diff --git a/docs/admin/code_hosts/aws_codecommit.mdx b/docs/admin/code_hosts/aws_codecommit.mdx index c50b21e62..6d7ff8598 100644 --- a/docs/admin/code_hosts/aws_codecommit.mdx +++ b/docs/admin/code_hosts/aws_codecommit.mdx @@ -33,79 +33,128 @@ AWS CodeCommit connections support the following configuration options, which ar ### admin/code_hosts/aws_codecommit.schema.json {/* SCHEMA_SYNC_START: admin/code_hosts/aws_codecommit.schema.json */} -{/* WARNING: This section is auto-generated during releases. Do not edit manually. */} -{/* Last updated: 2025-07-10T00:07:31Z via sourcegraph/sourcegraph@v6.5.2654 */} ```json { - // REQUIRED: - // The AWS access key ID to use when listing and updating repositories from AWS CodeCommit. Must have the AWSCodeCommitReadOnly IAM policy. - "accessKeyID": null, - - // A list of repositories to never mirror from AWS CodeCommit. - // Supports excluding by name ({"name": "git-codecommit.us-west-1.amazonaws.com/repo-name"}) or by ARN ({"id": "arn:aws:codecommit:us-west-1:999999999999:name"}). - // Other example values: - // - [ - // { - // "name": "go-monorepo" - // }, - // { - // "id": "f001337a-3450-46fd-b7d2-650c0EXAMPLE" - // } - // ] - // - [ - // { - // "name": "go-monorepo" - // }, - // { - // "name": "go-client" - // } - // ] - "exclude": null, - - // REQUIRED: - // The Git credentials used for authentication when cloning an AWS CodeCommit repository over HTTPS. - // See the AWS CodeCommit documentation on Git credentials for CodeCommit: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html#git-credentials-code-commit. - // For detailed instructions on how to create the credentials in IAM, see this page: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html - "gitCredentials": { - "password": null, - "username": null - }, - - // SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`. - "gitSSHCipher": null, - - // SSH keys to use when cloning Git repo. - "gitSSHCredential": null, - - // The ID of the SSH key created for your IAM users. It is required when using SSH to clone repositories. - "gitSSHKeyID": null, - - // The type of Git URLs to use for cloning and fetching Git repositories. - // Valid options: "http", "ssh" - "gitURLType": "http", - - // Deprecated and ignored field which will be removed entirely in the next release. AWS CodeCommit repositories can no longer be enabled or disabled explicitly. Configure which repositories should not be mirrored via "exclude" instead. - "initialRepositoryEnablement": false, - - // The maximum number of repos that will be deleted per sync. A value of 0 or less indicates no maximum. - "maxDeletions": 0, - - // REQUIRED: - // The AWS region in which to access AWS CodeCommit. See the list of supported regions at https://docs.aws.amazon.com/codecommit/latest/userguide/regions.html#regions-git. - // Valid options: "ap-northeast-1", "ap-northeast-2", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-west-3", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2" - "region": "us-east-1", - - // The pattern used to generate a the corresponding Sourcegraph repository name for an AWS CodeCommit repository. In the pattern, the variable "{name}" is replaced with the repository's name. - // For example, if your Sourcegraph instance is at https://src.example.com, then a repositoryPathPattern of "awsrepos/{name}" would mean that a AWS CodeCommit repository named "myrepo" is available on Sourcegraph at https://src.example.com/awsrepos/myrepo. - // It is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined. - // Other example values: - // - "git-codecommit.us-west-1.amazonaws.com/{name}" - // - "git-codecommit.eu-central-1.amazonaws.com/{name}" - "repositoryPathPattern": "{name}", - - // REQUIRED: - // The AWS secret access key (that corresponds to the AWS access key ID set in `accessKeyID`). - "secretAccessKey": null + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "aws_codecommit.schema.json#", + "title": "AWSCodeCommitConnection", + "description": "Configuration for a connection to AWS CodeCommit.", + "allowComments": true, + "type": "object", + "additionalProperties": false, + "required": ["region", "accessKeyID", "secretAccessKey", "gitCredentials"], + "properties": { + "region": { + "description": "The AWS region in which to access AWS CodeCommit. See the list of supported regions at https://docs.aws.amazon.com/codecommit/latest/userguide/regions.html#regions-git.", + "type": "string", + "default": "us-east-1", + "pattern": "^[a-z\\d-]+$", + "enum": [ + "ap-northeast-1", + "ap-northeast-2", + "ap-south-1", + "ap-southeast-1", + "ap-southeast-2", + "ca-central-1", + "eu-central-1", + "eu-west-1", + "eu-west-2", + "eu-west-3", + "sa-east-1", + "us-east-1", + "us-east-2", + "us-west-1", + "us-west-2" + ] + }, + "accessKeyID": { + "description": "The AWS access key ID to use when listing and updating repositories from AWS CodeCommit. Must have the AWSCodeCommitReadOnly IAM policy.", + "type": "string" + }, + "secretAccessKey": { + "description": "The AWS secret access key (that corresponds to the AWS access key ID set in `accessKeyID`).", + "type": "string" + }, + "gitCredentials": { + "title": "AWSCodeCommitGitCredentials", + "description": "The Git credentials used for authentication when cloning an AWS CodeCommit repository over HTTPS.\n\nSee the AWS CodeCommit documentation on Git credentials for CodeCommit: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html#git-credentials-code-commit.\nFor detailed instructions on how to create the credentials in IAM, see this page: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html", + "type": "object", + "required": ["username", "password"], + "properties": { + "username": { + "description": "The Git username", + "type": "string", + "minLength": 1 + }, + "password": { + "description": "The Git password", + "type": "string", + "minLength": 1 + } + } + }, + "gitURLType": { + "description": "The type of Git URLs to use for cloning and fetching Git repositories.", + "type": "string", + "enum": ["http", "ssh"], + "default": "http" + }, + "gitSSHKeyID": { + "description": "The ID of the SSH key created for your IAM users. It is required when using SSH to clone repositories.", + "type": "string" + }, + "gitSSHCredential": { + "description": "SSH keys to use when cloning Git repo.", + "$ref": "git.schema.json#/definitions/gitSSHCredential" + }, + "gitSSHCipher": { + "description": "SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`.", + "$ref": "git.schema.json#/definitions/gitSSHCipher" + }, + "repositoryPathPattern": { + "description": "The pattern used to generate a the corresponding Sourcegraph repository name for an AWS CodeCommit repository. In the pattern, the variable \"{name}\" is replaced with the repository's name.\n\nFor example, if your Sourcegraph instance is at https://src.example.com, then a repositoryPathPattern of \"awsrepos/{name}\" would mean that a AWS CodeCommit repository named \"myrepo\" is available on Sourcegraph at https://src.example.com/awsrepos/myrepo.\n\nIt is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined.", + "type": "string", + "default": "{name}", + "examples": ["git-codecommit.us-west-1.amazonaws.com/{name}", "git-codecommit.eu-central-1.amazonaws.com/{name}"] + }, + "initialRepositoryEnablement": { + "description": "Deprecated and ignored field which will be removed entirely in the next release. AWS CodeCommit repositories can no longer be enabled or disabled explicitly. Configure which repositories should not be mirrored via \"exclude\" instead.", + "type": "boolean", + "default": false + }, + "exclude": { + "description": "A list of repositories to never mirror from AWS CodeCommit. \n\nSupports excluding by name ({\"name\": \"git-codecommit.us-west-1.amazonaws.com/repo-name\"}) or by ARN ({\"id\": \"arn:aws:codecommit:us-west-1:999999999999:name\"}).", + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "title": "ExcludedAWSCodeCommitRepo", + "additionalProperties": false, + "anyOf": [{ "required": ["name"] }, { "required": ["id"] }], + "properties": { + "name": { + "description": "The name of an AWS CodeCommit repository (\"repo-name\") to exclude from mirroring.", + "type": "string", + "pattern": "^[\\w.