-
-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configuration Extension #783
Comments
There isn't something similar like the config plugin / endpoint for WP yet. #53 requested something similar some time ago. So having such a feature would be awesome. There are two things I am not quite sure about yet:
Sorry for this speech 🙈 tldr: I would currently propose adding an option to the repo settings (UI) which allows to add extensions which are simply http endpoints receiving the config and sending back an adjusted config and adding a server option to set allowed ip-subnets for the external calls to prevent internal network attacks. |
Hey @anbraten, great inputs But I also like the idea of providing repo level customization of the feature from repo settings. Generally: why not have both? The globally configured system would still be able to overrule everything, while the entry in repo settings would overrule the yaml file provided by the repo I also think that providing a rest endpoint solution is much simpler than any kind of template... The final question is how the security aspect can be handled best. Drone uses a token sent to the external service to authenticate there. When using https and normal certificate verification the drone server itself should be able to verify that it has hit the correct server. I think we could just add a second field to the repo settings that would allow to set something like a Bearer Token on the request ? So I guess there is my speech =D Let me know what you think, I am quite motivated to make a PR for this in the course of the next 2 weekends and play a little bit with it :-) |
Sounds great. Having a global option overriding the per repo settings for those endpoint sounds fine to me. For security I like your approach of having a Bearer Token, similar to how Github, Gitea, etc have it for their webhook settings. Just start with the implementation part you like most 😉 and please feel free to ask again if something is unclear or if you need any help. |
Hm... when setting up my testsetup I hit a weird issue, maybe you can give a quick tipp.... I am running agent and server on my M1 mac, all good, connecting to my own gitea instance at git.lbsfilm.at, using a ssh tunnel to get the webhook back to my local... all good... I could not get pipelines to run though, they would keep getting stuck in pending. I realized that I can make them run by commenting out the worker filtering on the server side in server/queue/fifio.go When I do that it runs fine... but why would it not execute otherwise ? The filter created by the agent looks like this: {map[platform:darwin/amd64] } My Pipeline:
I also tried adding
Same result... I am using current master, any Ideas ? Some logs from the server: Failed task 25 ([]) - map[] (I did added a else to the filter function that logs the task)
ServerConfig:
Agent Config:
I also noticed this message every now and then on the agent 5:58PM TRC grpc: to many keepalive pings without sending data error="rpc error: code = Unavailable desc = closing transport due to: connection error: desc = "error reading from server: EOF", received prior goaway: code: ENHANCE_YOUR_CALM, debug data: "too_many_pings"" But I guess that is fine, it does work correctly when I skip the filter on the server... Maybe you can spot my issue easily ? Otherwise I will keep digging... |
Hm ok... tracked it down to the SetPlatform function that defaults to linux/amd64 when the pipeline does not set a value.... feels a little strange... maybe it would make more sense to loosen the match in the filter function and not provide a default ? |
I absolutley agree that we should not use a specific arch as fallback. |
Ok, I can make that a separate PR Another question: When using drone I found it useful that the build config would get fetched again from the rest endpoint when I restarted an existing build. This allowed me to fix bugs in configuration and then rerunning ci without having to push a new change or tag to the actual repository... When implementing my change here I found that the retrieved config is stored into the database for "for historical correctness, restarts, etc" to quote the comments... What do you think ? On a pipeline restart should the config get reloaded from the endpoint or should the stored one be used ? |
👍🏾 For the other question I would suggest following way: Save repo config as is to database (like we currently do) => after that send config to endpoint and execute the return. For restarting we should be able to simply fetch the stored config from db again, send it to the endpoint again and executed it after that. Only problem that we need to think about is how we show the actual config in the UI. |
Clear and concise description of the problem
Drone uses a env var called DRONE_YAML_ENDPOINT to specify a rest service that can override the default pipeline config before a run is executed. this enables management of multiple repos that need to run the same configuration and centralized configuration of pipelines for repositories in a organisation.
Suggested solution
My Question is: does woodpecker already support something like this ? the closest I have found so fare was the Gating Service, but there is no documentation on it yet and it seems to only allow for prohibiting runs...
Else I am also happy to work on a contribution PR here myself :-) My solution would be to match drones current way of dealing with the problem, providing a new endpoint that will be fetched via http, using a token based authentication flow and retrieving a new yaml "override" configuration
Awesome Project btw, keep up the great work!!!
Alternative
No response
Additional context
No response
Validations
The text was updated successfully, but these errors were encountered: