diff --git a/config.schema.json b/config.schema.json index 4bb48a186..dafb93c3f 100644 --- a/config.schema.json +++ b/config.schema.json @@ -30,19 +30,6 @@ }, "additionalProperties": false }, - "github": { - "type": "object", - "description": "Deprecated: Defunct property that was used to provide the API URL for GitHub. No longer referenced in the codebase.", - "properties": { - "baseUrl": { - "type": "string", - "format": "uri", - "examples": ["https://api.github.com"], - "deprecated": true - } - }, - "additionalProperties": false - }, "gitleaks": { "type": "object", "description": "Configuration for the gitleaks (https://github.com/gitleaks/gitleaks) plugin", @@ -57,16 +44,188 @@ "additionalProperties": false }, "commitConfig": { - "description": "Enforce rules and patterns on commits including e-mail and message", - "type": "object" + "title": "CommitConfig", + "description": "Block commits based on rules defined over author/committer e-mail addresses, commit message content and diff content", + "type": "object", + "additionalProperties": false, + "properties": { + "author": { + "title": "Author", + "description": "Rules applied to commit authors", + "type": "object", + "additionalProperties": false, + "properties": { + "email": { + "title": "Email", + "description": "Rules applied to author email addresses", + "type": "object", + "additionalProperties": false, + "properties": { + "local": { + "title": "Local", + "description": "Rules applied to the local portion of the email address (i.e. section before the @ symbol)", + "type": "object", + "additionalProperties": false, + "properties": { + "block": { + "title": "Block", + "description": "Block commits with author email addresses where the first part matches this regular expression", + "type": "string" + } + }, + "required": [] + }, + "domain": { + "title": "Domain", + "description": "Rules applied to the domain portion of the email address (i.e. section after the @ symbol)", + "type": "object", + "additionalProperties": false, + "properties": { + "allow": { + "title": "Allow", + "description": "Allow only commits where the domain part of the email address matches this regular expression", + "type": "string" + } + }, + "required": [] + } + }, + "required": [] + } + }, + "required": [] + }, + "message": { + "title": "Message", + "description": "Rules applied to commit messages", + "type": "object", + "additionalProperties": false, + "properties": { + "block": { + "title": "MessageBlock", + "description": "Block commits where the commit message matches any of the given patterns", + "type": "object", + "additionalProperties": false, + "properties": { + "literals": { + "title": "MessageBlockLiteral", + "description": "Block commits where the commit message contains any of the given string literals", + "type": "array", + "items": { "type": "string" } + }, + "patterns": { + "title": "MessageBlockLiteral", + "description": "Block commits where the commit message matches any of the given regular expressions", + "type": "array", + "items": { "type": "string" } + } + }, + "required": [] + } + }, + "required": [] + }, + "diff": { + "title": "Diff", + "description": "Rules applied to commit diff content", + "type": "object", + "additionalProperties": false, + "properties": { + "block": { + "title": "DiffBlock", + "description": "Block commits where the commit diff matches any of the given patterns", + "type": "object", + "additionalProperties": false, + "properties": { + "literals": { + "title": "DiffBlockLiteral", + "description": "Block commits where the commit diff content contains any of the given string literals", + "type": "array", + "items": { + "type": "string" + } + }, + "patterns": { + "title": "MessageBlockPatterns", + "description": "Block commits where the commit diff content matches any of the given regular expressions", + "type": "array", + "items": {} + }, + "providers": { + "title": "MessageBlockProviders", + "description": "Block commits where the commit diff content matches any of the given regular expressions, except where the repository path (project/organisation) matches one of the listed privateOrganisations. The keys in this array are listed as the block type in logs.", + "type": "object", + "additionalProperties": { "type": "string" } + } + }, + "required": [] + } + }, + "required": [] + } + }, + "required": [] }, "attestationConfig": { - "description": "Customisable questions to add to attestation form", - "type": "object" + "title": "AttestationConfig", + "description": "Configuration for the attestation form displayed to reviewers. Reviewers will need to check the box next to each question in order to complete the review attestation.", + "type": "object", + "additionalProperties": false, + "properties": { + "questions": { + "title": "AttestationQuestions", + "description": "Customisable