-]+$" + }, + "id": { + "description": "The ID of an AWS Code Commit repository (as returned by the AWS API) to exclude from mirroring. Use this to exclude the repository, even if renamed, or to differentiate between repositories with the same name in multiple regions.", + "type": "string", + "pattern": "^[\\w-]+$" + } + } + }, + "examples": [ + [{ "name": "go-monorepo" }, { "id": "f001337a-3450-46fd-b7d2-650c0EXAMPLE" }], + [{ "name": "go-monorepo" }, { "name": "go-client" }] + ] + }, + "maxDeletions": { + "description": "The maximum number of repos that will be deleted per sync. A value of 0 or less indicates no maximum.", + "type": "integer", + "default": 0 + } + } } ``` {/* SCHEMA_SYNC_END: admin/code_hosts/aws_codecommit.schema.json */} diff --git a/docs/admin/code_hosts/azuredevops.mdx b/docs/admin/code_hosts/azuredevops.mdx index 42777668b..10ca8d0a7 100644 --- a/docs/admin/code_hosts/azuredevops.mdx +++ b/docs/admin/code_hosts/azuredevops.mdx @@ -66,101 +66,156 @@ Azure DevOps connections support the following configuration options, which are ### admin/code_hosts/azuredevops.schema.json {/* SCHEMA_SYNC_START: admin/code_hosts/azuredevops.schema.json */} -{/* WARNING: This section is auto-generated during releases. Do not edit manually. */} -{/* Last updated: 2025-07-10T00:07:30Z via sourcegraph/sourcegraph@v6.5.2654 */} ```json - // Authentication alternatives: token OR windowsPassword - { - // A flag to enforce Azure DevOps repository access permissions - "enforcePermissions": false, - - // A list of repositories to never mirror from Azure DevOps Services. - // Other example values: - // - [ - // { - // "name": "myorg/myproject/myrepo" - // } - // ] - // - [ - // { - // "name": "myorg/myproject/myrepo" - // }, - // { - // "name": "myorg/myproject/myotherrepo" - // }, - // { - // "pattern": "^topsecretproject/.*" - // } - // ] - "exclude": null, - - // SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`. - "gitSSHCipher": null, - - // SSH keys to use when cloning Git repo. - "gitSSHCredential": null, - - // The type of Git URLs to use for cloning and fetching Git repositories. - // If "http", Sourcegraph will access repositories using Git URLs of the form http(s)://dev.azure.com/myrepo.git. - // If "ssh", Sourcegraph will access repositories using Git URLs of the form git@ssh.dev.azure.com:v3/myrepo. See the documentation for how to provide SSH private keys and known_hosts: https://sourcegraph.com/docs/admin/repo/auth. - // Valid options: "http", "ssh" - "gitURLType": "http", - - // The maximum number of repos that will be deleted per sync. A value of 0 or less indicates no maximum. - "maxDeletions": 0, - - // An array of organization names identifying Azure DevOps organizations whose repositories should be mirrored on Sourcegraph. - // Other example values: - // - [ - // "name" - // ] - // - [ - // "kubernetes", - // "golang", - // "facebook" - // ] - "orgs": null, - - // An array of projects "org/project" strings specifying which Azure DevOps projects' repositories should be mirrored on Sourcegraph. - // Other example values: - // - [ - // "org/project" - // ] - "projects": null, - - // Rate limit applied when making background API requests. - "rateLimit": { - "enabled": false, - "requestsPerHour": 0 - }, - - // The pattern used to generate the corresponding Sourcegraph repository name for a Azure DevOps repository. - // - "{host}" is replaced with the Azure DevOps URL's host (such as dev.azure.com) - // - "{orgName}" is replaced with the repository's parent projects owning organization (or collection on DevOps server) - // - "{projectName}" is replaced with the repository's parent project - // - "{repositoryName}" is replaced with the repository's name. - // For example, if your Azure DevOps is https://dev.azure.com and your Sourcegraph is https://src.example.com, then a repositoryPathPattern of "{host}/{orgName}/{projectName}/{repositoryName}" would mean that a Azure DevOps repository at https://dev.azure.com/MYORG/MYPROJECT/MYREPO is available on Sourcegraph at https://src.example.com/dev.azure.com/MYORG/MYPROJECT/MYREPO. - // It is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined. - // Other example values: - // - "{projectName}/{repositoryName}" - "repositoryPathPattern": "{host}/{orgName}/{projectName}/{repositoryName}", - - // The Personal Access Token associated with the Azure DevOps username used for authentication. - "token": null, - - // REQUIRED: - // URL for Azure DevOps Services, set to https://dev.azure.com. - // Other example values: - // - "https://dev.azure.com" - "url": null, - - // REQUIRED: - // A username for authentication with the Azure DevOps code host. Typically an email address when connect to Azure DevOps Services (cloud) and a domain\username when connecting to Azure DevOp Server (onPrem) - "username": null, - - // Windows account password (Azure Devops Server OnPrem Only): This is needed to clone the repo, the Token will be used for REST API calls - "windowsPassword": null + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "azuredevops.schema.json#", + "title": "AzureDevOpsConnection", + "description": "Configuration for a connection to Azure DevOps.", + "allowComments": true, + "type": "object", + "additionalProperties": false, + "required": ["url", "username"], + "oneOf": [ + { + "required": ["token"], + "properties": { + "windowsPassword": { "type": "null" } + } + }, + { + "required": ["windowsPassword"], + "properties": { + "token": { "type": "null" } + } + } + ], + "properties": { + "url": { + "description": "URL for Azure DevOps Services, set to https://dev.azure.com.", + "type": "string", + "!go": { + "typeName": "NormalizedURL" + }, + "pattern": "^https?://", + "not": { + "type": "string", + "pattern": "example\\.com" + }, + "format": "uri", + "examples": ["https://dev.azure.com"] + }, + "rateLimit": { + "description": "Rate limit applied when making background API requests.", + "title": "AzureDevOpsRateLimit", + "type": "object", + "required": ["enabled", "requestsPerHour"], + "properties": { + "enabled": { + "description": "true if rate limiting is enabled.", + "type": "boolean", + "default": false + }, + "requestsPerHour": { + "description": "Requests per hour permitted. This is an average, calculated per second. Internally, the burst limit is set to 100, which implies that for a requests per hour limit as low as 1, users will continue to be able to send a maximum of 100 requests immediately, provided that the complexity cost of each request is 1.", + "type": "number", + "minimum": 0 + } + }, + "default": { + "enabled": false, + "requestsPerHour": 0 + } + }, + "gitURLType": { + "description": "The type of Git URLs to use for cloning and fetching Git repositories.\n\nIf \"http\", Sourcegraph will access repositories using Git URLs of the form http(s)://dev.azure.com/myrepo.git.\n\nIf \"ssh\", Sourcegraph will access repositories using Git URLs of the form git@ssh.dev.azure.com:v3/myrepo. See the documentation for how to provide SSH private keys and known_hosts: https://sourcegraph.com/docs/admin/repo/auth.", + "type": "string", + "enum": ["http", "ssh"], + "default": "http" + }, + "repositoryPathPattern": { + "description": "The pattern used to generate the corresponding Sourcegraph repository name for a Azure DevOps repository.\n\n - \"{host}\" is replaced with the Azure DevOps URL's host (such as dev.azure.com)\n - \"{orgName}\" is replaced with the repository's parent projects owning organization (or collection on DevOps server)\n - \"{projectName}\" is replaced with the repository's parent project\n - \"{repositoryName}\" is replaced with the repository's name.\n\nFor example, if your Azure DevOps is https://dev.azure.com and your Sourcegraph is https://src.example.com, then a repositoryPathPattern of \"{host}/{orgName}/{projectName}/{repositoryName}\" would mean that a Azure DevOps repository at https://dev.azure.com/MYORG/MYPROJECT/MYREPO is available on Sourcegraph at https://src.example.com/dev.azure.com/MYORG/MYPROJECT/MYREPO.\n\nIt is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined.", + "type": "string", + "default": "{host}/{orgName}/{projectName}/{repositoryName}", + "examples": ["{projectName}/{repositoryName}"] + }, + "gitSSHCredential": { + "description": "SSH keys to use when cloning Git repo.", + "$ref": "git.schema.json#/definitions/gitSSHCredential" + }, + "gitSSHCipher": { + "description": "SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`.", + "$ref": "git.schema.json#/definitions/gitSSHCipher" + }, + "enforcePermissions": { + "description": "A flag to enforce Azure DevOps repository access permissions", + "type": "boolean", + "default": false + }, + "username": { + "description": "A username for authentication with the Azure DevOps code host. Typically an email address when connect to Azure DevOps Services (cloud) and a domain\\username when connecting to Azure DevOp Server (onPrem)", + "type": "string", + "minLength": 1 + }, + "token": { + "description": "The Personal Access Token associated with the Azure DevOps username used for authentication.", + "type": "string", + "minLength": 1 + }, + "windowsPassword": { + "description": "Windows account password (Azure Devops Server OnPrem Only): This is needed to clone the repo, the Token will be used for REST API calls", + "type": "string", + "minLength": 1 + }, + "projects": { + "description": "An array of projects \"org/project\" strings specifying which Azure DevOps projects' repositories should be mirrored on Sourcegraph.", + "type": "array", + "items": { "type": "string", "pattern": "^[\\w-]+/[\\w.-]+([ ]*[\\w.-]+)*$" }, + "examples": [["org/project"]] + }, + "orgs": { + "description": "An array of organization names identifying Azure DevOps organizations whose repositories should be mirrored on Sourcegraph.", + "type": "array", + "items": { "type": "string", "pattern": "^[\\w-]+$" }, + "examples": [["name"], ["kubernetes", "golang", "facebook"]] + }, + "exclude": { + "description": "A list of repositories to never mirror from Azure DevOps Services.", + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "title": "ExcludedAzureDevOpsServerRepo", + "additionalProperties": false, + "anyOf": [{ "required": ["name"] }, { "required": ["id"] }, { "required": ["pattern"] }], + "properties": { + "name": { + "description": "The name of an Azure DevOps Services organization, project, and repository (\"orgName/projectName/repositoryName\") to exclude from mirroring.", + "type": "string", + "pattern": "^[\\w./ -]*?$" + }, + "pattern": { + "description": "Regular expression which matches against the name of an Azure DevOps Services repo.", + "type": "string", + "format": "regex" + } + } + }, + "examples": [ + [{ "name": "myorg/myproject/myrepo" }], + [ + { "name": "myorg/myproject/myrepo" }, + { "name": "myorg/myproject/myotherrepo" }, + { "pattern": "^topsecretproject/.*" } + ] + ] + }, + "maxDeletions": { + "description": "The maximum number of repos that will be deleted per sync. A value of 0 or less indicates no maximum.", + "type": "integer", + "default": 0 + } + } } ``` {/* SCHEMA_SYNC_END: admin/code_hosts/azuredevops.schema.json */} diff --git a/docs/admin/code_hosts/bitbucket_cloud.mdx b/docs/admin/code_hosts/bitbucket_cloud.mdx index 8fe7ff91a..42839701d 100644 --- a/docs/admin/code_hosts/bitbucket_cloud.mdx +++ b/docs/admin/code_hosts/bitbucket_cloud.mdx @@ -117,113 +117,214 @@ Bitbucket Cloud connections support the following configuration options, which a ### admin/code_hosts/bitbucket_cloud.schema.json {/* SCHEMA_SYNC_START: admin/code_hosts/bitbucket_cloud.schema.json */} -{/* WARNING: This section is auto-generated during releases. Do not edit manually. */} -{/* Last updated: 2025-07-10T00:07:29Z via sourcegraph/sourcegraph@v6.5.2654 */} ```json - // Authentication alternatives: username + appPassword - { - // The workspace access token to use when authenticating with Bitbucket Cloud. - "accessToken": null, - - // The API URL of Bitbucket Cloud, such as https://api.bitbucket.org. Generally, admin should not modify the value of this option because Bitbucket Cloud is a public hosting platform. - // Other example values: - // - "https://api.bitbucket.org" - "apiURL": null, - - // The app password to use when authenticating to the Bitbucket Cloud. Also set the corresponding "username" field. - "appPassword": null, - - // If non-null, enforces Bitbucket Cloud repository permissions. This requires that there is an item in the [site configuration json](https://sourcegraph.com/docs/admin/config/site_config#auth-providers) `auth.providers` field, of type "bitbucketcloud" with the same `url` field as specified in this `BitbucketCloudConnection`. - "authorization": { - "identityProvider": null - }, - - // A list of repositories to never mirror from Bitbucket Cloud. Takes precedence over "teams" configuration. - // Supports excluding by name ({"name": "myorg/myrepo"}) or by UUID ({"uuid": "{fceb73c7-cef6-4abe-956d-e471281126bd}"}). - // Other example values: - // - [ - // { - // "name": "myorg/myrepo" - // }, - // { - // "uuid": "{fceb73c7-cef6-4abe-956d-e471281126bc}" - // } - // ] - // - [ - // { - // "name": "myorg/myrepo" - // }, - // { - // "name": "myorg/myotherrepo" - // }, - // { - // "pattern": "^topsecretproject/.*" - // } - // ] - "exclude": null, - - // SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`. - "gitSSHCipher": null, - - // SSH keys to use when cloning Git repo. - "gitSSHCredential": null, - - // The type of Git URLs to use for cloning and fetching Git repositories on this Bitbucket Cloud. - // If "http", Sourcegraph will access Bitbucket Cloud repositories using Git URLs of the form https://bitbucket.org/myteam/myproject.git. - // If "ssh", Sourcegraph will access Bitbucket Cloud repositories using Git URLs of the form git@bitbucket.org:myteam/myproject.git. See the documentation for how to provide SSH private keys and known_hosts: https://sourcegraph.com/docs/admin/repo/auth#repositories-that-need-http-s-or-ssh-authentication. - // Valid options: "http", "ssh" - // Other example values: - // - "ssh" - "gitURLType": "http", - - // The maximum number of repos that will be deleted per sync. A value of 0 or less indicates no maximum. - "maxDeletions": 0, - - // Rate limit applied when making background API requests to Bitbucket Cloud. - "rateLimit": { - "enabled": true, - "requestsPerHour": 7200 - }, - - // An array of repository "projectKey/repositorySlug" strings specifying repositories to mirror on Sourcegraph. - // Other example values: - // - [ - // "myproject/myrepo", - // "myproject/myotherrepo" - // ] - "repos": null, - - // The pattern used to generate the corresponding Sourcegraph repository name for a Bitbucket Cloud repository. - // - "{host}" is replaced with the Bitbucket Cloud URL's host (such as bitbucket.org), and "{nameWithOwner}" is replaced with the Bitbucket Cloud repository's "owner/path" (such as "myorg/myrepo"). - // For example, if your Bitbucket Cloud is https://bitbucket.org and your Sourcegraph is https://src.example.com, then a repositoryPathPattern of "{host}/{nameWithOwner}" would mean that a Bitbucket Cloud repository at https://bitbucket.org/alice/my-repo is available on Sourcegraph at https://src.example.com/bitbucket.org/alice/my-repo. - // It is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined. - "repositoryPathPattern": "{host}/{nameWithOwner}", - - // An array of team names identifying Bitbucket Cloud teams whose repositories should be mirrored on Sourcegraph. - // Other example values: - // - [ - // "name" - // ] - // - [ - // "kubernetes", - // "golang", - // "facebook" - // ] - "teams": null, - - // REQUIRED: - // URL of Bitbucket Cloud, such as https://bitbucket.org. Generally, admin should not modify the value of this option because Bitbucket Cloud is a public hosting platform. - // Other example values: - // - "https://bitbucket.org" - "url": null, - - // The username to use when authenticating to the Bitbucket Cloud. Also set the corresponding "appPassword" field. - "username": null, - - // ⚠️ DEPRECATED: Deprecated in favour of first class webhooks. See https://sourcegraph.com/docs/admin/config/webhooks/incoming#deprecation-notice - // A shared secret used to authenticate incoming webhooks (minimum 12 characters). - "webhookSecret": null + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "bitbucket_cloud.schema.json#", + "title": "BitbucketCloudConnection", + "description": "Configuration for a connection to Bitbucket Cloud.", + "allowComments": true, + "type": "object", + "additionalProperties": false, + "required": ["url"], + "oneOf": [ + { + "allOf": [ + { + "required": ["accessToken"] + }, + { + "not": { "required": ["username"] } + }, + { + "not": { "required": ["appPassword"] } + }, + { + "not": { "required": ["apiToken"] } + } + ] + }, + { + "allOf": [ + { + "required": ["username", "appPassword"] + }, + { + "not": { "required": ["accessToken"] } + }, + { + "not": { "required": ["apiToken"] } + } + ] + }, + { + "allOf": [ + { + "required": ["username", "apiToken"] + }, + { + "not": { "required": ["accessToken"] } + }, + { + "not": { "required": ["appPassword"] } + } + ] + } + ], + "properties": { + "url": { + "description": "URL of Bitbucket Cloud, such as https://bitbucket.org. Generally, admin should not modify the value of this option because Bitbucket Cloud is a public hosting platform.", + "type": "string", + "not": { + "type": "string", + "pattern": "example\\.com" + }, + "pattern": "^https?://", + "format": "uri", + "examples": ["https://bitbucket.org"], + "!go": { + "typeName": "NormalizedURL" + } + }, + "apiURL": { + "description": "The API URL of Bitbucket Cloud, such as https://api.bitbucket.org. Generally, admin should not modify the value of this option because Bitbucket Cloud is a public hosting platform.", + "type": "string", + "not": { + "type": "string", + "pattern": "example\\.com" + }, + "pattern": "^https?://", + "format": "uri", + "examples": ["https://api.bitbucket.org"] + }, + "rateLimit": { + "description": "Rate limit applied when making background API requests to Bitbucket Cloud.", + "title": "BitbucketCloudRateLimit", + "type": "object", + "required": ["enabled", "requestsPerHour"], + "properties": { + "enabled": { + "description": "true if rate limiting is enabled.", + "type": "boolean", + "default": true + }, + "requestsPerHour": { + "description": "Requests per hour permitted. This is an average, calculated per second. Internally, the burst limit is set to 500, which implies that for a requests per hour limit as low as 1, users will continue to be able to send a maximum of 500 requests immediately, provided that the complexity cost of each request is 1.", + "type": "number", + "default": 7200, + "minimum": 0 + } + }, + "default": { + "enabled": true, + "requestsPerHour": 7200 + } + }, + "authorization": { + "title": "BitbucketCloudAuthorization", + "description": "If non-null, enforces Bitbucket Cloud repository permissions. This requires that there is an item in the [site configuration json](https://sourcegraph.com/docs/admin/config/site_config#auth-providers) `auth.providers` field, of type \"bitbucketcloud\" with the same `url` field as specified in this `BitbucketCloudConnection`.", + "type": "object", + "properties": { + "identityProvider": { + "description": "The identity provider to use for user information. If not set, the `url` field is used.", + "type": "string" + } + } + }, + "username": { + "description": "The username to use when authenticating to the Bitbucket Cloud. Also set the corresponding \"appPassword\" field.", + "type": "string" + }, + "appPassword": { + "description": "The app password to use when authenticating to the Bitbucket Cloud. Also set the corresponding \"username\" field.\n🚨 NOTE 🚨: Please use the \"apiToken\" field instead of this field, since Bitbucket Cloud is deprecating app passwords as of June 9, 2026. See https://www.atlassian.com/blog/bitbucket/bitbucket-cloud-transitions-to-api-tokens-enhancing-security-with-app-password-deprecation for more details.", + "type": "string" + }, + "accessToken": { + "description": "The workspace access token to use when authenticating with Bitbucket Cloud.", + "type": "string" + }, + "apiToken": { + "description": "The API token to use when authenticating with Bitbucket Cloud.", + "type": "string" + }, + "gitURLType": { + "description": "The type of Git URLs to use for cloning and fetching Git repositories on this Bitbucket Cloud.\n\nIf \"http\", Sourcegraph will access Bitbucket Cloud repositories using Git URLs of the form https://bitbucket.org/myteam/myproject.git.\n\nIf \"ssh\", Sourcegraph will access Bitbucket Cloud repositories using Git URLs of the form git@bitbucket.org:myteam/myproject.git. See the documentation for how to provide SSH private keys and known_hosts: https://sourcegraph.com/docs/admin/repo/auth#repositories-that-need-http-s-or-ssh-authentication.", + "type": "string", + "enum": ["http", "ssh"], + "default": "http", + "examples": ["ssh"] + }, + "gitSSHCredential": { + "description": "SSH keys to use when cloning Git repo.", + "$ref": "git.schema.json#/definitions/gitSSHCredential" + }, + "gitSSHCipher": { + "description": "SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`.", + "$ref": "git.schema.json#/definitions/gitSSHCipher" + }, + "repositoryPathPattern": { + "description": "The pattern used to generate the corresponding Sourcegraph repository name for a Bitbucket Cloud repository.\n\n - \"{host}\" is replaced with the Bitbucket Cloud URL's host (such as bitbucket.org), and \"{nameWithOwner}\" is replaced with the Bitbucket Cloud repository's \"owner/path\" (such as \"myorg/myrepo\").\n\nFor example, if your Bitbucket Cloud is https://bitbucket.org and your Sourcegraph is https://src.example.com, then a repositoryPathPattern of \"{host}/{nameWithOwner}\" would mean that a Bitbucket Cloud repository at https://bitbucket.org/alice/my-repo is available on Sourcegraph at https://src.example.com/bitbucket.org/alice/my-repo.\n\nIt is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined.", + "type": "string", + "default": "{host}/{nameWithOwner}" + }, + "teams": { + "description": "An array of team names identifying Bitbucket Cloud teams whose repositories should be mirrored on Sourcegraph.", + "type": "array", + "items": { "type": "string", "pattern": "^[\\w-]+$" }, + "examples": [["name"], ["kubernetes", "golang", "facebook"]] + }, + "repos": { + "description": "An array of repository \"projectKey/repositorySlug\" strings specifying repositories to mirror on Sourcegraph.", + "type": "array", + "items": { + "type": "string", + "pattern": "^~?[\\w-]+/[\\w.-]+$" + }, + "examples": [["myproject/myrepo", "myproject/myotherrepo"]] + }, + "exclude": { + "description": "A list of repositories to never mirror from Bitbucket Cloud. Takes precedence over \"teams\" configuration.\n\nSupports excluding by name ({\"name\": \"myorg/myrepo\"}) or by UUID ({\"uuid\": \"{fceb73c7-cef6-4abe-956d-e471281126bd}\"}).", + "type": "array", + "items": { + "type": "object", + "title": "ExcludedBitbucketCloudRepo", + "additionalProperties": false, + "anyOf": [{ "required": ["name"] }, { "required": ["uuid"] }, { "required": ["pattern"] }], + "properties": { + "name": { + "description": "The name of a Bitbucket Cloud repo (\"myorg/myrepo\") to exclude from mirroring.", + "type": "string", + "pattern": "^[\\w-]+/[\\w.-]+$" + }, + "uuid": { + "description": "The UUID of a Bitbucket Cloud repo (as returned by the Bitbucket Cloud's API) to exclude from mirroring.", + "type": "string", + "pattern": "^\\{[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\\}$" + }, + "pattern": { + "description": "Regular expression which matches against the name of a Bitbucket Cloud repo.", + "type": "string", + "format": "regex" + } + } + }, + "examples": [ + [{ "name": "myorg/myrepo" }, { "uuid": "{fceb73c7-cef6-4abe-956d-e471281126bc}" }], + [{ "name": "myorg/myrepo" }, { "name": "myorg/myotherrepo" }, { "pattern": "^topsecretproject/.*" }] + ] + }, + "webhookSecret": { + "description": "A shared secret used to authenticate incoming webhooks (minimum 12 characters).", + "deprecationMessage": "Deprecated in favour of first class webhooks. See https://sourcegraph.com/docs/admin/config/webhooks/incoming#deprecation-notice", + "type": "string", + "minLength": 12 + }, + "maxDeletions": { + "description": "The maximum number of repos that will be deleted per sync. A value of 0 or less indicates no maximum.", + "type": "integer", + "default": 0 + } + } } ``` {/* SCHEMA_SYNC_END: admin/code_hosts/bitbucket_cloud.schema.json */} diff --git a/docs/admin/code_hosts/bitbucket_server.mdx b/docs/admin/code_hosts/bitbucket_server.mdx index 4e006ecfc..a30f3a639 100644 --- a/docs/admin/code_hosts/bitbucket_server.mdx +++ b/docs/admin/code_hosts/bitbucket_server.mdx @@ -208,148 +208,298 @@ Bitbucket Server / Bitbucket Data Center connections support the following confi ### admin/code_hosts/bitbucket_server.schema.json {/* SCHEMA_SYNC_START: admin/code_hosts/bitbucket_server.schema.json */} -{/* WARNING: This section is auto-generated during releases. Do not edit manually. */} -{/* Last updated: 2025-07-10T00:07:28Z via sourcegraph/sourcegraph@v6.5.2654 */} ```json - // Authentication alternatives: token OR password - { - // If non-null, enforces Bitbucket Server / Bitbucket Data Center repository permissions. - "authorization": { - "identityProvider": { - "type": null - }, - "oauth": { - "consumerKey": null, - "signingKey": null - }, - "oauth2": false - }, - - // TLS certificate of the Bitbucket Server / Bitbucket Data Center instance. This is only necessary if the certificate is self-signed or signed by an internal CA. To get the certificate run `openssl s_client -connect HOST:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform PEM`. To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh. - // Other example values: - // - "-----BEGIN CERTIFICATE-----\n..." - "certificate": null, - - // A list of repositories to never mirror from this Bitbucket Server / Bitbucket Data Center instance. Takes precedence over "repos" and "repositoryQuery". - // Supports excluding by name ({"name": "projectKey/repositorySlug"}) or by ID ({"id": 42}). - // Other example values: - // - [ - // { - // "name": "myproject/myrepo" - // }, - // { - // "id": 42 - // } - // ] - // - [ - // { - // "name": "myproject/myrepo" - // }, - // { - // "name": "myproject/myotherrepo" - // }, - // { - // "name": "~USER/theirrepo" - // }, - // { - // "pattern": "^topsecretproject/.*" - // } - // ] - "exclude": null, - - // Whether or not personal repositories should be excluded or not. When true, Sourcegraph will ignore personal repositories it may have access to. See https://sourcegraph.com/docs/integration/bitbucket_server#excluding-personal-repositories for more information. - "excludePersonalRepositories": false, - - // SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`. - "gitSSHCipher": null, - - // SSH keys to use when cloning Git repo. - "gitSSHCredential": null, - - // The type of Git URLs to use for cloning and fetching Git repositories on this Bitbucket Server / Bitbucket Data Center instance. - // If "http", Sourcegraph will access Bitbucket Server / Bitbucket Data Center repositories using Git URLs of the form http(s)://bitbucket.example.com/scm/myproject/myrepo.git (using https: if the Bitbucket Server / Bitbucket Data Center instance uses HTTPS). - // If "ssh", Sourcegraph will access Bitbucket Server / Bitbucket Data Center repositories using Git URLs of the form ssh://git@example.bitbucket.org/myproject/myrepo.git. See the documentation for how to provide SSH private keys and known_hosts: https://sourcegraph.com/docs/admin/repo/auth. - // Valid options: "http", "ssh" - // Other example values: - // - "ssh" - "gitURLType": "http", - - // Deprecated and ignored field which will be removed entirely in the next release. BitBucket repositories can no longer be enabled or disabled explicitly. - "initialRepositoryEnablement": false, - - // The maximum number of repos that will be deleted per sync. A value of 0 or less indicates no maximum. - "maxDeletions": 0, - - // The password to use when authenticating to the Bitbucket Server / Bitbucket Data Center instance. Also set the corresponding "username" field. - // For Bitbucket Server / Bitbucket Data Center instances that support personal access tokens (Bitbucket Server / Bitbucket Data Center version 5.5 and newer), it is recommended to provide a token instead (in the "token" field). - "password": null, - - // Configuration for Bitbucket Server / Bitbucket Data Center Sourcegraph plugin - "plugin": { - "permissions": "disabled", - "webhooks": { - "disableSync": false, - "secret": null - } - }, - - // An array of project key strings that defines a collection of repositories related to their associated project keys - "projectKeys": null, - - // Rate limit applied when making background API requests to BitbucketServer. - "rateLimit": { - "enabled": true, - "requestsPerHour": 28800 - }, - - // An array of repository "projectKey/repositorySlug" strings specifying repositories to mirror on Sourcegraph. - // Other example values: - // - [ - // "myproject/myrepo", - // "myproject/myotherrepo", - // "~USER/theirrepo" - // ] - "repos": null, - - // The pattern used to generate the corresponding Sourcegraph repository name for a Bitbucket Server / Bitbucket Data Center repository. - // - "{host}" is replaced with the Bitbucket Server / Bitbucket Data Center URL's host (such as bitbucket.example.com) - // - "{projectKey}" is replaced with the Bitbucket repository's parent project key (such as "PRJ") - // - "{repositorySlug}" is replaced with the Bitbucket repository's slug key (such as "my-repo"). - // For example, if your Bitbucket Server / Bitbucket Data Center is https://bitbucket.example.com and your Sourcegraph is https://src.example.com, then a repositoryPathPattern of "{host}/{projectKey}/{repositorySlug}" would mean that a Bitbucket Server / Bitbucket Data Center repository at https://bitbucket.example.com/projects/PRJ/repos/my-repo is available on Sourcegraph at https://src.example.com/bitbucket.example.com/PRJ/my-repo. - // It is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined. - // Other example values: - // - "{projectKey}/{repositorySlug}" - "repositoryPathPattern": "{host}/{projectKey}/{repositorySlug}", - - // An array of strings specifying which repositories to mirror on Sourcegraph. Each string is a URL query string with parameters that filter the list of returned repos. Examples: "?name=my-repo&projectname=PROJECT&visibility=private". - // The special string "none" can be used as the only element to disable this feature. Repositories matched by multiple query strings are only imported once. Here's the official Bitbucket Server / Bitbucket Data Center documentation about which query string parameters are valid: https://docs.atlassian.com/bitbucket-server/rest/6.1.2/bitbucket-rest.html#idp355 - // Other example values: - // - [ - // "?name=my-repo\u0026projectname=PROJECT\u0026visibility=private" - // ] - "repositoryQuery": [ - "none" - ], - - // A Bitbucket Server / Bitbucket Data Center personal access token with Read permissions. When using batch changes, the token needs Write permissions. Create one at https://[your-bitbucket-hostname]/plugins/servlet/access-tokens/add. Also set the corresponding "username" field. - // For Bitbucket Server / Bitbucket Data Center instances that don't support personal access tokens (Bitbucket Server / Bitbucket Data Center version 5.4 and older), specify user-password credentials in the "username" and "password" fields. - "token": null, - - // REQUIRED: - // URL of a Bitbucket Server / Bitbucket Data Center instance, such as https://bitbucket.example.com. - // Other example values: - // - "https://bitbucket.example.com" - "url": null, - - // REQUIRED: - // The username to use when authenticating to the Bitbucket Server / Bitbucket Data Center instance. Also set the corresponding "token" or "password" field. - "username": null, - - // DEPRECATED: Switch to "plugin.webhooks" - "webhooks": { - "secret": null - } + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "bitbucket_server.schema.json#", + "title": "BitbucketServerConnection", + "description": "Configuration for a connection to Bitbucket Server / Bitbucket Data Center.", + "allowComments": true, + "type": "object", + "additionalProperties": false, + "required": ["username", "url"], + "oneOf": [ + { + "required": ["token"], + "properties": { + "password": { "type": "null" } + } + }, + { + "required": ["password"], + "properties": { + "token": { "type": "null" } + } + } + ], + "properties": { + "rateLimit": { + "description": "Rate limit applied when making background API requests to BitbucketServer.", + "title": "BitbucketServerRateLimit", + "type": "object", + "required": ["enabled", "requestsPerHour"], + "properties": { + "enabled": { + "description": "true if rate limiting is enabled.", + "type": "boolean", + "default": true + }, + "requestsPerHour": { + "description": "Requests per hour permitted. This is an average, calculated per second. Internally, the burst limit is set to 500, which implies that for a requests per hour limit as low as 1, users will continue to be able to send a maximum of 500 requests immediately, provided that the complexity cost of each request is 1.", + "type": "number", + "default": 28800, + "minimum": 0 + } + }, + "default": { + "enabled": true, + "requestsPerHour": 28800 + } + }, + "url": { + "description": "URL of a Bitbucket Server / Bitbucket Data Center instance, such as https://bitbucket.example.com.", + "type": "string", + "pattern": "^https?://", + "not": { + "type": "string", + "pattern": "example\\.com" + }, + "format": "uri", + "examples": ["https://bitbucket.example.com"], + "!go": { + "typeName": "NormalizedURL" + } + }, + "token": { + "description": "A Bitbucket Server / Bitbucket Data Center personal access token with Read permissions. When using batch changes, the token needs Write permissions. Create one at https://[your-bitbucket-hostname]/plugins/servlet/access-tokens/add. Also set the corresponding \"username\" field.\n\nFor Bitbucket Server / Bitbucket Data Center instances that don't support personal access tokens (Bitbucket Server / Bitbucket Data Center version 5.4 and older), specify user-password credentials in the \"username\" and \"password\" fields.", + "type": "string", + "minLength": 1 + }, + "username": { + "description": "The username to use when authenticating to the Bitbucket Server / Bitbucket Data Center instance. Also set the corresponding \"token\" or \"password\" field.", + "type": "string" + }, + "password": { + "description": "The password to use when authenticating to the Bitbucket Server / Bitbucket Data Center instance. Also set the corresponding \"username\" field.\n\nFor Bitbucket Server / Bitbucket Data Center instances that support personal access tokens (Bitbucket Server / Bitbucket Data Center version 5.5 and newer), it is recommended to provide a token instead (in the \"token\" field).", + "type": "string" + }, + "gitURLType": { + "description": "The type of Git URLs to use for cloning and fetching Git repositories on this Bitbucket Server / Bitbucket Data Center instance.\n\nIf \"http\", Sourcegraph will access Bitbucket Server / Bitbucket Data Center repositories using Git URLs of the form http(s)://bitbucket.example.com/scm/myproject/myrepo.git (using https: if the Bitbucket Server / Bitbucket Data Center instance uses HTTPS).\n\nIf \"ssh\", Sourcegraph will access Bitbucket Server / Bitbucket Data Center repositories using Git URLs of the form ssh://git@example.bitbucket.org/myproject/myrepo.git. See the documentation for how to provide SSH private keys and known_hosts: https://sourcegraph.com/docs/admin/repo/auth.", + "type": "string", + "enum": ["http", "ssh"], + "default": "http", + "examples": ["ssh"] + }, + "gitSSHCredential": { + "description": "SSH keys to use when cloning Git repo.", + "$ref": "git.schema.json#/definitions/gitSSHCredential" + }, + "gitSSHCipher": { + "description": "SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`.", + "$ref": "git.schema.json#/definitions/gitSSHCipher" + }, + "certificate": { + "description": "TLS certificate of the Bitbucket Server / Bitbucket Data Center instance. This is only necessary if the certificate is self-signed or signed by an internal CA. To get the certificate run `openssl s_client -connect HOST:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform PEM`. To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh.", + "type": "string", + "pattern": "^-----BEGIN CERTIFICATE-----\n", + "examples": ["-----BEGIN CERTIFICATE-----\n..."] + }, + "webhooks": { + "description": "DEPRECATED: Switch to \"plugin.webhooks\"", + "type": "object", + "properties": { + "secret": { + "description": "Secret for authenticating incoming webhook payloads", + "type": "string", + "minLength": 1 + } + } + }, + "plugin": { + "title": "BitbucketServerPlugin", + "description": "Configuration for Bitbucket Server / Bitbucket Data Center Sourcegraph plugin", + "type": "object", + "properties": { + "webhooks": { + "title": "BitbucketServerPluginWebhooks", + "deprecationMessage": "Deprecated in favour of first class webhooks. See https://sourcegraph.com/docs/admin/config/webhooks/incoming#deprecation-notice", + "type": "object", + "required": ["secret"], + "properties": { + "secret": { + "description": "Secret for authenticating incoming webhook payloads", + "type": "string", + "minLength": 1 + }, + "disableSync": { + "description": "Disallow Sourcegraph from automatically syncing webhook config with the Bitbucket Server / Bitbucket Data Center instance. For details of how the webhook is configured, see our docs: https://sourcegraph.com/docs/admin/code_hosts/bitbucket_server#webhooks", + "type": "boolean", + "default": false + } + } + }, + "permissions": { + "description": "Enables fetching Bitbucket Server / Bitbucket Data Center permissions through the roaring bitmap endpoint. Warning: there may be performance degradation under significant load.", + "type": "string", + "enum": ["enabled", "disabled"], + "default": "disabled" + } + } + }, + "repositoryPathPattern": { + "description": "The pattern used to generate the corresponding Sourcegraph repository name for a Bitbucket Server / Bitbucket Data Center repository.