2.7.3

Changelog

2.7.3 - 2024-11-05

Important

To secure your instance, set WOODPECKER_PLUGINS_PRIVILEGED to only allow specific versions of the woodpeckerci/plugin-docker-buildx plugin, use version 5.0.0 or above. This prevents older, potentially unstable versions from being privileged.

For example, to allow only version 5.0.0, use:

WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx:5.0.0

To allow multiple versions, you can separate them with commas:

WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx:5.0.0,woodpeckerci/plugin-docker-buildx:5.1.0

This setup ensures only specified, stable plugin versions are given privileged access.

Read more about it in #4213

❤️ Thanks to all contributors! ❤️

@anbraten

🐛 Bug Fixes

• Upgrade vue-i18n [#4298]

Misc

• Bump release plugin [#4311]
• Use release-helper for release/* branches [#4300]

2.7.2

Changelog

2.7.2 - 2024-11-03

Important

To secure your instance, set WOODPECKER_PLUGINS_PRIVILEGED to only allow specific versions of the woodpeckerci/plugin-docker-buildx plugin, use version 5.0.0 or above. This prevents older, potentially unstable versions from being privileged.

For example, to allow only version 5.0.0, use:

WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx:5.0.0

To allow multiple versions, you can separate them with commas:

WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx:5.0.0,woodpeckerci/plugin-docker-buildx:5.1.0

This setup ensures only specified, stable plugin versions are given privileged access.

Read more about it in #4213

❤️ Thanks to all contributors! ❤️

@6543, @anbraten, @j04n-f, @pat-s, @qwerty287

🔒 Security

• Chore(deps): update dependency vite to v5.4.6 [security] (#4163) [#4187]

🐛 Bug Fixes

• Don't parse forge config files multiple times if no error occured (#4272) [#4273]
• Fix repo/owner parsing for gitlab (#4255) [#4261]
• Run queue.process() in background [#4115]
• Only update agent.LastWork if not done recently (#4031) [#4100]

Misc

• Backport JS dependency updates [#4189]

2.7.1

2.7.1 - 2024-09-07

❤️ Thanks to all contributors! ❤️

@6543, @anbraten, @j04n-f, @qwerty287, @dvjn

🔒 Security

• Lint privileged plugin match and allow to be set empty [#4084]
• Allow admins to specify privileged plugins by name and tag [#4076]
• Warn if using secrets/env with plugin [#4039]

🐛 Bug Fixes

• Set refspec for gitlab MR [#4021]
• Change Bitbucket PR hook to point the source branch, commit & ref [#3965]
• Add updated, merged and declined events to bb webhook activation [#3963]
• Fix login via navbar [#3962]
• Fix panic if forge is unreachable [#3944]
• Fix org settings page [#4093]

Misc

• Bump github.com/docker/docker from v24.0.9 to v24.0.9+30 [#4077]

2.7.0

2.7.0 - 2024-07-18

❤️ Thanks to all contributors! ❤️

@6543, @anbraten, @dvjn, @hhamalai, @lafriks, @pat-s, @qwerty287, @smainz, @tongjicoder, @zc-devs

❤️ Special thanks the security researchers and those who fixed them ❤️

• Daniel Kilimnik @D_K_Dev (Neodyme AG) reporting the bugs and orchestrating the communication
• Felipe Custodio Romero @localo (Neodyme AG) finding the bugs
• @6543 fixing the bugs and orchestrating the communication

🔒 Security

• Add blocklist of environment variables who could alter execution of plugins [#3934]
• Make sure plugins only mount the workspace base in a predefinde location [#3933]
• Disallow to set arbitrary environments for plugins [#3909]
• Use proper oauth state [#3847]
• Enhance token checking [#3842]
• Bump github.com/hashicorp/go-retryablehttp v0.7.5 -> v0.7.7 [#3834]

✨ Features

• Gracefully shutdown server [#3896]
• Gracefully shutdown agent [#3895]
• Convert urls in logs to links [#3904]
• Allow login using multiple forges [#3822]
• Global and organization registries [#1672]
• Cli get repo from git remote [#3830]
• Add api for forges [#3733]

