5844 Commits

Author SHA1 Message Date
Robert Kaussow
957581571b Add changelog for v2.8.2 (#4594) v2.8.2 2024-12-20 07:59:01 +01:00
Robert Kaussow
88d3a3cec4 Fix version.json updates (#4593) 2024-12-19 22:05:03 +01:00
Robert Kaussow
557ea478f5 Backport gitea and forgejo sdk updates (#4592) 2024-12-19 21:26:31 +01:00
Robert Kaussow
5c589a7aac Do not log forge tokens (#4551) (#4590) 2024-12-19 21:18:14 +01:00
Robert Kaussow
80ea0d1f2f Don't log DB passwords (#4583) (#4589) 2024-12-19 21:17:56 +01:00
Robert Kaussow
fc40696e93 Backport golang security updates (#4587)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-12-19 20:32:43 +01:00
woodpecker-bot
8b398e18ab 🎉 Release 2.8.1 (#4513) v2.8.1 2024-12-13 23:14:28 +01:00
Joan Flotats
36e5b9514b Add Bitbucket fixes to Release/2.8 (#4547)
Co-authored-by: Joan Flotats <joanflotats@bit2me.com>
2024-12-10 15:21:37 +02:00
John Olheiser
21d9c6cece fix: addon JSON pointers (#4508) (#4512)
Signed-off-by: jolheiser <git@jolheiser.com>
2024-12-05 17:24:18 +01:00
woodpecker-bot
985a5ae73b 🎉 Release 2.8.0 (#4304) v2.8.0 2024-11-28 19:50:54 +01:00
6543
50a3749b60 Enforce exact matching for GitLab groups (#4473) (#4474)
Co-authored-by: Patrick Schratz <patrick.schratz@gmail.com>
2024-11-28 19:49:00 +01:00
6543
f85192ba4a Docker Backend: fully support windows container (#4381) (#4464) 2024-11-27 05:42:46 +01:00
Anbraten
cc3f0412f2 Extend approval options (#3348) (#4429)
Co-authored-by: 6543 <6543@obermui.de>
2024-11-25 21:31:13 +01:00
6543
e1ec60a826 Normalize aarch64 -> arm64 for docker backend (#4451) (#4457)
Co-authored-by: Patrick Schratz <patrick.schratz@gmail.com>
2024-11-25 19:48:23 +01:00
6543
2cbd9268f6 Deprecate secrets in favor of from_secret (#4360) 2024-11-18 21:26:46 +01:00
6543
aa7e1cdd9e ci: remove last "secrets" usage and migrate to from_secret (#4372) (#4407) 2024-11-18 19:12:58 +02:00
6543
092ea7b907 Deprecate and warn of list syntax of environment (#4358)
Co-authored-by: Robert Kaussow <xoxys@rknet.org>
2024-11-17 09:17:09 +02:00
6543
cbe74ec72f Process workflow logs in batches (#4045) (#4356)
Co-authored-by: hg <k@isakov.net>
2024-11-13 15:42:45 +01:00
6543
b68b038adf address review lint issues (#4354) (#4357) 2024-11-11 19:38:17 +01:00
6543
2ec46c5429 Bump release plugin (#4328) 2024-11-06 15:40:17 +01:00
6543
b89d4f059c Add migration to autofix corrupted users.org_id entrys in db (#4307) (#4327) 2024-11-06 15:30:18 +01:00
6543
cef9cc3753 Bump release plugin (#4318)
Co-authored-by: Anbraten <6918444+anbraten@users.noreply.github.com>
Co-authored-by: oauth <woodpecker-bot@obermui.de>
2024-11-06 01:23:10 +01:00
6543
084d6f883a Upgrade vue-i18n (#4317)
Co-authored-by: Anbraten <6918444+anbraten@users.noreply.github.com>
2024-11-06 01:19:04 +01:00
6543
bbdabae564 Start a trivy server service (#4288) (#4312) 2024-11-06 01:06:39 +01:00
6543
5c4dbaa8fb dont release docs from release branch (#4316) 2024-11-06 00:27:18 +01:00
Anbraten
9dcc1a4ac2 Use release-helper for release/* branches (#4302) 2024-11-04 14:59:17 +01:00
6543
ba382a090c Changelog for v2.7.2 (#4214)
Co-authored-by: Anbraten <6918444+anbraten@users.noreply.github.com>
v2.7.2
2024-11-03 12:54:02 +01:00
6543
0527e54da0 pin xgo image (#4287) 2024-11-03 00:40:39 +01:00
6543
3a1c3e72e4 Don't parse forge config files multiple times if no error occured (#4272) (#4273)
Co-authored-by: Patrick Schratz <patrick.schratz@gmail.com>
2024-10-29 07:34:32 +02:00
6543
c427886d3c fix: repo/owner parsing for gitlab (#4255) (#4261)
Co-authored-by: Patrick Schratz <patrick.schratz@gmail.com>
2024-10-27 10:50:09 +01:00
6543
eadb75ad17 Revert "Only allow docker-buildx plugin >= 5.0.0 to be priviledged by default (#4213)"
This reverts commit 71d478b79a.
2024-10-09 17:00:04 +02:00
6543
71d478b79a Only allow docker-buildx plugin >= 5.0.0 to be priviledged by default (#4213) 2024-10-09 16:48:22 +02:00
6543
67d8d6e317 chore(deps): update woodpeckerci/plugin-docker-buildx docker tag to v5.0.0 2024-10-09 15:16:30 +02:00
6543
b1e5103ee5 Backport JS dependency updates (#4189) 2024-10-05 18:01:46 +02:00
6543
1b1bf27951 Bump trivy plugin (#4160) (#4188)
Co-authored-by: Patrick Schratz <patrick.schratz@gmail.com>
2024-10-05 16:24:20 +03:00
6543
cc203e25f1 chore(deps): update dependency vite to v5.4.6 [security] (#4163) (#4187)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-05 14:18:21 +01:00
6543
972e45daaf Print agent labels in debug mode (#4155) (#4156) 2024-10-03 15:02:40 +02:00
6543
10d8a13272 Run queue.process() in background (#4115) 2024-09-20 14:13:46 +02:00
6543
4576aef483 Fix agent last work update throttling (#4124) (#4126)
Co-authored-by: Lukas <lukas@slucky.de>
2024-09-18 23:28:22 +02:00
6543
6f5e0697d0 Only update agent.LastWork if not done recently (#4031) (#4100)
Co-authored-by: Anbraten <6918444+anbraten@users.noreply.github.com>
2024-09-10 15:53:16 +03:00
6543
324ab4ac89 🎉 Release 2.7.1 (#4090)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
v2.7.1
2024-09-07 10:36:01 +02:00
qwerty287
abb88fa134 Fix org settings page (#4002) (#4093)
Co-authored-by: Divya Jain <dvjn.dev+git@gmail.com>
2024-09-07 10:27:20 +02:00
6543
9b18a90a59 [Backport] Lint privileged plugin match and allow to be set empty (#4084) 2024-09-05 20:30:03 +03:00
6543
688d984d7e Update docker-buildx plugin to v4.2.0 2024-09-05 01:33:40 +02:00
6543
432f49cae3 Bump github.com/docker/docker from v24.0.9 to v24.0.9+30 (#4077) 2024-09-02 14:23:17 +02:00
6543
4535ef330a Allow admins to specify priviledged plugins by name **and tag** (#4075) (#4076) 2024-09-01 23:06:06 +02:00
qwerty287
a360563fad Warn if using secrets/env with plugin (#4027) (#4039) 2024-08-16 17:08:06 +02:00
qwerty287
4ab8374c9a Set refspec for gitlab MR (#4021) 2024-08-16 10:23:38 +02:00
Joan Flotats
1ec7525bf4 Change Bitbucket PR hook to point the source branch, commit & ref (#3965)
## Description