attestation questions to add to attestation form.", + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "properties": { + "label": { + "title": "QuestionLabel", + "description": "The text of the question that will be displayed to the reviewer", + "type": "string" + }, + "tooltip": { + "title": "QuestionTooltip", + "description": "A tooltip and optional set of links that will be displayed on mouseover of the question and used to provide additional guidance to the reviewer.", + "type": "object", + "additionalProperties": false, + "properties": { + "text": { + "type": "string" + }, + "links": { + "type": "array", + "items": { "type": "string", "format": "url" } + } + }, + "required": ["text"] + } + }, + "required": ["label", "tooltip"], + "title": "Question" + } + } + }, + "required": [] }, "domains": { - "description": "Provide domains to use alternative to the defaults", - "type": "object" + "description": "Provide custom URLs for the git proxy interfaces in case it cannot determine its own URL", + "type": "object", + "properties": { + "proxy": { + "title": "ProxyUrl", + "description": "Override for the default proxy URL, should include the protocol", + "type": "string", + "format": "url" + }, + "service": { + "title": "Service UI URL", + "description": "Override for the service UI URL, should include the protocol", + "type": "string", + "format": "url" + } + } }, "rateLimit": { "description": "API Rate limiting configuration.", @@ -93,7 +252,7 @@ "additionalProperties": false }, "privateOrganizations": { - "description": "Pattern searches for listed private organizations are disabled", + "description": "Provider searches for listed private organizations are disabled, see commitConfig.diff.block.providers", "type": "array" }, "urlShortener": { diff --git a/src/config/generated/config.ts b/src/config/generated/config.ts index 151269286..4d3493e1a 100644 --- a/src/config/generated/config.ts +++ b/src/config/generated/config.ts @@ -23,9 +23,10 @@ export interface GitProxyConfig { */ apiAuthentication?: AuthenticationElement[]; /** - * Customisable questions to add to attestation form + * Configuration for the attestation form displayed to reviewers. Reviewers will need to + * check the box next to each question in order to complete the review attestation. */ - attestationConfig?: { [key: string]: any }; + attestationConfig?: AttestationConfig; /** * List of authentication sources. The first source in the configuration with enabled=true * will be used. @@ -36,9 +37,10 @@ export interface GitProxyConfig { */ authorisedList?: AuthorisedRepo[]; /** - * Enforce rules and patterns on commits including e-mail and message + * Block commits based on rules defined over author/committer e-mail addresses, commit + * message content and diff content */ - commitConfig?: { [key: string]: any }; + commitConfig?: CommitConfig; configurationSources?: any; /** * Customisable e-mail address to share in proxy responses and warnings @@ -50,16 +52,17 @@ export interface GitProxyConfig { */ csrfProtection?: boolean; /** - * Provide domains to use alternative to the defaults + * Provide custom URLs for the git proxy interfaces in case it cannot determine its own URL */ - domains?: { [key: string]: any }; + domains?: Domains; /** * List of plugins to integrate on GitProxy's push or pull actions. Each value is either a * file path or a module name. */ plugins?: string[]; /** - * Pattern searches for listed private organizations are disabled + * Provider searches for listed private organizations are disabled, see + * commitConfig.diff.block.providers */ privateOrganizations?: any[]; /** @@ -108,11 +111,6 @@ export interface GitProxyConfig { * Third party APIs */ export interface API { - /** - * Deprecated: Defunct property that was used to provide the API URL for GitHub. No longer - * referenced in the codebase. - */ - github?: Github; /** * Configuration for the gitleaks (https://github.com/gitleaks/gitleaks) plugin */ @@ -125,14 +123,6 @@ export interface API { ls?: Ls; } -/** - * Deprecated: Defunct property that was used to provide the API URL for GitHub. No longer - * referenced in the codebase. - */ -export interface Github { - baseUrl?: string; -} - /** * Configuration for the gitleaks (https://github.com/gitleaks/gitleaks) plugin */ @@ -257,6 +247,38 @@ export enum Type { Openidconnect = 'openidconnect', } +/** + * Configuration for the attestation form displayed to reviewers. Reviewers will need to + * check the box next to each question in order to complete the review attestation. + */ +export interface AttestationConfig { + /** + * Customisable attestation questions to add to attestation form. + */ + questions?: Question[]; +} + +export interface Question { + /** + * The text of the question that will be displayed to the reviewer + */ + label: string; + /** + * A tooltip and