From 4ac5fb07bf2ab64f0ade70d29a97b49c3f46bd96 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Tue, 16 Jul 2024 01:21:36 +0200 Subject: [PATCH 01/16] make sure plugins only mount the workspace base in a predefinde location --- docs/docs/20-usage/20-workflow-syntax.md | 8 ++++++- docs/docs/20-usage/51-plugins/51-overview.md | 2 ++ pipeline/frontend/yaml/compiler/compiler.go | 9 ++++---- pipeline/frontend/yaml/compiler/convert.go | 21 +++++++++++++++---- pipeline/frontend/yaml/compiler/option.go | 4 ++-- .../frontend/yaml/compiler/option_test.go | 4 ++-- 6 files changed, 35 insertions(+), 13 deletions(-) diff --git a/docs/docs/20-usage/20-workflow-syntax.md b/docs/docs/20-usage/20-workflow-syntax.md index 7b966fc48cd..2316f949523 100644 --- a/docs/docs/20-usage/20-workflow-syntax.md +++ b/docs/docs/20-usage/20-workflow-syntax.md @@ -518,7 +518,9 @@ For more details check the [services docs](./60-services.md). ## `workspace` -The workspace defines the shared volume and working directory shared by all workflow steps. The default workspace matches the pattern `/woodpecker/src/github.com/octocat/hello-world`, based on your repository URL. +The workspace defines the shared volume and working directory shared by all workflow steps. +The default workspace base is `/woodpecker/src` and the path is based on your repository URL. +So an example would be `/woodpecker/src/github.com/octocat/hello-world`. The workspace can be customized using the workspace block in the YAML file: @@ -535,6 +537,10 @@ The workspace can be customized using the workspace block in the YAML file: - go test ``` +:::note +plugins will always have the workspace base at `/woodpecker/src` +::: + The base attribute defines a shared base volume available to all steps. This ensures your source code, dependencies and compiled binaries are persisted and shared between steps. ```diff diff --git a/docs/docs/20-usage/51-plugins/51-overview.md b/docs/docs/20-usage/51-plugins/51-overview.md index ab8db3df371..0ee36dacaae 100644 --- a/docs/docs/20-usage/51-plugins/51-overview.md +++ b/docs/docs/20-usage/51-plugins/51-overview.md @@ -29,6 +29,8 @@ steps: ## Plugin Isolation Plugins are just pipeline steps. They share the build workspace, mounted as a volume, and therefore have access to your source tree. +While normal steps are all about arbitrary code execution, plugins should only allow the functions intendet by the plugin author. +So there are a few limitations, like the workspace base is always mounted at `/woodpecker/src`. ## Finding Plugins diff --git a/pipeline/frontend/yaml/compiler/compiler.go b/pipeline/frontend/yaml/compiler/compiler.go index 5db56651333..9525a3a12a2 100644 --- a/pipeline/frontend/yaml/compiler/compiler.go +++ b/pipeline/frontend/yaml/compiler/compiler.go @@ -16,6 +16,7 @@ package compiler import ( "fmt" + "path" backend_types "go.woodpecker-ci.org/woodpecker/v2/pipeline/backend/types" "go.woodpecker-ci.org/woodpecker/v2/pipeline/frontend/metadata" @@ -98,8 +99,8 @@ type Compiler struct { networks []string env map[string]string cloneEnv map[string]string - base string - path string + workspaceBase string + workspacePath string metadata metadata.Metadata registries []Registry secrets map[string]Secret @@ -156,10 +157,10 @@ func (c *Compiler) Compile(conf *yaml_types.Workflow) (*backend_types.Config, er // overrides the default workspace paths when specified // in the YAML file. if len(conf.Workspace.Base) != 0 { - c.base = conf.Workspace.Base + c.workspaceBase = path.Clean(conf.Workspace.Base) } if len(conf.Workspace.Path) != 0 { - c.path = conf.Workspace.Path + c.workspacePath = path.Clean(conf.Workspace.Path) } cloneImage := constant.DefaultCloneImage diff --git a/pipeline/frontend/yaml/compiler/convert.go b/pipeline/frontend/yaml/compiler/convert.go index 92d68fe45ff..1a1d8433a4f 100644 --- a/pipeline/frontend/yaml/compiler/convert.go +++ b/pipeline/frontend/yaml/compiler/convert.go @@ -30,6 +30,8 @@ import ( "go.woodpecker-ci.org/woodpecker/v2/pipeline/frontend/yaml/utils" ) +const pluginWorkspaceBase = "/woodpecker/src" + func (c *Compiler) createProcess(container *yaml_types.Container, stepType backend_types.StepType) (*backend_types.Step, error) { var ( uuid = ulid.Make() @@ -37,12 +39,18 @@ func (c *Compiler) createProcess(container *yaml_types.Container, stepType backe detached bool workingDir string - workspace = fmt.Sprintf("%s_default:%s", c.prefix, c.base) privileged = container.Privileged networkMode = container.NetworkMode // network = container.Network ) + workspaceBase := c.workspaceBase + if container.IsPlugin() { + // plugins have a predefined workspace base to not tamper with entrypoint executables + workspaceBase = pluginWorkspaceBase + } + workspaceVolume := fmt.Sprintf("%s_default:%s", c.prefix, workspaceBase) + networks := []backend_types.Conn{ { Name: fmt.Sprintf("%s_default", c.prefix), @@ -67,7 +75,7 @@ func (c *Compiler) createProcess(container *yaml_types.Container, stepType backe var volumes []string if !c.local { - volumes = append(volumes, workspace) + volumes = append(volumes, workspaceVolume) } volumes = append(volumes, c.volumes...) for _, volume := range container.Volumes.Volumes { @@ -78,12 +86,13 @@ func (c *Compiler) createProcess(container *yaml_types.Container, stepType backe environment := map[string]string{} maps.Copy(environment, c.env) - environment["CI_WORKSPACE"] = path.Join(c.base, c.path) + environment["CI_WORKSPACE"] = path.Join(workspaceBase, c.workspacePath) if stepType == backend_types.StepTypeService || container.Detached { detached = true } + // TODO: we do not need to limit this to container steps ... if !detached || len(container.Commands) != 0 { workingDir = c.stepWorkingDir(container) } @@ -222,7 +231,11 @@ func (c *Compiler) stepWorkingDir(container *yaml_types.Container) string { if path.IsAbs(container.Directory) { return container.Directory } - return path.Join(c.base, c.path, container.Directory) + base := c.workspaceBase + if container.IsPlugin() { + base = pluginWorkspaceBase + } + return path.Join(base, c.workspacePath, container.Directory) } func convertPort(portDef string) (backend_types.Port, error) { diff --git a/pipeline/frontend/yaml/compiler/option.go b/pipeline/frontend/yaml/compiler/option.go index d222ffaa905..dd2d558e5eb 100644 --- a/pipeline/frontend/yaml/compiler/option.go +++ b/pipeline/frontend/yaml/compiler/option.go @@ -97,8 +97,8 @@ func WithNetrc(username, password, machine string) Option { // plugin steps in the pipeline. func WithWorkspace(base, path string) Option { return func(compiler *Compiler) { - compiler.base = base - compiler.path = path + compiler.workspaceBase = base + compiler.workspacePath = path } } diff --git a/pipeline/frontend/yaml/compiler/option_test.go b/pipeline/frontend/yaml/compiler/option_test.go index 4f8e08e5d56..48ed13d4802 100644 --- a/pipeline/frontend/yaml/compiler/option_test.go +++ b/pipeline/frontend/yaml/compiler/option_test.go @@ -29,8 +29,8 @@ func TestWithWorkspace(t *testing.T) { "src/github.com/octocat/hello-world", ), ) - assert.Equal(t, "/pipeline", compiler.base) - assert.Equal(t, "src/github.com/octocat/hello-world", compiler.path) + assert.Equal(t, "/pipeline", compiler.workspaceBase) + assert.Equal(t, "src/github.com/octocat/hello-world", compiler.workspacePath) } func TestWithEscalated(t *testing.T) { From c6323cb1f7f4298dffe7b35d9f27e0e964f0f900 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Tue, 16 Jul 2024 13:11:39 +0200 Subject: [PATCH 02/16] clean unrelated --- pipeline/frontend/yaml/compiler/convert.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pipeline/frontend/yaml/compiler/convert.go b/pipeline/frontend/yaml/compiler/convert.go index 1a1d8433a4f..134589a4314 100644 --- a/pipeline/frontend/yaml/compiler/convert.go +++ b/pipeline/frontend/yaml/compiler/convert.go @@ -92,7 +92,6 @@ func (c *Compiler) createProcess(container *yaml_types.Container, stepType backe detached = true } - // TODO: we do not need to limit this to container steps ... if !detached || len(container.Commands) != 0 { workingDir = c.stepWorkingDir(container) } From bbcc1d15f6b2e4a4d0ecbd373f2f672fcba39bd2 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Tue, 16 Jul 2024 13:12:38 +0200 Subject: [PATCH 03/16] ci From f343a5004e59cf7138e7c83b7a628ab43ea62d83 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Tue, 16 Jul 2024 13:13:06 +0200 Subject: [PATCH 04/16] ci From 0e3cf81f5177c78caf8a3d490ece26f4f7ebde3f Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Tue, 16 Jul 2024 13:13:33 +0200 Subject: [PATCH 05/16] ci From 6606d4f16268b1ac86dc167f3898c827f7be25dd Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Tue, 16 Jul 2024 15:03:04 +0200 Subject: [PATCH 06/16] adjust tests --- pipeline/frontend/yaml/compiler/compiler_test.