kyverno: allowlist woodpeckerci/* for CI step pods

Wave-1 trusted-registries allowlist was missing woodpeckerci/* which is used by every .woodpecker.yml's clone step (woodpeckerci/plugin-git) and build steps (woodpeckerci/plugin-docker-buildx). Result: ALL Woodpecker pipelines have been failing at the git step since the Audit→Enforce flip on 2026-05-19. First surfaced via code-da4h (recruiter-responder pushes not building). Added between viren070/* and zelest/* in the same DockerHub-user-repos block as the 2026-05-22 batch (commit 2d35d72a). Closes: code-da4h
2026-05-23 08:52:48 +00:00 · 2026-05-23 08:52:48 +00:00 · 68a503e29f
commit 68a503e29f
parent 000d306542
1 changed files with 2 additions and 1 deletions
--- a/stacks/kyverno/modules/kyverno/security-policies.tf
+++ b/stacks/kyverno/modules/kyverno/security-policies.tf
@ -355,7 +355,8 @@ resource "kubectl_manifest" "policy_require_trusted_registries" {
                  "shadowsocks/*", "shlinkio/*", "stirlingtools/*",
                  "technitium/*", "teddysun/*", "temporalio/*",
                  "typhonragewind/*", "tzahi12345/*", "vabene1111/*",
-                  "vaultwarden/*", "viktorbarzin/*", "viren070/*", "zelest/*",
+                  "vaultwarden/*", "viktorbarzin/*", "viren070/*",
+                  "woodpeckerci/*", "zelest/*",
                ])
              }]
            }