woodpecker-ci · 6543 · Jan 12, 2024 · Dec 22, 2023 · Dec 22, 2023 · Dec 23, 2023
diff --git a/docs/docs/20-usage/60-services.md b/docs/docs/20-usage/60-services.md
@@ -22,6 +22,20 @@ services:
  image: redis
 ```
 
+You can define a port and a protocol explicitly:
+
+```yamlservices:
+ database:
+ image: mysql
+ ports:
+ - 3306
+
+ wireguard:
+ image: wg
+ ports:
+ - 51820/udp
+```
+
 ## Configuration
 
 Service containers generally expose environment variables to customize service startup such as default usernames, passwords and ports. Please see the official image documentation to learn more.

diff --git a/pipeline/backend/kubernetes/pod.go b/pipeline/backend/kubernetes/pod.go
@@ -38,7 +38,7 @@ func mkPod(namespace, name, image, workDir, goos, serviceAccountName string,
  pool, privileged bool,
  commands, vols, pullSecretNames []string,
  labels, annotations, env, nodeSelector map[string]string,
- extraHosts []types.HostAlias, tolerations []types.Toleration, resources types.Resources,
+ ports []types.Port, extraHosts []types.HostAlias, tolerations []types.Toleration, resources types.Resources,
  securityContext *types.SecurityContext, securityContextConfig SecurityContextConfig,
 ) (*v1.Pod, error) {
  var err error
@@ -52,7 +52,7 @@ func mkPod(namespace, name, image, workDir, goos, serviceAccountName string,
  }
 
  container, err := podContainer(name, image, workDir, goos, pool, privileged, commands, vols, env,
- resources, securityContext)
+ ports, resources, securityContext)
  if err != nil {
  return nil, err
  }
@@ -116,7 +116,8 @@ func podSpec(serviceAccountName string, vols, pullSecretNames []string, env, bac
  return spec, nil
 }
 
-func podContainer(name, image, workDir, goos string, pull, privileged bool, commands, volumes []string, env map[string]string, resources types.Resources,
+func podContainer(name, image, workDir, goos string, pull, privileged bool, commands, volumes []string, env map[string]string,
+ ports []types.Port, resources types.Resources,
  securityContext *types.SecurityContext,
 ) (v1.Container, error) {
  var err error
@@ -138,6 +139,7 @@ func podContainer(name, image, workDir, goos string, pull, privileged bool, comm
  }
 
  container.Env = mapToEnvVars(env)
+ container.Ports = containerPorts(ports)
  container.SecurityContext = containerSecurityContext(securityContext, privileged)
 
  container.Resources, err = resourceRequirements(resources)
@@ -202,6 +204,21 @@ func volumeMount(name, path string) v1.VolumeMount {
  }
 }
 
+func containerPorts(ports []types.Port) []v1.ContainerPort {
+ containerPorts := make([]v1.ContainerPort, len(ports))
+ for i, port := range ports {
+ containerPorts[i] = containerPort(port)
+ }
+ return containerPorts
+}
+
+func containerPort(port types.Port) v1.ContainerPort {
+ return v1.ContainerPort{
+ ContainerPort: int32(port.Number),
+ Protocol: v1.Protocol(strings.ToUpper(port.Protocol)),
+ }
+}
+
 // Here is the service IPs (placed in /etc/hosts in the Pod)
 func hostAliases(extraHosts []types.HostAlias) []v1.HostAlias {
  hostAliases := []v1.HostAlias{}
@@ -383,7 +400,8 @@ func startPod(ctx context.Context, engine *kube, step *types.Step) (*v1.Pod, err
  step.Pull, step.Privileged,
  step.Commands, step.Volumes, engine.config.ImagePullSecretNames,
  engine.config.PodLabels, engine.config.PodAnnotations, step.Environment, step.BackendOptions.Kubernetes.NodeSelector,
- step.ExtraHosts, step.BackendOptions.Kubernetes.Tolerations, step.BackendOptions.Kubernetes.Resources, step.BackendOptions.Kubernetes.SecurityContext, engine.config.SecurityContext)
+ step.Ports, step.ExtraHosts, step.BackendOptions.Kubernetes.Tolerations, step.BackendOptions.Kubernetes.Resources,
+ step.BackendOptions.Kubernetes.SecurityContext, engine.config.SecurityContext)
  if err != nil {
  return nil, err
  }

diff --git a/pipeline/backend/kubernetes/pod_test.go b/pipeline/backend/kubernetes/pod_test.go
@@ -105,7 +105,7 @@ func TestTinyPod(t *testing.T) {
  false, false,
  []string{"gradle build"}, []string{"workspace:/woodpecker/src"}, nil,
  nil, nil, map[string]string{"CI": "woodpecker"}, nil,
- nil, nil,
+ nil, nil, nil,
  types.Resources{Requests: nil, Limits: nil}, nil, SecurityContextConfig{},
  )
  assert.NoError(t, err)
@@ -153,6 +153,19 @@ func TestFullPod(t *testing.T) {
  "echo $CI_SCRIPT | base64 -d | /bin/sh -e"
  ],
  "workingDir": "/woodpecker/src",
+ "ports": [
+ {
+ "containerPort": 1234
+ },
+ {
+ "containerPort": 2345,
+ "protocol": "TCP"
+ },
+ {
+ "containerPort": 3456,
+ "protocol": "UDP"
+ }
+ ],
  "env": [
  "<<UNORDERED>>",
  {
@@ -242,11 +255,16 @@ func TestFullPod(t *testing.T) {
  {Name: "cloudflare", IP: "1.1.1.1"},
  {Name: "cf.v6", IP: "2606:4700:4700::64"},
  }
+ ports := []types.Port{
+ {Number: 1234},
+ {Number: 2345, Protocol: "tcp"},
+ {Number: 3456, Protocol: "udp"},
+ }
  pod, err := mkPod("woodpecker", "wp-01he8bebctabr3kgk0qj36d2me-0", "meltwater/drone-cache", "/woodpecker/src", "linux/amd64", "wp-svc-acc",
  true, true,
  []string{"go get", "go test"}, []string{"woodpecker-cache:/woodpecker/src/cache"}, []string{"regcred", "another-pull-secret"},
  map[string]string{"app": "test"}, map[string]string{"apparmor.security": "runtime/default"}, map[string]string{"CGO": "0"}, map[string]string{"storage": "ssd"},
- hostAliases, []types.Toleration{{Key: "net-port", Value: "100Mbit", Effect: types.TaintEffectNoSchedule}},
+ ports, hostAliases, []types.Toleration{{Key: "net-port", Value: "100Mbit", Effect: types.TaintEffectNoSchedule}},
  types.Resources{Requests: map[string]string{"memory": "128Mi", "cpu": "1000m"}, Limits: map[string]string{"memory": "256Mi", "cpu": "2"}},
  &types.SecurityContext{Privileged: newBool(true), RunAsNonRoot: newBool(true), RunAsUser: newInt64(101), RunAsGroup: newInt64(101), FSGroup: newInt64(101)},
  SecurityContextConfig{RunAsNonRoot: false},
@@ -255,6 +273,7 @@ func TestFullPod(t *testing.T) {
 
  json, err := json.Marshal(pod)
  assert.NoError(t, err)
+ t.Log(string(json))
 
  ja := jsonassert.New(t)
  ja.Assertf(string(json), expected)

diff --git a/pipeline/backend/kubernetes/service.go b/pipeline/backend/kubernetes/service.go
@@ -17,6 +17,7 @@ package kubernetes
 import (
  "context"
  "fmt"
+ "strings"
 
  "github.com/rs/zerolog/log"
  "go.woodpecker-ci.org/woodpecker/v2/pipeline/backend/types"
@@ -26,16 +27,12 @@ import (
  "k8s.io/apimachinery/pkg/util/intstr"
 )
 
-func mkService(namespace, name string, ports []uint16, selector map[string]string) (*v1.Service, error) {
+func mkService(namespace, name string, ports []types.Port, selector map[string]string) (*v1.Service, error) {
  log.Trace().Str("name", name).Interface("selector", selector).Interface("ports", ports).Msg("Creating service")
 
  var svcPorts []v1.ServicePort
  for _, port := range ports {
- svcPorts = append(svcPorts, v1.ServicePort{
- Name: fmt.Sprintf("port-%d", port),
- Port: int32(port),
- TargetPort: intstr.IntOrString{IntVal: int32(port)},
- })
+ svcPorts = append(svcPorts, servicePort(port))
  }
 
  return &v1.Service{
@@ -55,6 +52,17 @@ func serviceName(step *types.Step) (string, error) {
  return dnsName(step.Name)
 }
 
+func servicePort(port types.Port) v1.ServicePort {
+ portNumber := int32(port.Number)
+ portProtocol := strings.ToUpper(port.Protocol)
+ return v1.ServicePort{
+ Name: fmt.Sprintf("port-%d", portNumber),
+ Port: portNumber,
+ Protocol: v1.Protocol(portProtocol),
+ TargetPort: intstr.IntOrString{IntVal: portNumber},
+ }
+}
+
 func startService(ctx context.Context, engine *kube, step *types.Step) (*v1.Service, error) {
  name, err := serviceName(step)
  if err != nil {

diff --git a/pipeline/backend/kubernetes/service_test.go b/pipeline/backend/kubernetes/service_test.go
@@ -52,11 +52,13 @@ func TestService(t *testing.T) {
  },
  {
  "name": "port-2",
+ "protocol": "TCP",
  "port": 2,
  "targetPort": 2
  },
  {
  "name": "port-3",
+ "protocol": "UDP",
  "port": 3,
  "targetPort": 3
  }
@@ -70,8 +72,12 @@ func TestService(t *testing.T) {
  "loadBalancer": {}
  }
  }`
-
- s, _ := mkService("foo", "bar", []uint16{1, 2, 3}, map[string]string{"step": "baz"})
+ ports := []types.Port{
+ {Number: 1},
+ {Number: 2, Protocol: "tcp"},
+ {Number: 3, Protocol: "udp"},
+ }
+ s, _ := mkService("foo", "bar", ports, map[string]string{"step": "baz"})
  j, err := json.Marshal(s)
  assert.NoError(t, err)
  assert.JSONEq(t, expected, string(j))

diff --git a/pipeline/backend/types/network.go b/pipeline/backend/types/network.go
@@ -19,6 +19,11 @@ type Network struct {
  Name string `json:"name,omitempty"`
 }
 
+type Port struct {
+ Number uint16 `json:"number,omitempty"`
+ Protocol string `json:"protocol,omitempty"`
+}
+
 type HostAlias struct {
  Name string `json:"name,omitempty"`
  IP string `json:"ip,omitempty"`

diff --git a/pipeline/backend/types/step.go b/pipeline/backend/types/step.go
@@ -47,7 +47,7 @@ type Step struct {
  NetworkMode string `json:"network_mode,omitempty"`
  IpcMode string `json:"ipc_mode,omitempty"`
  Sysctls map[string]string `json:"sysctls,omitempty"`
- Ports []uint16 `json:"ports,omitempty"`
+ Ports []Port  `json:"ports,omitempty"`
  BackendOptions BackendOptions `json:"backend_options,omitempty"`
 }
 

diff --git a/pipeline/frontend/yaml/compiler/convert.go b/pipeline/frontend/yaml/compiler/convert.go
@@ -18,6 +18,7 @@ import (
  "fmt"
  "maps"
  "path"
+ "strconv"
  "strings"
 
  "github.com/oklog/ulid/v2"
@@ -155,9 +156,13 @@ func (c *Compiler) createProcess(container *yaml_types.Container, stepType backe
  cpuSet = c.reslimit.CPUSet
  }
 
- var ports []uint16
- for _, port := range container.Ports {
- ports = append(ports, uint16(port))
+ var ports []backend_types.Port
+ for _, portDef := range container.Ports {
+ port, err := convertPort(portDef)
+ if err != nil {
+ return nil, err
+ }
+ ports = append(ports, port)
  }
 
  // at least one constraint contain status success, or all constraints have no status set
@@ -213,6 +218,22 @@ func (c *Compiler) stepWorkdir(container *yaml_types.Container) string {
  return path.Join(c.base, c.path, container.Directory)
 }
 
+func convertPort(portDef string) (backend_types.Port, error) {
+ var err error
+ var port backend_types.Port
+
+ number, protocol, _ := strings.Cut(portDef, "/")
+ port.Protocol = protocol
+
+ portNumber, err := strconv.ParseUint(number, 10, 16)
+ if err != nil {
+ return port, err
+ }
+ port.Number = uint16(portNumber)
+
+ return port, nil
+}
+
 func convertKubernetesBackendOptions(kubeOpt *yaml_types.KubernetesBackendOptions) backend_types.KubernetesBackendOptions {
  resources := backend_types.Resources{
  Limits: kubeOpt.Resources.Limits,

diff --git a/pipeline/frontend/yaml/types/container.go b/pipeline/frontend/yaml/types/container.go
@@ -47,7 +47,7 @@ type (
  Settings map[string]any `yaml:"settings"`
  Volumes Volumes `yaml:"volumes,omitempty"`
  When constraint.When `yaml:"when,omitempty"`
- Ports []base.StringOrInt `yaml:"ports,omitempty"`
+ Ports []string  `yaml:"ports,omitempty"`
  DependsOn base.StringOrSlice `yaml:"depends_on,omitempty"`
 
  // Docker Specific

diff --git a/pipeline/frontend/yaml/types/container_test.go b/pipeline/frontend/yaml/types/container_test.go
@@ -71,6 +71,8 @@ settings:
  baz: false
 ports:
  - 8080
+ - 4443/tcp
+ - 51820/udp
 `)
 
 func TestUnmarshalContainer(t *testing.T) {
@@ -129,7 +131,7 @@ func TestUnmarshalContainer(t *testing.T) {
  "foo": "bar",
  "baz": false,
  },
- Ports: []base.StringOrInt{8080},
+ Ports: []string{"8080", "4443/tcp", "51820/udp"},
  }
  got := Container{}
  err := yaml.Unmarshal(containerYaml, &got)