Allow PR secrets to be used on close #3084
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6543
reviewed
Dec 30, 2023
6543
reviewed
Dec 30, 2023
6543
approved these changes
Dec 30, 2023
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #3084 +/- ##
==========================================
- Coverage 34.81% 34.79% -0.02%
==========================================
Files 228 228
Lines 14751 14755 +4
==========================================
- Hits 5135 5134 -1
- Misses 9238 9243 +5
Partials 378 378 ☔ View full report in Codecov by Sentry. |
|
@6543 Why should secrets be available to all events if none are set? This is definitely not what I'd expect if I unselect all events on the secret in ui. |
|
it was so in the past, it was meant as "optional filter" and if you have no events set, it was for all. we did change the UI from a simple textfield to checkboxes those it's a bit confusing as UI<->backend handle things different now. so the only thing for "filter them all" is the idea of missusing the events filter for "disable feature", I think we can&should:
that way we dont have to break anything and can indicate this clearly |
|
moved to #3094 so we can merge this pull now (if @qwerty287 comment lgtm or other maintainers did lgtm). |
qwerty287
commented
Dec 31, 2023
6543
pushed a commit
that referenced
this pull request
Jan 21, 2024
This PR was opened by the [ready-release-go](https://github.com/woodpecker-ci/plugin-ready-release-go) plugin. When you're ready to do a release, you can merge this pull-request and a new release with version `2.2.0` will be created automatically. If you're not ready to do a release yet, that's fine, whenever you add more changes to `main` this pull-request will be updated. ## Options - [ ] Mark this version as a release candidate ## [2.2.0](https://github.com/woodpecker-ci/woodpecker/releases/tag/2.2.0) - 2024-01-21 ### 🔒 Security - Update web dependencies [[#3234](#3234)] ### ✨ Features - Support custom steps entrypoint [[#2985](#2985)] ### 📚 Documentation - Add 2.2 docs [[#3237](#3237)] - Fix/improve issue templates [[#3232](#3232)] - Delete `FUNDING.yaml` [[#3193](#3193)] - Remove contributing/security to use globally defined [[#3192](#3192)] - Add "Kaniko" Plugin [[#3183](#3183)] - Document core development ideas [[#3184](#3184)] - Add continous deployment cookbook [[#3098](#3098)] - Make k8s backend configuration docs in the same format as others [[#3081](#3081)] - Hide backend config options from TOC [[#3126](#3126)] - Add X/Twitter account [[#3127](#3127)] - Add ansible plugin [[#3115](#3115)] - Format depends_on example [[#3118](#3118)] - Use WOODPECKER_AGENT_SECRET instead of deprecated alternative [[#3103](#3103)] - Add Reviewdog ESLint plugin [[#3102](#3102)] - Mark local backend as stable [[#3088](#3088)] - Update Owners 2024 [[#3075](#3075)] - Add reviewdog golangci plugin [[#3080](#3080)] - Add Codeberg Pages Deploy plugin to plugins list [[#3054](#3054)] ### 🐛 Bug Fixes - Fixed Pods creation of WP services [[#3236](#3236)] - Fix Bitbucket get pull requests that ignores pagination [[#3235](#3235)] - Make PipelineConfig unique again [[#3215](#3215)] - Fix feed sorting [[#3155](#3155)] - Step status update dont set to running again once it got stoped [[#3151](#3151)] - Use step uuid instead of name in GRPC status calls [[#3143](#3143)] - Use UUID instead of step name where possible [[#3136](#3136)] - Use step type to detect services in Kubernetes backend [[#3141](#3141)] - Fix config base64 parsing to utf-8 [[#3110](#3110)] - Pin Gitea version [[#3104](#3104)] - Fix step `depends_on` as string in schema [[#3099](#3099)] - Fix slice unmarshaling [[#3097](#3097)] - Allow PR secrets to be used on close [[#3084](#3084)] - make event in pipeline schema also a constraint_list [[#3082](#3082)] - Fix badge's repoUrl with rootpath [[#3076](#3076)] - Load changed files for closed PR [[#3067](#3067)] - Fix build output paths [[#3065](#3065)] - Fix `when` and `depends_on` [[#3063](#3063)] - Fix DAG cycle detection [[#3049](#3049)] - Fix