This is the first fix for: https://github.com/woodpecker-ci/woodpecker/issues/3932

Change the Pull Request hook parser to return the source commit, branch, and ref instead of the destination. Right now, the workflow pulls the destination configuration and code. It should pull the source configuration and code to verify that the configuration and code work as expected before merging the changes.

In case of the close event, the hook parser returns the destination branch, ref and merge commit. Usually, the contributor automatically deletes the source branch after merging the changes to the destination branch. Using the source values will cause the workflow to fail.

After the changes, Woodpecker will correctly download the workflow from the source branch (Pull Request commit), but it will fail to clone the repository. This issue is related to the commit format returned by the Bitbucket webhook. This inconsistency has already been reported: https://jira.atlassian.com/browse/BCLOUD-21201. The webhook returns a short SHA. The problem is that the `git fetch` command requires the full SHA. 

A workaround for this issue is to use the ref to fetch the code:

```yaml
clone:
  git:
    image: woodpeckerci/plugin-git
    settings:
      ref: ${CI_COMMIT_REF}
```

This is not ideal, because the Pull Request head won't always match the workflow commit, but it solves 80% of the event use cases (e.g. trigger a pull request workflow on change). This workaround won't work when re-running a previous workflow pointing to another commit, it will pull the last commit, not the previous one.

## Solutions

The solution proposed by the community is to retrieve the full SHA from the Bitbucket API using the short one. This solution has drawbacks:
- The Bitbucket API rate limit is 1000 req/h. This solution will reduce the maximum number of workflow runs per hour.
- It requires a braking change in the forges interface because the ´Hook(...)´ method does not have an instance of the HTTP Client. 

We propose to allow the git plugin to fetch the source code from a URL. The Bitbucket returns a link pointing to the commit. 

This proposal only requires a small change to the git plugin:
- Add a new optional parameter (e.g. CommitLink)
- Add a clause to the following conditional: 7ac9615f40/plugin.go (L79C1-L88C3)
```go
if p.Pipeline.CommitLink != "" {...}
```
Git commands:
```shell
$ git fetch --no-tags --depth=1 --filter=tree:0 https://bitbucket.org/workspace/repo/commits/692972aabfec
$ git reset --hard -q 692972aabfec # It works with the short SHA
```
Woodpecker will set CommitLink to a blank string for the other forges, but Bitbuckket will use the one returned by the webhook.
2024-07-23 16:59:17 +02:00
Joan Flotats
8f11a8ec9d Add updated, merged and declined events to bb webhook activation (#3963)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-07-23 14:41:53 +02:00