This is a preparation for #245 and adds a new endpoint (`.js``file) which can be included by the web-ui to get some config and credentials like the user profile or access-token.
The goal here is to make consistent use of configuration environment variables prefixed `WOODPECKER_`. Where several variants existed, this PR aims to remove all but one option, leaving the most explicit.
This PR only changes server and agent code, but not documentation, in order to keep the PR digestible. Once we have consensus that this is correct, I'll change docs accordingly.
User (rather: admin) facing changes in this PR:
- In general, support for all server and agent config environment variables (env vars) starting with `DRONE_` is removed. The according `WOODPECKER_*` variables must be used instead.
- The env var `WOODPECKER_HOST` replaces `DRONE_HOST`, and `DRONE_SERVER_HOST`.
- The env var `WOODPECKER_AGENT_SECRET` is used to configure the shared secret which agents use to authenticate against the server. It replaces `WOODPECKER_SECRET`, `DRONE_SECRET`, `WOODPECKER_PASSWORD`, `DRONE_PASSWORD`, and `DRONE_AGENT_SECRET`.
- The env var `WOODPECKER_DATABASE_DRIVER` replaces `DRONE_DATABASE_DRIVER` and `DATABASE_DRIVER`.
- The env var `WOODPECKER_DATABASE_DATASOURCE` replaces `DRONE_DATABASE_DATASOURCE` and `DATABASE_CONFIG`.
- Add json schema file
- Add tests to validate sample pipeline files
- Add new command `lint` to cli to test a directory or single file to use correct schema
Example: `woodpecker-cli lint ./pipeline/schema/.woodpecker/`
---
close#275
preparation for #276
Co-authored-by: 6543 <6543@obermui.de>
By adding a new ENV variable called `WOODPECKER_WWW_PROXY` it is possible to serve a webinterface via a proxy configured by the `WOODPECKER_WWW_PROXY` value for development instead of serving the interface from the bundled code or from some folder location as the old `WOODPECKER_WWW` option allowed. Using a proxy allows developing the UI with hot-reloading.
* Move cncd/{logging,pubsub,queue}/ to server/{logging,pubsub,queue}/
* Update REAMDEs and include history
Co-authored-by: Anbraten <anton@ju60.de>
Co-authored-by: Anbraten <anton@ju60.de>
* Refactor: Move agent stats structs to agent/
Based in part on changes by laszlocph (kube branch):
7f4a0c8c12 Factor into Runner
f7fe9edd0b Using Runner in server
* Refactor: Add Runner constructor with counter field
Based in part on changes by laszlocph (kube branch):
7f4a0c8c12 Factor into Runner
f7fe9edd0b Using Runner in server
* Refactor: Move Runner to agent/ package
Based in part on changes by laszlocph (kube branch):
7f4a0c8c12 Factor into Runner
f7fe9edd0b Using Runner in server
* Refactor: pass pipeline.backend.Engine into agent.Runner
Based in part on changes by laszlocph (kube branch):
7f4a0c8 Factor into Runner
f7fe9ed Using Runner in server
* Use well-known function signature for WriteTo
* Rename stats.go -> state.go
Co-authored-by: Anbraten <anton@ju60.de>
* move api code to server/api
* move grpc server for agent communication to server/grpc
* move server.Config to server/config.go as it is used by both server/api and server/grpc
* move shared code used by server/api and server/grpc to server/shared
- move cli files from `cli/drone` to `cli/`
- move cli main to `cmd/cli/main.go` to match agent and server
- use version from `version/version.go` to match agent and server
# Config resolution
- pipeline-config setting empty / not specified (default): `.woodpecker/` => `.woodpecker.yml` => `.drone.yml`
- pipeline-config setting defined by user: try that file / folder and no fallback (if a user sets some special value that is normally done for some reason)
# Changes
- pipeline-config setting will be empty by default
- remove fallback setting for config loading (simplifies config)
---
closes#133
---
* adjust config fetching mechanism
* default path empty
* remove fallback flag from ui and db
Add flags to allow the agent to connect to a secure grpc endpoint.
This can be done by placing nginx in front of the drone-server or updating the
code to accept tls servers for the grpc server.
Added a feature to obtain the initial Vault token from the Kubernetes
auth method.
This works by making a request to the Vault server at the specified auth
method mount point's login path and presenting the JWT located in a file
on a running pod, along with the Kubernetes role to authenticate as.
Vault will then respond with a token and its TTL, if the request is valid.
This commit sets the http handler to the redirect function for let's encrypt
enabled drone instances. In addition, the `Strict-Transport-Security` header is
added to the redirect given `header.Secure` will only be added for gin routes.
This commit resolves#2261.
In our current drone setup, we are not using a proxy, thus letting drone handle
SSL termination. In addition, we are not exposing port 80 (effectively disabling
insecure drone access). When new engineers join and attempt to access drone,
they are not sent a 301 and often complain that they either do not have access
or that drone is broken (when in reality they are just accessing drone via the
incorrect protocol/port).
This commit changes the default behavior when running drone with a server-cert
by only sending redirects on port 80 rather than allowing both secure and
insecure access.