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pipeline/frontend/yaml/compiler/compiler_test.go b/pipeline/frontend/yaml/compiler/compiler_test.go index 41e055b366d..40ae8c0c360 100644 --- a/pipeline/frontend/yaml/compiler/compiler_test.go +++ b/pipeline/frontend/yaml/compiler/compiler_test.go @@ -92,7 +92,8 @@ func TestCompilerCompile(t *testing.T) { Image: constant.DefaultCloneImage, OnSuccess: true, Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":"}, + Volumes: []string{defaultVolumes[0].Name + ":/woodpecker/src"}, + WorkingDir: "/woodpecker/src", Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"clone"}}}, ExtraHosts: []backend_types.HostAlias{}, }}, @@ -137,7 +138,7 @@ func TestCompilerCompile(t *testing.T) { Image: "dummy_img", OnSuccess: true, Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":"}, + Volumes: []string{defaultVolumes[0].Name + ":/woodpecker/src"}, Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"dummy"}}}, ExtraHosts: []backend_types.HostAlias{}, }}, From 393286eb46940f9ae0ce912447fa090fab11640c Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Tue, 16 Jul 2024 15:21:58 +0200 Subject: [PATCH 07/16] add missed one --- pipeline/frontend/yaml/compiler/compiler_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pipeline/frontend/yaml/compiler/compiler_test.go b/pipeline/frontend/yaml/compiler/compiler_test.go index 40ae8c0c360..3e3873dbfaa 100644 --- a/pipeline/frontend/yaml/compiler/compiler_test.go +++ b/pipeline/frontend/yaml/compiler/compiler_test.go @@ -139,6 +139,7 @@ func TestCompilerCompile(t *testing.T) { OnSuccess: true, Failure: "fail", Volumes: []string{defaultVolumes[0].Name + ":/woodpecker/src"}, + WorkingDir: "/woodpecker/src", Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"dummy"}}}, ExtraHosts: []backend_types.HostAlias{}, }}, From 029482b36b9b1eb7d248ec68c83581c48bdad54f Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Tue, 16 Jul 2024 17:07:23 +0200 Subject: [PATCH 08/16] make pluginWorkspaceBase same value as defaultWorkspaceBase --- docs/docs/20-usage/20-workflow-syntax.md | 4 ++-- docs/docs/20-usage/51-plugins/51-overview.md | 2 +- pipeline/frontend/yaml/compiler/convert.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/docs/20-usage/20-workflow-syntax.md b/docs/docs/20-usage/20-workflow-syntax.md index 2316f949523..6fc4efc1a56 100644 --- a/docs/docs/20-usage/20-workflow-syntax.md +++ b/docs/docs/20-usage/20-workflow-syntax.md @@ -519,7 +519,7 @@ For more details check the [services docs](./60-services.md). ## `workspace` The workspace defines the shared volume and working directory shared by all workflow steps. -The default workspace base is `/woodpecker/src` and the path is based on your repository URL. +The default workspace base is `/woodpecker` and the path is based on your repository URL. So an example would be `/woodpecker/src/github.com/octocat/hello-world`. The workspace can be customized using the workspace block in the YAML file: @@ -538,7 +538,7 @@ The workspace can be customized using the workspace block in the YAML file: ``` :::note -plugins will always have the workspace base at `/woodpecker/src` +plugins will always have the workspace base at `/woodpecker` ::: The base attribute defines a shared base volume available to all steps. This ensures your source code, dependencies and compiled binaries are persisted and shared between steps. diff --git a/docs/docs/20-usage/51-plugins/51-overview.md b/docs/docs/20-usage/51-plugins/51-overview.md index 0ee36dacaae..867e892cd0a 100644 --- a/docs/docs/20-usage/51-plugins/51-overview.md +++ b/docs/docs/20-usage/51-plugins/51-overview.md @@ -30,7 +30,7 @@ steps: Plugins are just pipeline steps. They share the build workspace, mounted as a volume, and therefore have access to your source tree. While normal steps are all about arbitrary code execution, plugins should only allow the functions intendet by the plugin author. -So there are a few limitations, like the workspace base is always mounted at `/woodpecker/src`. +So there are a few limitations, like the workspace base is always mounted at `/woodpecker`. ## Finding Plugins diff --git a/pipeline/frontend/yaml/compiler/convert.go b/pipeline/frontend/yaml/compiler/convert.go index 134589a4314..cd6b4f2acbe 100644 --- a/pipeline/frontend/yaml/compiler/convert.go +++ b/pipeline/frontend/yaml/compiler/convert.go @@ -30,7 +30,7 @@ import ( "go.woodpecker-ci.org/woodpecker/v2/pipeline/frontend/yaml/utils" ) -const pluginWorkspaceBase = "/woodpecker/src" +const pluginWorkspaceBase = "/woodpecker" func (c *Compiler) createProcess(container *yaml_types.Container, stepType backend_types.StepType) (*backend_types.Step, error) { var ( From 47fd9554fafc3c1a8cd2c8bea92ff955f85e29b0 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Tue, 16 Jul 2024 17:07:51 +0200 Subject: [PATCH 09/16] make TestCompilerCompile reflect more real world usage --- .../frontend/yaml/compiler/compiler_test.go | 30 ++++++++++++------- server/pipeline/stepbuilder/stepBuilder.go | 4 ++- 2 files changed, 22 insertions(+), 12 deletions(-) diff --git a/pipeline/frontend/yaml/compiler/compiler_test.go b/pipeline/frontend/yaml/compiler/compiler_test.go index 3e3873dbfaa..b8cba8dcc57 100644 --- a/pipeline/frontend/yaml/compiler/compiler_test.go +++ b/pipeline/frontend/yaml/compiler/compiler_test.go @@ -61,13 +61,14 @@ func TestSecretAvailable(t *testing.T) { } func TestCompilerCompile(t *testing.T) { + repoURL := "https://github.com/octocat/hello-world" compiler := New( WithMetadata(metadata.Metadata{ Repo: metadata.Repo{ Owner: "octacat", Name: "hello-world", Private: true, - ForgeURL: "https://github.com/octocat/hello-world", + ForgeURL: repoURL, CloneURL: "https://github.com/octocat/hello-world.git", }, }), @@ -76,6 +77,7 @@ func TestCompilerCompile(t *testing.T) { "COLORED": "true", }), WithPrefix("test"), + WithWorkspaceFromURL("/test", repoURL), ) defaultNetworks := []*backend_types.Network{{ @@ -92,8 +94,8 @@ func TestCompilerCompile(t *testing.T) { Image: constant.DefaultCloneImage, OnSuccess: true, Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":/woodpecker/src"}, - WorkingDir: "/woodpecker/src", + Volumes: []string{defaultVolumes[0].Name + ":/woodpecker"}, + WorkingDir: "/woodpecker/src/github.com/octocat/hello-world", Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"clone"}}}, ExtraHosts: []backend_types.HostAlias{}, }}, @@ -138,8 +140,8 @@ func TestCompilerCompile(t *testing.T) { Image: "dummy_img", OnSuccess: true, Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":/woodpecker/src"}, - WorkingDir: "/woodpecker/src", + Volumes: []string{defaultVolumes[0].Name + ":/woodpecker"}, + WorkingDir: "/woodpecker/src/github.com/octocat/hello-world", Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"dummy"}}}, ExtraHosts: []backend_types.HostAlias{}, }}, @@ -174,7 +176,8 @@ func TestCompilerCompile(t *testing.T) { Commands: []string{"env"}, OnSuccess: true, Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":"}, + Volumes: []string{defaultVolumes[0].Name + ":/test"}, + WorkingDir: "/test/src/github.com/octocat/hello-world", Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"echo env"}}}, ExtraHosts: []backend_types.HostAlias{}, }}, @@ -186,7 +189,8 @@ func TestCompilerCompile(t *testing.T) { Commands: []string{"echo 1"}, OnSuccess: true, Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":"}, + Volumes: []string{defaultVolumes[0].Name + ":/test"}, + WorkingDir: "/test/src/github.com/octocat/hello-world", Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"parallel echo 1"}}}, ExtraHosts: []backend_types.HostAlias{}, }, { @@ -196,7 +200,8 @@ func TestCompilerCompile(t *testing.T) { Commands: []string{"echo 2"}, OnSuccess: true, Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":"}, + Volumes: []string{defaultVolumes[0].Name + ":/test"}, + WorkingDir: "/test/src/github.com/octocat/hello-world", Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"parallel echo 2"}}}, ExtraHosts: []backend_types.HostAlias{}, }}, @@ -230,7 +235,8 @@ func TestCompilerCompile(t *testing.T) { Commands: []string{"env"}, OnSuccess: true, Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":"}, + Volumes: []string{defaultVolumes[0].Name + ":/test"}, + WorkingDir: "/test/src/github.com/octocat/hello-world", Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"echo env"}}}, ExtraHosts: []backend_types.HostAlias{}, }, { @@ -240,7 +246,8 @@ func TestCompilerCompile(t *testing.T) { Commands: []string{"echo 2"}, OnSuccess: true, Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":"}, + Volumes: []string{defaultVolumes[0].Name + ":/test"}, + WorkingDir: "/test/src/github.com/octocat/hello-world", Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"echo 2"}}}, ExtraHosts: []backend_types.HostAlias{}, }}, @@ -252,7 +259,8 @@ func TestCompilerCompile(t *testing.T) { Commands: []string{"echo 1"}, OnSuccess: true, Failure: "fail", - Volumes: []string{defaultVolumes[0].Name + ":"}, + Volumes: []string{defaultVolumes[0].Name + ":/test"}, + WorkingDir: "/test/src/github.com/octocat/hello-world", Networks: []backend_types.Conn{{Name: "test_default", Aliases: []string{"echo 1"}}}, ExtraHosts: []backend_types.HostAlias{}, }}, diff --git a/server/pipeline/stepbuilder/stepBuilder.go b/server/pipeline/stepbuilder/stepBuilder.go index 586fad595c2..2bd7c6239d7 100644 --- a/server/pipeline/stepbuilder/stepBuilder.go +++ b/server/pipeline/stepbuilder/stepBuilder.go @@ -38,6 +38,8 @@ import ( "go.woodpecker-ci.org/woodpecker/v2/server/model" ) +const defaultWorkspaceBase = "/woodpecker" + // StepBuilder Takes the hook data and the yaml and returns in internal data model. type StepBuilder struct { Repo *model.Repo @@ -291,7 +293,7 @@ func (b *StepBuilder) toInternalRepresentation(parsed *yaml_types.Workflow, envi ), ), compiler.WithProxy(b.ProxyOpts), - compiler.WithWorkspaceFromURL("/woodpecker", b.Repo.ForgeURL), + compiler.WithWorkspaceFromURL(defaultWorkspaceBase, b.Repo.ForgeURL), compiler.WithMetadata(metadata), compiler.WithTrusted(b.Repo.IsTrusted), compiler.WithNetrcOnlyTrusted(b.Repo.NetrcOnlyTrusted), From a675efef0a279fdcfb6a8427767e3fb24c7f812d Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Tue, 16 Jul 2024 17:13:24 +0200 Subject: [PATCH 10/16] better plugin docs --- docs/docs/20-usage/20-workflow-syntax.md | 2 +- docs/docs/20-usage/51-plugins/51-overview.md | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/docs/20-usage/20-workflow-syntax.md b/docs/docs/20-usage/20-workflow-syntax.md index 6fc4efc1a56..455463139d0 100644 --- a/docs/docs/20-usage/20-workflow-syntax.md +++ b/docs/docs/20-usage/20-workflow-syntax.md @@ -519,7 +519,7 @@ For more details check the [services docs](./60-services.md). ## `workspace` The workspace defines the shared volume and working directory shared by all workflow steps. -The default workspace base is `/woodpecker` and the path is based on your repository URL. +The default workspace base is `/woodpecker` and the path is asembled by the repository URL (`src/{url-without-schema}`). So an example would be `/woodpecker/src/github.com/octocat/hello-world`. The workspace can be customized using the workspace block in the YAML file: diff --git a/docs/docs/20-usage/51-plugins/51-overview.md b/docs/docs/20-usage/51-plugins/51-overview.md index 867e892cd0a..194f8844dce 100644 --- a/docs/docs/20-usage/51-plugins/51-overview.md +++ b/docs/docs/20-usage/51-plugins/51-overview.md @@ -30,7 +30,10 @@ steps: Plugins are just pipeline steps. They share the build workspace, mounted as a volume, and therefore have access to your source tree. While normal steps are all about arbitrary code execution, plugins should only allow the functions intendet by the plugin author. -So there are a few limitations, like the workspace base is always mounted at `/woodpecker`. + +So there are a few limitations, like the workspace base