Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Swagger and healthchecks #1932

Closed
5 tasks done
lonix1 opened this issue Jul 5, 2023 · 4 comments
Closed
5 tasks done

Swagger and healthchecks #1932

lonix1 opened this issue Jul 5, 2023 · 4 comments
Labels
bug Something isn't working

Comments

@lonix1
Copy link
Contributor

lonix1 commented Jul 5, 2023
edited
Loading

Component

server, other

Describe the bug

I accidentally found (not yet documented) that swagger is built into "next". I have been trying to use it to get server healthchecks.

I'm documenting my findings here. I realise it's still WIP, but hope it will help keep track of some things.

  1. FEATURE: The swagger interface is very useful. But in production it is a risk. Please consider:

    • adding a setting to disable it
    • adding a custom path so we can hide it from prying eyes (e.g. woodpecker.example.com/foo/bar/swagger)

  2. DOCS: At some point some docs should be added so users know swagger exists at woodpecker.example.com/swagger. And that for secured endpoints, the API token can be retrieved from the woodpecker ui at "User Settings" > "Your Personal Token". (As a new user it wasn't obvious to me.)

  3. BUG: All endpoints respond with an "empty" page and 200. Even ones which do not exist. So for example, I can access woodpecker.example.com/foo and woodpecker.example.com/api/bar and neither of those responds with 404.

  4. The ramification of (3), is that the api/healthz endpoint doesn't actually work - it will always respond with 200, even if the container is "unhealthy". That means it is an "I'm alive" check rather than a "health" check.

BTW for healthchecks, the typical approach (in an alpine container which lacks curl but has wget) is something like:
docker-compose.yml:

healthcheck:
  start_period: 5s
  interval: 30s
  timeout: 10s
  retries: 3
  test: 'wget --no-verbose --tries=1 --spider http://localhost:8000/api/healthz || exit 1'

System Info

version "next"
dockerised

Additional context

No response

Validations

  • Read the Contributing Guidelines.
  • Read the docs.
  • Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
  • Checked that the bug isn't fixed in the next version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]
  • Check that this is a concrete bug. For Q&A join our Discord Chat Server or the Matrix room.
@lonix1 lonix1 added the bug Something isn't working label Jul 5, 2023
@6543
Copy link
Member

6543 commented Jul 7, 2023

created issues #1943 & #1944

@6543 6543 closed this as completed Jul 7, 2023
@lonix1
Copy link
Contributor Author

lonix1 commented Jul 7, 2023
edited
Loading

Thank you for splitting it!

This was lost though: "All endpoints respond with an "empty" page and 200. Even ones which do not exist. So for example, I can access woodpecker.example.com/foo and woodpecker.example.com/api/bar and neither of those responds with 404."

Not sure where that belongs.

@6543
Copy link
Member

6543 commented Jul 7, 2023

to it's own issue ...

@lonix1 lonix1 mentioned this issue Jul 7, 2023
Open
5 tasks
@lonix1
Copy link
Contributor Author

lonix1 commented Jul 7, 2023

Done: #1947

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@6543 @lonix1