Merge branch 'main' into rework-entry

.pre-commit-config.yaml

@@ -53,7 +53,7 @@ ci:
   autofix_prs: true
   autoupdate_branch: ''
   autoupdate_commit_msg: '[pre-commit.ci] pre-commit autoupdate'
-  autoupdate_schedule: monthly
+  autoupdate_schedule: quarterly
   # NB: hadolint not included in pre-commit.ci
   skip: [check-hooks-apply, check-useless-excludes, hadolint, prettier]
   submodules: false

.woodpecker/docker.yaml

@@ -3,7 +3,7 @@ variables:
   - &node_image 'docker.io/node:21-alpine'
   - &xgo_image 'docker.io/techknowlogick/xgo:go-1.22.1'
   - &xgo_version 'go-1.21.2'
-  - &buildx_plugin 'docker.io/woodpeckerci/plugin-docker-buildx:3.1.0'
+  - &buildx_plugin 'docker.io/woodpeckerci/plugin-docker-buildx:3.2.0'
   - &platforms_release 'linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/386,linux/amd64,linux/ppc64le,linux/riscv64,linux/s390x,freebsd/arm64,freebsd/amd64,openbsd/arm64,openbsd/amd64'
   - &platforms_server 'linux/arm/v7,linux/arm64/v8,linux/amd64,linux/ppc64le,linux/riscv64'
   - &platforms_preview 'linux/amd64'

CHANGELOG.md

@@ -1,6 +1,26 @@
 # Changelog
 
-## [2.4.0](https://github.com/woodpecker-ci/woodpecker/releases/tag/2.4.0) - 2024-03-19
+## [2.4.1](https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.4.1) - 2024-03-20
+
+### ❤️ Thanks to all contributors! ❤️
+
+@manuelluis, @qwerty287, @xoxys
+
+### 🔒 Security
+
+- Only allow to deploy from push, tag and release [[#3522](https://github.com/woodpecker-ci/woodpecker/pull/3522)]
+
+### 🐛 Bug Fixes
+
+- Exclude setup from cli command exec. [[#3523](https://github.com/woodpecker-ci/woodpecker/pull/3523)]
+- Fix uppercased env [[#3516](https://github.com/woodpecker-ci/woodpecker/pull/3516)]
+- Fix env schema [[#3514](https://github.com/woodpecker-ci/woodpecker/pull/3514)]
+
+### Misc
+
+- Temp pin golangci version in makefile [[#3520](https://github.com/woodpecker-ci/woodpecker/pull/3520)]
+
+## [2.4.0](https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.4.0) - 2024-03-19
 
 ### ❤️ Thanks to all contributors! ❤️
 
@@ -105,7 +125,7 @@
 - Apply `dependencies` label to all PRs [[#3358](https://github.com/woodpecker-ci/woodpecker/pull/3358)]
 - chore(deps): update docker.io/woodpeckerci/plugin-docker-buildx docker tag to v3.0.1 [[#3324](https://github.com/woodpecker-ci/woodpecker/pull/3324)]
 
-## [2.3.0](https://github.com/woodpecker-ci/woodpecker/releases/tag/2.3.0) - 2024-01-31
+## [2.3.0](https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.3.0) - 2024-01-31
 
 ### ❤️ Thanks to all contributors! ❤️
 
@@ -162,7 +182,7 @@
 
 - build: fix nfpm path for server binary [[#3246](https://github.com/woodpecker-ci/woodpecker/pull/3246)]
 
-## [2.2.1](https://github.com/woodpecker-ci/woodpecker/releases/tag/2.2.1) - 2024-01-21
+## [2.2.1](https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.2.1) - 2024-01-21
 
 ### ❤️ Thanks to all contributors! ❤️
 
@@ -176,7 +196,7 @@
 
 - Build tarball for distribution packages [[#3244](https://github.com/woodpecker-ci/woodpecker/pull/3244)]
 
-## [2.2.0](https://github.com/woodpecker-ci/woodpecker/releases/tag/2.2.0) - 2024-01-21
+## [2.2.0](https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.2.0) - 2024-01-21
 
 ### ❤️ Thanks to all contributors! ❤️
 
@@ -296,7 +316,7 @@
 - Use `yamllint` [[#3066](https://github.com/woodpecker-ci/woodpecker/pull/3066)]
 - Use dag in ci config [[#3010](https://github.com/woodpecker-ci/woodpecker/pull/3010)]
 