is always mounted at `/woodpecker`, but the working directory is dynamically adjusted acordingly. So as user of a plugin you should not have to care about this. + +Also instead of using environment variables the plugin should only care about one prefixed with `PLUGIN_` witch are the internaml representation of the **settings** ([read more](./20-creating-plugins.md)). ## Finding Plugins From b4170acf883e59386fbe71cccf57fd271f81026d Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Thu, 18 Jul 2024 15:01:31 +0200 Subject: [PATCH 11/16] update docs --- .../version-2.7/20-usage/20-workflow-syntax.md | 8 +++++++- .../version-2.7/20-usage/51-plugins/51-overview.md | 5 +++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/docs/versioned_docs/version-2.7/20-usage/20-workflow-syntax.md b/docs/versioned_docs/version-2.7/20-usage/20-workflow-syntax.md index 0478c9de4ec..5265507b1ba 100644 --- a/docs/versioned_docs/version-2.7/20-usage/20-workflow-syntax.md +++ b/docs/versioned_docs/version-2.7/20-usage/20-workflow-syntax.md @@ -523,7 +523,9 @@ For more details check the [services docs](./60-services.md). ## `workspace` -The workspace defines the shared volume and working directory shared by all workflow steps. The default workspace matches the pattern `/woodpecker/src/github.com/octocat/hello-world`, based on your repository URL. +The workspace defines the shared volume and working directory shared by all workflow steps. +The default workspace base is `/woodpecker` and the path is asembled by the repository URL (`src/{url-without-schema}`). +So an example would be `/woodpecker/src/github.com/octocat/hello-world`. The workspace can be customized using the workspace block in the YAML file: @@ -540,6 +542,10 @@ The workspace can be customized using the workspace block in the YAML file: - go test ``` +:::note +plugins will always have the workspace base at `/woodpecker` +::: + The base attribute defines a shared base volume available to all steps. This ensures your source code, dependencies and compiled binaries are persisted and shared between steps. ```diff diff --git a/docs/versioned_docs/version-2.7/20-usage/51-plugins/51-overview.md b/docs/versioned_docs/version-2.7/20-usage/51-plugins/51-overview.md index 97df1d651db..b9f0953c3ed 100644 --- a/docs/versioned_docs/version-2.7/20-usage/51-plugins/51-overview.md +++ b/docs/versioned_docs/version-2.7/20-usage/51-plugins/51-overview.md @@ -47,6 +47,11 @@ steps: ## Plugin Isolation Plugins are just pipeline steps. They share the build workspace, mounted as a volume, and therefore have access to your source tree. +While normal steps are all about arbitrary code execution, plugins should only allow the functions intendet by the plugin author. + +So there are a few limitations, like the workspace base is always mounted at `/woodpecker`, but the working directory is dynamically adjusted acordingly. So as user of a plugin you should not have to care about this. + +Also instead of using environment variables the plugin should only care about one prefixed with `PLUGIN_` witch are the internaml representation of the **settings** ([read more](./20-creating-plugins.md)). ## Finding Plugins From be2158eeccdc844e967c384247d6d7288a3cb84d Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Thu, 18 Jul 2024 21:22:05 +0200 Subject: [PATCH 12/16] Update docs/docs/20-usage/20-workflow-syntax.md Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> --- docs/docs/20-usage/20-workflow-syntax.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/20-usage/20-workflow-syntax.md b/docs/docs/20-usage/20-workflow-syntax.md index 5265507b1ba..d04240ac53a 100644 --- a/docs/docs/20-usage/20-workflow-syntax.md +++ b/docs/docs/20-usage/20-workflow-syntax.md @@ -524,7 +524,7 @@ For more details check the [services docs](./60-services.md). ## `workspace` The workspace defines the shared volume and working directory shared by all workflow steps. -The default workspace base is `/woodpecker` and the path is asembled by the repository URL (`src/{url-without-schema}`). +The default workspace base is `/woodpecker` and the path is extended with the repository