📈 Enhancement

• Cli fix pipeline logs [#3913]
• Migrate to github.com/urfave/cli/v3 [#2951]
• Allow to change the working directory also for plugins and services [#3914]
• Remove unplugin-icons [#3809]
• Release windows binaries as zip file [#3906]
• Convert to openapi 3.0 [#3897]
• Add user registries UI [#3888]
• Sort users by login [#3891]
• Exclude dummy backend in production [#3877]
• Fix deploy task env [#3878]
• Get default branch and show message in pipeline list [#3867]
• Add timestamp for last work done by agent [#3844]
• Adjust logger types [#3859]
• Cleanup state reporting [#3850]
• Unify DB tables/columns [#3806]
• Let webhook pass on pipeline parsing error [#3829]
• Exclude mocks from release build [#3831]
• K8s secrets reference from step [#3655]

🐛 Bug Fixes

• Handle empty repositories in gitea when listing PRs [#3925]
• Update alpine package dep for docker images [#3917]
• Don't report error if agent was terminated gracefully [#3894]
• Let agents continuously report their health [#3893]
• Ignore warnings for cli exec [#3868]
• Correct favicon states [#3832]
• Cleanup of the login flow and tests [#3810]
• Fix newlines in logs [#3808]
• Fix authentication error handling [#3807]

📚 Documentation

• Streamline docs for new users [#3803]
• Add mastodon verification [#3843]
• chore(deps): update docs npm deps non-major [#3837]
• fix(deps): update docs npm deps non-major [#3824]
• Add openSUSE package [#3800]
• chore(deps): update docs npm deps non-major [#3798]
• Add "Docker Tags" Plugin [#3796]
• chore(deps): update dependency marked to v13 [#3792]
• chore: fix some comments [#3788]

Misc

• chore(deps): update web npm deps non-major [#3930]
• chore(deps): update dependency vitest to v2 [#3905]
• fix(deps): update module github.com/google/go-github/v62 to v63 [#3910]
• chore(deps): update docker.io/woodpeckerci/plugin-docker-buildx docker tag to v4.1.0 [#3908]
• Update plugin-git and add renovate trigger [#3901]
• chore(deps): update docker.io/mstruebing/editorconfig-checker docker tag to v3.0.3 [#3903]
• fix(deps): update golang-packages [#3875]
• chore(deps): lock file maintenance [#3876]
• [pre-commit.ci] pre-commit autoupdate [#3862]
• Add dummy backend [#3820]
• chore(deps): update dependency replace-in-file to v8 [#3852]
• Update forgejo sdk [#3840]
• chore(deps): lock file maintenance [#3838]
• Allow to set dist dir using env var [#3814]
• chore(deps): lock file maintenance [#3805]
• chore(deps): update docker.io/lycheeverse/lychee docker tag to v0.15.1 [#3797]

2.6.1

2.6.1 - 2024-07-19

🔒 Security

• Add blocklist of environment variables who could alter execution of plugins [#3934]
• Make sure plugins only mount the workspace base in a predefinde location [#3933]
• Disalow to set arbitrary environments for plugins [#3909]
• Bump trivy plugin version and remove unused variable [#3833]

🐛 Bug Fixes

• Let webhook pass on pipeline parsion error [#3829]
• Fix newlines in logs [#3808]

2.6.0

2.6.0 - 2024-06-13

❤️ Thanks to all contributors! ❤️

@6543, @anbraten, @jcgl17, @pat-s, @qwerty287, @s00500, @wez, @zc-devs

🔒 Security

• Bump trivy plugin version and remove unused variable [#3759]

✨ Features

• Allow to store logs in files [#3568]
• Native forgejo support [#3684]

🐛 Bug Fixes

• Add release event to webhooks [#3784]
• Respect cli argument when checking docker backend availability [#3770]
• Fix repo creation [#3756]
• Fix config loading of cli [#3764]
• Fix missing WOODPECKER_BITBUCKET_DC_URL [#3761]
• Correct repo repair success message in cli [#3757]

📈 Enhancement

• Improve step logging [#3722]
• chore(deps): update dependency eslint to v9 [#3594]
• Show workflow names if there are multiple configs [#3767]
• Use http constants [#3766]
• Spellcheck "server/*" [#3753]
• Agent-wide node selector [#3608]

📚 Documentation

• Remove misleading crontab guru suggestion from docs [#3781]
• Add documentation for KUBERNETES_SERVICE_HOST in Agent [#3747]
• Remove web.archive.org workaround in docs [#3771]
• Serve plugin icons locally [#3768]
• Docs: update local backend page [#3765]
• Remove old docs versions [#3743]
• Merge release plugins [#3752]
• Split FAQ [#3746]

