Skip to content

Commit b9a69d4

Browse files
jescaladajescalada
committed
docs: add basic flows and policy definition
1 parent 4e853c2 commit b9a69d4

File tree

1 file changed

+29
-0
lines changed

1 file changed

+29
-0
lines changed

docs/Architecture.md

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,3 +26,32 @@ GitProxy has several main components:
2626
These are all the core components in the project, along with some basic user interactions:
2727

2828
![GitProxy Architecture Diagram](./img/architecture.png)
29+
30+
### Pushing to GitProxy
31+
32+
1. Alice (contributor) sets the GitProxy server as their Git remote
33+
2. Alice commits and pushes something to the proxy
34+
3. The Proxy module intercepts the request, and applies the Push Action Chain to process it
35+
4. The push goes through each step in the chain and either gets rejected, or gets added to the list of pushes pending approval
36+
5. Bob (admin/approver) reviews the push to ensure it complies with policy (Attestation), and approves/rejects it
37+
6. If approved, Alice can push once again to update the actual remote in the Git Host. If rejected, the push will be marked as "rejected", and Alice must update the PR and push again for re-approval
38+
39+
### Approving/Rejecting a push
40+
41+
1. Alice makes a push
42+
2. Bob (approver) logs into his GitProxy account through the UI
43+
3. Bob sees the push on the dashboard, pending review
44+
4. Bob can review the changes made (diff), commit messages and other push info
45+
5. Before approving/rejecting, Bob must review the attestation (list of questions about company policy)
46+
6. Bob can approve the push, allowing Alice to push again (to the actual remote), or reject the push and optionally provide a reason for rejection
47+
48+
### Defining Policies
49+
50+
Three types of policies can be applied to incoming pushes:
51+
52+
- Default policies: These are already present in the GitProxy pull/push chain and require modifying source code to change their behaviour.
53+
- For example, `checkUserPushPermission` which simply checks if the user's email exists in the GitProxy database, and if their user is marked in the "Contributors" list (`canPush`) for the repository they're trying to push to.
54+
- Configurable policies: These are policies that can be easily configured through the GitProxy config (`proxy.config.json`).
55+
- For example, `checkCommitMessages` which reads the configuration and matches the string patterns provided with the commit messages in the push in order to block it.
56+
- Custom policies (Plugins): Writing your own Push/Pull plugins provides more flexibility for implementing an organization's rules. For more information, see the guide on writing plugins.
57+
<!-- Todo: add link to plugin guide -->

0 commit comments

Comments
 (0)