diff --git a/CHANGELOG.md b/CHANGELOG.md
index ac107b7..89e21ca 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,14 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## Unreleased
+### Added
+- option to disable netrc for non-clone steps
+- option to customize docker bridge networks
+
+### Changed
+- upgrade docker client
+
 ## 1.4.0
 ### Added
 - support for windows 1909
diff --git a/command/daemon/config.go b/command/daemon/config.go
index dde3c61..6d4e0a7 100644
--- a/command/daemon/config.go
+++ b/command/daemon/config.go
@@ -92,6 +92,10 @@ type Config struct {
 		SkipVerify bool   `envconfig:"DRONE_SECRET_PLUGIN_SKIP_VERIFY"`
 	}
 
+	Netrc struct {
+		CloneOnly bool `envconfig:"DRONE_NETRC_CLONE_ONLY"`
+	}
+
 	Registry struct {
 		Endpoint   string `envconfig:"DRONE_REGISTRY_PLUGIN_ENDPOINT"`
 		Token      string `envconfig:"DRONE_REGISTRY_PLUGIN_TOKEN"`
diff --git a/command/daemon/daemon.go b/command/daemon/daemon.go
index 9a88f52..a6a343d 100644
--- a/command/daemon/daemon.go
+++ b/command/daemon/daemon.go
@@ -93,6 +93,11 @@ func (c *daemonCommand) run(*kingpin.ParseContext) error {
 		if err == context.Canceled {
 			break
 		}
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
 		if err != nil {
 			logrus.WithError(err).
 				Errorln("cannot ping the docker daemon")
@@ -111,6 +116,7 @@ func (c *daemonCommand) run(*kingpin.ParseContext) error {
 	runner := &runtime.Runner{
 		Client:   cli,
 		Machine:  config.Runner.Name,
+		Environ:  config.Runner.Environ,
 		Reporter: tracer,
 		Lookup:   resource.Lookup,
 		Lint:     linter.New().Lint,
@@ -120,11 +126,12 @@ func (c *daemonCommand) run(*kingpin.ParseContext) error {
 			config.Limit.Trusted,
 		),
 		Compiler: &compiler.Compiler{
-			Clone:       config.Runner.Clone,
-			Privileged:  append(config.Runner.Privileged, compiler.Privileged...),
-			Networks:    config.Runner.Networks,
-			NetworkOpts: config.Runner.NetworkOpts,
-			Volumes:     config.Runner.Volumes,
+			Clone:          config.Runner.Clone,
+			Privileged:     append(config.Runner.Privileged, compiler.Privileged...),
+			Networks:       config.Runner.Networks,
+			NetworkOpts:    config.Runner.NetworkOpts,
+			NetrcCloneOnly: config.Netrc.CloneOnly,
+			Volumes:        config.Runner.Volumes,
 			Resources: compiler.Resources{
 				Memory:     config.Resources.Memory,
 				MemorySwap: config.Resources.MemorySwap,
diff --git a/command/daemon/process.go b/command/daemon/process.go
index 77e62bd..07d6a4d 100644
--- a/command/daemon/process.go
+++ b/command/daemon/process.go
@@ -66,15 +66,17 @@ func (c *processCommand) run(*kingpin.ParseContext) error {
 	runner := &runtime.Runner{
 		Client:   cli,
 		Machine:  config.Runner.Name,
+		Environ:  config.Runner.Environ,
 		Reporter: remote,
 		Lookup:   resource.Lookup,
 		Lint:     linter.New().Lint,
 		Match:    nil,
 		Compiler: &compiler.Compiler{
-			Clone:      config.Runner.Clone,
-			Privileged: append(config.Runner.Privileged, compiler.Privileged...),
-			Networks:   config.Runner.Networks,
-			Volumes:    config.Runner.Volumes,
+			Clone:          config.Runner.Clone,
+			Privileged:     append(config.Runner.Privileged, compiler.Privileged...),
+			Networks:       config.Runner.Networks,
+			NetrcCloneOnly: config.Netrc.CloneOnly,
+			Volumes:        config.Runner.Volumes,
 			Resources: compiler.Resources{
 				Memory:     config.Resources.Memory,
 				MemorySwap: config.Resources.MemorySwap,
diff --git a/engine/compiler/compiler.go b/engine/compiler/compiler.go
index c54d92c..63ae1eb 100644
--- a/engine/compiler/compiler.go
+++ b/engine/compiler/compiler.go
@@ -6,7 +6,6 @@ package compiler
 
 import (
 	"context"
-	"fmt"
 	"strings"
 
 	"github.com/drone-runners/drone-runner-docker/engine"
@@ -77,6 +76,10 @@ type Compiler struct {
 	// are used when creating the docker network.
 	NetworkOpts map[string]string
 