-## [2.1.1](https://github.com/woodpecker-ci/woodpecker/releases/tag/2.1.1) - 2023-12-27
+## [2.1.1](https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.1.1) - 2023-12-27
 
 ### ❤️ Thanks to all contributors! ❤️
 
@@ -317,7 +337,7 @@
 
 - Add some tests [[#3030](https://github.com/woodpecker-ci/woodpecker/pull/3030)]
 
-## [2.1.0](https://github.com/woodpecker-ci/woodpecker/releases/tag/2.1.0) - 2023-12-26
+## [2.1.0](https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.1.0) - 2023-12-26
 
 ### ❤️ Thanks to all contributors! ❤️
 
@@ -422,7 +442,7 @@
 - Update web npm deps non-major [[#2884](https://github.com/woodpecker-ci/woodpecker/pull/2884)]
 - Update docker.io/woodpeckerci/plugin-docker-buildx Docker tag to v2.2.1 [[#2883](https://github.com/woodpecker-ci/woodpecker/pull/2883)]
 
-## [2.0.0](https://github.com/woodpecker-ci/woodpecker/releases/tag/2.0.0) - 2023-11-23
+## [2.0.0](https://github.com/woodpecker-ci/woodpecker/releases/tag/v2.0.0) - 2023-11-23
 
 ### ❤️ Thanks to all contributors! ❤️
 

Makefile

@@ -127,7 +127,7 @@ check-xgo: ## Check if xgo is installed
 
 install-tools: ## Install development tools
 	@hash golangci-lint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest; \
+		go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest ; \
 	fi ; \
 	hash gofumpt > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		go install mvdan.cc/gofumpt@latest; \

cli/exec/exec.go

@@ -57,7 +57,12 @@ func run(c *cli.Context) error {
 
 func execDir(c *cli.Context, dir string) error {
 	// TODO: respect pipeline dependency
-	repoPath, _ := filepath.Abs(filepath.Dir(dir))
+	repoPath := c.String("repo-path")
+	if repoPath != "" {
+		repoPath, _ = filepath.Abs(repoPath)
+	} else {
+		repoPath, _ = filepath.Abs(filepath.Dir(dir))
+	}
 	if runtime.GOOS == "windows" {
 		repoPath = convertPathForWindows(repoPath)
 	}
@@ -79,7 +84,12 @@ func execDir(c *cli.Context, dir string) error {
 }
 
 func execFile(c *cli.Context, file string) error {
-	repoPath, _ := filepath.Abs(filepath.Dir(file))
+	repoPath := c.String("repo-path")
+	if repoPath != "" {
+		repoPath, _ = filepath.Abs(repoPath)
+	} else {
+		repoPath, _ = filepath.Abs(filepath.Dir(file))
+	}
 	if runtime.GOOS == "windows" {
 		repoPath = convertPathForWindows(repoPath)
 	}

cli/exec/flags.go

@@ -29,6 +29,11 @@ var flags = []cli.Flag{
 		Usage:   "run from local directory",
 		Value:   true,
 	},
+	&cli.StringFlag{
+		EnvVars: []string{"WOODPECKER_REPO_PATH"},
+		Name:    "repo-path",
+		Usage:   "path to local repository",
+	},
 	&cli.DurationFlag{
 		EnvVars: []string{"WOODPECKER_TIMEOUT"},
 		Name:    "timeout",

cli/internal/config/config.go

@@ -18,7 +18,7 @@ type Config struct {
 	LogLevel  string `json:"log_level"`
 }
 
-var skipSetupForCommands = []string{"setup", "help", "h", "version", "update", "lint", ""}
+var skipSetupForCommands = []string{"setup", "help", "h", "version", "update", "lint", "exec", ""}
 
 func Load(c *cli.Context) error {
 	if firstArg := c.Args().First(); slices.Contains(skipSetupForCommands, firstArg) {