optional set of links that will be displayed on mouseover of the question + * and used to provide additional guidance to the reviewer. + */ + tooltip: QuestionTooltip; +} + +/** + * A tooltip and optional set of links that will be displayed on mouseover of the question + * and used to provide additional guidance to the reviewer. + */ +export interface QuestionTooltip { + links?: string[]; + text: string; +} + export interface AuthorisedRepo { name: string; project: string; @@ -264,6 +286,140 @@ export interface AuthorisedRepo { [property: string]: any; } +/** + * Block commits based on rules defined over author/committer e-mail addresses, commit + * message content and diff content + */ +export interface CommitConfig { + /** + * Rules applied to commit authors + */ + author?: Author; + /** + * Rules applied to commit diff content + */ + diff?: Diff; + /** + * Rules applied to commit messages + */ + message?: Message; +} + +/** + * Rules applied to commit authors + */ +export interface Author { + /** + * Rules applied to author email addresses + */ + email?: Email; +} + +/** + * Rules applied to author email addresses + */ +export interface Email { + /** + * Rules applied to the domain portion of the email address (i.e. section after the @ symbol) + */ + domain?: Domain; + /** + * Rules applied to the local portion of the email address (i.e. section before the @ symbol) + */ + local?: Local; +} + +/** + * Rules applied to the domain portion of the email address (i.e. section after the @ symbol) + */ +export interface Domain { + /** + * Allow only commits where the domain part of the email address matches this regular + * expression + */ + allow?: string; +} + +/** + * Rules applied to the local portion of the email address (i.e. section before the @ symbol) + */ +export interface Local { + /** + * Block commits with author email addresses where the first part matches this regular + * expression + */ + block?: string; +} + +/** + * Rules applied to commit diff content + */ +export interface Diff { + /** + * Block commits where the commit diff matches any of the given patterns + */ + block?: DiffBlock; +} + +/** + * Block commits where the commit diff matches any of the given patterns + */ +export interface DiffBlock { + /** + * Block commits where the commit diff content contains any of the given string literals + */ + literals?: string[]; + /** + * Block commits where the commit diff content matches any of the given regular expressions + */ + patterns?: any[]; + /** + * Block commits where the commit diff content matches any of the given regular expressions, + * except where the repository path (project/organisation) matches one of the listed + * privateOrganisations. The keys in this array are listed as the block type in logs. + */ + providers?: { [key: string]: string }; +} + +/** + * Rules applied to commit messages + */ +export interface Message { + /** + * Block commits where the commit message matches any of the given patterns + */ + block?: MessageBlock; +} + +/** + * Block commits where the commit message matches any of the given patterns + */ +export interface MessageBlock { + /** + * Block commits where the commit message contains any of the given string literals + */ + literals?: string[]; + /** + * Block commits where the commit message matches any of the given regular expressions + */ + patterns?: string[]; +} + +/** + * Provide custom URLs for the git proxy interfaces in case it cannot determine its own URL + */ +export interface Domains { + /** + * Override for the default proxy URL, should include the protocol + */ + proxy?: string; + /** + * Override for the service UI URL, should include the protocol + */ + service?: string; + [property: string]: any; +} + /** * API Rate limiting configuration. */ @@ -523,19 +679,23 @@ const typeMap: any = { js: 'apiAuthentication', typ: u(undefined, a(r('AuthenticationElement'))), }, - { json: 'attestationConfig', js: 'attestationConfig', typ: u(undefined, m('any')) }, + { + json: 'attestationConfig', + js: 'attestationConfig', + typ: u(undefined, r('AttestationConfig')), + }, { json: 'authentication', js: 'authentication', typ: u(undefined, a(r('AuthenticationElement'))), }, { json: 'authorisedList', js: 'authorisedList', typ: u(undefined, a(r('AuthorisedRepo'))) }, - { json: 'commitConfig', js: 'commitConfig', typ: u(undefined, m('any')) }, + { json: 'commitConfig', js: 'commitConfig', typ: u(undefined, r('CommitConfig')) }, { json: 'configurationSources', js: 'configurationSources', typ: u(undefined, 'any') }, { json: 'contactEmail', js: 'contactEmail', typ: u(undefined, '') }, { json: 'cookieSecret', js: 'cookieSecret', typ: u(undefined, '') }, { json: 'csrfProtection', js: 'csrfProtection', typ: u(undefined, true) }, - { json: 'domains', js: 'domains', typ: u(undefined, m('any')) }, + { json: 'domains', js: 