config/custom-environment-variables.yaml

# All values in this document are the ENVIRONMENT variable names that can override the defaults
# from `default.yaml`
---
auth:
  # A private key uses for signing jwt tokens
  # Easily generate one by running
  # $ openssl genrsa -out jwt.pem 2048
  jwtPrivateKey: SECRET_JWT_PRIVATE_KEY
  # The public key used for verifying the signature
  # Generate one by running
  # $ openssl rsa -in jwt.pem -pubout -out jwt.pub
  jwtPublicKey: SECRET_JWT_PUBLIC_KEY
  # The public key for queue service
  jwtQueueServicePublicKey: SECRET_JWT_QUEUE_SVC_PUBLIC_KEY
  # Environment of the JWTs. For example: 'prod' or 'beta'
  jwtEnvironment: JWT_ENVIRONMENT
  # A password used for encrypting session data.
  # **Needs to be minimum 32 characters**
  cookiePassword: SECRET_COOKIE_PASSWORD
  # A password used for encrypting stored pipeline secrets and user Oauth token.
  # **Needs to be minimum 32 characters**
  encryptionPassword: SECRET_PASSWORD
  # A password used for hashing user/pipeline access tokens.
  # **Needs to be minimum 32 characters**
  hashingPassword: SECRET_HASHING_PASSWORD
  # A flag to set if the server is running over https.
  # Used as a flag for the OAuth flow
  https: IS_HTTPS
  # A flag to set if you want guests to browse your pipelines
  allowGuestAccess: AUTH_GUEST_ACCESS
  whitelist:
    __name: SECRET_WHITELIST
    __format: json
  allowList:
    __name: SECRET_ALLOW_LIST
    __format: json
  admins:
    __name: SECRET_ADMINS
    __format: json
  sdAdmins:
    __name: SECRET_SD_ADMINS
    __format: json
  authCheckById: AUTH_CHECK_BY_ID
  # Default session timeout (in minutes)
  sessionTimeout: SESSION_TIMEOUT
  # Oauth redirect uri, configure this if your app is not running at root under the host
  oauthRedirectUri: OAUTH_REDIRECT_URI
  # SameSite Cookie Option
  sameSite: COOKIE_SAME_SITE
  # cookie path to access the cookie https://github.com/hapijs/cookie/issues/209
  path: COOKIE_PATH_VALUE

shutdown:
  terminationGracePeriod: TERMINATION_GRACE_PERIOD

httpd:
  # Port to listen on
  port: PORT
  # Host to listen on (set to 0.0.0.0 to accept all connections)
  host: HOST
  # Externally routable URI (usually your load balancer or CNAME)
  uri: URI
  # TLS configuration (key, cert, etc.)
  # https://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener
  tls:
    __name: HTTPD_TLS
    __format: json

datastore:
  plugin: DATASTORE_PLUGIN
  ddlSyncEnabled: DATASTORE_DDL_SYNC_ENABLED
  sequelize:
    # Type of server to talk to
    dialect: DATASTORE_SEQUELIZE_DIALECT
    # Database name
    database: DATASTORE_SEQUELIZE_DATABASE
    # Username/Password
    username: DATASTORE_SEQUELIZE_USERNAME
    password: DATASTORE_SEQUELIZE_PASSWORD
    # Storage location for sqlite
    storage: DATASTORE_SEQUELIZE_STORAGE
    # Network settings
    host: DATASTORE_SEQUELIZE_HOST
    port: DATASTORE_SEQUELIZE_PORT
    # Prefix to the table names
    prefix: DATASTORE_SEQUELIZE_PREFIX
    # Configure SSL/TLS connection settings
    ssl:
      __name: DATASTORE_SEQUELIZE_SSL
      __format: json
    # Connection pool config. See http://docs.sequelizejs.com/class/lib/sequelize.js~Sequelize.html#instance-constructor-constructor
    pool:
      __name: DATASTORE_SEQUELIZE_POOL
      __format: json
    retry:
      __name: DATASTORE_SEQUELIZE_RETRY
      __format: json
    buildMetricsEnabled: DATASTORE_SEQUELIZE_CAPTURE_METRICS_ENABLED
    readOnly:
      __name: DATASTORE_SEQUELIZE_RO
      __format: json
      # dialect: sequelize
      # database:
      # username:
      # password:
      # host:
      # port:
      # More arguments here:
      # http://docs.sequelizejs.com/en/latest/api/sequelize/

executor:
  plugin: EXECUTOR_PLUGIN
  # The NPM module object(s) for the executor plugin(s)
  k8s:
    enabled: EXECUTOR_K8S_ENABLED
    options:
      kubernetes:
        # The host or IP of the kubernetes cluster
        host: K8S_HOST
        # The jwt token used for authenticating kubernetes requests
        token: K8S_TOKEN
        jobsNamespace: K8S_JOBS_NAMESPACE
        # Resources for build pod
        resources:
          # Number of cpu cores
          cpu:
            micro: K8S_CPU_MICRO
            low: K8S_CPU_LOW
            high: K8S_CPU_HIGH
          # Memory in GB
          memory:
            micro: K8S_MEMORY_MICRO
            low: K8S_MEMORY_LOW
            high: K8S_MEMORY_HIGH
        # Default build timeout for all builds in this cluster
        buildTimeout: K8S_BUILD_TIMEOUT
        # Default max build timeout
        maxBuildTimeout: K8S_MAX_BUILD_TIMEOUT
        # k8s node selectors for build pod scheduling.
        # Value is Object of format { label: 'value' } See
        # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#step-one-attach-label-to-the-node
        # Eg: { dedicated: 'screwdriver' } to schedule pods on nodes having
        # label-value of dedicated=screwdriver
        nodeSelectors:
          __name: K8S_NODE_SELECTORS
          __format: json
        # k8s preferred node selectors for build pod scheduling
        # See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature
        preferredNodeSelectors:
          __name: K8S_PREFERRED_NODE_SELECTORS
          __format: json
        # support for kata-containers-as-a-runtimeclass
        runtimeClass: K8S_RUNTIME_CLASS
      # Launcher container tag to use
      launchVersion: LAUNCH_VERSION
      # Launcher image to use
      launchImage: LAUNCH_IMAGE
      # Prefix to the pod
      prefix: EXECUTOR_PREFIX
  nomad:
    enabled: EXECUTOR_NOMAD_ENABLED
    options:
      nomad:
        # The host or IP of the nomad cluster
        host: NOMAD_HOST
        # Resources for build pod
        resources:
          # Number of cpu cores
          cpu:
            high: NOMAD_CPU
          # Memory in GB
          memory:
            high: NOMAD_MEMORY
      # Launcher container tag to use
      launchVersion: LAUNCH_VERSION
      # Prefix to the pod
      prefix: EXECUTOR_PREFIX
  docker:
    enabled: EXECUTOR_DOCKER_ENABLED
    options:
      # Configuration of Docker
      docker:
        __name: EXECUTOR_DOCKER_DOCKER
        __format: json
      # Launcher container tag to use
      launchVersion: LAUNCH_VERSION
      # Prefix to the container
      prefix: EXECUTOR_PREFIX
  k8s-vm:
    enabled: EXECUTOR_K8SVM_ENABLED
    options:
      # Configuration of Docker
      kubernetes:
        # The host or IP of the kubernetes cluster
        host: K8S_HOST
        # The jwt token used for authenticating kubernetes requests
        token: K8S_TOKEN
        jobsNamespace: K8S_JOBS_NAMESPACE
        baseImage: K8S_BASE_IMAGE
        # Resources for build pod
        resources:
          # Number of cpu cores
          cpu:
            micro: K8S_CPU_MICRO
            low: K8S_CPU_LOW
            high: K8S_CPU_HIGH
          # Memory in GB
          memory:
            micro: K8S_MEMORY_MICRO
            low: K8S_MEMORY_LOW