cmd/server/flags.go

@@ -194,16 +194,6 @@ var flags = append([]cli.Flag{
 		Name:    "keepalive-min-time",
 		Usage:   "server-side enforcement policy on the minimum amount of time a client should wait before sending a keepalive ping.",
 	},
-	&cli.StringFlag{
-		EnvVars: []string{"WOODPECKER_SECRET_ENDPOINT"},
-		Name:    "secret-service",
-		Usage:   "secret plugin endpoint",
-	},
-	&cli.StringFlag{
-		EnvVars: []string{"WOODPECKER_REGISTRY_ENDPOINT"},
-		Name:    "registry-service",
-		Usage:   "registry plugin endpoint",
-	},
 	&cli.StringFlag{
 		EnvVars: []string{"WOODPECKER_CONFIG_SERVICE_ENDPOINT"},
 		Name:    "config-service-endpoint",
@@ -386,6 +376,11 @@ var flags = append([]cli.Flag{
 		Name:    "gitea-skip-verify",
 		Usage:   "gitea skip ssl verification",
 	},
+	&cli.StringFlag{
+		EnvVars: []string{"WOODPECKER_DEV_GITEA_OAUTH_URL"},
+		Name:    "gitea-oauth-server",
+		Usage:   "user-facing gitea server url for oauth",
+	},
 	//
 	// Bitbucket
 	//

cmd/server/setup.go

@@ -141,14 +141,23 @@ func setupBitbucket(c *cli.Context) (forge.Forge, error) {
 	return bitbucket.New(opts)
 }
 
-// setupGitea helper function to setup the Gitea forge from the CLI arguments.
+// setupGitea helper function to set up the Gitea forge from the CLI arguments.
 func setupGitea(c *cli.Context) (forge.Forge, error) {
 	server, err := url.Parse(c.String("gitea-server"))
 	if err != nil {
 		return nil, err
 	}
+	oauth2Server := c.String("gitea-oauth-server")
+	if oauth2Server != "" {
+		oauth2URL, err := url.Parse(oauth2Server)
+		if err != nil {
+			return nil, err
+		}
+		oauth2Server = strings.TrimRight(oauth2URL.String(), "/")
+	}
 	opts := gitea.Opts{
 		URL:        strings.TrimRight(server.String(), "/"),
+		OAuth2URL:  oauth2Server,
 		Client:     c.String("gitea-client"),
 		Secret:     c.String("gitea-secret"),
 		SkipVerify: c.Bool("gitea-skip-verify"),

docs/docs/10-intro.md

@@ -81,7 +81,7 @@ steps:
       template: config/k8s/service.yaml
 ```
 
-See [plugin docs](./20-usage/51-plugins/10-overview.md).
+See [plugin docs](./20-usage/51-plugins/51-overview.md).
 
 ## Continue reading
 

docs/docs/20-usage/15-terminiology/index.md → docs/docs/20-usage/15-terminology/index.md

@@ -31,7 +31,7 @@
 - **YAML File**: A file format used to define and configure [workflows][Workflow].
 - **Dependency**: [Workflows][Workflow] can depend on each other, and if possible, they are executed in parallel.
 - **Status**: Status refers to the outcome of a step or [workflow][Workflow] after it has been executed, determined by the internal command exit code. At the end of a [workflow][Workflow], its status is sent to the [forge][Forge].
-- **Service extension**: Some parts of woodpecker internal services like secrets storage or config fetcher can be replaced through service extensions.
+- **Service extension**: Some parts of Woodpecker internal services like secrets storage or config fetcher can be replaced through service extensions.
 
 ## Pipeline events
 
@@ -55,8 +55,8 @@ Sometimes there are multiple terms that can be used to describe something. This
 
 [Pipeline]: ../20-workflow-syntax.md
 [Workflow]: ../25-workflows.md
-[Forge]: ../../30-administration/11-forges/10-overview.md
-[Plugin]: ../51-plugins/10-overview.md
+[Forge]: ../../30-administration/11-forges/11-overview.md
+[Plugin]: ../51-plugins/51-overview.md
 [Workspace]: ../20-workflow-syntax.md#workspace
 [Matrix]: ../30-matrix-workflows.md
 [Docker]: ../../30-administration/22-backends/10-docker.md

docs/docs/20-usage/20-workflow-syntax.md

@@ -192,7 +192,8 @@ Some of the steps may be allowed to fail without causing the whole workflow and
 
 ### `when` - Conditional Execution
 
-Woodpecker supports defining a list of conditions for a step by using a `when` block. If at least one of the conditions in the `when` block evaluate to true the step is executed, otherwise it is skipped. A condition can be a check like:
+Woodpecker supports defining a list of conditions for a step by using a `when` block. If at least one of the conditions in the `when` block evaluate to true the step is executed, otherwise it is skipped. A condition is evaluated to true if _all_ subconditions are true.
+A condition can be a check like:
 