'domains', typ: u(undefined, r('Domains')) }, { json: 'plugins', js: 'plugins', typ: u(undefined, a('')) }, { json: 'privateOrganizations', js: 'privateOrganizations', typ: u(undefined, a('any')) }, { json: 'proxyUrl', js: 'proxyUrl', typ: u(undefined, '') }, @@ -553,13 +713,11 @@ const typeMap: any = { ), API: o( [ - { json: 'github', js: 'github', typ: u(undefined, r('Github')) }, { json: 'gitleaks', js: 'gitleaks', typ: u(undefined, r('Gitleaks')) }, { json: 'ls', js: 'ls', typ: u(undefined, r('Ls')) }, ], false, ), - Github: o([{ json: 'baseUrl', js: 'baseUrl', typ: u(undefined, '') }], false), Gitleaks: o( [ { json: 'configPath', js: 'configPath', typ: u(undefined, '') }, @@ -609,6 +767,24 @@ const typeMap: any = { ], 'any', ), + AttestationConfig: o( + [{ json: 'questions', js: 'questions', typ: u(undefined, a(r('Question'))) }], + false, + ), + Question: o( + [ + { json: 'label', js: 'label', typ: '' }, + { json: 'tooltip', js: 'tooltip', typ: r('QuestionTooltip') }, + ], + false, + ), + QuestionTooltip: o( + [ + { json: 'links', js: 'links', typ: u(undefined, a('')) }, + { json: 'text', js: 'text', typ: '' }, + ], + false, + ), AuthorisedRepo: o( [ { json: 'name', js: 'name', typ: '' }, @@ -617,6 +793,48 @@ const typeMap: any = { ], 'any', ), + CommitConfig: o( + [ + { json: 'author', js: 'author', typ: u(undefined, r('Author')) }, + { json: 'diff', js: 'diff', typ: u(undefined, r('Diff')) }, + { json: 'message', js: 'message', typ: u(undefined, r('Message')) }, + ], + false, + ), + Author: o([{ json: 'email', js: 'email', typ: u(undefined, r('Email')) }], false), + Email: o( + [ + { json: 'domain', js: 'domain', typ: u(undefined, r('Domain')) }, + { json: 'local', js: 'local', typ: u(undefined, r('Local')) }, + ], + false, + ), + Domain: o([{ json: 'allow', js: 'allow', typ: u(undefined, '') }], false), + Local: o([{ json: 'block', js: 'block', typ: u(undefined, '') }], false), + Diff: o([{ json: 'block', js: 'block', typ: u(undefined, r('DiffBlock')) }], false), + DiffBlock: o( + [ + { json: 'literals', js: 'literals', typ: u(undefined, a('')) }, + { json: 'patterns', js: 'patterns', typ: u(undefined, a('any')) }, + { json: 'providers', js: 'providers', typ: u(undefined, m('')) }, + ], + false, + ), + Message: o([{ json: 'block', js: 'block', typ: u(undefined, r('MessageBlock')) }], false), + MessageBlock: o( + [ + { json: 'literals', js: 'literals', typ: u(undefined, a('')) }, + { json: 'patterns', js: 'patterns', typ: u(undefined, a('')) }, + ], + false, + ), + Domains: o( + [ + { json: 'proxy', js: 'proxy', typ: u(undefined, '') }, + { json: 'service', js: 'service', typ: u(undefined, '') }, + ], + 'any', + ), RateLimit: o( [ { json: 'limit', js: 'limit', typ: 3.14 }, diff --git a/src/config/types.ts b/src/config/types.ts index 291de4081..524ace28c 100644 --- a/src/config/types.ts +++ b/src/config/types.ts @@ -1,30 +1,5 @@ import { Options as RateLimitOptions } from 'express-rate-limit'; -export interface UserSettings { - uiRouteAuth: Record; - authorisedList: AuthorisedRepo[]; - sink: Database[]; - authentication: Authentication[]; - apiAuthentication: Authentication[]; - tempPassword?: TempPasswordConfig; - proxyUrl: string; - api: Record; - cookieSecret: string; - sessionMaxAgeHours: number; - tls?: TLSConfig; - sslCertPemPath?: string; // deprecated - sslKeyPemPath?: string; // deprecated - plugins: any[]; - commitConfig: Record; - attestationConfig: Record; - privateOrganizations: any[]; - urlShortener: string; - contactEmail: string; - csrfProtection: boolean; - domains: Record; - rateLimit: RateLimitConfig; -} - export interface TLSConfig { enabled?: boolean; cert?: string; diff --git a/src/proxy/processors/push-action/checkAuthorEmails.ts b/src/proxy/processors/push-action/checkAuthorEmails.ts index 00774cbe7..3c7cbb89c 100644 --- a/src/proxy/processors/push-action/checkAuthorEmails.ts +++ b/src/proxy/processors/push-action/checkAuthorEmails.ts @@ -13,14 +13,14 @@ const isEmailAllowed = (email: string): boolean => { const [emailLocal, emailDomain] = email.split('@'); if ( - commitConfig.author.email.domain.allow && + commitConfig?.author?.email?.domain?.allow && !new RegExp(commitConfig.author.email.domain.allow, 'g').test(emailDomain) ) { return false; } if ( - commitConfig.author.email.local.block && + commitConfig?.author?.email?.local?.block && new RegExp(commitConfig.author.email.local.block, 'g').test(emailLocal) ) { return false; diff --git a/src/proxy/processors/push-action/checkCommitMessages.ts b/src/proxy/processors/push-action/checkCommitMessages.ts index a85b2fa9c..79a259d8b 100644 --- a/src/proxy/processors/push-action/checkCommitMessages.ts +++ b/src/proxy/processors/push-action/checkCommitMessages.ts @@ -19,10 +19,10 @@ const isMessageAllowed = (commitMessage: string): boolean => { } // Configured blocked literals - const blockedLiterals: string[] = commitConfig.message.block.literals; + const blockedLiterals: string[] = commitConfig?.message?.block?.literals ?? []; // Configured blocked patterns - const blockedPatterns: string[] = commitConfig.message.block.patterns; + const blockedPatterns: string[] = commitConfig?.message?.block?.patterns ?? []; // Find all instances of blocked literals in commit message... const positiveLiterals = blockedLiterals.map((literal: string) => diff --git a/src/proxy/processors/push-action/scanDiff.ts b/src/proxy/processors/push-action/scanDiff.ts index df797ec02..b1e3152bd 100644 --- a/src/proxy/processors/push-action/scanDiff.ts +++ b/src/proxy/processors/push-action/scanDiff.ts @@ -63,16 +63,16 @@ const getDiffViolations = (diff: string, organization: string): Match[] | string const combineMatches = (organization: string) => { // Configured blocked literals - const blockedLiterals: string[] = commitConfig.diff.block.literals; + const blockedLiterals: string[] = commitConfig?.diff?.block?.literals ?? []; // Configured blocked patterns - const blockedPatterns: string[] = commitConfig.diff.block.patterns; + const blockedPatterns: string[] = commitConfig?.diff?.block?.patterns ?? []; // Configured blocked providers const blockedProviders: [string, string][] = organization && privateOrganizations.includes(organization) ? [] - : Object.entries(commitConfig.diff.block.providers); + : Object.entries(commitConfig?.diff?.block?.providers ?? []); // Combine all matches (literals, patterns) const combinedMatches = [ diff --git a/test/generated-config.test.js b/test/generated-config.test.js index 4961827d7..cdeed2349 100644 --- a/test/generated-config.test.js +++ b/test/generated-config.test.js @@ -1,7 +1,6 @@ const chai = require('chai'); const { Convert } = require('../src/config/generated/config'); const defaultSettings = require('../proxy.config.json'); -const { isUserInAdGroup } = require('../src/service/passport/ldaphelper'); const { expect } = chai; diff --git a/website/docs/configuration/reference.mdx b/website/docs/configuration/reference.mdx index 4063aa0c5..2bb5d4c8c 100644 --- a/website/docs/configuration/reference.mdx +++ b/website/docs/configuration/reference.mdx @@ -114,35 +114,158 @@ description: JSON schema reference documentation for GitProxy
- 4.2. [Optional] Property GitProxy configuration file > api > github + 4.2. [Optional] Property GitProxy configuration file > api > gitleaks
+| | | +| ------------------------- | ---------------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | Any type allowed | + +**Description:** Configuration for the gitleaks (https://github.com/gitleaks/gitleaks) plugin + +
+ + 4.2.1. [Optional] Property GitProxy configuration file > api > gitleaks > enabled + +
+ +| | | +| ------------ | --------- | +| **Type** | `boolean` | +| **Required** | No | + +
+
+ +
+ + 4.2.2. [Optional] Property GitProxy configuration file > api > gitleaks > ignoreGitleaksAllow + +
+ +| | | +| ------------ | --------- | +| **Type** | `boolean` | +| **Required** | No | + +
+
+ +
+ + 4.2.3. [Optional] Property GitProxy configuration file > api > gitleaks > noColor + +
+ +| | | +| ------------ | --------- | +| **Type** | `boolean` | +| **Required** | No | + +
+
+ +
+ + 4.2.4. [Optional] Property GitProxy configuration file > api > gitleaks > configPath + +
+ +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +
+
+ +
+
+ + + + +
+ + 5. [Optional] Property GitProxy configuration file > commitConfig + +
+ +**Title:** CommitConfig + +| | | +| ------------------------- | ----------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | Not allowed | + +**Description:** Block commits based on rules defined over author/committer e-mail addresses, commit message content and diff content + +
+ + 5.1. [Optional] Property GitProxy configuration file > commitConfig > author + +
+ +**Title:** Author + +| | | +| ------------------------- | ----------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | Not allowed | + +**Description:** Rules applied to commit authors + +
+ + 5.1.1. [Optional] Property GitProxy configuration file > commitConfig > author > email + +
+ +**Title:** Email + +| | | +| ------------------------- | ----------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | Not allowed | + +**Description:** Rules applied to author email addresses + +
+ + 5.1.1.1. [Optional] Property GitProxy configuration file > commitConfig > author > email > local + +
+ +**Title:** Local + | | | | ------------------------- | ----------- | | **Type** | `object` | | **Required** | No | | **Additional properties** | Not allowed | -**Description:** Deprecated: Defunct property that was used to provide the API URL for GitHub. No longer referenced in the codebase. +**Description:** Rules applied to the local portion of the email address (i.e. section before the @ symbol)
