-
Notifications
You must be signed in to change notification settings - Fork 251
/
config.yml
147 lines (127 loc) · 4.24 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
defaults:
app:
# the URL at which this service will be available, without a trailing `/`
publicUrl: !env PUBLIC_URL
# if true, serve the /playground path
playground: false
# Delete expired entries in both the access token and authorization code tables
authorizationCodeExpirationDelay: '- 10 minutes'
monitoring:
level: !env:optional LEVEL
errorConfig: !env:json:optional ERROR_CONFIG
# Server configuration
server:
# Port to listen for requests on
port: !env:number PORT
trustProxy: !env:bool TRUST_PROXY
# The CORS allowed origins (passed to https://yarnpkg.com/en/package/cors);
# typically this is the root URL, but in testing it may have other values.
# The legacy root URL is special-cased. Values beginning with `/` are
# treated as regular expressions. ADDITIONAL_ALLOWED_CORS_ORIGIN is used
# to allow UI deploy previews to access a running deployment.
allowedCORSOrigins:
- !env TASKCLUSTER_ROOT_URL
- !env ADDITIONAL_ALLOWED_CORS_ORIGIN
# Configuration of access to other taskcluster components
taskcluster:
rootUrl: !env TASKCLUSTER_ROOT_URL
credentials:
clientId: !env TASKCLUSTER_CLIENT_ID
accessToken: !env TASKCLUSTER_ACCESS_TOKEN
temporaryCredentials:
# Set the credentials to be valid 15 min before creation
# (allowing for a bit of clock skew)
startOffset: '- 15 min'
# Set the credential to expire after 3 days
expiry: '3 days'
azure:
# deprecated way to specify an encryption key
cryptoKey: !env:optional AZURE_CRYPTO_KEY
postgres:
readDbUrl: !env READ_DB_URL
writeDbUrl: !env WRITE_DB_URL
dbCryptoKeys: !env:json:optional DB_CRYPTO_KEYS
# Pulse credentials
pulse:
username: !env PULSE_USERNAME
password: !env PULSE_PASSWORD
hostname: !env PULSE_HOSTNAME
vhost: !env PULSE_VHOST
namespace: taskcluster-web-server
login:
registeredClients: !env:json REGISTERED_CLIENTS
# This is an object containing {strategy-name: config}. It can be empty
# or can include any of the below:
#
# mozilla-auth0:
# domain: auth0 domain
# clientId: auth0 clientId
# clientSecret: auth0 accessToken corresponding to that ID
#
# github:
# # client id and secret for a Github OAuth2 application -- create a
# # fresh one on the GitHub website.
# clientId: !env GITHUB_CLIENT_ID
# clientSecret: !env GITHUB_CLIENT_SECRET
strategies: !env:json UI_LOGIN_STRATEGIES
# this should be a random string, and is used to create the session ID
sessionSecret: !env SESSION_SECRET
# new relic config (processed in services/prelude.js)
newRelic: !env:json:optional NEW_RELIC
development:
app:
# this assumes that taskcluster-ui's dev server is running on port 5080
publicUrl: http://localhost:5080
playground: true
server:
# taskcluster-ui's dev server assumes port 3050
port: 3050
trustProxy: false
# for testing, allow any origin
allowedCORSOrigins: [true]
azure:
cryptoKey: 'CNcj2aOozdo7Pn+HEkAIixwninIwKnbYc6JPS9mNxZk='
# this is required to start the service without Azure credentials
accountId: fake
login:
sessionSecret: 'keyboard cat'
test:
app:
publicUrl: http://localhost:5080
taskcluster:
rootUrl: https://tc.example.com
azure:
cryptoKey: 'CNcj2aOozdo7Pn+HEkAIixwninIwKnbYc6JPS9mNxZk='
postgres:
dbCryptoKeys:
- id: 'web_server'
algo: 'aes-256'
key: "aSdtIGJzdGFjayEgaGVsbG8gZnV0dXJlIHBlcnNvbgo="
login:
strategies: {test: true}
sessionSecret: 'keyboard cat'
registeredClients:
- clientId: test-token
responseType: "token"
scope: ["tags:get:*"]
redirectUri:
- 'https://test.example.com/cb'
whitelisted: false
maxExpires: '1 year'
- clientId: test-code
responseType: "code"
scope: ["tags:get:*"]
redirectUri:
- 'https://test.example.com/cb'
whitelisted: false
maxExpires: '1 year'
- clientId: test-code-whitelisted
responseType: "code"
scope: ["tags:get:*"]
redirectUri:
- 'https://test.example.com/cb'
whitelisted: true
maxExpires: '1 year'
server:
port: 63821
trustProxy: false