duplicated icons [[#3045](#3045)] ### 📈 Enhancement - Retrieve all user repo perms with a single API call [[#3211](#3211)] - Secured kubernetes backend configuration [[#3204](#3204)] - Use `assert` for tests [[#3201](#3201)] - Replace `goimports` with `gci` [[#3202](#3202)] - Remove multipart logger [[#3200](#3200)] - Added protocol in port configuration [[#2993](#2993)] - Kubernetes AppArmor and seccomp [[#3123](#3123)] - `cli exec`: let override existing environment values but print a warning [[#3140](#3140)] - Enable golangci linter forcetypeassert [[#3168](#3168)] - Enable golangci linter contextcheck [[#3170](#3170)] - Remove panic recovering [[#3162](#3162)] - More docker backend test remove more undocumented [[#3156](#3156)] - Lowercase all log strings [[#3173](#3173)] - Cleanups + prefer .yaml [[#3069](#3069)] - Use UUID as podName and cleanup arguments for Kubernetes backend [[#3135](#3135)] - Enable golangci linter stylecheck [[#3167](#3167)] - Clean up logging [[#3161](#3161)] - Enable `gocritic` and don't ignore globally [[#3159](#3159)] - Remove steps for publishing release branches [[#3125](#3125)] - Enable `nolintlint` [[#3158](#3158)] - Enable some linters [[#3129](#3129)] - Use name in backend types instead of alias [[#3142](#3142)] - Make service icon rotate [[#3149](#3149)] - Add step name as label to docker containers [[#3137](#3137)] - Use js-base64 on pipeline log page [[#3146](#3146)] - Flexible image pull secret reference [[#3016](#3016)] - Always show pipeline step list [[#3114](#3114)] - Add loading spinner and no pull request text [[#3113](#3113)] - Fix timeout settings contrast [[#3112](#3112)] - Unfold workflow when opening via URL [[#3106](#3106)] - Remove env argument of addons [[#3100](#3100)] - Move `cmd/common` to `shared` [[#3092](#3092)] - use semver for version comparsion [[#3042](#3042)] - Extend create plugin docs [[#3062](#3062)] - Remove old files [[#3077](#3077)] - Indicate if step is service [[#3078](#3078)] - Add imports checks to linter [[#3056](#3056)] - Remove workflow version again [[#3052](#3052)] - Add option to disable version check in admin web UI [[#3040](#3040)] ### Misc - chore(deps): update docker.io/woodpeckerci/plugin-docker-buildx docker tag to v3 [[#3229](#3229)] - Docs: Fix expression syntax docs url [[#3208](#3208)] - Add schema test for depends_on [[#3205](#3205)] - chore(deps): lock file maintenance [[#3190](#3190)] - Do not run prettier with pre-commit [[#3196](#3196)] - fix(deps): update module github.com/google/go-github/v57 to v58 [[#3187](#3187)] - chore(deps): update docker.io/golang docker tag to v1.21.6 [[#3189](#3189)] - chore(deps): update docker.io/woodpeckerci/plugin-docker-buildx [[#3186](#3186)] - fix(deps): update golang (packages) [[#3185](#3185)] - declare different when statements once and reuse them [[#3176](#3176)] - Add `make clean-all` [[#3152](#3152)] - Fix `version.json` updates [[#3057](#3057)] - [pre-commit.ci] pre-commit autoupdate [[#3101](#3101)] - Update dependency @vitejs/plugin-vue to v5 [[#3074](#3074)] - Use CI vars for plugin [[#3061](#3061)] - Use `yamllint` [[#3066](#3066)] - Use dag in ci config [[#3010](#3010)]
fernandrone
pushed a commit
to quintoandar/woodpecker
that referenced
this pull request
Feb 1, 2024
closes woodpecker-ci#3071 1. If a secret can be used on PRs, it can also be used on PR close. 2. If no events are set, disallow access to secret. This was different before, secrets without any event set were allowed for all events. 3. Compare strings instead of patterns. --------- Co-authored-by: 6543 <6543@obermui.de>
fernandrone
pushed a commit
to quintoandar/woodpecker
that referenced
this pull request
Feb 1, 2024