URL (`src/{url-without-schema}`). So an example would be `/woodpecker/src/github.com/octocat/hello-world`. The workspace can be customized using the workspace block in the YAML file: From c19d774c15bf7118d70d4900e04d8bb2a5f4ab89 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Thu, 18 Jul 2024 21:24:15 +0200 Subject: [PATCH 13/16] Apply suggestions from code review Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> --- docs/docs/20-usage/20-workflow-syntax.md | 2 +- docs/docs/20-usage/51-plugins/51-overview.md | 2 +- .../versioned_docs/version-2.7/20-usage/20-workflow-syntax.md | 4 ++-- .../version-2.7/20-usage/51-plugins/51-overview.md | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/docs/20-usage/20-workflow-syntax.md b/docs/docs/20-usage/20-workflow-syntax.md index d04240ac53a..3aac2176ac4 100644 --- a/docs/docs/20-usage/20-workflow-syntax.md +++ b/docs/docs/20-usage/20-workflow-syntax.md @@ -543,7 +543,7 @@ The workspace can be customized using the workspace block in the YAML file: ``` :::note -plugins will always have the workspace base at `/woodpecker` +Plugins will always have the workspace base at `/woodpecker` ::: The base attribute defines a shared base volume available to all steps. This ensures your source code, dependencies and compiled binaries are persisted and shared between steps. diff --git a/docs/docs/20-usage/51-plugins/51-overview.md b/docs/docs/20-usage/51-plugins/51-overview.md index b9f0953c3ed..2e76f0fecdc 100644 --- a/docs/docs/20-usage/51-plugins/51-overview.md +++ b/docs/docs/20-usage/51-plugins/51-overview.md @@ -47,7 +47,7 @@ steps: ## Plugin Isolation Plugins are just pipeline steps. They share the build workspace, mounted as a volume, and therefore have access to your source tree. -While normal steps are all about arbitrary code execution, plugins should only allow the functions intendet by the plugin author. +While normal steps are all about arbitrary code execution, plugins should only allow the functions intended by the plugin author. So there are a few limitations, like the workspace base is always mounted at `/woodpecker`, but the working directory is dynamically adjusted acordingly. So as user of a plugin you should not have to care about this. diff --git a/docs/versioned_docs/version-2.7/20-usage/20-workflow-syntax.md b/docs/versioned_docs/version-2.7/20-usage/20-workflow-syntax.md index 5265507b1ba..3aac2176ac4 100644 --- a/docs/versioned_docs/version-2.7/20-usage/20-workflow-syntax.md +++ b/docs/versioned_docs/version-2.7/20-usage/20-workflow-syntax.md @@ -524,7 +524,7 @@ For more details check the [services docs](./60-services.md). ## `workspace` The workspace defines the shared volume and working directory shared by all workflow steps. -The default workspace base is `/woodpecker` and the path is asembled by the repository URL (`src/{url-without-schema}`). +The default workspace base is `/woodpecker` and the path is extended with the repository URL (`src/{url-without-schema}`). So an example would be `/woodpecker/src/github.com/octocat/hello-world`. The workspace can be customized using the workspace block in the YAML file: @@ -543,7 +543,7 @@ The workspace can be customized using the workspace block in the YAML file: ``` :::note -plugins will always have the workspace base at `/woodpecker` +Plugins will always have the workspace base at `/woodpecker` ::: The base attribute defines a shared base volume available to all steps. This ensures your source code, dependencies and compiled binaries are persisted and shared between steps. diff --git a/docs/versioned_docs/version-2.7/20-usage/51-plugins/51-overview.md b/docs/versioned_docs/version-2.7/20-usage/51-plugins/51-overview.md index b9f0953c3ed..2e76f0fecdc 100644 --- a/docs/versioned_docs/version-2.7/20-usage/51-plugins/51-overview.md +++ b/docs/versioned_docs/version-2.7/20-usage/51-plugins/51-overview.md @@ -47,7 +47,7 @@ steps: ## Plugin Isolation Plugins are just pipeline steps. They share the build workspace, mounted as a volume, and therefore have access to your source tree. -While normal steps are all about arbitrary code execution, plugins should only