fix: infra: CI broken on main — missing WOODPECKER_PLUGINS_PRIVILEGED server env + misplaced .woodpecker/ops-filer.yml in project repo (#779)

Part 1: Add WOODPECKER_PLUGINS_PRIVILEGED to woodpecker service environment in lib/generators.sh, defaulting to plugins/docker, overridable via .env. Document the new key in .env.example. Part 2: Delete .woodpecker/ops-filer.yml from project repo — it belongs in the ops repo and references secrets that don't exist here. Full ops-side filer setup deferred until sprint PRs need it. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 10:56:39 +00:00 · 2026-04-15 10:56:39 +00:00 · a8d393f3bd
commit a8d393f3bd
parent d0c0ef724a
4 changed files with 6 additions and 37 deletions
--- a/.env.example
+++ b/.env.example
@ -63,6 +63,10 @@ FORGE_BOT_USERNAMES=dev-bot,review-bot,planner-bot,gardener-bot,vault-bot,superv
 WOODPECKER_TOKEN=                          # [SECRET] Woodpecker API token
 WOODPECKER_SERVER=http://localhost:8000     # [CONFIG] Woodpecker server URL
 WOODPECKER_AGENT_SECRET=                   # [SECRET] shared secret for server↔agent auth (auto-generated)
+# Woodpecker privileged-plugin allowlist — comma-separated image names
+# Add plugins/docker (and others) here to allow privileged execution
+WOODPECKER_PLUGINS_PRIVILEGED=plugins/docker
+
 # WOODPECKER_REPO_ID — now per-project, set in projects/*.toml [ci] section

 # Woodpecker Postgres (for direct DB queries)