the clone step, regardless of being listed in `WOODPECKER_PLUGINS_TRUSTED_CLONE`. + +:::note +This option does not have any effect for other steps than the "clone" step. +::: ## Project visibility diff --git a/web/src/assets/locales/en.json b/web/src/assets/locales/en.json index 194c6afcde..df4d57c396 100644 --- a/web/src/assets/locales/en.json +++ b/web/src/assets/locales/en.json @@ -93,8 +93,8 @@ "desc": "Every pipeline needs to be approved before being executed." }, "netrc_only_trusted": { - "netrc_only_trusted": "Only inject netrc credentials into trusted containers", - "desc": "Only inject netrc credentials into trusted containers (recommended)." + "netrc_only_trusted": "Only inject netrc credentials into trusted clone step plugins.", + "desc": "If checked, git netrc credentials will only be available to plugins listed in env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. netrc credentials are required for a functional clone operation. If unchecked, this will allow untrusted clone plugins in the clone step to function properly. This option does not have effect for non-clone steps." }, "trusted": { "trusted": "Trusted", From b061529b757da6cb83ab7c03444475c8ffb7e203 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 9 Nov 2024 11:24:34 +0100 Subject: [PATCH 2/9] chore: update sectiont itle --- docs/docs/20-usage/75-project-settings.md | 2 +- docs/versioned_docs/version-1.0/20-usage/71-project-settings.md | 2 +- docs/versioned_docs/version-2.5/20-usage/75-project-settings.md | 2 +- docs/versioned_docs/version-2.6/20-usage/75-project-settings.md | 2 +- docs/versioned_docs/version-2.7/20-usage/75-project-settings.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/docs/20-usage/75-project-settings.md b/docs/docs/20-usage/75-project-settings.md index 520495117e..c94fb07e2c 100644 --- a/docs/docs/20-usage/75-project-settings.md +++ b/docs/docs/20-usage/75-project-settings.md @@ -40,7 +40,7 @@ Only server admins can set this option. If you are not a server admin this optio ::: -## Only inject netrc credentials into trusted containers +## Only inject netrc credentials into trusted clone plugins The "clone" step may need git credentials (e.g. for private repos). These are injected via `netrc`. diff --git a/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md b/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md index 88c7ef64f7..b77e8ed8da 100644 --- a/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md +++ b/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md @@ -33,7 +33,7 @@ Only server admins can set this option. If you are not a server admin this optio ::: -### Only inject netrc credentials into trusted containers +### Only inject netrc credentials into trusted clone plugins The "clone" step may need git credentials (e.g. for private repos). These are injected via `netrc`. diff --git a/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md b/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md index 520495117e..c94fb07e2c 100644 --- a/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md +++ b/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md @@ -40,7 +40,7 @@ Only server admins can set this option. If you are not a server admin this optio ::: -## Only inject netrc credentials into trusted containers +## Only inject netrc credentials into trusted clone plugins The "clone" step may need git credentials (e.g. for private repos). These are injected via `netrc`. diff --git a/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md b/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md index 520495117e..c94fb07e2c 100644 --- a/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md +++ b/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md @@ -40,7 +40,7 @@ Only server admins can set this option. If you are not a server admin this optio ::: -## Only inject netrc credentials into trusted containers +## Only inject netrc credentials into trusted clone plugins The "clone" step may need git credentials (e.g. for private repos). These are injected via `netrc`. diff --git a/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md b/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md index 520495117e..c94fb07e2c 100644 --- a/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md +++ b/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md @@ -40,7 +40,7 @@ Only server admins can set this option. If you are not a server admin this optio ::: -## Only inject netrc credentials into trusted containers +## Only inject netrc credentials into trusted clone plugins The "clone" step may need git credentials (e.g. for private repos). These are injected via `netrc`. From 7f6ee3e7030348422016b13fe1233f51381db4df Mon Sep 17 00:00:00 2001 From: Patrick Schratz Date: Sun, 10 Nov 2024 16:21:38 +0100 Subject: [PATCH 3/9] Update docs/docs/20-usage/75-project-settings.md Co-authored-by: Robert Kaussow --- docs/docs/20-usage/75-project-settings.