Misc

• Update nix flake [#3780]
• chore(deps): lock file maintenance [#3783]
• chore(deps): update pre-commit hook golangci/golangci-lint to v1.59.1 [#3782]
• fix(deps): update codeberg.org/mvdkleijn/forgejo-sdk/forgejo digest to 168c988 [#3776]
• chore(deps): lock file maintenance [#3750]
• chore(deps): update gitea/gitea docker tag to v1.22 [#3749]
• Fix setting name [#3744]

2.5.0

2.5.0 - 2024-06-01

❤️ Thanks to all contributors! ❤️

@6543, @Andre601, @Elara6331, @OCram85, @anbraten, @aumetra, @da-Kai, @dominic-p, @dvjn, @eliasscosta, @fernandrone, @linghuying, @manuelluis, @nemunaire, @pat-s, @qwerty287, @sinlov, @stevapple, @xoxys, @zc-devs

🔒 Security

• bump golang.org/x/net to v0.24.0 [#3628]

✨ Features

• Add DeletePipeline API [#3506]
• CLI: remove step logs [#3458]
• Step logs removing API and Button [#3451]

📚 Documentation

• Create 2.5 docs [#3732]
• Fix spelling in README [#3741]
• chore: fix some comments [#3740]
• Add "Is It Up Yet?" Plugin [#3731]
• Remove discord as official community channel [#3717]
• Add Gitea Package plugin [#3707]
• Add documentation for setting Kubernetes labels and annotations [#3687]
• Remove broken link to gobook.io [#3694]
• docs: add Gitea publisher-golang plugin [#3691]
• Add Ansible+Woodpecker blog post [#3685]
• Clarify info on failing workflows/Steps [#3679]
• Add discord plugin [#3662]
• chore(deps): update dependency trim to v1 [#3658]
• chore(deps): update dependency got to v14 [#3657]
• Fail on broken anchors [#3644]
• Fix step syntax in docs [#3635]
• chore(deps): update docs npm deps non-major [#3632]
• Add Twine plugin [#3619]
• Fix docs [#3615]
• Document how to enable parallel step exec for all steps [#3605]
• Update dependency @types/marked to v6 [#3544]
• Update docs npm deps non-major [#3485]
• Docs updates and fixes [#3535]

🐛 Bug Fixes

• Fix privileged steps in kubernetes [#3711]
• Check for error in repo middleware [#3688]
• Fix parent pipeline number env on restarts [#3683]
• Fix bitbucket dir fetching [#3668]
• Sanitize tag ref for gitea/forgejo [#3664]
• Fix secret loading [#3620]
• fix cli config loading and correct comment [#3618]
• Handle ImagePullBackOff pod status [#3580]
• Apply skip ci filter only on push events [#3612]
• agent: Continue to retry indefinitely [#3599]
• Fix cli version comparison and improve setup [#3518]
• Fix flag name [#3534]

📈 Enhancement

• Use IDs for tokens [#3695]
• Lint go code with cspell [#3706]
• Replace duplicated strings [#3710]
• Cleanup server env settings [#3670]
• Setting for empty commits on path condition [#3708]
• Lint file names and directories via cSpell too [#3703]
• Make retry count of config fetching form forge configure [#3699]
• Ability to set pod annotations and labels from step [#3609]
• Support github deploy task [#3512]
• Rework entrypoints [#3269]
• Add cli output handlers [#3660]
• Cleanup api docs and ts api-client options [#3663]
• Split client into multiple files and add more tests [#3647]
• Add filter options to GetPipelines API [#3645]
• Deprecate environment filter and improve errors [#3634]
• Add task details to queue info in woodpecker-go [#3636]
• Use forge from db [#1417]
• Remove review button from approval view [#3617]
• Rework addons (use rpc) [#3268]
• Allow to disable deployments [#3570]
• Add flag to only access public repositories on GitHub [#3566]
• Add runtimeClassName in Kubernetes backend options [#3474]
• Remove unused cache properties [#3567]
• Allow separate gitea oauth URL [#3513]
• Add option to set the local repository path to the cli command exec. [#3524]

