stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
32f9581aa7cc68c2b1697e058efe5e05f9d54006
git.stella-ops.org/etc/scm-connectors.yaml.sample

219 lines
6.2 KiB
Plaintext
Raw Blame History

# SCM Connector configuration template for StellaOps deployments.
# Copy to ../etc/scm-connectors.yaml (relative to the web service content root)
# and adjust the values to match your environment. Environment variables
# (prefixed with STELLAOPS_SCM_) override these settings at runtime.
# Global settings for all SCM connectors
scmConnectors:
# Default timeout for API requests (in seconds)
timeoutSeconds: 30
# User agent string for HTTP requests
userAgent: "StellaOps.AdvisoryAI.Remediation/1.0 (+https://stella-ops.org)"
# Enable/disable specific connector plugins
enabledPlugins:
- github
- gitlab
- azuredevops
- gitea
# GitHub Connector Configuration
# Supports: github.com, GitHub Enterprise Server
github:
enabled: true
# Base URL for GitHub API (leave empty for github.com)
baseUrl: "" # Default: https://api.github.com
# Authentication token (Personal Access Token or GitHub App token)
# Environment variable: STELLAOPS_SCM_GITHUB_TOKEN
apiToken: "${GITHUB_PAT}"
# Alternative: Path to file containing the token
apiTokenFile: ""
# Required scopes: repo, workflow (for PR creation and CI status)
# For GitHub Apps: contents:write, pull_requests:write, checks:read
# Rate limiting
rateLimitWarningThreshold: 500
rateLimitBackoff: "00:01:00"
# Retry configuration
retry:
enabled: true
maxAttempts: 3
delays:
- "00:00:01"
- "00:00:02"
- "00:00:05"
# GitLab Connector Configuration
# Supports: gitlab.com, self-hosted GitLab instances
gitlab:
enabled: true
# Base URL for GitLab API (leave empty for gitlab.com)
baseUrl: "" # Default: https://gitlab.com/api/v4
# Personal Access Token or Project Access Token
# Environment variable: STELLAOPS_SCM_GITLAB_TOKEN
apiToken: "${GITLAB_PAT}"
apiTokenFile: ""
# Required scopes: api, read_repository, write_repository
# Rate limiting (GitLab defaults: 300 requests per minute for authenticated)
rateLimitWarningThreshold: 100
rateLimitBackoff: "00:01:00"
retry:
enabled: true
maxAttempts: 3
delays:
- "00:00:01"
- "00:00:02"
- "00:00:05"
# Azure DevOps Connector Configuration
# Supports: Azure DevOps Services, Azure DevOps Server
azuredevops:
enabled: true
# Base URL (leave empty for Azure DevOps Services)
baseUrl: "" # Default: https://dev.azure.com
# Personal Access Token (PAT)
# Environment variable: STELLAOPS_SCM_AZUREDEVOPS_TOKEN
apiToken: "${AZURE_DEVOPS_PAT}"
apiTokenFile: ""
# Required scopes: Code (Read & Write), Pull Request Contribute, Build (Read)
# Azure DevOps API version
apiVersion: "7.1"
# Organization name (required for Azure DevOps Services)
# Can be overridden per-repository in options
defaultOrganization: ""
retry:
enabled: true
maxAttempts: 3
delays:
- "00:00:01"
- "00:00:02"
- "00:00:05"
# Gitea Connector Configuration
# Supports: Gitea, Forgejo, Codeberg
gitea:
enabled: true
# Base URL (REQUIRED for Gitea - no default)
# Examples:
# - https://gitea.example.com
# - https://codeberg.org
# - https://forgejo.example.com
baseUrl: "https://git.example.com"
# API Token (generated from Gitea Settings > Applications)
# Environment variable: STELLAOPS_SCM_GITEA_TOKEN
apiToken: "${GITEA_TOKEN}"
apiTokenFile: ""
# Required scopes: repo (for full repository access)
retry:
enabled: true
maxAttempts: 3
delays:
- "00:00:01"
- "00:00:02"
- "00:00:05"
# Repository-specific overrides
# Use this section to configure different credentials per repository
repositories:
# Example: Override GitHub token for a specific org
# - pattern: "github.com/my-org/*"
# connector: github
# apiToken: "${GITHUB_PAT_MY_ORG}"
# Example: Use self-hosted GitLab for internal repos
# - pattern: "gitlab.internal.company.com/*"
# connector: gitlab
# baseUrl: "https://gitlab.internal.company.com/api/v4"
# apiToken: "${GITLAB_INTERNAL_TOKEN}"
# Example: Azure DevOps with specific organization
# - pattern: "dev.azure.com/mycompany/*"
# connector: azuredevops
# apiToken: "${AZURE_DEVOPS_PAT_MYCOMPANY}"
# PR Generation Settings
pullRequests:
# Default branch name prefix for remediation PRs
branchPrefix: "stellaops/remediation/"
# Include timestamp in branch name
includeBranchTimestamp: true
# Maximum length for branch names
maxBranchNameLength: 100
# Commit message settings
commit:
# Sign commits (requires GPG key configured)
signCommits: false
# Include StellaOps footer in commit messages
includeFooter: true
footerTemplate: |
---
StellaOps Remediation
Finding: ${findingId}
Plan: ${planId}
# PR body settings
body:
# Include SBOM delta summary
includeDelta: true
# Include risk assessment
includeRiskAssessment: true
# Include attestation reference
includeAttestation: true
# Maximum body length (characters)
maxBodyLength: 65535
# CI Status Polling
ciStatus:
# Enable CI status monitoring
enabled: true
# Polling interval for CI status checks
pollInterval: "00:00:30"
# Maximum time to wait for CI to complete
maxWaitTime: "01:00:00"
# Consider PR successful if no CI is configured
allowNoCi: false
# Required check names (if empty, all checks must pass)
requiredChecks: []
# Checks to ignore (useful for non-blocking status checks)
ignoredChecks:
- "codecov/*"
- "license/*"
# Security Settings
security:
# Verify TLS certificates (disable only for testing)
verifySsl: true
# Allow insecure HTTP connections (not recommended)
allowHttp: false
# Proxy settings (if required)
proxy:
enabled: false
url: ""
username: ""
password: ""
noProxy:
- "localhost"
- "127.0.0.1"
# Telemetry for SCM operations
telemetry:
# Log SCM API calls
logApiCalls: true
# Include response timing
logTiming: true
# Redact sensitive data in logs
redactSensitiveData: true
# Patterns to redact
redactionPatterns:
- "token"
- "password"
- "secret"
- "pat"
Reference in New Issue View Git Blame Copy Permalink