harness-drone/docs/setup/plugins.md

# Plugins

Plugins are Docker containers, executed during your build process. Plugins are downloaded automatically, on-demand as they are encountered in your `.drone.yml` file.

See the [plugin marketplace](http://addons.drone.io) for a full catalog of official plugins.

## Security

For security reasons you must whitelist plugins. The default whitelist includes the official Drone plugins hosted in the [Docker registry](https://registry.hub.docker.com/repos/plugins/). Customize your whitelist by setting the `PLUGIN_FILTER` environment variable. This is a space-separated list and includes glob matching capabilities.

Whitelist official Drone plugins

```
PLUGIN_FILTER=plugins/*
```

Whitelist official Drone plugins and registry user `octocat`

```
PLUGIN_FILTER=plugins/* octocat/*
```

Additionally, some plugins may require to be execute as a "privileged" container.
This mode is most common for plugins that are attempting to run docker in docker type behaviors (for example the plugins/docker requires this mode).
Drone will ship will a default pattern that will allow selected official Drone plugins to run in an privileged mode.
This whitelist can be customized by setting the `ESCALATE_FILTER` environment variable.
This is a space-separated list and includes glob matching capabilities.

```
ESCALATE_FILTER=plugins/drone-docker plugins/drone-ecr plugins/drone-gcr
```
continued work on docs 2015-07-07 04:13:50 +00:00			`# Plugins`

			Plugins are Docker containers, executed during your build process. Plugins are downloaded automatically, on-demand as they are encountered in your `.drone.yml` file.

			`See the [plugin marketplace](http://addons.drone.io) for a full catalog of official plugins.`

			`## Security`

improving installation docs 2015-10-08 00:17:15 +00:00			For security reasons you must whitelist plugins. The default whitelist includes the official Drone plugins hosted in the [Docker registry](https://registry.hub.docker.com/repos/plugins/). Customize your whitelist by setting the `PLUGIN_FILTER` environment variable. This is a space-separated list and includes glob matching capabilities.
continued work on docs 2015-07-07 04:13:50 +00:00
improving installation docs 2015-10-08 00:17:15 +00:00			`Whitelist official Drone plugins`
continued work on docs 2015-07-07 04:13:50 +00:00
			```
improving installation docs 2015-10-08 00:17:15 +00:00			`PLUGIN_FILTER=plugins/*`
continued work on docs 2015-07-07 04:13:50 +00:00			```

improving installation docs 2015-10-08 00:17:15 +00:00			Whitelist official Drone plugins and registry user `octocat`
continued work on docs 2015-07-07 04:13:50 +00:00
			```
improving installation docs 2015-10-08 00:17:15 +00:00			`PLUGIN_FILTER=plugins/* octocat/*`
continued work on docs 2015-07-07 04:13:50 +00:00			```
Add support for configuring escalated plugins via envvar. 2016-01-10 23:19:48 +00:00
			`Additionally, some plugins may require to be execute as a "privileged" container.`
			`This mode is most common for plugins that are attempting to run docker in docker type behaviors (for example the plugins/docker requires this mode).`
			`Drone will ship will a default pattern that will allow selected official Drone plugins to run in an privileged mode.`
			This whitelist can be customized by setting the `ESCALATE_FILTER` environment variable.
			`This is a space-separated list and includes glob matching capabilities.`

			```
			`ESCALATE_FILTER=plugins/drone-docker plugins/drone-ecr plugins/drone-gcr`
			```