Just finished my integration between Woodpecker and @codeberg
Now it's time to contribute with some documentation for Woodpecker as it was not so straightforward. Woodpecker documentation for Gitea is inexistent 😟 You basically need to take a look in the source code to find the correct env variables to setup.
But it's working 🤗
I still don't know how can I protect myself from strangers trying to run malicious things on my server. I don't think that my repos are popular to bring attention :)
You actually inspired me as well to dump drone and move everything to wookpecker.
Migration is finished and everything looks good (had to change my pipelines a bit).
For the security aspect, I added the two env-variables
and feel quite safe from strangers executing code. Ain't I?
On thing that freaks me out a bit is the OAuth-implementation where you have to give your codeberg credentials to woodpecker...
@karl @codeberg For hardening:
1. general login: You can use DRONE_ORGS to only allow people in those orgs to log in, DRONE_REPO_OWNERS to only allow those owners for repos with CI
2. builds in repositories: You can set projects to "Protected" so that each build triggered by a push not made by the owner will be held back and needs to be approved.
@momar @codeberg thanks, I already have the REPO_OWNERS option turned on, but I wanted automatically builds with time out, or have just the first branch build enable and with a timeout so if the build failed whoever open the PR don't need to wait to fix :)
I didn't find anything related to agent time out.
In the meanwhile I guess the "Protected" will work. Thank you!
sorry to hear you had some trouble ...
the current doc is not updated since only an rc2 for 0.14 is out jet :)
adding documentation to codeberg would be nice, extend existing docu upstream is also welcome - what ever you prevere ;)
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!