Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve project settings descriptions #4410

Merged
merged 20 commits into from
Nov 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cli/lint/lint.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ var Command = &cli.Command{
&cli.StringSliceFlag{
Sources: cli.EnvVars("WOODPECKER_PLUGINS_TRUSTED_CLONE"),
Name: "plugins-trusted-clone",
Usage: "Plugins which are trusted to handle the netrc info in clone steps",
Usage: "Plugins which are trusted to handle Git credentials in clone steps",
Value: constant.TrustedClonePlugins,
},
&cli.BoolFlag{
Expand Down
2 changes: 1 addition & 1 deletion cmd/server/flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ var flags = append([]cli.Flag{
&cli.StringSliceFlag{
Sources: cli.EnvVars("WOODPECKER_PLUGINS_TRUSTED_CLONE"),
Name: "plugins-trusted-clone",
Usage: "Plugins which are trusted to handle the netrc info in clone steps",
Usage: "Plugins which are trusted to handle Git credentials in clone steps",
Value: constant.TrustedClonePlugins,
},
&cli.StringSliceFlag{
Expand Down
6 changes: 3 additions & 3 deletions docs/docs/20-usage/75-project-settings.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,12 +39,12 @@ Only server admins can set this option. If you are not a server admin this optio

:::

## Only inject netrc credentials into trusted clone plugins
## Only inject Git credentials into trusted clone plugins

The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`.
The clone step may require Git credentials (e.g. for private repos) which are injected via `netrc`.

By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`.
If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not.
If this option is disabled, the Git credentials are injected into every clone plugin, regardless of whether it is trusted or not.

:::note
This option has no effect on steps other than the clone step.
Expand Down
4 changes: 2 additions & 2 deletions docs/docs/30-administration/10-server-config.md
Original file line number Diff line number Diff line change
Expand Up @@ -396,8 +396,8 @@ You should specify the tag of your images too, as this enforces exact matches.

> Defaults are defined in [shared/constant/constant.go](https://github.com/woodpecker-ci/woodpecker/blob/main/shared/constant/constant.go)

Plugins which are trusted to handle the netrc info in clone steps.
If a clone step use an image not in this list, the netrc will not be injected and an user has to use other methods (e.g. secrets) to clone non public repos.
Plugins which are trusted to handle the Git credential info in clone steps.
If a clone step use an image not in this list, Git credentials will not be injected and users have to use other methods (e.g. secrets) to clone non-public repos.

You should specify the tag of your images too, as this enforces exact matches.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,12 @@ Only server admins can set this option. If you are not a server admin this optio

:::

### Only inject netrc credentials into trusted clone plugins
### Only inject Git credentials into trusted clone plugins

The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`.
The clone step may require Git credentials (e.g. for private repos) which are injected via `netrc`.

By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`.
If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not.
If this option is disabled, the Git credentials are injected into every clone plugin, regardless of whether it is trusted or not.

:::note
This option has no effect on steps other than the clone step.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,12 @@ Only server admins can set this option. If you are not a server admin this optio

:::

## Only inject netrc credentials into trusted clone plugins
## Only inject Git credentials into trusted clone plugins

The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`.
The clone step may require Git credentials (e.g. for private repos) which are injected via `netrc`.

By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`.
If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not.
If this option is disabled, the Git credentials are injected into every clone plugin, regardless of whether it is trusted or not.

:::note
This option has no effect on steps other than the clone step.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,12 @@ Only server admins can set this option. If you are not a server admin this optio

:::

## Only inject netrc credentials into trusted clone plugins
## Only inject Git credentials into trusted clone plugins

The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`.
The clone step may require Git credentials (e.g. for private repos) which are injected via `netrc`.

By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`.
If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not.
If this option is disabled, the Git credentials are injected into every clone plugin, regardless of whether it is trusted or not.

:::note
This option has no effect on steps other than the clone step.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,12 @@ Only server admins can set this option. If you are not a server admin this optio

:::

## Only inject netrc credentials into trusted clone plugins
## Only inject Git credentials into trusted clone plugins

The clone step may require git credentials (e.g. for private repos) which are injected via `netrc`.
The clone step may require Git credentials (e.g. for private repos) which are injected via `netrc`.

By default, they are only injected into trusted clone plugins listed in the env var `WOODPECKER_PLUGINS_TRUSTED_CLONE`.
If this option is disabled, the git credentials are injected into every clone plugin, regardless of whether it is trusted or not.
If this option is disabled, the Git credentials are injected into every clone plugin, regardless of whether it is trusted or not.