\n\n - \"{host}\" is replaced with the Bitbucket Server / Bitbucket Data Center URL's host (such as bitbucket.example.com)\n - \"{projectKey}\" is replaced with the Bitbucket repository's parent project key (such as \"PRJ\")\n - \"{repositorySlug}\" is replaced with the Bitbucket repository's slug key (such as \"my-repo\").\n\nFor example, if your Bitbucket Server / Bitbucket Data Center is https://bitbucket.example.com and your Sourcegraph is https://src.example.com, then a repositoryPathPattern of \"{host}/{projectKey}/{repositorySlug}\" would mean that a Bitbucket Server / Bitbucket Data Center repository at https://bitbucket.example.com/projects/PRJ/repos/my-repo is available on Sourcegraph at https://src.example.com/bitbucket.example.com/PRJ/my-repo.\n\nIt is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined.", + "type": "string", + "default": "{host}/{projectKey}/{repositorySlug}", + "examples": ["{projectKey}/{repositorySlug}"] + }, + "excludePersonalRepositories": { + "description": "Whether or not personal repositories should be excluded or not. When true, Sourcegraph will ignore personal repositories it may have access to. See https://sourcegraph.com/docs/integration/bitbucket_server#excluding-personal-repositories for more information.", + "type": "boolean", + "default": false + }, + "repositoryQuery": { + "description": "An array of strings specifying which repositories to mirror on Sourcegraph. Each string is a URL query string with parameters that filter the list of returned repos. Examples: \"?name=my-repo&projectname=PROJECT&visibility=private\".\n\nThe special string \"none\" can be used as the only element to disable this feature. Repositories matched by multiple query strings are only imported once. Here's the official Bitbucket Server / Bitbucket Data Center documentation about which query string parameters are valid: https://docs.atlassian.com/bitbucket-server/rest/6.1.2/bitbucket-rest.html#idp355", + "type": "array", + "items": { + "type": "string", + "minLength": 1 + }, + "default": ["none"], + "minItems": 1, + "examples": [["?name=my-repo&projectname=PROJECT&visibility=private"]] + }, + "repos": { + "description": "An array of repository \"projectKey/repositorySlug\" strings specifying repositories to mirror on Sourcegraph.", + "type": "array", + "minItems": 1, + "items": { + "type": "string", + "pattern": "^~?[\\w-]+/[\\w.-]+$" + }, + "examples": [["myproject/myrepo", "myproject/myotherrepo", "~USER/theirrepo"]] + }, + "projectKeys": { + "description": "An array of project key strings that defines a collection of repositories related to their associated project keys", + "type": "array", + "items": { + "type": "string" + } + }, + "exclude": { + "description": "A list of repositories to never mirror from this Bitbucket Server / Bitbucket Data Center instance. Takes precedence over \"repos\" and \"repositoryQuery\".\n\nSupports excluding by name ({\"name\": \"projectKey/repositorySlug\"}) or by ID ({\"id\": 42}).", + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "title": "ExcludedBitbucketServerRepo", + "additionalProperties": false, + "anyOf": [{ "required": ["name"] }, { "required": ["id"] }, { "required": ["pattern"] }], + "properties": { + "name": { + "description": "The name of a Bitbucket Server / Bitbucket Data Center repo (\"projectKey/repositorySlug\") to exclude from mirroring.", + "type": "string", + "pattern": "^~?[\\w-]+/[\\w.-]+$" + }, + "id": { + "description": "The ID of a Bitbucket Server / Bitbucket Data Center repo (as returned by the Bitbucket Server / Bitbucket Data Center instance's API) to exclude from mirroring.", + "type": "integer" + }, + "pattern": { + "description": "Regular expression which matches against the name of a Bitbucket Server / Bitbucket Data Center repo.", + "type": "string", + "format": "regex" + } + } + }, + "examples": [ + [{ "name": "myproject/myrepo" }, { "id": 42 }], + [ + { "name": "myproject/myrepo" }, + { "name": "myproject/myotherrepo" }, + { "name": "~USER/theirrepo" }, + { "pattern": "^topsecretproject/.*" } + ] + ] + }, + "initialRepositoryEnablement": { + "description": "Deprecated and ignored field which will be removed entirely in the next release. BitBucket repositories can no longer be enabled or disabled explicitly.", + "type": "boolean", + "default": false + }, + "authorization": { + "title": "BitbucketServerAuthorization", + "description": "If non-null, enforces Bitbucket Server / Bitbucket Data Center repository permissions.", + "type": "object", + "additionalProperties": false, + "oneOf": [ + { + "required": ["identityProvider", "oauth"] + }, + { + "required": ["oauth2"] + } + ], + "properties": { + "oauth2": { + "type": "boolean" + }, + "identityProvider": { + "description": "The source of identity to use when computing permissions. This defines how to compute the Bitbucket Server / Bitbucket Data Center identity to use for a given Sourcegraph user. When 'username' is used, Sourcegraph assumes usernames are identical in Sourcegraph and Bitbucket Server / Bitbucket Data Center accounts and `auth.enableUsernameChanges` must be set to false for security reasons.", + "title": "BitbucketServerIdentityProvider", + "type": "object", + "required": ["type"], + "properties": { + "type": { + "type": "string", + "enum": ["username"] + } + }, + "oneOf": [{ "$ref": "#/definitions/UsernameIdentity" }], + "!go": { + "taggedUnionType": true + } + }, + "oauth": { + "title": "BitbucketServerOAuth", + "type": "object", + "additionalProperties": false, + "required": ["consumerKey", "signingKey"], + "description": "OAuth configuration specified when creating the Bitbucket Server / Bitbucket Data Center Application Link with incoming authentication. Two Legged OAuth with 'ExecuteAs=admin' must be enabled as well as user impersonation.", + "properties": { + "consumerKey": { + "description": "The OAuth consumer key specified when creating the Bitbucket Server / Bitbucket Data Center Application Link with incoming authentication.", + "type": "string", + "minLength": 1 + }, + "signingKey": { + "description": "Base64 encoding of the OAuth PEM encoded RSA private key used to generate the public key specified when creating the Bitbucket Server / Bitbucket Data Center Application Link with incoming authentication.", + "type": "string", + "minLength": 1 + } + } + } + } + }, + "maxDeletions": { + "description": "The maximum number of repos that will be deleted per sync. A value of 0 or less indicates no maximum.", + "type": "integer", + "default": 0 + } + }, + "definitions": { + "UsernameIdentity": { + "title": "BitbucketServerUsernameIdentity", + "type": "object", + "additionalProperties": false, + "required": ["type"], + "properties": { + "type": { + "type": "string", + "const": "username" + } + } + } + } } ``` {/* SCHEMA_SYNC_END: admin/code_hosts/bitbucket_server.schema.json */} diff --git a/docs/admin/code_hosts/gerrit.mdx b/docs/admin/code_hosts/gerrit.mdx index ebad62ca7..2ddc532a0 100644 --- a/docs/admin/code_hosts/gerrit.mdx +++ b/docs/admin/code_hosts/gerrit.mdx @@ -109,78 +109,104 @@ Gerrit connections support the following configuration options, which are specif ### admin/code_hosts/gerrit.schema.json {/* SCHEMA_SYNC_START: admin/code_hosts/gerrit.schema.json */} -{/* WARNING: This section is auto-generated during releases. Do not edit manually. */} -{/* Last updated: 2025-07-10T00:07:32Z via sourcegraph/sourcegraph@v6.5.2654 */} ```json { - // If non-null, enforces Gerrit repository permissions. This requires that there is an item in the [site configuration json](https://sourcegraph.com/docs/admin/config/site_config#auth-providers) `auth.providers` field, of type "gerrit" with the same `url` field as specified in this `GerritConnection`. - "authorization": { - "identityProvider": null - }, - - // A list of repositories to never mirror from this Gerrit instance. Takes precedence over "projects" configuration. - // Supports excluding by name ({"name": "owner/name"}) - // Other example values: - // - [ - // { - // "name": "docs" - // }, - // { - // "name": "php/php-src" - // } - // ] - "exclude": null, - - // SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`. - "gitSSHCipher": null, - - // SSH keys to use when cloning Git repo. - "gitSSHCredential": null, - - // The type of Git URLs to use for cloning and fetching Git repositories on this Gerrit instance. - // If "http", Sourcegraph will access Gerrit repositories using Git URLs of the form http(s)://gerrit.example.com/a/myteam/myproject.git (using https: if the Gerrit instance uses HTTPS). - // If "ssh", Sourcegraph will access Gerrit repositories using Git URLs of the form git@gerrit.example.com:myteam/myproject.git. The exact hostname and port will be fetched from /ssh_info. See the documentation for how to provide SSH private keys and known_hosts: https://sourcegraph.com/docs/admin/repo/auth. - // Valid options: "http", "ssh" - "gitURLType": "http", - - // REQUIRED: - // The password associated with the Gerrit username used for authentication. - "password": null, - - // Any number of query parameters as supported by the Gerrit REST API: https://gerrit-review.googlesource.com/Documentation/rest-api-projects.html - // Other example values: - // - "query=name:kubernetes" - // - "r=.