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/docs/20-usage/75-project-settings.md b/docs/docs/20-usage/75-project-settings.md index c94fb07e2c..e9b21c0ad7 100644 --- a/docs/docs/20-usage/75-project-settings.md +++ b/docs/docs/20-usage/75-project-settings.md @@ -42,13 +42,13 @@ Only server admins can set this option. If you are not a server admin this optio ## Only inject netrc credentials into trusted clone plugins -The "clone" step may need git credentials (e.g. for private repos). -These are injected via `netrc`. -By default, they're only injected into "trusted" clone plugins listed in env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. -If this option is unchecked, git credentials will be injected into any plugin used in the clone step, regardless of being listed in `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`. + +By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not. :::note -This option does not have any effect for other steps than the "clone" step. +This option has no effect on steps other than the clone step. ::: ## Project visibility From f1c3487f514c224e5a0498465562549dfc5fc929 Mon Sep 17 00:00:00 2001 From: Patrick Schratz Date: Sun, 10 Nov 2024 16:21:48 +0100 Subject: [PATCH 4/9] Update docs/versioned_docs/version-1.0/20-usage/71-project-settings.md Co-authored-by: Robert Kaussow --- .../version-1.0/20-usage/71-project-settings.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md b/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md index b77e8ed8da..ef2d85d520 100644 --- a/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md +++ b/docs/versioned_docs/version-1.0/20-usage/71-project-settings.md @@ -35,13 +35,13 @@ Only server admins can set this option. If you are not a server admin this optio ### Only inject netrc credentials into trusted clone plugins -The "clone" step may need git credentials (e.g. for private repos). -These are injected via `netrc`. -By default, they're only injected into "trusted" clone plugins listed in env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. -If this option is unchecked, git credentials will be injected into any plugin used in the clone step, regardless of being listed in `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`. + +By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not. :::note -This option does not have any effect for other steps than the "clone" step. +This option has no effect on steps other than the clone step. ::: ## Project visibility From c63a7fafcf17fc1445fd4955cc85729a883d5693 Mon Sep 17 00:00:00 2001 From: Patrick Schratz Date: Sun, 10 Nov 2024 16:21:56 +0100 Subject: [PATCH 5/9] Update docs/versioned_docs/version-2.5/20-usage/75-project-settings.md Co-authored-by: Robert Kaussow --- .../version-2.5/20-usage/75-project-settings.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md b/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md index c94fb07e2c..e9b21c0ad7 100644 --- a/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md +++ b/docs/versioned_docs/version-2.5/20-usage/75-project-settings.md @@ -42,13 +42,13 @@ Only server admins can set this option. If you are not a server admin this optio ## Only inject netrc credentials into trusted clone plugins -The "clone" step may need git credentials (e.g. for private repos). -These are injected via `netrc`. -By default, they're only injected into "trusted" clone plugins listed in env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. -If this option is unchecked, git credentials will be injected into any plugin used in the clone step, regardless of being listed in `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`. + +By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not. :::note -This option does not have any effect for other steps than the "clone" step. +This option has no effect on steps other than the clone step. ::: ## Project visibility From 60c3c4d073b0c40b16585c78397e15208544c985 Mon Sep 17 00:00:00 2001 From: Patrick Schratz Date: Sun, 10 Nov 2024 16:22:03 +0100 Subject: [PATCH 6/9] Update docs/versioned_docs/version-2.6/20-usage/75-project-settings.md Co-authored-by: Robert Kaussow --- .../version-2.6/20-usage/75-project-settings.