Registration is closed by default. While disabled an administrator needs to add new users manually (exp. woodpecker-cli user add).
If registration is open every user with an account at the configured SCM can login to Woodpecker. This example enables open registration for users that are members of approved organizations:
# docker-compose.yml
version: '3'
services:
woodpecker-server:
[...]
environment:
- [...]
+ - WOODPECKER_OPEN=true
+ - WOODPECKER_ORGS=dolores,dogpatch
Administrators should also be enumerated in your configuration.
# docker-compose.yml
version: '3'
services:
woodpecker-server:
[...]
environment:
- [...]
+ - WOODPECKER_ADMIN=johnsmith,janedoeWoodpecker operates with the user's OAuth permission. Due to the coarse permission handling of GitHub, you may end up syncing more repos into Woodpecker than preferred.
Use the WOODPECKER_REPO_OWNERS variable to filter which GitHub user's repos should be synced only. You typically want to put here your company's GitHub name.
# docker-compose.yml
version: '3'
services:
woodpecker-server:
[...]
environment:
- [...]
+ - WOODPECKER_REPO_OWNERS=mycompany,mycompanyossgithubuserIf you want to make available a specific private registry to all pipelines, use the WOODPECKER_DOCKER_CONFIG server configuration.
Point it to your server's docker config.
# docker-compose.yml
version: '3'
services:
woodpecker-server:
[...]
environment:
- [...]
+ - WOODPECKER_DOCKER_CONFIG=/home/user/.docker/config.jsonThe following list describes all available server configuration options.
Default: empty
Configures the logging level. Possible values are trace, debug, info, warn, error, fatal, panic, disabled and empty.
Default:
false
Enable pretty-printed debug output.
Default:
true
Disable colored debug output.
Default: empty
Server fully qualified url of the user-facing hostname.
Example: WOODPECKER_HOST=http://woodpecker.example.org
Default:
:8000
Configures the HTTP listener port.
Default: empty
Path to an SSL certificate used by the server to accept HTTPS requests.
Example: WOODPECKER_SERVER_CERT=/path/to/cert.pem
Default: empty
Path to an SSL certificate key used by the server to accept HTTPS requests.
Example: WOODPECKER_SERVER_KEY=/path/to/key.pem
Default:
false
Automatically generates an SSL certificate using Let's Encrypt, and configures the server to accept HTTPS requests.
Default:
:9000
Configures the gRPC listener port.
Default: empty
Comma-separated list of admin accounts.
Example: WOODPECKER_ADMIN=user1,user2
Default: empty
Comma-separated list of approved organizations.
Example: org1,org2
Default: empty
Comma-separated list of syncable repo owners. ???
Example: user1,user2
Default:
false
Enable to allow user registration.
Default:
https://woodpecker-ci.org/
Link to documentation in the UI.
Default:
false
Always use authentication to clone repositories even if they are public. Needed if the SCM requires to always authenticate as used by many companies.
Default is defined in shared/constant/constant.go
The default docker image to be used when cloning the repo
Default:
72h
Configures the session expiration time. Context: when someone does log into Woodpecker, a temporary session token is created. As long as the session is valid (until it expires or log-out), a user can log into Woodpecker, without re-authentication.
Default:
plugins/docker,plugins/gcr,plugins/ecr,woodpeckerci/plugin-docker,woodpeckerci/plugin-docker-buildx
Docker images to run in privileged mode. Only change if you are sure what you do!
Default: empty
Configures a specific private registry config for all pipelines.
Example: WOODPECKER_DOCKER_CONFIG=/home/user/.docker/config.json
Default: empty
A shared secret used by server and agents to authenticate communication. A secret can be generated by openssl rand -hex 32.
Default: empty
Server-side enforcement policy on the minimum amount of time a client should wait before sending a keepalive ping.
Example: WOODPECKER_KEEPALIVE_MIN_TIME=10s
Default:
sqlite3
The database driver name. Possible values are sqlite3, mysql or postgres.
Default:
woodpecker.sqlite
The database connection string. The default value is the path of the embedded sqlite database file.
Example:
# MySQL
# https://github.com/go-sql-driver/mysql#dsn-data-source-name
WOODPECKER_DATABASE_DATASOURCE=root:password@tcp(1.2.3.4:3306)/woodpecker?parseTime=true
# PostgreSQL
# https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-CONNSTRING
WOODPECKER_DATABASE_DATASOURCE=postgres://root:password@1.2.3.4:5432/woodpecker?sslmode=disableDefault: empty
Token to secure the Prometheus metrics endpoint.
Default:
ci/woodpecker
Context prefix Woodpecker will use to publish status messages to SCM. You probably will only need to change it if you run multiple Woodpecker instances for a single repository.
Default:
0
The maximum amount of memory a single pipeline container is allowed to swap to disk, configured in bytes. There is no limit if 0.
Default:
0
The maximum amount of memory a single pipeline container can use, configured in bytes. There is no limit if 0.
Default:
0
The maximum amount of memory of /dev/shm allowed in bytes. There is no limit if 0.
Default:
0
The number of microseconds per CPU period that the container is limited to before throttled. There is no limit if 0.
Default:
0
The relative weight vs. other containers.
Default: empty
Comma-separated list to limit the specific CPUs or cores a pipeline container can use.
Example: WOODPECKER_LIMIT_CPU_SET=1,2