- 4.2.1. [Optional] Property GitProxy configuration file > api > github > baseUrl + 5.1.1.1.1. [Optional] Property GitProxy configuration file > commitConfig > author > email > local > block
+**Title:** Block + | | | | ------------ | -------- | | **Type** | `string` | | **Required** | No | -| **Format** | `uri` | - -**Example:** -```json -"https://api.github.com" -``` +**Description:** Block commits with author email addresses where the first part matches this regular expression
@@ -152,66 +275,129 @@ description: JSON schema reference documentation for GitProxy
- 4.3. [Optional] Property GitProxy configuration file > api > gitleaks + 5.1.1.2. [Optional] Property GitProxy configuration file > commitConfig > author > email > domain
-| | | -| ------------------------- | ---------------- | -| **Type** | `object` | -| **Required** | No | -| **Additional properties** | Any type allowed | +**Title:** Domain -**Description:** Configuration for the gitleaks (https://github.com/gitleaks/gitleaks) plugin +| | | +| ------------------------- | ----------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | Not allowed | + +**Description:** Rules applied to the domain portion of the email address (i.e. section after the @ symbol)
- 4.3.1. [Optional] Property GitProxy configuration file > api > gitleaks > enabled + 5.1.1.2.1. [Optional] Property GitProxy configuration file > commitConfig > author > email > domain > allow
-| | | -| ------------ | --------- | -| **Type** | `boolean` | -| **Required** | No | +**Title:** Allow + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +**Description:** Allow only commits where the domain part of the email address matches this regular expression + +
+
+ +
+
+ +
+
- 4.3.2. [Optional] Property GitProxy configuration file > api > gitleaks > ignoreGitleaksAllow + 5.2. [Optional] Property GitProxy configuration file > commitConfig > message
-| | | -| ------------ | --------- | -| **Type** | `boolean` | -| **Required** | No | +**Title:** Message -
-
+| | | +| ------------------------- | ----------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | Not allowed | + +**Description:** Rules applied to commit messages
- 4.3.3. [Optional] Property GitProxy configuration file > api > gitleaks > noColor + 5.2.1. [Optional] Property GitProxy configuration file > commitConfig > message > block
-| | | -| ------------ | --------- | -| **Type** | `boolean` | -| **Required** | No | +**Title:** MessageBlock + +| | | +| ------------------------- | ----------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | Not allowed | + +**Description:** Block commits where the commit message matches any of the given patterns + +
+ + 5.2.1.1. [Optional] Property GitProxy configuration file > commitConfig > message > block > literals + +
+ +**Title:** MessageBlockLiteral + +| | | +| ------------ | ----------------- | +| **Type** | `array of string` | +| **Required** | No | + +**Description:** Block commits where the commit message contains any of the given string literals + +| Each item of this array must be | Description | +| ------------------------------------------------------------ | ----------- | +| [literals items](#commitConfig_message_block_literals_items) | - | + +###### 5.2.1.1.1. GitProxy configuration file > commitConfig > message > block > literals > literals items + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No |
- 4.3.4. [Optional] Property GitProxy configuration file > api > gitleaks > configPath + 5.2.1.2. [Optional] Property GitProxy configuration file > commitConfig > message > block > patterns
+**Title:** MessageBlockLiteral + +| | | +| ------------ | ----------------- | +| **Type** | `array of string` | +| **Required** | No | + +**Description:** Block commits where the commit message matches any of the given regular expressions + +| Each item of this array must be | Description | +| ------------------------------------------------------------ | ----------- | +| [patterns items](#commitConfig_message_block_patterns_items) | - | + +###### 5.2.1.2.1. GitProxy configuration file > commitConfig > message > block > patterns > patterns items + | | | | ------------ | -------- | | **Type** | `string` | @@ -228,17 +414,133 @@ description: JSON schema reference documentation for GitProxy
- 5. [Optional] Property GitProxy configuration file > commitConfig + 5.3. [Optional] Property GitProxy configuration file > commitConfig > diff + +
+ +**Title:** Diff + +| | | +| ------------------------- | ----------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | Not allowed | + +**Description:** Rules applied to commit diff content + +
+ + 5.3.1. [Optional] Property GitProxy configuration file > commitConfig > diff > block + +
+ +**Title:** DiffBlock + +| | | +| ------------------------- | ----------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | Not allowed | + +**Description:** Block commits where the commit diff matches any of the given patterns + +
+ + 5.3.1.1. [Optional] Property GitProxy configuration file > commitConfig > diff > block > literals + +
+ +**Title:** DiffBlockLiteral + +| | | +| ------------ | ----------------- | +| **Type** | `array of string` | +| **Required** | No | + +**Description:** Block commits where the commit diff content contains any of the given string literals + +| Each item of this array must be | Description | +| --------------------------------------------------------- | ----------- | +| [literals items](#commitConfig_diff_block_literals_items) | - | + +###### 5.3.1.1.1. GitProxy configuration file > commitConfig > diff > block > literals > literals items + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +
+
+ +
+ + 5.3.1.2. [Optional] Property GitProxy configuration file > commitConfig > diff > block > patterns
+**Title:** MessageBlockPatterns + +| | | +| ------------ | ------- | +| **Type** | `array` | +| **Required** | No | + +**Description:** Block commits where the commit diff content matches any of the given regular expressions + +| Each item of this array must be | Description | +| --------------------------------------------------------- | ----------- | +| [patterns items](#commitConfig_diff_block_patterns_items) | - | + +###### 5.3.1.2.1. GitProxy configuration file > commitConfig > diff > block > patterns > patterns items + | | | | ------------------------- | ---------------- | | **Type** | `object` | | **Required** | No | | **Additional properties** | Any type allowed | -**Description:** Enforce rules and patterns on commits including e-mail and message +
+
+ +
+ + 5.3.1.3. [Optional] Property GitProxy configuration file > commitConfig > diff > block > providers + +
+ +**Title:** MessageBlockProviders + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | [Each additional property must conform to the schema](#commitConfig_diff_block_providers_additionalProperties) | + +**Description:** Block commits where the commit diff content matches any of the given regular expressions, except where the repository path (project/organisation) matches one of the listed privateOrganisations. The keys in this array are listed as the block type in logs. + +
+ + 5.3.1.3.1. Property GitProxy configuration file > commitConfig > diff > block > providers > additionalProperties + +
+ +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | + +
+
+ +
+
+ +
+
+ +
+
@@ -249,13 +551,124 @@ description: JSON schema reference documentation for GitProxy
-| | | -| ------------------------- | ---------------- | -| **Type** | `object` | -| **Required** | No | -| **Additional properties** | Any type allowed | +**Title:** AttestationConfig + +| | | +| ------------------------- | ----------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | Not allowed | + +**Description:** Configuration for the attestation form displayed to reviewers. Reviewers will need to check the box next to each question in order to complete the review attestation. + +
+ + 6.1. [Optional] Property GitProxy configuration file > attestationConfig > questions + +
+ +**Title:** AttestationQuestions + +| | | +| ------------ | ----------------- | +| **Type** | `array of object` | +| **Required** | No | + +**Description:** Customisable attestation questions to add to attestation form. -**Description:** Customisable questions to add to attestation form +| Each item of this array must be | Description | +| ---------------------------------------------- | ----------- | +| [Question](#attestationConfig_questions_items) | - | + +#### 6.1.1. GitProxy configuration file > attestationConfig > questions > Question + +**Title:** Question + +| | | +| ------------------------- | ----------- | +| **Type** | `object` | +| **Required** | No | +| **Additional properties** | Not allowed | + +
+ + 6.1.1.1. [Required] Property GitProxy configuration file > attestationConfig > questions > Question > label + +
+ +**Title:** QuestionLabel + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | Yes | + +**Description:** The text of the question that will be displayed to the reviewer + +
+
+ +
+ + 6.1.1.2. [Required] Property GitProxy configuration file > attestationConfig > questions > Question > tooltip + +
+ +**Title:** QuestionTooltip + +| | | +| ------------------------- | ----------- | +| **Type** | `object` | +| **Required** | Yes | +| **Additional properties** | Not allowed | + +**Description:** A tooltip and optional set of links that will be displayed on mouseover of the question and used to provide additional guidance to the reviewer. + +
+ + 6.1.1.2.1. [Required] Property GitProxy configuration file > attestationConfig > questions > Question > tooltip > text + +
