Mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2026-04-28 19:46:40 +02:00
Code Issues Packages Projects Releases Wiki Activity
7,803 Commits 35 Branches 100 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Alex Caston 85c71fb01e Kubernetes: precreate workingDir as nonroot when required (#6322) 
### Problem
When the working directory is set to a directory that doesn't exists (for example, as `plugin-git` does), kubelet will pre-create it with ownership set to `root:root` and permissions `0755` . This makes pods running as non-root unable to write to it, causing permission errors.

### Solution
Added a `podInitContainer` function that conditionally creates an init container to pre-create the working directory with the correct permissions before the main step container starts.

### Behavior
- If the pod runs as root (`RunAsUser == 0` or unset), no init container is created. Kubelet handles directory creation automatically
- If the working directory matches a volume mount path exactly, no init container is needed. `FSGroupChangePolicy` handles permissions
- An init container is only created when the working directory is nested within a volume mount path
- The init container uses `busybox:stable-musl` with minimal resource limits (5m CPU, 5Mi memory) and drops all capabilities.

### Related issues and PRs
- Solves the error mentioned in https://github.com/woodpecker-ci/woodpecker/issues/5346#issuecomment-3211408746 without requiring a previous step.
- In addition to #6307 and #6310, this will make it easier to run woodpecker ci workloads in a namespace that enforces [Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/)
2026-04-28 17:21:45 +02:00
.github
Update release template (#5565)
2025-09-28 22:05:56 +02:00
.vscode
Migrate from Windi to Tailwind (#4614)
2025-01-07 08:52:44 +01:00
.woodpecker
Update docker.io/mysql Docker tag to v9.7.0 (#6498)
2026-04-25 07:44:22 +02:00
agent
Move wait for log uploads logic out of logger and tracer into pipeline runtime (#6471)
2026-04-25 16:36:26 +02:00
cli
Fix workflow hang on services (#6507)
2026-04-27 09:11:33 +02:00
cmd
Make agent reconnect retry timeout configurable (#6470)
2026-04-23 17:35:39 +02:00
contrib/woodpecker-test-repo/.woodpecker
Cleanups + prefer .yaml (#3069)
2024-01-11 18:43:54 +01:00
docker
chore(deps): update docker.io/golang docker tag to v1.26 (#6121)
2026-02-14 02:27:11 +01:00
docs
Kubernetes: Support allowPrivilegeEscalation and capabilities backend_options (#6307)
2026-04-28 17:17:00 +02:00
e2e
e2e test wait for grpc server teardown and stop agents (#6479)
2026-04-23 09:57:43 +02:00
nfpm
Fix build deb rpm packages (#6309)
2026-03-24 01:21:04 +01:00
pipeline
Kubernetes: precreate workingDir as nonroot when required (#6322)
2026-04-28 17:21:45 +02:00
rpc
fix: add connection timeout and graceful shutdown to agent RPC client (#6414)
2026-04-10 04:19:14 +02:00
server
Refactor: remove Auth() from Forge interface (#6505)
2026-04-26 15:36:12 +02:00
shared
Update woodpeckerci/plugin-git Docker tag to v2.9.0 (#6499)
2026-04-25 07:46:27 +02:00
tools
Cleanup openapi generation (#4331)
2024-11-23 09:17:19 +01:00
version
Add godot linter to harmonitze toplevel comments (#3650)
2024-05-13 22:58:21 +02:00
web
Translated using Weblate (Portuguese)
2026-04-28 14:32:22 +00:00
woodpecker-go
Fix license headers (#6205)
2026-03-23 11:54:07 +01:00
.cspell.json
Init minimal e2e tests (#6391)
2026-04-17 00:46:53 +02:00
.ecrc
Add migration tests for postgres (#669)
2025-10-21 12:19:39 +02:00
.editorconfig
Use editorconfig-checker (#982)
2022-06-17 12:03:34 +02:00
.gitattributes
Fix "check_swagger" step (#2024)
2023-07-20 22:12:32 +02:00
.gitignore
Ignore direnv config and folder (#5235)
2025-06-03 03:07:58 +02:00
.gitpod.yml
Update dependency golang to v1.26.2 (#6420)
2026-04-11 03:42:53 +02:00
.golangci.yaml
Sanitize agent introduced pipeline/workflow/step state changes and log streaming (#6308)
2026-04-03 10:50:43 +02:00
.hadolint.yaml
Cleanups + prefer .yaml (#3069)
2024-01-11 18:43:54 +01:00
.lycheeignore
fix: Add wildcard to .lycheeignore (#4158)
2024-10-04 15:08:05 +01:00
.markdownlint.yaml
chore(deps): update pre-commit hook igorshubovych/markdownlint-cli to v0.45.0 (#5187)
2025-05-18 19:33:46 +02:00
.mockery.yaml
Add workflow integration test (#6270)
2026-03-21 11:54:48 +01:00
.pre-commit-config.yaml
Update pre-commit hook rbubley/mirrors-prettier to v3.8.3 (#6462)
2026-04-18 10:19:58 +02:00
.prettierignore
Add prettier to docs/ (#4628)
2024-12-28 15:36:23 +01:00
.prettierrc.json
Remove old files (#3077)
2023-12-30 15:10:31 +01:00
.yamllint.yaml
Migrate from Windi to Tailwind (#4614)
2025-01-07 08:52:44 +01:00
CHANGELOG.md
🎉 Release 3.14.0-rc.2 (#6442)
2026-04-27 14:51:13 +02:00
checkmake.ini
chore(deps): update pre-commit non-major (#5949)
2026-01-15 15:55:28 +01:00
codecov.yaml
Init minimal e2e tests (#6391)
2026-04-17 00:46:53 +02:00
docker-compose.example.yaml
Add rolling semver tags, remove latest tag (#4600)
2024-12-21 11:52:56 +01:00
docker-compose.gitpod.yaml
Update gitea/gitea Docker tag to v1.26 (#6466)
2026-04-19 11:47:22 +02:00
flake.lock
Update flake and migrate used packages (#6408)
2026-04-10 13:18:00 +03:00
flake.nix
Update flake and migrate used packages (#6408)
2026-04-10 13:18:00 +03:00
go.mod
Update module github.com/google/go-github/v84 to v85 (#6500)
2026-04-26 08:10:37 +02:00
go.sum
Update module github.com/google/go-github/v84 to v85 (#6500)
2026-04-26 08:10:37 +02:00
LICENSE
Check for correct license header (#2137)
2023-08-10 11:06:00 +02:00
Makefile
Init minimal e2e tests (#6391)
2026-04-17 00:46:53 +02:00
README.md
Add missing docs for 3.x minor versions (#4992)
2025-03-24 10:12:56 +01:00
release-config.ts
Adjust config for release plugin (#4310)
2024-11-05 21:00:38 +01:00

