search

woodpecker-ci / woodpecker

Woodpecker is a simple, yet powerful CI/CD engine with great extensibility.
https://woodpecker-ci.org
Apache License 2.0
4.07k stars 353 forks source link

Trusted option is missing for the repository #795

Closed rajasekhar-gundala closed 2 years ago

rajasekhar-gundala commented 2 years ago

Component

server, web-ui

Describe the bug

The "Trusted" option is missing under Project settings for the repository. I can see only "Allow Pull Requests" and "Protected".

image

System Info

I am using Caddy Server in front of Woodpecker and Gitea.

Docker Compose

version: "3.7"

services:
  woodpecker-server:
    image: woodpeckerci/woodpecker-server:latest
    volumes:
      - /localvolume:/var/lib/woodpecker/
    environment:
      - WOODPECKER_OPEN=true
      - WOODPECKER_HOST=https://woodpecker.example.com
      - WOODPECKER_GITEA=true
      - WOODPECKER_GITEA_CLIENT=client id
      - WOODPECKER_GITEA_SECRET=secret
      - WOODPECKER_GITEA_URL=https://gitea.example.com
      - WOODPECKER_AGENT_SECRET=agent secret
    networks:
      - caddy
    ports:
      - "8000:8000"
    deploy:
      placement:
        constraints: [node.role == worker]
      replicas: 1
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure

  woodpecker-agent:
    image: woodpeckerci/woodpecker-agent:latest
    command: agent
    depends_on:
      - woodpecker-server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - WOODPECKER_SERVER=woodpecker-server:9000
      - WOODPECKER_AGENT_SECRET=agent secret
      - WOODPECKER_MAX_PROCS=10
    networks:
      - caddy
    deploy:
      placement:
        constraints: [node.role == worker]
      replicas: 1
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure
volumes:
  localvolume:
    driver: "local"
networks:
  caddy:
    external: true

Caddyfile

{
    email you@example.com
    cert_issuer acme
    # Production acme directory
    acme_ca https://acme-v02.api.letsencrypt.org/directory
    # Staging acme directory
    #acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
    servers {
        protocol {
            experimental_http3
            allow_h2c
            strict_sni_host
        }
        max_header_size 16384
    }
}

woodpecker.example.com {
    root * /var/lib/woodpecker
    encode gzip zstd
    reverse_proxy woodpecker-server:8000
}

Additional context

No response

Validations

wxiaoguang commented 2 years ago

You should set a user as admin in woodpecker server.

https://woodpecker-ci.org/docs/administration/server-config#administrators

Only admin can set the trusted repo.

Indeed, I believe it's a UI or document problem, most people do not know this trick (it is not obvious and can not be found easliy, no guide on UI)

anbraten commented 2 years ago

I will try to add some hints to the docs at the places it describes the trusted option (https://woodpecker-ci.org/docs/usage/project-settings#trusted).

@rajaseg Where did you found the trusted option? Was it at the place I linked above?

wxiaoguang commented 2 years ago

Also maybe there are some logs about trusted concept? IIRC if I use the volumes in a non-trusted repo, some error logs are printed

rajasekhar-gundala commented 2 years ago

You should set a user as admin in woodpecker server.

https://woodpecker-ci.org/docs/administration/server-config#administrators

Only admin can set the trusted repo.

Indeed, I believe it's a UI or document problem, most people do not know this trick (it is not obvious and can not be found easliy, no guide on UI)

@wxiaoguang Thank you very much for the tip. I added the environment variable - WOODPECKER_ADMIN=admin to the docker-compose and re-deployed the stack. Now I can see the option "Trusted" under the Project settings of the repository.

image

rajasekhar-gundala commented 2 years ago

I will try to add some hints to the docs at the places it describes the trusted option (https://woodpecker-ci.org/docs/usage/project-settings#trusted).

@rajaseg Where did you found the trusted option? Was it at the place I linked above?

@anbraten Yes, that's the link where we need to hint users how to enable it.

6543 commented 2 years ago

we could "grey out" it as "disabled" so it's visible ... and show a hint on mouse over that only admins can use this option ?

rajasekhar-gundala commented 2 years ago

I am trying to build and publish Docker image using Dockerfile. I have a repository in Gitea. I am getting a "The step has been cancelled" error for the clone step. Please find the screenshot below.

image

Here is my pipeline

pipeline:
  publish:
    image: plugins/docker
    group: docker
    secrets: [ docker_username, docker_password ]
    settings:
      repo: dockerregistry/reponame
      dockerfile: Dockerfile
      tag: latest
    when:
      branch: master
      event: push

Am I missing or doing anything wrong?

anbraten commented 2 years ago

we could "grey out" it as "disabled" so it's visible ... and show a hint on mouse over that only admins can use this option ?

I think we should keep things simple and add the hint to the docs as that was the place this question initially came from. Normally a user would not notice that something is missing at all, if he is not reading the docs before.