*test" - "projectQuery": null, - - // An array of project strings specifying which Gerrit projects to mirror on Sourcegraph. If empty, all projects will be mirrored. - // Other example values: - // - [ - // "name", - // "owner/name" - // ] - // - [ - // "docs", - // "kubernetes/kubernetes", - // "golang/go", - // "facebook/react" - // ] - "projects": null, - - // The pattern used to generate the corresponding Sourcegraph repository name for a Gerrit repository. In the pattern, the variable "{host}" is replaced with the Gerrit host (such as gerrit.example.com), and "{name}" is replaced with the Gerrit repository's name (such as "myrepo"). - // For example, if your Gerrit URL is https://gerrit.example.com and your Sourcegraph URL is https://src.example.com, then a repositoryPathPattern of "{host}/{name}" would mean that a Gerrit repository at https://gerrit.example.com/myrepo is available on Sourcegraph at https://src.example.com/gerrit.example.com/myrepo. - // It is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined. - "repositoryPathPattern": "{host}/{name}", - - // REQUIRED: - // URL of a Gerrit instance, such as https://gerrit.example.com. - // Other example values: - // - "https://gerrit.example.com" - "url": null, - - // REQUIRED: - // A username for authentication with the Gerrit code host. - "username": null + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "gerrit.schema.json#", + "title": "GerritConnection", + "description": "Configuration for a connection to Gerrit.", + "allowComments": true, + "type": "object", + "additionalProperties": false, + "required": ["url", "username", "password"], + "properties": { + "url": { + "description": "URL of a Gerrit instance, such as https://gerrit.example.com.", + "type": "string", + "pattern": "^https?://", + "not": { + "type": "string", + "pattern": "example\\.com" + }, + "format": "uri", + "examples": ["https://gerrit.example.com"], + "!go": { + "typeName": "NormalizedURL" + } + }, + "username": { + "description": "A username for authentication with the Gerrit code host.", + "type": "string", + "minLength": 1 + }, + "password": { + "description": "The password associated with the Gerrit username used for authentication.", + "type": "string", + "minLength": 1 + }, + "projects": { + "description": "An array of project strings specifying which Gerrit projects to mirror on Sourcegraph. If empty, all projects will be mirrored.", + "type": "array", + "items": { "type": "string" }, + "examples": [ + ["name", "owner/name"], + ["docs", "kubernetes/kubernetes", "golang/go", "facebook/react"] + ] + }, + "projectQuery": { + "description": "Any number of query parameters as supported by the Gerrit REST API: https://gerrit-review.googlesource.com/Documentation/rest-api-projects.html", + "type": "string", + "examples": ["query=name:kubernetes", "r=.*test"] + }, + "gitURLType": { + "description": "The type of Git URLs to use for cloning and fetching Git repositories on this Gerrit instance.\n\nIf \"http\", Sourcegraph will access Gerrit repositories using Git URLs of the form http(s)://gerrit.example.com/a/myteam/myproject.git (using https: if the Gerrit instance uses HTTPS).\n\nIf \"ssh\", Sourcegraph will access Gerrit repositories using Git URLs of the form git@gerrit.example.com:myteam/myproject.git. The exact hostname and port will be fetched from /ssh_info. See the documentation for how to provide SSH private keys and known_hosts: https://sourcegraph.com/docs/admin/repo/auth.", + "type": "string", + "enum": ["http", "ssh"], + "default": "http" + }, + "gitSSHCredential": { + "description": "SSH keys to use when cloning Git repo.", + "$ref": "git.schema.json#/definitions/gitSSHCredential" + }, + "gitSSHCipher": { + "description": "SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`.", + "$ref": "git.schema.json#/definitions/gitSSHCipher" + }, + "exclude": { + "description": "A list of repositories to never mirror from this Gerrit instance. Takes precedence over \"projects\" configuration.\n\nSupports excluding by name ({\"name\": \"owner/name\"})", + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "title": "ExcludedGerritProject", + "additionalProperties": false, + "anyOf": [{ "required": ["name"] }], + "properties": { + "name": { + "description": "The name of a Gerrit project to exclude from mirroring.", + "type": "string" + } + } + }, + "examples": [[{ "name": "docs" }, { "name": "php/php-src" }]] + }, + "repositoryPathPattern": { + "description": "The pattern used to generate the corresponding Sourcegraph repository name for a Gerrit repository. In the pattern, the variable \"{host}\" is replaced with the Gerrit host (such as gerrit.example.com), and \"{name}\" is replaced with the Gerrit repository's name (such as \"myrepo\").\n\nFor example, if your Gerrit URL is https://gerrit.example.com and your Sourcegraph URL is https://src.example.com, then a repositoryPathPattern of \"{host}/{name}\" would mean that a Gerrit repository at https://gerrit.example.com/myrepo is available on Sourcegraph at https://src.example.com/gerrit.example.com/myrepo.\n\nIt is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined.", + "type": "string", + "default": "{host}/{name}" + }, + "authorization": { + "title": "GerritAuthorization", + "description": "If non-null, enforces Gerrit repository permissions. This requires that there is an item in the [site configuration json](https://sourcegraph.com/docs/admin/config/site_config#auth-providers) `auth.providers` field, of type \"gerrit\" with the same `url` field as specified in this `GerritConnection`.", + "type": "object", + "properties": { + "identityProvider": { + "description": "The identity provider to use for user information. If not set, the `url` field is used.", + "type": "string" + } + } + } + } } ``` {/* SCHEMA_SYNC_END: admin/code_hosts/gerrit.schema.json */} diff --git a/docs/admin/code_hosts/github.mdx b/docs/admin/code_hosts/github.mdx index 01bebc570..c60ee9e54 100644 --- a/docs/admin/code_hosts/github.mdx +++ b/docs/admin/code_hosts/github.mdx @@ -442,171 +442,371 @@ GitHub connections support the following configuration options, which are specif ### admin/code_hosts/github.schema.json {/* SCHEMA_SYNC_START: admin/code_hosts/github.schema.json */} -{/* WARNING: This section is auto-generated during releases. Do not edit manually. */} -{/* Last updated: 2025-07-10T00:07:27Z via sourcegraph/sourcegraph@v6.5.2654 */} ```json - // Authentication alternatives: token OR gitHubAppDetails OR externalAccount OR useRandomExternalAccount - { - // If non-null, enforces GitHub repository permissions. This requires that there is an item in the [site configuration json](https://sourcegraph.com/docs/admin/config/site_config#auth-providers) `auth.providers` field, of type "github" with the same `url` field as specified in this `GitHubConnection`. - "authorization": { - "groupsCacheTTL": 72, - "markInternalReposAsPublic": false, - "syncInternalRepoPermissions": false - }, - - // TLS certificate of the GitHub Enterprise instance. This is only necessary if the certificate is self-signed or signed by an internal CA. To get the certificate run `openssl s_client -connect HOST:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform PEM`. To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh. - // Other example values: - // - "-----BEGIN CERTIFICATE-----\n..." - "certificate": null, - - // A list of repository entries that define which repositories to never mirror from this GitHub instance. Takes precedence over "orgs", "repos", and "repositoryQuery" configuration. - // Each entry in the list can be either a name ({"name": "owner/name"}), an ID ({"id": "MDEwOlJlcG9zaXRvcnkxMTczMDM0Mg=="}), or a set of conditions like pattern, size, stars, etc. If multiple conditions are specified within a single entry, ALL of those conditions must be met for a repository to be excluded (AND). If multiple entries exist in the exclude list, a repository matching ANY of the entries (OR) will be excluded from syncing. - // Note: ID is the GitHub GraphQL ID, not the GitHub database ID. eg: "curl https://api.github.com/repos/vuejs/vue | jq .node_id" - // Other example values: - // - [ - // { - // "forks": true - // } - // ] - // - [ - // { - // "name": "owner/name" - // }, - // { - // "id": "MDEwOlJlcG9zaXRvcnkxMTczMDM0Mg==" - // } - // ] - // - [ - // { - // "name": "vuejs/vue" - // }, - // { - // "name": "php/php-src" - // }, - // { - // "pattern": "^topsecretorg/.