-
-
Notifications
You must be signed in to change notification settings - Fork 358
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Swagger and healthchecks #1932
Labels
bug
Something isn't working
Comments
Thank you for splitting it! This was lost though: "All endpoints respond with an "empty" page and 200. Even ones which do not exist. So for example, I can access woodpecker.example.com/foo and woodpecker.example.com/api/bar and neither of those responds with 404." Not sure where that belongs. |
to it's own issue ... |
5 tasks
Done: #1947 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Component
server, other
Describe the bug
I accidentally found (not yet documented) that swagger is built into "next". I have been trying to use it to get server healthchecks.
I'm documenting my findings here. I realise it's still WIP, but hope it will help keep track of some things.
FEATURE: The swagger interface is very useful. But in production it is a risk. Please consider:
woodpecker.example.com/foo/bar/swagger
)DOCS: At some point some docs should be added so users know swagger exists at
woodpecker.example.com/swagger
. And that for secured endpoints, the API token can be retrieved from the woodpecker ui at "User Settings" > "Your Personal Token". (As a new user it wasn't obvious to me.)BUG: All endpoints respond with an "empty" page and 200. Even ones which do not exist. So for example, I can access
woodpecker.example.com/foo
andwoodpecker.example.com/api/bar
and neither of those responds with 404.The ramification of (3), is that the
api/healthz
endpoint doesn't actually work - it will always respond with 200, even if the container is "unhealthy". That means it is an "I'm alive" check rather than a "health" check.BTW for healthchecks, the typical approach (in an alpine container which lacks curl but has wget) is something like:
docker-compose.yml
:System Info
version "next" dockerised
Additional context
No response
Validations
next
version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]The text was updated successfully, but these errors were encountered: