forked from zendesk/samson
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.env.example
152 lines (123 loc) · 6.95 KB
/
.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
PLUGINS=all
DEFAULT_URL=http://localhost:3000
SECRET_TOKEN={bundle exec rake secret}
RAILS_MIN_THREADS=5
RAILS_MAX_THREADS=10
# Required token to fetch commit diff / PR status / create tags etc
GITHUB_TOKEN=
# EMAIL_DOMAIN= # optional, set to company.com to limit login only for people at Company
# DEPLOY_TIMEOUT=3600 # optional, deploy timeout in seconds, defaults to 2 hours
## Auth with Github (optional)
# AUTH_GITHUB=true
# GITHUB_CLIENT_ID=
# GITHUB_SECRET=
# GITHUB_ORGANIZATION= # optional, users need to be member of this organization to sign up eg. 'zendesk'
# GITHUB_ADMIN_TEAM= # optional, users in this team are made into admins eg. owners
# GITHUB_DEPLOY_TEAM= # optional, users in this team are made into deployers eg. developers
# GITHUB_WEB_URL= # optional, replaces https://github.com
# GITHUB_API_URL= # optional, replaces https://api.github.com
# GITHUB_STATUS_URL= # optional, replaces https://status.github.com
## Auth with Google (optional)
# AUTH_GOOGLE=true
# GOOGLE_CLIENT_ID=
# GOOGLE_CLIENT_SECRET=
## Auth with LDAP (optional)
# AUTH_LDAP=true
# LDAP_TITLE= # eg. My LDAP Server}
# LDAP_HOST=192.168.25.188
# LDAP_PORT=389
# LDAP_BASE='dc=domain,dc=com'
# LDAP_UID=uid
# LDAP_BINDDN=userldap
# LDAP_PASSWORD=myldapsecret
## Auth with Gitlab (optional)
# AUTH_GITLAB=true
# GITLAB_APPLICATION_ID=
# GITLAB_SECRET=
# GITLAB_URL= # optional, replaces https://gitlab.com
## Periodical tasks (cron substitute, see lib/samson/periodical.rb)
# stop_expired_deploys:60
# remove_expired_locks:10
# renew_vault_token:86400
# report_system_stats:60
# periodical_deploy:86400
PERIODICAL=stop_expired_deploys:60,remove_expired_locks:60,report_system_stats:60,periodical_deploy:86400
## Buddy Check feature: deploys to production require a buddy
# BUDDY_CHECK_FEATURE=1 # optional, enable
# BUDDY_CHECK_TIME_LIMIT=20 # optional, max minutes a deploy is pending
# BYPASS_EMAIL= # optional, email destinations that are alerted about buddy_check bypasses, comma separated
# BYPASS_DETAILS= # optional 'Some text explaining bypass procedure'
## StatsD reporting
# STATSD_HOST=192.168.1.1
# STATSD_PORT=8125
# PROJECT_CREATED_NOTIFY_ADDRESS=bobby-the-security-auditor@yourcompany.com
# PROJECT_DELETED_NOTIFY_ADDRESS=bobby-the-security-auditor@yourcompany.com # if not set uses PROJECT_CREATED_NOTIFY_ADDRESS
# DEPLOY_GROUP_FEATURE=1 # optional, enable Environments and DeployGroups
# GITHUB_HOOK_SECRET=abcdef # optional, verify github hooks are signed with webhook secret
# AIRBRAKE_API_KEY= # optional, report errors to airbrake
# FORCE_SSL=1 # optional, to require SSL
# SESSION_EXPIRATION=3600 # optional, after how much time (seconds) to expire sessions, default: 1 month
# ENV_WHITELIST=FOOBAR,BARFOO # optional, list of env values that should be passed to the command when deploying
## NewRelic: optional report performance stats see https://docs.newrelic.com/docs/agents/ruby-agent/configuration/ruby-agent-configuration
# NEW_RELIC_LICENSE_KEY: my-key
# NEW_RELIC_APP_NAME: Samson
# NEW_RELIC_LOG_FILE_PATH: STDOUT
## Memcache: configure servers or we use localhost
# MEMCACHIER_SERVERS=a:123,b:234
# MEMCACHIER_USERNAME=username
# MEMCACHIER_PASSWORD=password
## Docker
# DOCKER_FEATURE=1 # optional, docker support
# DOCKER_REGISTRIES=https://user:[email protected]/some-namespace # required, where to push/pull your docker images
# DOCKER_HOST= # e.g. tcp://my-docker-registry.example.com:2375
# DOCKER_KEEP_BUILT_IMGS # optional. Set to 1 to keep built images for cache. Fills the disk so some cleanup machanism is needed
# DOCKER_READ_TIMEOUT=600 # optional. How long to wait on docker reads.
# FLOWDOCK_API_TOKEN= # optional. only required for the flowdock integration user mention autocomplete in the buddy approval request form (when BUDDY_CHECK_FEATURE=1). Buddy approval notification would still work without this
## Slack
# SLACK_API_TOKEN= # optional. only required for the slack integration user mention autocomplete in the buddy approval request form (when BUDDY_CHECK_FEATURE=1). Buddy approval notification would still work without this
# SLACK_CLIENT_ID= # optional, see plugins/slack_app/README.md
# SLACK_CLIENT_SECRET= # optional, see plugins/slack_app/README.md
# SLACK_VERIFICATION_TOKEN= # optional, see plugins/slack_app/README.md
# SLACK_GLOBAL_BUDDY_REQUEST="<webhook_url>#<channel>" # send notifications for all buddy requests to this channel
## Export job cleanup
## EXPORT_JOB_DOWNLOADED_AGE determines how long a csv export job and file should
## persist after it is downloaded before cleanup, default is 12 hours.
##
## EXPORT_JOB_MAX_AGE determines how long a csv export job and file should persist
## from it's creation date, default is 1 day.
# EXPORT_JOB_DOWNLOADED_AGE=43200 # optional
# EXPORT_JOB_MAX_AGE=86400 # optional
## JIRA_BASE_URL, if set, would enable the auto-detection of JIRA issue keys
## (e.g., KEY-123, SAMSON-456) in the titles and bodies of the pull requests
## associated with a deploy. The auto-detected JIRA issues will be displayed
## and linked (by prepending JIRA_BASE_URL) in the "JIRA Issues" tab of a deploy
##
## Full absolute JIRA URLs will still be detected, and they will take precedence
## over generated ones (i.e., if JIRA_BASE_URL is https://a.atlassian.net/browse/
## and both "KEY-123" and "http://z.atlassian.net/browse/KEY-123" appear in a
## pull request's title and body, only "http://z.atlassian.net/browse/KEY-123"
## would appear in the "JIRA Issues" tab).
##
# JIRA_BASE_URL= # optional, eg. https://jira.atlassian.net/browse/
## Request access UI on users profile page
# REQUEST_ACCESS_FEATURE=1 # optional, enable request access link
# REQUEST_ACCESS_EMAIL_ADDRESS_LIST= # optional, space separated list of email addresses (managers mailing list, JIRA, etc.)
# REQUEST_ACCESS_EMAIL_PREFIX= # optional, email subject prefix
## Secret storage
# SECRET_STORAGE_BACKEND= # optional, should be one of: SecretStorage::DbBackend (default) or SecretStorage::HashicorpVault
# SECRET_STORAGE_SHARING_GRANTS=true # optional, instead of sharing global secrets by default, access has to be granted
## Kubernetes
# SECRET_PULLER_IMAGE=zendesk/samson_secret_puller:latest # optional, docker image for zendesk/samson_secret_puller
# KUBERNETES_LOG_TIMEOUT=20 # how long to wait for logs to appear in seconds
# KUBERNETES_LOG_LINES=50 # how many lines of logs to show when a deploy fails
# KUBERNETES_ALLOWED_VOLUME_HOST_PATHS=/data/ # prevent containers from mounting dangerous directories
# KUBERNETES_USAGE_LIMIT_WARNING="If you need more, ask Steve!" # help message to display when user reaches usage limit
## Jenkins, optional, for triggering Jenkins builds after deployment
# JENKINS_URL= # server_url of jenkins
# JENKINS_USERNAME= # user id
# JENKINS_API_KEY= # API Token from user / Configure page
## Hyperclair, optional to security scan built docker images
# HYPERCLAIR_PATH=/usr/local/bin/hyperclair
## Automated deploys ... see api/automated_deploys_controller.rb
# AUTOMATED_DEPLOY_COMMAND_ID=123 # command to prepend to cloned automated stages