Skip to main content
Version: Next ๐Ÿšง

docker compose

The below docker compose configuration can be used to start a Woodpecker server with a single agent.

It relies on a number of environment variables that you must set before running docker compose up. The variables are described below.

docker-compose.yaml
services:
woodpecker-server:
image: woodpeckerci/woodpecker-server:latest
ports:
- 8000:8000
volumes:
- woodpecker-server-data:/var/lib/woodpecker/
environment:
- WOODPECKER_OPEN=true
- WOODPECKER_HOST=${WOODPECKER_HOST}
- WOODPECKER_GITHUB=true
- WOODPECKER_GITHUB_CLIENT=${WOODPECKER_GITHUB_CLIENT}
- WOODPECKER_GITHUB_SECRET=${WOODPECKER_GITHUB_SECRET}
- WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}

woodpecker-agent:
image: woodpeckerci/woodpecker-agent:latest
command: agent
restart: always
depends_on:
- woodpecker-server
volumes:
- woodpecker-agent-config:/etc/woodpecker
- /var/run/docker.sock:/var/run/docker.sock
environment:
- WOODPECKER_SERVER=woodpecker-server:9000
- WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}

volumes:
woodpecker-server-data:
woodpecker-agent-config:

Woodpecker needs to know its own address. You must therefore provide the public address of it in <scheme>://<hostname> format. Please omit trailing slashes:

docker-compose.yaml
 services:
woodpecker-server:
[...]
environment:
- [...]
+ - WOODPECKER_HOST=${WOODPECKER_HOST}

Woodpecker can also have its ports configured. It uses a separate port for gRPC and for HTTP. The agent performs gRPC calls and connects to the gRPC port. They can be configured with *_ADDR variables:

docker-compose.yaml
 services:
woodpecker-server:
[...]
environment:
- [...]
+ - WOODPECKER_GRPC_ADDR=${WOODPECKER_GRPC_ADDR}
+ - WOODPECKER_SERVER_ADDR=${WOODPECKER_HTTP_ADDR}

Reverse proxying can also be configured for gRPC. If the agents are connecting over the internet, it should also be SSL encrypted. The agent then needs to be configured to be secure:

docker-compose.yaml
 services:
woodpecker-server:
[...]
environment:
- [...]
+ - WOODPECKER_GRPC_SECURE=true # defaults to false
+ - WOODPECKER_GRPC_VERIFY=true # default

As agents run pipeline steps as docker containers they require access to the host machine's Docker daemon:

docker-compose.yaml
 services:
[...]
woodpecker-agent:
[...]
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock

Agents require the server address for agent-to-server communication. The agent connects to the server's gRPC port:

docker-compose.yaml
 services:
woodpecker-agent:
[...]
environment:
+ - WOODPECKER_SERVER=woodpecker-server:9000

The server and agents use a shared secret to authenticate communication. This should be a random string of your choosing and should be kept private. You can generate such string with openssl rand -hex 32:

docker-compose.yaml
 services:
woodpecker-server:
[...]
environment:
- [...]
+ - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
woodpecker-agent:
[...]
environment:
- [...]
+ - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}

Docker imagesโ€‹

Image variants:

  • The vX.X.X images are stable releases
  • The vX.X images are based on the current release branch (e.g. release/v1.0) and can be used to get bug fixes asap
  • The vX same as vX.X variant but also includes feature releases
  • The next images are based on the current main branch
note

The latest tag is not available on purpose (and has been dropped with the 3.x release) to prevent accidental major version upgrades. Hence, users are forced to specify a fixed or rolling tag, omitting the tag identifier (which equals to pulling latest implicitly) won't work.

# server
docker pull woodpeckerci/woodpecker-server:v3
docker pull woodpeckerci/woodpecker-server:v3-alpine

# agent
docker pull woodpeckerci/woodpecker-agent:v3
docker pull woodpeckerci/woodpecker-agent:v3-alpine

# cli
docker pull woodpeckerci/woodpecker-cli:v3
docker pull woodpeckerci/woodpecker-cli:v3-alpine