+	// NetrcCloneOnly instrucs the compiler to only inject
+	// the netrc file into the clone setp.
+	NetrcCloneOnly bool
+
 	// Volumes provides a set of volumes that should be
 	// mounted to each pipeline container.
 	Volumes map[string]string
@@ -215,17 +218,10 @@ func (c *Compiler) Compile(ctx context.Context, args runtime.CompilerArgs) runti
 		envs["DRONE_DOCKER_VOLUME_PATH"] = volume.HostPath.Path
 	}
 
-	// create the netrc environment variables
-	if args.Netrc != nil && args.Netrc.Machine != "" {
-		envs["DRONE_NETRC_MACHINE"] = args.Netrc.Machine
-		envs["DRONE_NETRC_USERNAME"] = args.Netrc.Login
-		envs["DRONE_NETRC_PASSWORD"] = args.Netrc.Password
-		envs["DRONE_NETRC_FILE"] = fmt.Sprintf(
-			"machine %s login %s password %s",
-			args.Netrc.Machine,
-			args.Netrc.Login,
-			args.Netrc.Password,
-		)
+	// create the .netrc environment variables if not
+	// explicitly disabled
+	if c.NetrcCloneOnly == false {
+		envs = environ.Combine(envs, environ.Netrc(args.Netrc))
 	}
 
 	match := manifest.Match{
@@ -250,6 +246,12 @@ func (c *Compiler) Compile(ctx context.Context, args runtime.CompilerArgs) runti
 		step.Volumes = append(step.Volumes, mount)
 		spec.Steps = append(spec.Steps, step)
 
+		// always set the .netrc file for the clone step.
+		// note that environment variables are only set
+		// if the .netrc file is not nil (it will always
+		// be nil for public repositories).
+		step.Envs = environ.Combine(step.Envs, environ.Netrc(args.Netrc))
+
 		// if the clone image is customized, override
 		// the default image.
 		if c.Clone != "" {
diff --git a/go.mod b/go.mod
index 9b5c86d..61490d2 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/docker/go-connections v0.3.0 // indirect
 	github.com/drone/drone-go v1.2.1-0.20200326064413-195394da1018
 	github.com/drone/envsubst v1.0.2
-	github.com/drone/runner-go v1.6.1-0.20200506182602-d2e6327ade15
+	github.com/drone/runner-go v1.6.1-0.20200813033918-b849bd35b2eb
 	github.com/drone/signal v1.0.0
 	github.com/ghodss/yaml v1.0.0
 	github.com/gogo/protobuf v0.0.0-20170307180453-100ba4e88506 // indirect
diff --git a/go.sum b/go.sum
index f921342..90c8467 100644
--- a/go.sum
+++ b/go.sum
@@ -42,6 +42,10 @@ github.com/drone/envsubst v1.0.2 h1:dpYLMAspQHW0a8dZpLRKe9jCNvIGZPhCPrycZzIHdqo=
 github.com/drone/envsubst v1.0.2/go.mod h1:bkZbnc/2vh1M12Ecn7EYScpI4YGYU0etwLJICOWi8Z0=
 github.com/drone/runner-go v1.6.1-0.20200506182602-d2e6327ade15 h1:+oj5a9GdF1DeQ3+i1pxARZBCd2wjYPPZveerAcF+WZk=
 github.com/drone/runner-go v1.6.1-0.20200506182602-d2e6327ade15/go.mod h1:+Zc4z9/xqlqkFkAcqOtuYjYS77d2PeuWh0PxxibHfNs=
+github.com/drone/runner-go v1.6.1-0.20200812000613-56f7972d3926 h1:3amY6XK13uKxSVEkl4qKXU6CZsEZnKYbY2c9glonlDw=
+github.com/drone/runner-go v1.6.1-0.20200812000613-56f7972d3926/go.mod h1:+Zc4z9/xqlqkFkAcqOtuYjYS77d2PeuWh0PxxibHfNs=
+github.com/drone/runner-go v1.6.1-0.20200813033918-b849bd35b2eb h1:jypm+IUZsFW6rINKlYm+/PmdGXRB18ugDbBkZiuBh8I=
+github.com/drone/runner-go v1.6.1-0.20200813033918-b849bd35b2eb/go.mod h1:+Zc4z9/xqlqkFkAcqOtuYjYS77d2PeuWh0PxxibHfNs=
 github.com/drone/signal v1.0.0 h1:NrnM2M/4yAuU/tXs6RP1a1ZfxnaHwYkd0kJurA1p6uI=
 github.com/drone/signal v1.0.0/go.mod h1:S8t92eFT0g4WUgEc/LxG+LCuiskpMNsG0ajAMGnyZpc=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=