Misc

• chore(deps): update pre-commit non-major [#3736]
• chore(deps): update docker.io/alpine docker tag to v3.20 [#3735]
• fix(deps): update module github.com/google/go-github/v61 to v62 [#3730]
• chore(deps): update docker.io/woodpeckerci/plugin-docker-buildx docker tag to v4 [#3729]
• chore(deps): update docker.io/mstruebing/editorconfig-checker docker tag to v3 [#3728]
• chore(deps): update woodpeckerci/plugin-ready-release-go docker tag to v1.1.2 [#3724]
• fix(deps): update golang-packages [#3713]
• chore(deps): update postgres docker tag to v16.3 [#3719]
• chore(deps): update docker.io/appleboy/drone-discord docker tag to v1.3.2 [#3718]
• Added steps to reproduce and expected behavior in bug_report.yaml [#3714]
• flake: add flake-utils import and use eachDefaultSystem [#3704]
• Add nix flake for dev shell [#3702]
• Skip golangci in pre-commit.ci [#3692]
• chore(deps): update woodpeckerci/plugin-github-release docker tag to v1.2.0 [#3690]
• Switch back to upstream xgo image [#3682]
• Allow running tests on arm64 runners [#2605]
• chore(deps): update node.js to v22 [#3659]
• chore(deps): lock file maintenance [#3656]
• Add make target for spellcheck [#3648]
• chore(deps): update woodpeckerci/plugin-ready-release-go docker tag to v1.1.1 [#3641]
• chore(deps): update web npm deps non-major [#3640]
• chore(deps): update web npm deps non-major [#3631]
• Use our github-release plugin [#3624]
• chore(deps): lock file maintenance [#3622]
• Fix spellcheck and enable more dirs [#3603]
• Update docker.io/golang Docker tag to v1.22.2 [#3596]
• Update pre...

2.4.1

2.4.1 - 2024-03-20

❤️ Thanks to all contributors! ❤️

@manuelluis, @qwerty287, @xoxys

🔒 Security

• Only allow to deploy from push, tag and release [#3522]

🐛 Bug Fixes

• Exclude setup from cli command exec. [#3523]
• Fix uppercased env [#3516]
• Fix env schema [#3514]

Misc

• Temp pin golangci version in makefile [#3520]

2.4.0

2.4.0 - 2024-03-19

❤️ Thanks to all contributors! ❤️

@6543, @Ray-D-Song, @anbraten, @eliasscosta, @fernandrone, @kjuulh, @kytta, @langecode, @lukashass, @qwerty287, @rockdrilla, @sinlov, @smainz, @xoxys, @zc-devs, @zowhoey

🔒 Security

• Improve security context handling [#3482]
• fix(deps): update module github.com/moby/moby to v24.0.9+incompatible [#3323]

✨ Features

• Cli setup command [#3384]
• Add bitbucket datacenter (server) support [#2503]
• Cli updater [#3382]

📚 Documentation

• Delete docs for v0.15.x [#3508]
• Add deployment plugin [#3495]
• Bump follow-redirects and fix broken anchors [#3488]
• fix: plugin doc page not found [#3480]
• Documentation improvements [#3376]
• fix(deps): update docs npm deps non-major [#3455]
• Add "Sonatype Nexus" plugin [#3446]
• Add blog post [#3439]
• Add "Gradle Wrapper Validation" plugin [#3435]
• Add blog post [#3410]
• Extend core ideas documentation [#3405]
• docs: fix contributions link [#3363]
• Update/fix some docs [#3359]
• chore(deps): update dependency marked to v12 [#3325]

🐛 Bug Fixes

• Fix skip setup for some general cli commands [#3498]
• Move generic agent flags to cmd/agent/core [#3484]
• Fix usage of WOODPECKER_DATABASE_DATASOURCE_FILE [#3404]
• Set pull-request id and labels on pr-closed event [#3442]
• Update org name on login [#3409]
• Do not alter secret key upper-/lowercase [#3375]
• fix: can't run multiple services on k8s [#3395]
• Fix agent polling [#3378]
• Remove empty strings from slice before parsing agent config [#3387]
• Set correct link for commit [#3368]
• Fix schema links [#3369]
• Fix correctly handle gitlab pr closed events [#3362]
• fix: update schema event_enum to remove error warning when.event [#3357]
• Fix version check on next [#3340]
• Ignore gitlab merge request events without code changes [#3338]
• Ignore gitlab push events without commits [#3339]
• Consider gitlab inherited permissions [#3308]
• fix: agent panic when node is terminated during step execution [#3331]