            high: K8S_MEMORY_HIGH
        # Default build timeout for all builds in this cluster
        buildTimeout: K8S_VM_BUILD_TIMEOUT
        # Default max build timeout
        maxBuildTimeout: K8S_VM_MAX_BUILD_TIMEOUT
        # k8s node selectors for build pod scheduling.
        # Value is Object of format { label: 'value' } See
        # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#step-one-attach-label-to-the-node
        # Eg: { dedicated: 'screwdriver' } to schedule pods on nodes having
        # label-value of dedicated=screwdriver
        nodeSelectors:
          __name: K8S_VM_NODE_SELECTORS
          __format: json
        # k8s preferred node selectors for build pod scheduling
        # See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature
        preferredNodeSelectors:
          __name: K8S_VM_PREFERRED_NODE_SELECTORS
          __format: json
      # Launcher image to use
      launchImage: LAUNCH_IMAGE
      # Launcher container tag to use
      launchVersion: LAUNCH_VERSION
      # Prefix to the container
      prefix: EXECUTOR_PREFIX
  jenkins:
    enabled: EXECUTOR_JENKINS_ENABLED
    options:
      jenkins:
        host: EXECUTOR_JENKINS_HOST
        port: EXECUTOR_JENKINS_PORT
        username: EXECUTOR_JENKINS_USERNAME
        # Jenkins password/token used for authenticating jenkins requests
        password: EXECUTOR_JENKINS_PASSWORD
        # Node labels of Jenkins slaves
        nodeLabel: EXECUTOR_JENKINS_NODE_LABEL
        # Default build timeout
        buildTimeout: EXECUTOR_JENKINS_BUILD_TIMEOUT
        # Default max build timeout
        maxBuildTimeout: EXECUTOR_JENKINS_MAX_BUILD_TIMEOUT
      docker:
        # The path to the docker-compose command
        composeCommand: EXECUTOR_JENKINS_DOCKER_COMPOSE_COMMAND
        # Prefix to the container
        prefix: EXECUTOR_JENKINS_DOCKER_PREFIX
        # Launcher container tag to use
        launchVersion: EXECUTOR_JENKINS_LAUNCH_VERSION
        # Memory limit (docker run `--memory` option)
        memory: EXECUTOR_JENKINS_DOCKER_MEMORY
        # Memory limit include swap (docker run `--memory-swap` option)
        memoryLimit: EXECUTOR_JENKINS_DOCKER_MEMORY_LIMIT
      # The command to start build
      buildScript: EXECUTOR_JENKINS_BUILD_SCRIPT
      # The command to clean up build system
      cleanupScript: EXECUTOR_JENKINS_CLEANUP_SCRIPT
      # Time (seconds) to destroy the job
      cleanupTimeLimit: EXECUTOR_JENKINS_CLEANUP_TIME_LIMIT
      # Interval to detect the stopped job (seconds)
      cleanupWatchInterval: EXECUTOR_JENKINS_CLEANUP_WATCH_INTERVAL
  queue:
    enabled: EXECUTOR_QUEUE_ENABLED
    options:
      # redis or redisCluster(beta)
      connectionType: QUEUE_REDIS_TYPE
      # Configuration of the redis instance containing resque
      redisConnection:
        host: QUEUE_REDIS_HOST
        port: QUEUE_REDIS_PORT
        options:
          password: QUEUE_REDIS_PASSWORD
          tls: QUEUE_REDIS_TLS_ENABLED
        database: QUEUE_REDIS_DATABASE
      redisClusterConnection:
        hosts:
          __name: QUEUE_REDIS_CLUSTER_HOSTS
          __format: json
        options:
          password: QUEUE_REDIS_PASSWORD
          tls: QUEUE_REDIS_TLS_ENABLED
        slotsRefreshTimeout: QUEUE_REDIS_CLUSTER_SLOTS_REFRESH_TIMEOUT


queueWebhook:
  # Enabled events from webhook queue or not
  enabled: QUEUE_WEBHOOK_ENABLED

scms:
  __name: SCM_SETTINGS
  __format: json
  # github:
  #   plugin: github
  #   config:
  #     # The client id used for OAuth with github. Look up GitHub OAuth for details
  #     # https://developer.github.com/v3/oauth/
  #     oauthClientId: SECRET_OAUTH_CLIENT_ID
  #     # The client secret used for OAuth with github
  #     oauthClientSecret: SECRET_OAUTH_CLIENT_SECRET
  #     # You can also configure for use with GitHub enterprise
  #     gheHost: SCM_GITHUB_GHE_HOST
  #     # The username and email used for checkout with github
  #     username: SCM_USERNAME
  #     email: SCM_EMAIL
  #     # Token for writing PR comments in Github, needs public_repo scope
  #     commentUserToken: A_BOT_GITHUB_PERSONAL_ACCESS_TOKEN
  #     # Secret to add to GitHub webhooks so that we can validate them
  #     secret: WEBHOOK_GITHUB_SECRET
  #     # Whether it supports private repo: boolean value.
  #     # If true, it will ask for read and write access to public and private repos
  #     # https://developer.github.com/v3/oauth/#scopes
  #     privateRepo: SCM_PRIVATE_REPO_SUPPORT
  # bitbucket:
  #   plugin: bitbucket
  #   config:
  #     # The client id used for OAuth with bitbucket. Look up Bitbucket OAuth for details
  #     # https://confluence.atlassian.com/bitbucket/oauth-on-bitbucket-cloud-238027431.html
  #     oauthClientId: SECRET_OAUTH_CLIENT_ID
  #     # The client secret used for OAuth with bitbucket
  #     oauthClientSecret: SECRET_OAUTH_CLIENT_SECRET
  #     # The username and email used for checkout with bitbucket
  #     username: SCM_USERNAME
  #     email: SCM_EMAIL
  # gitlab:
  #   plugin: gitlab
  #   config:
  #     # The client id used for OAuth with gitlab. Look up Gitlab OAuth for details
  #     # https://docs.gitlab.com/ee/integration/oauth_provider.html
  #     oauthClientId: SECRET_OAUTH_CLIENT_ID
  #     # The client secret used for OAuth with bitbucket
  #     oauthClientSecret: SECRET_OAUTH_CLIENT_SECRET
  #     # The username and email used for checkout with gitlab
  #     username: SCM_USERNAME
  #     email: SCM_EMAIL
  #     # if you have on-premise gitlab, you can specify that here
  #     gitlabHost: SCM_GITLAB_HOST
  #     gitlabProtocol: SCM_GITLAB_PROTOCOL
  #     # readOnly scm config, default false
  #     readOnly:
  #         # set true to enable read-only scm mode
  #         enabled: SCM_GITLAB_RO_ENABLED
  #         # headless username
  #         username: SCM_GITLAB_RO_USERNAME
  #         # headless access token
  #         accessToken: SCM_GITLAB_RO_TOKEN
  #         # SCM clone type (https or ssh)
  #         cloneType: SCM_GITLAB_RO_CLONE_TYPE
webhooks:
  # Obtains the SCM token for a given user. If a user does not have a valid SCM token registered with Screwdriver, it will use this user's token instead.
  username: SCM_USERNAME
  # Ignore commits made by these users
  ignoreCommitsBy:
    __name: IGNORE_COMMITS_BY
    __format: json
  # Restrict PR: all, none, branch, or fork
  restrictPR: RESTRICT_PR
  # Chain PR: true or false
  chainPR: CHAIN_PR
  # Upper limit on incoming uploads to builds
  maxBytes: WEBHOOK_MAX_BYTES

bookends:
  # Object keyed by cluster name with value setup/teardown bookend.
  # Value of setup/teardown is list of module names, or objects { name, config } for instantiation to use in sd-setup/sd-teardown.
  # Example:
  # {
  #   "default": {
  #       "setup": ["scm", "screwdriver-cache-bookend", "foo"],
  #       "teardown": ["screwdriver-artifact-bookend", "screwdriver-cache-bookend"]
  #   },
  #   "clusterA": {
  #       "setup": ["scm", "screwdriver-cache-bookend", "foo", "bar"],
  #       "teardown": ["screwdriver-cache-bookend", {"name": "baz", "config": {}, "alias": "qux"}]
  #   }
  # }
  __name: BOOKENDS
  __format: json