README.md

Woodpecker

Woodpecker


Pipeline Status Code coverage Translation status Matrix space Go Report Card go reference GitHub release Docker pulls License: Apache-2.0 OpenSSF best practices pre-commit.ci


Woodpecker is a simple, yet powerful CI/CD engine with great extensibility.

woodpecker

Installation & Resources

Woodpecker can be installed in various ways (see the Installation Instructions) and runs with SQLite as database by default. It requires around 100 MB of RAM (Server) and 30 MB (Agent) at runtime in idle mode.

Support

You can support the project by becoming a backer on Open Collective or via GitHub Sponsors.

Open Collective backers

Documentation

Our documentation can be found at https://woodpecker-ci.org/docs/intro.

Translation

We have a self-hosted Weblate instance at translate.woodpecker-ci.org.

An overview of the current translation state is available at https://translate.woodpecker-ci.org/projects/woodpecker-ci/#languages.

Public Woodpecker Instances

Woodpecker is used as the main CI/CD engine at Codeberg, an alternative Git hosting platform with a focus on privacy and free software development.

Plugins

Woodpecker can be extended via plugins. The plugin overview website helps browsing available plugins. It combines both plugins by the Woodpecker core team and community-maintained ones.

Star History

Star History Chart

License

Woodpecker is Apache 2.0 licensed. The source files have a header indicating which license they are under and what copyrights apply.

Everything in docs/ is licensed under the Creative Commons Attribution-ShareAlike 4.0 International Public License.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
automationcicicddevopsdockerkuberneteswoodpeckerci
Readme Apache-2.0 244 MiB
Languages
Go 86.2%
Vue 8.7%
TypeScript 2.6%
CSS 1.7%
Makefile 0.6%