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md b/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md index c94fb07e2c..e9b21c0ad7 100644 --- a/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md +++ b/docs/versioned_docs/version-2.6/20-usage/75-project-settings.md @@ -42,13 +42,13 @@ Only server admins can set this option. If you are not a server admin this optio ## Only inject netrc credentials into trusted clone plugins -The "clone" step may need git credentials (e.g. for private repos). -These are injected via `netrc`. -By default, they're only injected into "trusted" clone plugins listed in env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. -If this option is unchecked, git credentials will be injected into any plugin used in the clone step, regardless of being listed in `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`. + +By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not. :::note -This option does not have any effect for other steps than the "clone" step. +This option has no effect on steps other than the clone step. ::: ## Project visibility From 5f07c4f1da94163cb0e25fe132885f7b6bc9db9d Mon Sep 17 00:00:00 2001 From: Patrick Schratz Date: Sun, 10 Nov 2024 16:22:10 +0100 Subject: [PATCH 7/9] Update docs/versioned_docs/version-2.7/20-usage/75-project-settings.md Co-authored-by: Robert Kaussow --- .../version-2.7/20-usage/75-project-settings.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md b/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md index c94fb07e2c..e9b21c0ad7 100644 --- a/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md +++ b/docs/versioned_docs/version-2.7/20-usage/75-project-settings.md @@ -42,13 +42,13 @@ Only server admins can set this option. If you are not a server admin this optio ## Only inject netrc credentials into trusted clone plugins -The "clone" step may need git credentials (e.g. for private repos). -These are injected via `netrc`. -By default, they're only injected into "trusted" clone plugins listed in env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. -If this option is unchecked, git credentials will be injected into any plugin used in the clone step, regardless of being listed in `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`. + +By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. +If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not. :::note -This option does not have any effect for other steps than the "clone" step. +This option has no effect on steps other than the clone step. ::: ## Project visibility From a2f17cf449934b5c0d85e97f13f5d7c02e16963d Mon Sep 17 00:00:00 2001 From: Patrick Schratz Date: Sun, 10 Nov 2024 16:22:19 +0100 Subject: [PATCH 8/9] Update web/src/assets/locales/en.json Co-authored-by: Robert Kaussow --- web/src/assets/locales/en.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/src/assets/locales/en.json b/web/src/assets/locales/en.json index df4d57c396..ea34d83034 100644 --- a/web/src/assets/locales/en.json +++ b/web/src/assets/locales/en.json @@ -93,7 +93,7 @@ "desc": "Every pipeline needs to be approved before being executed." }, "netrc_only_trusted": { - "netrc_only_trusted": "Only inject netrc credentials into trusted clone step plugins.", + "netrc_only_trusted": "Only inject netrc credentials into trusted clone plugins", "desc": "If checked, git netrc credentials will only be available to plugins listed in env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. netrc credentials are required for a functional clone operation. If unchecked, this will allow untrusted clone plugins in the clone step to function properly. This option does not have effect for non-clone steps." }, "trusted": { From defa061a4f0fdb741af9c3e4ad1f287061eff802 Mon Sep 17 00:00:00 2001 From: Patrick Schratz Date: Sun, 10 Nov 2024 16:22:27 +0100 Subject: [PATCH 9/9] Update web/src/assets/locales/en.json Co-authored-by: Robert Kaussow --- web/src/assets/locales/en.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/src/assets/locales/en.json b/web/src/assets/locales/en.json index ea34d83034..f26f0c0206 100644 --- a/web/src/assets/locales/en.json +++ b/web/src/assets/locales/en.json @@ -94,7 +94,7 @@ }, "netrc_only_trusted": { "netrc_only_trusted": "Only inject netrc credentials into trusted clone plugins", - "desc": "If checked, git netrc credentials will only be available to plugins listed in env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`. netrc credentials are required for a functional clone operation. If unchecked, this will allow untrusted clone plugins in the clone step to function properly. This option does not have effect for non-clone steps." + "desc": "If enabled, git netrc credentials are only available for trusted clone plugins set in `WOODPECKER_PLUGINS_TRUSTED_CLONE`. Otherwise, all clone plugins can use the netrc credentials. This option has no effect on non-clone steps." }, "trusted": { "trusted": "Trusted",