notifications:
  __name: NOTIFICATIONS
  __format: json

coverage:
  plugin: COVERAGE_PLUGIN
  default: COVERAGE_PLUGIN_DEFAULT_ENABLED
  sonar:
    # Screwdriver API url
    sdApiUrl: URI
    # Sonar host url
    sonarHost: COVERAGE_SONAR_HOST
    # Sonar admin token
    adminToken: COVERAGE_SONAR_ADMIN_TOKEN
    # Screwdriver UI url
    sdUiUrl: ECOSYSTEM_UI
    # Enterprise edition (true) or open source edition (false)
    sonarEnterprise: COVERAGE_SONAR_ENTERPRISE
    # Github app name for Sonar PR decoration (default to 'Screwdriver Sonar PR Checks')
    # https://docs.sonarqube.org/latest/analysis/pr-decoration/
    sonarGitAppName: COVERAGE_SONAR_GIT_APP_NAME

multiBuildCluster:
  # Enabled multi build cluster feature or not
  enabled: MULTI_BUILD_CLUSTER_ENABLED

unzipArtifacts:
  # Enabled unzip artifacts feature or not
  enabled: UNZIP_ARTIFACTS_ENABLED

ecosystem:
  # URL for the User Interface
  ui: ECOSYSTEM_UI
  # Externally routable URL for the Artifact Store
  store: ECOSYSTEM_STORE
  # Externally routable URL for the Queue Service
  queue: ECOSYSTEM_QUEUE
  # Badge service (needs to add a status and color)
  badges: ECOSYSTEM_BADGES
  # Default registry to pull build containers from
  dockerRegistry: ECOSYSTEM_DOCKER_REGISTRY
  # Array of extra origins allowed to do CORS to API
  allowCors:
    __name: ECOSYSTEM_ALLOW_CORS
    __format: json
  # build cache strategies: s3, disk, with s3 as default option to store cache
  cache:
    strategy: CACHE_STRATEGY
    path: CACHE_PATH
    compress: CACHE_COMPRESS
    md5check: CACHE_MD5CHECK
    max_size_mb: CACHE_MAX_SIZE_MB
    max_go_threads: CACHE_MAX_GO_THREADS

redisLock:
  # set true to enable redis lock
  enabled: REDLOCK_ENABLED
  options:
    # maximum retry limit to obtain lock
    retryCount: REDLOCK_RETRY_COUNT
    # the expected clock drift
    driftFactor: REDLOCK_DRIFT_FACTOR
    # the time in milliseconds between retry attempts
    retryDelay: REDLOCK_RETRY_DELAY
    # the maximum time in milliseconds randomly added to retries
    retryJitter: REDLOCK_RETRY_JITTER
    # the maximum time in milliseconds living of a key that has a timeout
    ttl: REDLOCK_TTL
    # redis or redisCluster(beta)
    connectionType: REDLOCK_REDIS_TYPE
    # Configuration of the redis instance
    redisConnection:
      host: REDLOCK_REDIS_HOST
      port: REDLOCK_REDIS_PORT
      options:
        password: REDLOCK_REDIS_PASSWORD
        tls: REDLOCK_REDIS_TLS_ENABLED
      database: REDLOCK_REDIS_DATABASE
    redisClusterConnection:
      hosts:
        __name: REDLOCK_REDIS_CLUSTER_HOSTS
        __format: json
      options:
        password: REDLOCK_REDIS_PASSWORD
        tls: REDLOCK_REDIS_TLS_ENABLED
      slotsRefreshTimeout: REDLOCK_REDIS_CLUSTER_SLOTS_REFRESH_TIMEOUT

# environment release information
release:
  __name: RELEASE_ENVIRONMENT_VARIABLES
  __format: json

# Logging preferences
log:
  audit:
    # set true to enable audit logs for all API calls
    enabled: LOG_AUDIT_ENABLED
    # add target scope tokens(pipeline, build, temporal, admin, guest, user)
    scope:
      __name: LOG_AUDIT_SCOPE
      __format: json

build:
  environment:
    __name: CLUSTER_ENVIRONMENT_VARIABLES
    __format: json
  artifacts:
    # max artifact download size (in GB)
    maxDownloadSize: MAX_DOWNLOAD_SIZE

rateLimit:
  __name: RATE_LIMIT_VARIABLES
  __format: json