Closed smainz closed 5 months ago
Only database settings don't work, right? Do other (WOODPECKER_GRPC_SECRET_FILE
, WOODPECKER_AGENT_SECRET_FILE
, WOODPECKER_GITEA_CLIENT_FILE
, WOODPECKER_GITEA_SECRET_FILE
) settings work as intended?
the env var WOODPECKER_DATABASE_DATASOURCE is set in the Dockerfile and takes precedence
Yes, it is only the datasource, others work as expected.
I do not have an idea of what could be changed. The code uses a sqlite file relative to the executable, but this can not be used with docker, as yoiu can not mount a volume there.
I think we should process WOODPECKER_DATABASE_DATASOURCE_FILE
with higher priority than WOODPECKER_DATABASE_DATASOURCE
as it is supposed to be more secure. So, that is is not a documentation issue.
It looks like this is an upstream issue of https://github.com/urfave/cli because we're directly using the feature: https://github.com/woodpecker-ci/woodpecker/blob/4e44dd0e76b516685bc79af4885bcfb739720986/cmd/server/flags.go#L223
Yes, it is causes upstream, but I do not know if it can be called an issue.
If we change the Dockerfileto something like this:
RUN echo "/var/lib/woodpecker/woodpecker.sqlite" > /etc/woodpecker-datasource.conf
ENV WOODPECKER_DATABASE_DATASOURCE_FILE=/etc/woodpecker-datasource.conf
the problem should vanish.
If the user does set -e WOODPECKER_DATABASE_DATASOURCE...
this will take precedence and if he sets -e WOODPECKER_DATABASE_DATASOURCE_FILE...
it will overwrite the setting in the Dockerfile.
It looks like this is an upstream issue of https://github.com/urfave/cli because we're directly using the feature
But we get this flag from Env via os
package:
- FilePath: os.Getenv("WOODPECKER_DATABASE_DATASOURCE_FILE"),
+ FilePath: "/etc/mysql/password",
Also If EnvVars contains more than one string, the first environment variable that resolves is used.
But we get this flag from Env via os package:
Yes, I know, I mean we're using the FilePath
feature of urfave/cli.
Weird, then this should work :thinking: Or do I misunderstand something completely here?
Yeah, we need more ~gold~ tests :) There are no open issues about precedence. So, should work...
Precedence rules are different https://cli.urfave.org/v2/examples/flags/#precedence
Envelope var before file.
In my oppinion, the env var should take precedence to the content of some file.
The shorter the lifetime of a flag the higher the precedence. Rational: The user wants to override some argument for the next execution of a program without much hazzle.
So
Shall I post a PR for changing the Dockerfile?
Shall I post a PR for changing the Dockerfile?
Would be fine for me.
ah now i know where it did come from :D
please dont fix bugs in the wrong place ... this bugfix would e.g. not fix it for anything not using docker
(...yes it might not be a problem as that environments dont have preset things... but it still will exist)
Component
server, other
Describe the bug
Using this
docker-compose.yml
snippetdoes not pick up the datasource secrets from the file, but will try to use
/var/lib/woodpecker/woodpecker.sqlite
Log:
The reason is, that the env var
WOODPECKER_DATABASE_DATASOURCE
is set in the Dockerfile and takes precedence.To make it work one has to cancel this environment variable by using this:
Note: No equal sign behind
WOODPECKER_DATABASE_DATASOURCE
Had to find out the hard way.
Should this be documented in https://github.com/woodpecker-ci/woodpecker/blob/5e0ec973baea3be1c4f6514b2ce778bfc0c961d6/docs/docs/30-administration/10-server-config.md?plain=1#L66-L102
If you agree, that is is only a documentation issue, I will provide a PR.
System Info
Additional context
No response
Validations
next
version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]