+ +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | Yes | + +
+
+ +
+ + 6.1.1.2.2. [Optional] Property GitProxy configuration file > attestationConfig > questions > Question > tooltip > links + +
+ +| | | +| ------------ | ----------------- | +| **Type** | `array of string` | +| **Required** | No | + +| Each item of this array must be | Description | +| --------------------------------------------------------------------- | ----------- | +| [links items](#attestationConfig_questions_items_tooltip_links_items) | - | + +###### 6.1.1.2.2.1. GitProxy configuration file > attestationConfig > questions > Question > tooltip > links > links items + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | +| **Format** | `url` | + +
+
+ +
+
+ +
+
@@ -272,7 +685,45 @@ description: JSON schema reference documentation for GitProxy | **Required** | No | | **Additional properties** | Any type allowed | -**Description:** Provide domains to use alternative to the defaults +**Description:** Provide custom URLs for the git proxy interfaces in case it cannot determine its own URL + +
+ + 7.1. [Optional] Property GitProxy configuration file > domains > proxy + +
+ +**Title:** ProxyUrl + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | +| **Format** | `url` | + +**Description:** Override for the default proxy URL, should include the protocol + +
+
+ +
+ + 7.2. [Optional] Property GitProxy configuration file > domains > service + +
+ +**Title:** Service UI URL + +| | | +| ------------ | -------- | +| **Type** | `string` | +| **Required** | No | +| **Format** | `url` | + +**Description:** Override for the service UI URL, should include the protocol + +
+
@@ -369,7 +820,7 @@ description: JSON schema reference documentation for GitProxy | **Type** | `array` | | **Required** | No | -**Description:** Pattern searches for listed private organizations are disabled +**Description:** Provider searches for listed private organizations are disabled, see commitConfig.diff.block.providers
@@ -439,7 +890,7 @@ description: JSON schema reference documentation for GitProxy | ------------------------------- | ----------- | | [plugins items](#plugins_items) | - | -### 13.1. GitProxy configuration file > plugins > plugins items +### 13.1. GitProxy configuration file > plugins > plugins items | | | | ------------ | -------- | @@ -466,7 +917,7 @@ description: JSON schema reference documentation for GitProxy | --------------------------------------- | ----------- | | [authorisedRepo](#authorisedList_items) | - | -### 14.1. GitProxy configuration file > authorisedList > authorisedRepo +### 14.1. GitProxy configuration file > authorisedList > authorisedRepo | | | | ------------------------- | ---------------------------- | @@ -537,7 +988,7 @@ description: JSON schema reference documentation for GitProxy | ------------------------------- | ----------- | | [database](#sink_items) | - | -### 15.1. GitProxy configuration file > sink > database +### 15.1. GitProxy configuration file > sink > database | | | | ------------------------- | ---------------------- | @@ -638,7 +1089,7 @@ description: JSON schema reference documentation for GitProxy | ---------------------------------------------- | ------------------------------------------ | | [authenticationElement](#authentication_items) | Configuration for an authentication source | -### 16.1. GitProxy configuration file > authentication > authenticationElement +### 16.1. GitProxy configuration file > authentication > authenticationElement | | | | ------------------------- | ----------------------------------- | @@ -1170,7 +1621,7 @@ Specific value: `"jwt"` | ------------------------------------------------- | ------------------------------------------ | | [authenticationElement](#apiAuthentication_items) | Configuration for an authentication source | -### 18.1. GitProxy configuration file > apiAuthentication > authenticationElement +### 18.1. GitProxy configuration file > apiAuthentication > authenticationElement | | | | ------------------------- | --------------------------------------------- | @@ -1333,7 +1784,7 @@ Specific value: `"jwt"` | ----------------------------------------- | ----------- | | [routeAuthRule](#uiRouteAuth_rules_items) | - | -#### 23.2.1. GitProxy configuration file > uiRouteAuth > rules > routeAuthRule +#### 23.2.1. GitProxy configuration file > uiRouteAuth > rules > routeAuthRule | | | | ------------------------- | --------------------------- | @@ -1391,4 +1842,4 @@ Specific value: `"jwt"` ---------------------------------------------------------------------------------------------------------------------------- -Generated using [json-schema-for-humans](https://github.com/coveooss/json-schema-for-humans) on 2025-09-30 at 14:41:38 +0100 +Generated using [json-schema-for-humans](https://github.com/coveooss/json-schema-for-humans) on 2025-10-08 at 17:43:40 +0100