This PR was opened by the [ready-release-go](https://github.com/woodpecker-ci/plugin-ready-release-go) plugin. When you're ready to do a release, you can merge this pull-request and a new release with version `2.2.0` will be created automatically. If you're not ready to do a release yet, that's fine, whenever you add more changes to `main` this pull-request will be updated. ## Options - [ ] Mark this version as a release candidate ## [2.2.0](https://github.com/woodpecker-ci/woodpecker/releases/tag/2.2.0) - 2024-01-21 ### 🔒 Security - Update web dependencies [[woodpecker-ci#3234](woodpecker-ci#3234)] ### ✨ Features - Support custom steps entrypoint [[woodpecker-ci#2985](woodpecker-ci#2985)] ### 📚 Documentation - Add 2.2 docs [[woodpecker-ci#3237](woodpecker-ci#3237)] - Fix/improve issue templates [[woodpecker-ci#3232](woodpecker-ci#3232)] - Delete `FUNDING.yaml` [[woodpecker-ci#3193](woodpecker-ci#3193)] - Remove contributing/security to use globally defined [[woodpecker-ci#3192](woodpecker-ci#3192)] - Add "Kaniko" Plugin [[woodpecker-ci#3183](woodpecker-ci#3183)] - Document core development ideas [[woodpecker-ci#3184](woodpecker-ci#3184)] - Add continous deployment cookbook [[woodpecker-ci#3098](woodpecker-ci#3098)] - Make k8s backend configuration docs in the same format as others [[woodpecker-ci#3081](woodpecker-ci#3081)] - Hide backend config options from TOC [[woodpecker-ci#3126](woodpecker-ci#3126)] - Add X/Twitter account [[woodpecker-ci#3127](woodpecker-ci#3127)] - Add ansible plugin [[woodpecker-ci#3115](woodpecker-ci#3115)] - Format depends_on example [[woodpecker-ci#3118](woodpecker-ci#3118)] - Use WOODPECKER_AGENT_SECRET instead of deprecated alternative [[woodpecker-ci#3103](woodpecker-ci#3103)] - Add Reviewdog ESLint plugin [[woodpecker-ci#3102](woodpecker-ci#3102)] - Mark local backend as stable [[woodpecker-ci#3088](woodpecker-ci#3088)] - Update Owners 2024 [[woodpecker-ci#3075](woodpecker-ci#3075)] - Add reviewdog golangci plugin [[woodpecker-ci#3080](woodpecker-ci#3080)] - Add Codeberg Pages Deploy plugin to plugins list [[woodpecker-ci#3054](woodpecker-ci#3054)] ### 🐛 Bug Fixes - Fixed Pods creation of WP services [[woodpecker-ci#3236](woodpecker-ci#3236)] - Fix Bitbucket get pull requests that ignores pagination [[woodpecker-ci#3235](woodpecker-ci#3235)] - Make PipelineConfig unique again [[woodpecker-ci#3215](woodpecker-ci#3215)] - Fix feed sorting [[woodpecker-ci#3155](woodpecker-ci#3155)] - Step status update dont set to running again once it got stoped [[woodpecker-ci#3151](woodpecker-ci#3151)] - Use step uuid instead of name in GRPC status calls [[woodpecker-ci#3143](woodpecker-ci#3143)] - Use UUID instead of step name where possible [[woodpecker-ci#3136](woodpecker-ci#3136)] - Use step type to detect services in Kubernetes backend [[woodpecker-ci#3141](woodpecker-ci#3141)] - Fix config base64 parsing to utf-8 [[woodpecker-ci#3110](woodpecker-ci#3110)] - Pin Gitea version [[woodpecker-ci#3104](woodpecker-ci#3104)] - Fix step `depends_on` as string in schema [[woodpecker-ci#3099](woodpecker-ci#3099)] - Fix slice unmarshaling [[woodpecker-ci#3097](woodpecker-ci#3097)] - Allow PR secrets to be used on close [[woodpecker-ci#3084](woodpecker-ci#3084)] - make event in pipeline schema also a constraint_list [[woodpecker-ci#3082](woodpecker-ci#3082)] - Fix badge's repoUrl with rootpath [[woodpecker-ci#3076](woodpecker-ci#3076)] - Load changed files for closed PR [[woodpecker-ci#3067](woodpecker-ci#3067)] - Fix build output paths [[woodpecker-ci#3065](woodpecker-ci#3065)] - Fix `when` and `depends_on` [[woodpecker-ci#3063](woodpecker-ci#3063)] - Fix DAG cycle detection [[woodpecker-ci#3049](woodpecker-ci#3049)] - Fix duplicated icons [[woodpecker-ci#3045](woodpecker-ci#3045)] ### 📈 Enhancement - Retrieve all user repo perms with a single API call [[woodpecker-ci#3211](woodpecker-ci#3211)] - Secured kubernetes backend configuration [[woodpecker-ci#3204](woodpecker-ci#3204)] - Use `assert` for tests [[woodpecker-ci#3201](woodpecker-ci#3201)] - Replace `goimports` with `gci` [[woodpecker-ci#3202](woodpecker-ci#3202)] - Remove multipart logger [[woodpecker-ci#3200](woodpecker-ci#3200)] - Added protocol in port configuration [[woodpecker-ci#2993](woodpecker-ci#2993)] - Kubernetes AppArmor and seccomp [[woodpecker-ci#3123](woodpecker-ci#3123)] - `cli exec`: let override existing environment