 ```diff
  steps:
@@ -207,6 +208,11 @@ Woodpecker supports defining a list of conditions for a step by using a `when` b
 +        branch: main
 ```
 
+The `slack` step is executed if one of these conditions is met:
+
+1. The pipeline is executed from a pull request in the repo `test/test`
+2. The pipeline is executed from a push to `maiǹ`
+
 #### `repo`
 
 Example conditional execution by repository:
@@ -656,7 +662,7 @@ Example configuration to use a custom clone plugin:
 
 ```diff
  clone:
-   git:
+   - name: git
 +    image: octocat/custom-git-plugin
 ```
 
@@ -706,7 +712,7 @@ skip_clone: true
 
 ## `when` - Global workflow conditions
 
-Woodpecker gives the ability to skip whole workflows (not just steps #when---conditional-execution-1) based on certain conditions by a `when` block. If all conditions in the `when` block evaluate to true the workflow is executed, otherwise it is skipped, but treated as successful and other workflows depending on it will still continue.
+Woodpecker gives the ability to skip whole workflows ([not just steps](#when---conditional-execution)) based on certain conditions by a `when` block. If all conditions in the `when` block evaluate to true the workflow is executed, otherwise it is skipped, but treated as successful and other workflows depending on it will still continue.
 
 For more information about the specific filters, take a look at the [step-specific `when` filters](#when---conditional-execution).
 

docs/docs/20-usage/25-workflows.md

@@ -18,7 +18,7 @@ You can also set some custom path like `.my-ci/pipelines/` instead of `.woodpeck
 
 :::warning
 Please note that files are only shared between steps of the same workflow (see [File changes are incremental](./20-workflow-syntax.md#file-changes-are-incremental)). That means you cannot access artifacts e.g. from the `build` workflow in the `deploy` workflow.
-If you still need to pass artifacts between the workflows you need use some storage [plugin](./51-plugins/10-overview.md) (e.g. one which stores files in an Amazon S3 bucket).
+If you still need to pass artifacts between the workflows you need use some storage [plugin](./51-plugins/51-overview.md) (e.g. one which stores files in an Amazon S3 bucket).
 :::
 
 ```bash

docs/docs/20-usage/45-cron.md

@@ -19,7 +19,7 @@ To configure cron jobs you need at least push access to the repository.
    +      cron: "name of the cron job" # if you only want to execute this step by a specific cron job
    ```
 
-1. Create a new cron job in the repository settings:
+2. Create a new cron job in the repository settings:
 
    ![cron settings](./cron-settings.png)
 

docs/docs/20-usage/50-environment.md

@@ -81,7 +81,7 @@ This is the reference list of all environment variables available to your pipeli
 |                                  | **Current pipeline**                                                                                               |
 | `CI_PIPELINE_NUMBER`             | pipeline number                                                                                                    |
 | `CI_PIPELINE_PARENT`             | number of parent pipeline                                                                                          |
-| `CI_PIPELINE_EVENT`              | pipeline event (see [pipeline events](../20-usage/15-terminiology/index.md#pipeline-events))                       |
+| `CI_PIPELINE_EVENT`              | pipeline event (see [pipeline events](../20-usage/15-terminology/index.md#pipeline-events))                        |
 | `CI_PIPELINE_URL`                | link to the web UI for the pipeline                                                                                |
 | `CI_PIPELINE_FORGE_URL`          | link to the forge's web UI for the commit(s) or tag that triggered the pipeline                                    |
 | `CI_PIPELINE_DEPLOY_TARGET`      | pipeline deploy target for `deployment` events (i.e. production)                                                   |
@@ -114,7 +114,7 @@ This is the reference list of all environment variables available to your pipeli
 |                                  | **Previous pipeline**                                                                                              |
 | `CI_PREV_PIPELINE_NUMBER`        | previous pipeline number                                                                                           |
 | `CI_PREV_PIPELINE_PARENT`        | previous pipeline number of parent pipeline                                                                        |
-| `CI_PREV_PIPELINE_EVENT`         | previous pipeline event (see [pipeline events](../20-usage/15-terminiology/index.md#pipeline-events))              |
+| `CI_PREV_PIPELINE_EVENT`         | previous pipeline event (see [pipeline events](../20-usage/15-terminology/index.md#pipeline-events))               |
 | `CI_PREV_PIPELINE_URL`           | previous pipeline link in CI                                                                                       |
 | `CI_PREV_PIPELINE_FORGE_URL`     | previous pipeline link to event in forge                                                                           |
 | `CI_PREV_PIPELINE_DEPLOY_TARGET` | previous pipeline deploy target for `deployment` events (ie production)                                            |

docs/docs/20-usage/51-plugins/20-creating-plugins.md

@@ -48,6 +48,23 @@ Secrets should be passed as settings too. Therefore, users should use [`from_sec
 
 For Go, we provide a plugin library you can use to get easy access to internal env vars and your settings. See <https://codeberg.org/woodpecker-plugins/go-plugin>.
 
