Follow

Just finished my integration between Woodpecker and @codeberg

Now it's time to contribute with some documentation for Woodpecker as it was not so straightforward. Woodpecker documentation for Gitea is inexistent 😟 You basically need to take a look in the source code to find the correct env variables to setup.

But it's working 🤗

I still don't know how can I protect myself from strangers trying to run malicious things on my server. I don't think that my repos are popular to bring attention :)

· · Web · 3 · 0 · 1

@karl @codeberg

You actually inspired me as well to dump drone and move everything to wookpecker.
Migration is finished and everything looks good (had to change my pipelines a bit).

For the security aspect, I added the two env-variables
DRONE_OPEN=false
DRONE_ADMIN=<USERNAME>
and feel quite safe from strangers executing code. Ain't I?

On thing that freaks me out a bit is the OAuth-implementation where you have to give your codeberg credentials to woodpecker...

@hanser @karl @codeberg You don't have to with the latest version, I think it's not released yet though.

@momar @karl @codeberg

Ah, nice, thx for the info!
I mean, it's my own instance so I can probably trust it... it just didn't feel right ;)

@hanser @momar @codeberg hey, I'm using the latest release and you can login using codeberg without giving your user/pass to woodpecker. It's working great :)

Great to know that you migrated as well :)

@karl @codeberg For hardening:
1. general login: You can use DRONE_ORGS to only allow people in those orgs to log in, DRONE_REPO_OWNERS to only allow those owners for repos with CI
2. builds in repositories: You can set projects to "Protected" so that each build triggered by a push not made by the owner will be held back and needs to be approved.

@momar @codeberg thanks, I already have the REPO_OWNERS option turned on, but I wanted automatically builds with time out, or have just the first branch build enable and with a timeout so if the build failed whoever open the PR don't need to wait to fix :)

I didn't find anything related to agent time out.

In the meanwhile I guess the "Protected" will work. Thank you!

@karl

sorry to hear you had some trouble ...

the current doc is not updated since only an rc2 for 0.14 is out jet :)

adding documentation to codeberg would be nice, extend existing docu upstream is also welcome - what ever you prevere ;)

Sign in to participate in the conversation
Mastodon Pesso.al

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!