Woodpecker CI

Open-source CI/CD system forked from Drone CI, designed for self-hosted deployment. Woodpecker uses Docker containers for all pipeline steps with simple YAML definitions stored in .woodpecker.yaml. Lightweight Go binary with minimal resource requirements — ideal for homelab, small teams, and organizations with Gitea/Forgejo (self-hosted Git) wanting a matching self-hosted CI. Supports Gitea, Forgejo, GitHub, GitLab, Bitbucket.

Evaluated Mar 07, 2026 (0d ago) v2.x
Homepage ↗ Repo ↗ Developer Tools ci-cd self-hosted open-source gitea forgejo drone-fork kubernetes docker
⚙ Agent Friendliness
59
/ 100
Can an agent use this?
🔒 Security
77
/ 100
Is it safe for agents?
⚡ Reliability
70
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
78
Error Messages
72
Auth Simplicity
80
Rate Limits
85

🔒 Security

TLS Enforcement
85
Auth Strength
75
Scope Granularity
65
Dep. Hygiene
82
Secret Handling
80

Apache 2.0 open source for auditability. Self-hosted provides full control. Secrets encrypted in database. No built-in token scoping is a weakness. Security depends on deployment configuration.

⚡ Reliability

Uptime/SLA
70
Version Stability
72
Breaking Changes
68
Error Recovery
72
AF Security Reliability

Best When

You're running a self-hosted Git server (Gitea, Forgejo) and want a lightweight, matching self-hosted CI system with minimal operational overhead.

Avoid When

Your Git is hosted on GitHub/GitLab and you want native integration — GitHub Actions or GitLab CI are simpler. Also avoid if you need advanced enterprise CI features.

Use Cases

  • Run self-hosted CI/CD pipelines alongside a self-hosted Gitea or Forgejo instance for complete on-premises development infrastructure
  • Execute Docker-based build pipelines with minimal infrastructure overhead — Woodpecker runs as a single Go binary with SQLite storage
  • Build and test agent code on every commit with event-driven pipeline triggers via webhooks from any supported Git provider
  • Run multi-platform builds (linux/amd64, linux/arm64) using Woodpecker's native multi-arch agent support for Raspberry Pi and ARM servers
  • Implement secret management for CI pipelines using Woodpecker's built-in secrets store without external vault dependencies

Not For

  • Teams using GitHub or GitLab as primary Git host — GitHub Actions or GitLab CI are better integrated with their respective platforms
  • Organizations needing SaaS CI with no infrastructure management — use GitHub Actions, CircleCI, or Semaphore CI
  • Large-scale CI with advanced features (matrix builds at scale, flaky test detection) — Buildkite or larger CI platforms offer more enterprise features

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
Yes
OpenAPI Spec ↗

Authentication

Methods: api_key oauth2
OAuth: Yes Scopes: No

Personal API tokens generated per user. OAuth via connected Git provider (Gitea/GitHub/GitLab). No scope granularity — tokens grant access based on user permissions. Webhook signatures for payload verification.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

Woodpecker CI is Apache 2.0 open source with no commercial offering. Free forever. Infrastructure costs (servers to run Woodpecker) are the only expense.

Agent Metadata

Pagination
offset
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • Woodpecker's YAML format differs from Drone CI despite being a fork — files must be .woodpecker.yaml (not .drone.yml); existing Drone configs need migration
  • Pipeline definitions are stored in the repository — agents with CI/CD automation must have write access to the repo to modify pipeline definitions
  • Woodpecker's secret scopes (global, organization, repository) require careful management — missing secrets fail silently in some versions rather than with clear error messages
  • Multi-pipeline files (splitting .woodpecker.yaml into .woodpecker/ directory) changed behavior across versions — verify behavior on specific Woodpecker version
  • Agent/runner architecture requires separate runner deployment — the Woodpecker server manages pipelines but runners execute them; runners must have Docker access
  • Woodpecker's plugin ecosystem (Docker images for common tasks) is smaller than GitHub Actions marketplace — custom Docker images often needed for specialized tasks

Alternatives

gitea-actions-api jenkins-api tekton-api drone-ci-api semaphore-ci-api

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Woodpecker CI.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-07.

6470
Packages Evaluated
26150
Need Evaluation
173
Need Re-evaluation
Community Powered