allow the functions intendet by the plugin author. +While normal steps are all about arbitrary code execution, plugins should only allow the functions intended by the plugin author. So there are a few limitations, like the workspace base is always mounted at `/woodpecker`, but the working directory is dynamically adjusted acordingly. So as user of a plugin you should not have to care about this. From d2d7d2d63c0af92a5648a26bf4c372bad588c304 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Thu, 18 Jul 2024 21:28:58 +0200 Subject: [PATCH 14/16] refactor --- pipeline/frontend/yaml/compiler/convert.go | 7 ++++++- server/pipeline/stepbuilder/stepBuilder.go | 4 +--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/pipeline/frontend/yaml/compiler/convert.go b/pipeline/frontend/yaml/compiler/convert.go index 068ce6a03d7..00f96086569 100644 --- a/pipeline/frontend/yaml/compiler/convert.go +++ b/pipeline/frontend/yaml/compiler/convert.go @@ -30,7 +30,12 @@ import ( "go.woodpecker-ci.org/woodpecker/v2/pipeline/frontend/yaml/utils" ) -const pluginWorkspaceBase = "/woodpecker" +const ( + // The pluginWorkspaceBase should not be changed, only if you are sure what you do. + pluginWorkspaceBase = "/woodpecker" + // DefaultWorkspaceBase is set if not altered by the user. + DefaultWorkspaceBase = pluginWorkspaceBase +) func (c *Compiler) createProcess(container *yaml_types.Container, stepType backend_types.StepType) (*backend_types.Step, error) { var ( diff --git a/server/pipeline/stepbuilder/stepBuilder.go b/server/pipeline/stepbuilder/stepBuilder.go index 2bd7c6239d7..593ff0fc1a9 100644 --- a/server/pipeline/stepbuilder/stepBuilder.go +++ b/server/pipeline/stepbuilder/stepBuilder.go @@ -38,8 +38,6 @@ import ( "go.woodpecker-ci.org/woodpecker/v2/server/model" ) -const defaultWorkspaceBase = "/woodpecker" - // StepBuilder Takes the hook data and the yaml and returns in internal data model. type StepBuilder struct { Repo *model.Repo @@ -293,7 +291,7 @@ func (b *StepBuilder) toInternalRepresentation(parsed *yaml_types.Workflow, envi ), ), compiler.WithProxy(b.ProxyOpts), - compiler.WithWorkspaceFromURL(defaultWorkspaceBase, b.Repo.ForgeURL), + compiler.WithWorkspaceFromURL(compiler.DefaultWorkspaceBase, b.Repo.ForgeURL), compiler.WithMetadata(metadata), compiler.WithTrusted(b.Repo.IsTrusted), compiler.WithNetrcOnlyTrusted(b.Repo.NetrcOnlyTrusted), From 0b2c8e343b7445974b2493cae9d34bed7c54b273 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Thu, 18 Jul 2024 21:32:33 +0200 Subject: [PATCH 15/16] document why a test value was set --- pipeline/frontend/yaml/compiler/compiler_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pipeline/frontend/yaml/compiler/compiler_test.go b/pipeline/frontend/yaml/compiler/compiler_test.go index b8cba8dcc57..6aac45c6674 100644 --- a/pipeline/frontend/yaml/compiler/compiler_test.go +++ b/pipeline/frontend/yaml/compiler/compiler_test.go @@ -77,6 +77,7 @@ func TestCompilerCompile(t *testing.T) { "COLORED": "true", }), WithPrefix("test"), + // we use "/test" as custom workspace base to ensure the enforcement of the pluginWorkspaceBase is applyed WithWorkspaceFromURL("/test", repoURL), ) From dddc5ad7665b82982bb264fc05c55473bf674906 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Thu, 18 Jul 2024 21:34:25 +0200 Subject: [PATCH 16/16] Update pipeline/frontend/yaml/compiler/compiler_test.go Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> --- pipeline/frontend/yaml/compiler/compiler_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pipeline/frontend/yaml/compiler/compiler_test.go b/pipeline/frontend/yaml/compiler/compiler_test.go index 6aac45c6674..d391b5506ee 100644 --- a/pipeline/frontend/yaml/compiler/compiler_test.go +++ b/pipeline/frontend/yaml/compiler/compiler_test.go @@ -77,7 +77,7 @@ func TestCompilerCompile(t *testing.T) { "COLORED": "true", }), WithPrefix("test"), - // we use "/test" as custom workspace base to ensure the enforcement of the pluginWorkspaceBase is applyed + // we use "/test" as custom workspace base to ensure the enforcement of the pluginWorkspaceBase is applied WithWorkspaceFromURL("/test", repoURL), )