values but print a warning [[woodpecker-ci#3140](woodpecker-ci#3140)] - Enable golangci linter forcetypeassert [[woodpecker-ci#3168](woodpecker-ci#3168)] - Enable golangci linter contextcheck [[woodpecker-ci#3170](woodpecker-ci#3170)] - Remove panic recovering [[woodpecker-ci#3162](woodpecker-ci#3162)] - More docker backend test remove more undocumented [[woodpecker-ci#3156](woodpecker-ci#3156)] - Lowercase all log strings [[woodpecker-ci#3173](woodpecker-ci#3173)] - Cleanups + prefer .yaml [[woodpecker-ci#3069](woodpecker-ci#3069)] - Use UUID as podName and cleanup arguments for Kubernetes backend [[woodpecker-ci#3135](woodpecker-ci#3135)] - Enable golangci linter stylecheck [[woodpecker-ci#3167](woodpecker-ci#3167)] - Clean up logging [[woodpecker-ci#3161](woodpecker-ci#3161)] - Enable `gocritic` and don't ignore globally [[woodpecker-ci#3159](woodpecker-ci#3159)] - Remove steps for publishing release branches [[woodpecker-ci#3125](woodpecker-ci#3125)] - Enable `nolintlint` [[woodpecker-ci#3158](woodpecker-ci#3158)] - Enable some linters [[woodpecker-ci#3129](woodpecker-ci#3129)] - Use name in backend types instead of alias [[woodpecker-ci#3142](woodpecker-ci#3142)] - Make service icon rotate [[woodpecker-ci#3149](woodpecker-ci#3149)] - Add step name as label to docker containers [[woodpecker-ci#3137](woodpecker-ci#3137)] - Use js-base64 on pipeline log page [[woodpecker-ci#3146](woodpecker-ci#3146)] - Flexible image pull secret reference [[woodpecker-ci#3016](woodpecker-ci#3016)] - Always show pipeline step list [[woodpecker-ci#3114](woodpecker-ci#3114)] - Add loading spinner and no pull request text [[woodpecker-ci#3113](woodpecker-ci#3113)] - Fix timeout settings contrast [[woodpecker-ci#3112](woodpecker-ci#3112)] - Unfold workflow when opening via URL [[woodpecker-ci#3106](woodpecker-ci#3106)] - Remove env argument of addons [[woodpecker-ci#3100](woodpecker-ci#3100)] - Move `cmd/common` to `shared` [[woodpecker-ci#3092](woodpecker-ci#3092)] - use semver for version comparsion [[woodpecker-ci#3042](woodpecker-ci#3042)] - Extend create plugin docs [[woodpecker-ci#3062](woodpecker-ci#3062)] - Remove old files [[woodpecker-ci#3077](woodpecker-ci#3077)] - Indicate if step is service [[woodpecker-ci#3078](woodpecker-ci#3078)] - Add imports checks to linter [[woodpecker-ci#3056](woodpecker-ci#3056)] - Remove workflow version again [[woodpecker-ci#3052](woodpecker-ci#3052)] - Add option to disable version check in admin web UI [[woodpecker-ci#3040](woodpecker-ci#3040)] ### Misc - chore(deps): update docker.io/woodpeckerci/plugin-docker-buildx docker tag to v3 [[woodpecker-ci#3229](woodpecker-ci#3229)] - Docs: Fix expression syntax docs url [[woodpecker-ci#3208](woodpecker-ci#3208)] - Add schema test for depends_on [[woodpecker-ci#3205](woodpecker-ci#3205)] - chore(deps): lock file maintenance [[woodpecker-ci#3190](woodpecker-ci#3190)] - Do not run prettier with pre-commit [[woodpecker-ci#3196](woodpecker-ci#3196)] - fix(deps): update module github.com/google/go-github/v57 to v58 [[woodpecker-ci#3187](woodpecker-ci#3187)] - chore(deps): update docker.io/golang docker tag to v1.21.6 [[woodpecker-ci#3189](woodpecker-ci#3189)] - chore(deps): update docker.io/woodpeckerci/plugin-docker-buildx [[woodpecker-ci#3186](woodpecker-ci#3186)] - fix(deps): update golang (packages) [[woodpecker-ci#3185](woodpecker-ci#3185)] - declare different when statements once and reuse them [[woodpecker-ci#3176](woodpecker-ci#3176)] - Add `make clean-all` [[woodpecker-ci#3152](woodpecker-ci#3152)] - Fix `version.json` updates [[woodpecker-ci#3057](woodpecker-ci#3057)] - [pre-commit.ci] pre-commit autoupdate [[woodpecker-ci#3101](woodpecker-ci#3101)] - Update dependency @vitejs/plugin-vue to v5 [[woodpecker-ci#3074](woodpecker-ci#3074)] - Use CI vars for plugin [[woodpecker-ci#3061](woodpecker-ci#3061)] - Use `yamllint` [[woodpecker-ci#3066](woodpecker-ci#3066)] - Use dag in ci config [[woodpecker-ci#3010](woodpecker-ci#3010)]
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
closes #3071