📈 Enhancement

• Enable golangci linter gomnd [#3171]
• Apply "grpcnotrace" go build tag [#3448]
• Simplify store interfaces [#3437]
• Deprecate alternative names on secrets [#3406]
• Store workflows/steps for blocked pipeline [#2757]
• Parse email from Gitea webhook [#3420]
• Replace http types on forge interface [#3374]
• Prevent agent deletion when it's still running tasks [#3377]
• Refactor internal services [#915]
• Lint for event filter and deprecate exclude [#3222]
• Allow editing all environment variables in pipeline popups [#3314]
• Parse backend options in backend [#3227]
• Make agent usable for external backends [#3270]
• Add no branches text [#3312]
• Add loading spinner to repo list [#3310]

Misc

• Post on mastodon when releasing a new version [#3509]
• chore(deps): update dependency alpine_3_18/ca-certificates to v20240226 [#3501]
• fix(deps): update module github.com/google/go-github/v59 to v60 [#3493]
• fix(deps): update dependency @intlify/unplugin-vue-i18n to v3 [#3492]
• chore(deps): update dependency vue-tsc to v2 [#3491]
• chore(deps): update dependency eslint-config-airbnb-typescript to v18 [#3490]
• chore(deps): update web npm deps non-major [#3489]
• fix(deps): update golang (packages) [#3486]
• fix(deps): update module google.golang.org/protobuf to v1.33.0 [security] [#3487]
• chore(deps): update docker.io/techknowlogick/xgo docker tag to go-1.22.1 [#3476]
• chore(deps): update docker.io/golang docker tag to v1.22.1 [#3475]
• Update prettier version [#3471]
• chore(deps): update woodpeckerci/plugin-ready-release-go docker tag to v1.1.0 [#3464]
• chore(deps): lock file maintenance [#3465]
• chore(deps): update postgres docker tag to v16.2 [#3461]
• chore(deps): update lycheeverse/lychee docker tag to v0.14.3 [#3429]
• fix(deps): update golang (packages) [#3430]
• More when filters [#3407]
• Apply documentation/ui label to corresponding renovate updates [#3400]
• chore(deps): update dependency eslint-plugin-simple-import-sort to v12 [#3396]
• chore(deps): update typescript-eslint monorepo to v7 (major) [#3397]
• fix(deps): update module github.com/google/go-github/v58 to v59 [#3398]
• chore(deps): update docker.io/techknowlogick/xgo docker tag to go-1.22.0 [#3392]
• chore(deps): update docker.io/golang docker tag [#3391]
• fix(deps): update golang (packages) [#3393]
• chore(deps): update docker.io/woodpeckerci/plugin-docker-buildx docker tag to v3.1.0 [#3394]
• Add link checking [#3371]
• Apply dependencies label to all PRs [#3358]
• chore(deps): update docker.io/woodpeckerci/plugin-docker-buildx docker tag to v3.0.1 [#3324]

2.3.0

2.3.0 - 2024-01-31

❤️ Thanks to all contributors! ❤️

@anbraten, @HerHde, @qwerty287, @pat-s, @renovate[bot], @lukashass, @zc-devs, @Alonsohhl, @healdropper, @eliasscosta, @runephilosof-karnovgroup

✨ Features

• Add release event [#3226]

📚 Documentation

• Add release types [#3303]
• Add opencollective footer [#3281]
• Use array syntax in docs [#3242]

🐛 Bug Fixes

• Fix Gitpod: Gitea auth token creation [#3299]
• Fix agent updating [#3287]
• Sanitize pod's step label [#3275]
• Pipeline errors must be an array [#3276]
• fix bitbucket SSO using UUID from bitbucket api response as ForgeRemoteID [#3265]
• fix: bug pod service without label service [#3256]
• Fix disabling PRs [#3258]
• fix: bug annotations [#3255]

📈 Enhancement

• Update theme on system color mode change [#3296]
• Improve secrets availability checks [#3271]
• Load more pipeline log lines (500 => 5000) [#3212]
• Clean up models [#3228]

Misc

• chore(deps): update docker.io/techknowlogick/xgo docker tag to go-1.21.6 [#3294]
• fix(deps): update docs npm deps non-major [#3295]
• Remove deprecated group from config [#3289]
• Add spellcheck config [#3018]
• fix(deps): update golang (packages) [#3284]
• chore(deps): lock file maintenance [#3274]
• chore(deps): update web npm deps non-major [#3273]
• Pin prettier version [#3260]
• Fix prettier [#3259]
• Update UI building in Makefile [#3250]