:::note
This option has no effect on steps other than the clone step.
Expand Down
36 changes: 18 additions & 18 deletions web/src/assets/locales/en.json
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,8 @@
"show_pipelines": "Show pipelines"
},
"deploy_pipeline": {
"title": "Trigger deployment event for current pipeline #{pipelineId}",
"enter_target": "Target deployment environment",
"title": "Trigger a 'deployment' event for current pipeline #{pipelineId}",
"enter_target": "Target 'deployment' environment",
"enter_task": "Deployment task",
"trigger": "Deploy",
"variables": {
Expand Down Expand Up @@ -88,7 +88,7 @@
"general": "General",
"project": "Project settings",
"save": "Save settings",
"success": "Repository settings updated",
"success": "Project settings updated",
"pipeline_path": {
"path": "Pipeline path",
"default": "By default: .woodpecker/*.{'{yaml,yml}'} -> .woodpecker.yaml -> .woodpecker.yml",
Expand All @@ -97,29 +97,29 @@
},
"allow_pr": {
"allow": "Allow Pull Requests",
"desc": "Pipelines can run on pull requests."
"desc": "Allow pipelines to run on pull requests."
},
"allow_deploy": {
"allow": "Allow deployments",
"desc": "Allow deployments from successful pipelines. Only use if you trust all users with push access."
"allow": "Allow 'deployment' events.",
"desc": "Permit 'deployment' runs for successful pipelines. All users with with push permissions can trigger these, so use with caution."
xoxys marked this conversation as resolved.
Show resolved Hide resolved
},
"netrc_only_trusted": {
"netrc_only_trusted": "Only inject netrc credentials into trusted clone plugins",
"desc": "If enabled, git netrc credentials are only available for trusted clone plugins set in `WOODPECKER_PLUGINS_TRUSTED_CLONE`. Otherwise, all clone plugins can use the netrc credentials. This option has no effect on non-clone steps."
"netrc_only_trusted": "Only inject git credentials into trusted clone plugins",
anbraten marked this conversation as resolved.
Show resolved Hide resolved
"desc": "When enabled, git credentials are accessible only to trusted clone plugins specified in WOODPECKER_PLUGINS_TRUSTED_CLONE. Otherwise, custom clone plugins can use git credentials. This setting has no affect on non-clone steps."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is actually only valid if we merge #4346

},
"trusted": {
"trusted": "Trusted",
"network": {
"network": "Network",
"desc": "Underlying pipeline containers get access to network privileges like changing DNS."
"desc": "Pipeline containers get access to network privileges like changing DNS."
},
"volumes": {
"volumes": "Volumes",
"desc": "Underlying pipeline containers get access to volume privileges."
"desc": "Pipeline containers are allowed to mount volumes."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, this is actually more. It also gives access to tmpfs and devices.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I just saw that these are undocumented, so that's fine then

},
"security": {
"security": "Security",
"desc": "Underlying pipeline containers get access to security privileges."
"desc": "Pipeline containers get access to security privileges."
}
},
"timeout": {
Expand All @@ -128,7 +128,7 @@
},
"cancel_prev": {
"cancel": "Cancel previous pipelines",
"desc": "Enable to cancel pending and running pipelines of the same event and context before starting the newly triggered one."
"desc": "Selected event triggers will cancel pending and running pipelines of the same event before starting the most recent one."
}
},
"crons": {
Expand Down Expand Up @@ -502,13 +502,13 @@
"access_denied": "You are not allowed to access this instance",
"invalid_state": "The OAuth state is invalid",
"require_approval": {
"require_approval_for": "Require approval for",
"none": "No approval required",
"none_desc": "This setting can be dangerous and should only be used on private forges where all users are trusted.",
"forks": "Pull request from forked repositories",
"desc": "Prevent malicious pipelines from exposing secrets or running harmful tasks by approving them before execution.",
"require_approval_for": "Approval requirements",
"none": "None",
"none_desc": "Every event triggers pipelines, including pull requests. This setting can be dangerous and is only recommended for private instances.",
"forks": "Pull request from forked repository",
xoxys marked this conversation as resolved.
Show resolved Hide resolved
"pull_requests": "All pull requests",
"all_events": "All events from forge",
"desc": "Prevent malicious pipelines from exposing secrets or running harmful tasks by approving them before execution."
"all_events": "All events from forge"
},
"all_repositories": "All repositories",
"no_search_results": "No results found"
Expand Down
4 changes: 2 additions & 2 deletions web/src/views/repo/settings/General.vue
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
<template>
<Settings :title="$t('repo.settings.general.general')">
<Settings :title="$t('repo.settings.general.project')">
<form v-if="repoSettings" class="flex flex-col" @submit.prevent="saveRepoSettings">
<InputField
docs-url="docs/usage/project-settings#project-settings-1"
:label="$t('repo.settings.general.project')"
:label="$t('repo.settings.general.general')"
>
<Checkbox
v-model="repoSettings.allow_pr"
Expand Down