+## Metadata
+
+In your documentation, you can use a Markdown header to define metadata for your plugin. This data is used by [our plugin index](/plugins).
+
+Supported metadata:
+
+- `name`: The plugin's full name
+- `icon`: URL to your plugin's icon
+- `description`: A short description of what it's doing
+- `author`: Your name
+- `tags`: List of keywords (e.g. `[git, clone]` for the clone plugin)
+- `containerImage`: name of the container image
+- `containerImageUrl`: link to the container image
+- `url`: homepage or repository of your plugin
+
+If you want your plugin to be listed in the index, you should add as many fields as possible, but only `name` is required.
+
 ## Example plugin
 
 This provides a brief tutorial for creating a Woodpecker webhook plugin, using simple shell scripting, to make HTTP requests during the build pipeline.

docs/docs/30-administration/00-deployment/00-overview.md

@@ -61,7 +61,7 @@ You can install Woodpecker on multiple ways:
 
 Authentication is done using OAuth and is delegated to your forge which is configured using environment variables.
 
-See the complete reference for all supported forges [here](../11-forges/10-overview.md).
+See the complete reference for all supported forges [here](../11-forges/11-overview.md).
 
 ## Database
 

docs/docs/30-administration/00-deployment/30-nixos.md

@@ -1,7 +1,7 @@
 # NixOS
 
 :::info
-Note that this module is not maintained by the woodpecker-developers.
+Note that this module is not maintained by the Woodpecker developers.
 If you experience issues please open a bug report in the [nixpkgs repo](https://github.com/NixOS/nixpkgs/issues/new/choose) where the module is maintained.
 :::
 
@@ -85,4 +85,4 @@ All configuration options can be found via [NixOS Search](https://search.nixos.o
 
 ## Tips and tricks
 
-There are some resources on how to utilize Woodpecker more effectively with NixOS on the [Awesome Woodpecker](../../92-awesome.md) page, like using the runners nix-store in the pipeline
+There are some resources on how to utilize Woodpecker more effectively with NixOS on the [Awesome Woodpecker](../../92-awesome.md) page, like using the runners nix-store in the pipeline.

docs/docs/30-administration/10-server-config.md

@@ -6,7 +6,7 @@ toc_max_heading_level: 2
 
 ## User registration
 
-Woodpecker does not have its own user registry; users are provided from your [forge](./11-forges/10-overview.md) (using OAuth2).
+Woodpecker does not have its own user registry; users are provided from your [forge](./11-forges/11-overview.md) (using OAuth2).
 
 Registration is closed by default (`WOODPECKER_OPEN=false`). If registration is open (`WOODPECKER_OPEN=true`) then every user with an account at the configured forge can login to Woodpecker.
 
@@ -69,7 +69,7 @@ To handle sensitive data in docker-compose or docker-swarm configurations there
 
 For docker-compose you can use a `.env` file next to your compose configuration to store the secrets outside of the compose file. While this separates configuration from secrets it is still not very secure.
 
-Alternatively use docker-secrets. As it may be difficult to use docker secrets for environment variables woodpecker allows to read sensible data from files by providing a `*_FILE` option of all sensible configuration variables. Woodpecker will try to read the value directly from this file. Keep in mind that when the original environment variable gets specified at the same time it will override the value read from the file.
+Alternatively use docker-secrets. As it may be difficult to use docker secrets for environment variables Woodpecker allows to read sensible data from files by providing a `*_FILE` option of all sensible configuration variables. Woodpecker will try to read the value directly from this file. Keep in mind that when the original environment variable gets specified at the same time it will override the value read from the file.
 
 ```diff title="docker-compose.yaml"
  version: '3'
@@ -477,7 +477,7 @@ Supported variables:
 
 > Default: empty
 
-List of addon files. See [addons](./75-addons/00-overview.md).
+List of addon files. See [addons](./75-addons/75-overview.md).
 
 ---