Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add dns config option to official feature set #4418

Merged
19 changes: 19 additions & 0 deletions docs/docs/20-usage/20-workflow-syntax.md
Original file line number Diff line number Diff line change
Expand Up @@ -763,6 +763,25 @@ Woodpecker supports to define multiple workflows for a repository. Those workflo

Workflows that should run even on failure should set the `runs_on` tag. See [here](./25-workflows.md#flow-control) for an example.

## Advanced network options for steps

:::warning
Only allowed if 'Trusted Network' option is enabled in repo settings by an admin.
:::

### `dns`

If the backend engine understands to change the dns server and lookup domain,
this options will be used to alter the default dns config to a custom one for a specific step.
6543 marked this conversation as resolved.
Show resolved Hide resolved

```yaml
steps:
- name: build
image: plugin/abc
dns: 1.2.3.4
dns_search: 'internal.company'
```

## Privileged mode

Woodpecker gives the ability to configure privileged mode in the YAML. You can use this parameter to launch containers with escalated capabilities.
Expand Down
10 changes: 10 additions & 0 deletions pipeline/backend/kubernetes/pod.go
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,16 @@ func podSpec(step *types.Step, config *config, options BackendOptions, nsp nativ
return spec, err
}

if len(step.DNS) != 0 || len(step.DNSSearch) != 0 {
spec.DNSConfig = &v1.PodDNSConfig{}
if len(step.DNS) != 0 {
spec.DNSConfig.Nameservers = step.DNS
}
if len(step.DNSSearch) != 0 {
spec.DNSConfig.Searches = step.DNSSearch
}
}

log.Trace().Msgf("using the image pull secrets: %v", config.ImagePullSecretNames)
spec.ImagePullSecrets = secretsReferences(config.ImagePullSecretNames)
if needsRegistrySecret(step) {
Expand Down
61 changes: 25 additions & 36 deletions pipeline/frontend/yaml/linter/schema/schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,20 @@
}
},
"definitions": {
"string_or_string_slice": {
"oneOf": [
{
"type": "array",
"minLength": 1,
"items": {
"type": "string"
}
},
{
"type": "string"
}
]
},
"clone": {
"description": "Configures the clone step. Read more: https://woodpecker-ci.org/docs/usage/workflow-syntax#clone",
"oneOf": [
Expand Down Expand Up @@ -294,18 +308,7 @@
},
"depends_on": {
"description": "Execute a step after another step has finished.",
"oneOf": [
{
"type": "array",
"minLength": 1,
"items": {
"type": "string"
}
},
{
"type": "string"
}
]
"$ref": "#/definitions/string_or_string_slice"
},
"detach": {
"description": "Detach a step to run in background until pipeline finishes. Read more: https://woodpecker-ci.org/docs/usage/services#detachment",
Expand All @@ -322,18 +325,15 @@
},
"entrypoint": {
"description": "Defines container entrypoint.",
"oneOf": [
{
"type": "array",
"minLength": 1,
"items": {
"type": "string"
}
},
{
"type": "string"
}
]
"$ref": "#/definitions/string_or_string_slice"
},
"dns": {
"description": "Change dns server for step. Only allowed if 'Trusted Network' option is enabled in repo settings by an admin. Read more: https://woodpecker-ci.org/docs/usage/workflow-syntax#dns",
6543 marked this conversation as resolved.
Show resolved Hide resolved
"$ref": "#/definitions/string_or_string_slice"
},
"dns_search": {
"description": "Change dns lookup domain for step. Only allowed if 'Trusted Network' option is enabled in repo settings by an admin. Read more: https://woodpecker-ci.org/docs/usage/workflow-syntax#dns",
6543 marked this conversation as resolved.
Show resolved Hide resolved
"$ref": "#/definitions/string_or_string_slice"
}
}
},
Expand Down Expand Up @@ -370,18 +370,7 @@
},
"depends_on": {
"description": "Execute a step after another step has finished.",
"oneOf": [
{
"type": "array",
"minLength": 1,
"items": {
"type": "string"
}
},
{
"type": "string"
}
]
"$ref": "#/definitions/string_or_string_slice"
},
"detach": {
"description": "Detach a step to run in background until pipeline finishes. Read more: https://woodpecker-ci.org/docs/usage/services#detachment",
Expand Down
47 changes: 27 additions & 20 deletions pipeline/frontend/yaml/types/container.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,20 +32,29 @@ type (

// Container defines a container.
Container struct {
BackendOptions map[string]any `yaml:"backend_options,omitempty"`
Commands base.StringOrSlice `yaml:"commands,omitempty"`
Entrypoint base.StringOrSlice `yaml:"entrypoint,omitempty"`
Detached bool `yaml:"detach,omitempty"`
Directory string `yaml:"directory,omitempty"`
Failure string `yaml:"failure,omitempty"`
Image string `yaml:"image,omitempty"`
Name string `yaml:"name,omitempty"`
Pull bool `yaml:"pull,omitempty"`
Settings map[string]any `yaml:"settings"`
Volumes Volumes `yaml:"volumes,omitempty"`
When constraint.When `yaml:"when,omitempty"`
Ports []string `yaml:"ports,omitempty"`
DependsOn base.StringOrSlice `yaml:"depends_on,omitempty"`
// common
Name string `yaml:"name,omitempty"`
Image string `yaml:"image,omitempty"`
Pull bool `yaml:"pull,omitempty"`
Commands base.StringOrSlice `yaml:"commands,omitempty"`
Entrypoint base.StringOrSlice `yaml:"entrypoint,omitempty"`
Directory string `yaml:"directory,omitempty"`
Settings map[string]any `yaml:"settings"`
// flow control
DependsOn base.StringOrSlice `yaml:"depends_on,omitempty"`
When constraint.When `yaml:"when,omitempty"`
Failure string `yaml:"failure,omitempty"`
Detached bool `yaml:"detach,omitempty"`
// state
Volumes Volumes `yaml:"volumes,omitempty"`
// network
Ports []string `yaml:"ports,omitempty"`
DNS base.StringOrSlice `yaml:"dns,omitempty"`
DNSSearch base.StringOrSlice `yaml:"dns_search,omitempty"`
// backend specific
BackendOptions map[string]any `yaml:"backend_options,omitempty"`

// ACTIVE DEVELOPMENT BELOW

// TODO: remove base.EnvironmentMap and use map[string]any after v3.0.0 release
Environment base.EnvironmentMap `yaml:"environment,omitempty"`
Expand All @@ -57,12 +66,10 @@ type (
Privileged bool `yaml:"privileged,omitempty"`

// Undocumented
Devices []string `yaml:"devices,omitempty"`
DNSSearch base.StringOrSlice `yaml:"dns_search,omitempty"`
DNS base.StringOrSlice `yaml:"dns,omitempty"`
ExtraHosts []string `yaml:"extra_hosts,omitempty"`
NetworkMode string `yaml:"network_mode,omitempty"`
Tmpfs []string `yaml:"tmpfs,omitempty"`
Devices []string `yaml:"devices,omitempty"`
ExtraHosts []string `yaml:"extra_hosts,omitempty"`
NetworkMode string `yaml:"network_mode,omitempty"`
Tmpfs []string `yaml:"tmpfs,omitempty"`
}
)

Expand Down