dreck is a fork of Derek. It adds Caddy integration,
so you can "just" run it as a plugin in Caddy v1. It also massively expands on the number
of features. Dreck depends on the GitHub CODEOWNERS feature and it will check if that
file exist. A separate .dreck.yaml
contains various things that are not captured in the
CODEOWNERS
file. Dreck doesn't support the email address syntax, so be sure to use GitHub usernames here.
Dreck can help you with managing pull requests and issues in your GitHub project. Dreck currently can:
-
Label/close/lock etc. issues and pull requests comments.
-
LGTM a pull request with a comment.
-
Merge a pull request, but only when the checks are OK and with at least 1 LGTM (/merge).
-
Define (shorter) alias for often used commands.
-
Execute (whitelisted) commands on the dreck server.
The commands must be given as the first word(s) on a line, multiple commands (up to 10) are allowed but we return on the first error encountered. This holds true for comments that are submitted via email. Opening issues and pull requests is handled differently in Github, but all commands are supported in there as well.
Commands are detected in a case insensitive manner.
For this all to work, you'll need to have an Github App that allows access to your repository. You'll need:
- Issues
- Pull Requests
- Issue Comments
And need to compile Caddy with this plugin.
If configuring Caddy, you need to recompile it with the dreck plugin enabled. After that the following configuration is available.
dreck {
client_id ID
private_key PATH
owners NAME
secret SECRET
path PATH
merge STRATEGY
validate
user USER
env NAME VALUE
}
-
client_id
is mandatory and must be the client ID of the Github App. -
private_key
specifies the PATH of the private key of the Github App. This is also mandatory. -
secret
specify a SECRET for the webhook. This is mandatory. -
validate
enable HMAC validation of the request, using the secret. This is mandatory. -
owners
can optionally specify a NAME for the .dreck.yaml file, defaults to ".dreck.yaml". -
path
trigger Dreck when the webhook hits PATH, defaults to "/dreck". -
merge
defines the STRATEGY for merging, possible values aremerge
,squash
orrebase
, it defaults tosquash
. -
user
specifies the USER to be used for executing commands. This defaults to the user running Caddy. -
env
defines environment variable with NAME and assign it VALUE. These may be repeated. Any executed command will have these variables in their environment.
The .dreck.yaml
file has features
and aliases
section that allows you to configure dreck. This
file should live in the top level directory of the repository.
features:
- feature1
- feature2
aliases:
- |
alias1
- |
alias2
An example:
features:
- exec
- aliases
aliases:
- |
/plugin (.*) -> /label add plugin/$1
- |
/release (.*) -> /exec /opt/bin/release $1
The comment handling feature is always enabled, so you will most like only used this for,
aliases
and exec
.
The following features are available.
-
aliases
- enable alias expansion. -
exec
- enables/exec
.
The following commands are supported in issue comments and pull requests. When referencing
a user you can use USER or @USER. Most commands are only available to user referenced in the
CODEOWNERS file. Commands comming from bots ([bot]
as suffix) are ignored.
-
/[un]label LABEL
, add/remove a label. -
/[un]assign USER
, [un]assign issue to USER, the empty string can be used as a shortcut for the current user. -
/close
, close issue. -
/reopen
, reopen issue. -
/title TITLE
, set the title for this issue to TITLE. -
/[un]lock
, [un]lock the issue. -
/[un]cc USER
, [un]cc USER request a review from this user, empty string means the current user. -
/[un]lgtm
, [un]approve the pull request, this adds a comment that it was LGTM-ed by the user issuing this command and adds an approve by the bot. -
/[un]approve
, alternative for lgtm. -
/merge
, merge this pull request if the checks are green and we have approval (and no explicit changes requested). -
/exec COMMAND
, executes COMMAND on the dreck server. Only commands via an expanded alias are allowed. -
/duplicate NUMBER
, mark this issue as a duplicate of NUMBER. This is done by closing the issue and adding the 'duplicate' label. -
/fortune
, adds a comment containing text obtained from running "fortune".
The aliases
sections of the .dreck.yaml allows you to specify alias for other commands. It's
a regular expression based format and looks like this: alias -> command
. Note the this is:
<space>-><space>
, e.g.:
/plugin (.*) -> /label plugin/$1
This defines a new command /plugin forward
that translates into /label plugin/forward
.
The regular expression (.*)
catches the argument after /plugin
and $1
is the first expression
match group.
Note this entire string needs to be taken literal to be valid yaml:
aliases:
- |
/plugin (.*) -> /label plugin/$1
Exec allows for processes be started on the dreck server. For this the exec
feature and the
aliases
feature must be enabled. Only commands expanded by an alias are allowed to execute, this
is to prevent things like /exec /bin/cat /etc/passwd
to be run accidentally. The standard output
of the command will be picked up and put in the new comment under the issue or pull request.
If user
is specified dreck will run the command under that user.
Apart from the environment set in the configuration all command well have access to GITHUB_TRIGGER.
If the command is given in an issue dreck will set GITHUB_TRIGGER to issue/NUMBER
, if done for a
pull request that value will be pull/NUMBER
.
If the command is run for a pull request dreck will update the status with 'pending' when the execution is in progress and either 'failed' or 'success' when the execution ends.
For example, if you want to execute /opt/bin/release ARGUMENT
on the server, the following alias
must be defined:
/release (.*) -> /exec /opt/bin/release $1
If you then call the command with /release 0.1
in issue 42. dreck will run:
/opt/bin/release 0.1
And GITHUB_TRIGGER will be issue/42.
Note that in this case /cat -> /exec /bin/cat /etc/resolv.conf
, running cat /etc/passwd
still yields in an (unwanted?) disclosure because the final command being run is /bin/cat /etc/resolv.conf /etc/passwd
. In other words be careful of what commands you white list.
dreck enforces a very restrictive white list on the allowed characters in the command. The white
list currently is this regular expression: ^[-a-zA-Z0-9 ./]+$
. Note that two dots in a row is not
allowed.
Set a label on an issue, on Github (or via email), create a reply that contains:
/label bug
And dreck will apply that label if it exists. Text can freely intermixed, but each command should be on its own line and start on the left most position.
This is good question.
/label question
While the following will not be detected as a command:
This is good question. /label question
See Derek of which dreck is a fork.
Apply a patch like the following:
diff --git caddyhttp/caddyhttp.go caddyhttp/caddyhttp.go
index 7ca8b874..34b8b405 100644
--- caddyhttp/caddyhttp.go
+++ caddyhttp/caddyhttp.go
@@ -46,4 +46,6 @@ import (
_ "github.com/caddyserver/caddy/caddyhttp/timeouts"
_ "github.com/caddyserver/caddy/caddyhttp/websocket"
_ "github.com/caddyserver/caddy/onevent"
+
+ _ "github.com/miekg/dreck"
)
diff --git caddyhttp/httpserver/plugin.go caddyhttp/httpserver/plugin.go
index 378e9cb8..79498579 100644
--- caddyhttp/httpserver/plugin.go
+++ caddyhttp/httpserver/plugin.go
@@ -701,6 +701,7 @@ var directives = []string{
"restic", // github.com/restic/caddy
"wkd", // github.com/emersion/caddy-wkd
"dyndns", // github.com/linkonoid/caddy-dyndns
+ "dreck", // "github.com/miekg/dreck"
}
const (