*" - // } - // ] - // - [ - // { - // "size": "\u003e= 1GB", - // "stars": "\u003c 100" - // } - // ] - "exclude": null, - - // GitHub external account to use for authentication. - "externalAccount": { - "accountID": null, - "clientID": null - }, - - // If non-null, this is a GitHub App connection with some additional properties. - "gitHubAppDetails": { - "appID": 0, - "baseURL": null, - "cloneAllRepositories": false, - "installationID": 0 - }, - - // SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`. - "gitSSHCipher": null, - - // SSH keys to use when cloning Git repo. - "gitSSHCredential": null, - - // The type of Git URLs to use for cloning and fetching Git repositories on this GitHub instance. - // If "http", Sourcegraph will access GitHub repositories using Git URLs of the form http(s)://github.com/myteam/myproject.git (using https: if the GitHub instance uses HTTPS). - // If "ssh", Sourcegraph will access GitHub repositories using Git URLs of the form git@github.com:myteam/myproject.git. See the documentation for how to provide SSH private keys and known_hosts: https://sourcegraph.com/docs/admin/repo/auth. - // Valid options: "http", "ssh" - "gitURLType": "http", - - // DEPRECATED: The installation ID of the GitHub App. - "githubAppInstallationID": null, - - // Deprecated and ignored field which will be removed entirely in the next release. GitHub repositories can no longer be enabled or disabled explicitly. Configure repositories to be mirrored via "repos", "exclude" and "repositoryQuery" instead. - "initialRepositoryEnablement": false, - - // The maximum number of repos that will be deleted per sync. A value of 0 or less indicates no maximum. - "maxDeletions": 0, - - // An array of organization names identifying GitHub organizations whose repositories should be mirrored on Sourcegraph. - // Other example values: - // - [ - // "name" - // ] - // - [ - // "kubernetes", - // "golang", - // "facebook" - // ] - "orgs": null, - - // Whether the code host connection is in a pending state. - "pending": false, - - // Rate limit applied when making background API requests to GitHub. - "rateLimit": { - "enabled": true, - "requestsPerHour": 5000 - }, - - // An array of repository "owner/name" strings specifying which GitHub or GitHub Enterprise repositories to mirror on Sourcegraph. - // Other example values: - // - [ - // "owner/name" - // ] - // - [ - // "kubernetes/kubernetes", - // "golang/go", - // "facebook/react" - // ] - "repos": null, - - // The pattern used to generate the corresponding Sourcegraph repository name for a GitHub or GitHub Enterprise repository. In the pattern, the variable "{host}" is replaced with the GitHub host (such as github.example.com), and "{nameWithOwner}" is replaced with the GitHub repository's "owner/path" (such as "myorg/myrepo"). - // For example, if your GitHub Enterprise URL is https://github.example.com and your Sourcegraph URL is https://src.example.com, then a repositoryPathPattern of "{host}/{nameWithOwner}" would mean that a GitHub repository at https://github.example.com/myorg/myrepo is available on Sourcegraph at https://src.example.com/github.example.com/myorg/myrepo. - // It is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined. - "repositoryPathPattern": "{host}/{nameWithOwner}", - - // An array of strings specifying which GitHub or GitHub Enterprise repositories to mirror on Sourcegraph. The valid values are: - // - `public` mirrors all public repositories for GitHub Enterprise and is the equivalent of `none` for GitHub - // - `internal` mirrors all internal repositories for GitHub Enterprise and is the equivalent of `none` for GitHub - // - `affiliated` mirrors all repositories affiliated with the configured token's user: - // - Private repositories with read access - // - Public repositories owned by the user or their orgs - // - Public repositories with write access - // - `none` mirrors no repositories (except those specified in the `repos` configuration property or added manually) - // - All other values are executed as a GitHub advanced repository search as described at https://github.com/search/advanced. Example: to sync all repositories from the "sourcegraph" organization including forks the query would be "org:sourcegraph fork:true". - // If multiple values are provided, their results are unioned. - // If you need to narrow the set of mirrored repositories further (and don't want to enumerate it with a list or query set as above), create a new bot/machine user on GitHub or GitHub Enterprise that is only affiliated with the desired repositories. - "repositoryQuery": [ - "none" - ], - - // A GitHub personal access token. Create one for GitHub.com at https://github.com/settings/tokens/new?description=Sourcegraph (for GitHub Enterprise, replace github.com with your instance's hostname). See https://sourcegraph.com/docs/admin/code_hosts/github#github-api-access for which scopes are required for which use cases. - "token": null, - - // REQUIRED: - // URL of a GitHub instance, such as https://github.com or https://github-enterprise.example.com. - // Other example values: - // - "https://github.com" - // - "https://github-enterprise.example.com" - "url": null, - - // Use a random user external account for authentication. When set, the code host connection will only be able to add public repositories. - "useRandomExternalAccount": false, - - // ⚠️ DEPRECATED: Deprecated in favour of first class webhooks. See https://sourcegraph.com/docs/admin/config/webhooks/incoming#deprecation-notice - // An array of configurations defining existing GitHub webhooks that send updates back to Sourcegraph. - // Other example values: - // - [ - // { - // "org": "yourorgname", - // "secret": "webhook-secret" - // } - // ] - "webhooks": null + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "github.schema.json#", + "title": "GitHubConnection", + "description": "Configuration for a connection to GitHub or GitHub Enterprise.", + "allowComments": true, + "type": "object", + "additionalProperties": false, + "required": ["url"], + "oneOf": [ + { + "required": ["token"] + }, + { + "required": ["gitHubAppDetails"] + }, + { + "required": ["externalAccount"] + }, + { + "required": ["useRandomExternalAccount"] + }, + { + "not": { + "anyOf": [ + { + "required": ["token"] + }, + { + "required": ["gitHubAppDetails"] + }, + { + "required": ["externalAccount"] + }, + { + "required": ["useRandomExternalAccount"] + } + ] + } + } + ], + "properties": { + "url": { + "description": "URL of a GitHub instance, such as https://github.com or https://github-enterprise.example.com.", + "type": "string", + "not": { + "type": "string", + "pattern": "example\\.com" + }, + "pattern": "^https?://", + "format": "uri", + "examples": ["https://github.com", "https://github-enterprise.example.com"], + "!go": { + "typeName": "NormalizedURL" + } + }, + "gitURLType": { + "description": "The type of Git URLs to use for cloning and fetching Git repositories on this GitHub instance.\n\nIf \"http\", Sourcegraph will access GitHub repositories using Git URLs of the form http(s)://github.com/myteam/myproject.git (using https: if the GitHub instance uses HTTPS).\n\nIf \"ssh\", Sourcegraph will access GitHub repositories using Git URLs of the form git@github.com:myteam/myproject.git. See the documentation for how to provide SSH private keys and known_hosts: https://sourcegraph.com/docs/admin/repo/auth.", + "type": "string", + "enum": ["http", "ssh"], + "default": "http" + }, + "token": { + "description": "A GitHub personal access token. Create one for GitHub.com at https://github.com/settings/tokens/new?description=Sourcegraph (for GitHub Enterprise, replace github.com with your instance's hostname). See https://sourcegraph.com/docs/admin/code_hosts/github#github-api-access for which scopes are required for which use cases.", + "type": "string", + "minLength": 1 + }, + "externalAccount": { + "title": "GitHubExternalAccount", + "description": "GitHub external account to use for authentication.", + "type": "object", + "required": ["accountID", "clientID"], + "properties": { + "accountID": { + "description": "The ID of the account on GitHub.", + "type": "string" + }, + "clientID": { + "description": "The Client ID of the OAuth app that added the account.", + "type": "string" + } + } + }, + "useRandomExternalAccount": { + "description": "Use a random user external account for authentication. When set, the code host connection will only be able to add public repositories.", + "type": "boolean" + }, + "gitSSHCredential": { + "description": "SSH keys to use when cloning Git repo.", + "$ref": "git.schema.json#/definitions/gitSSHCredential" + }, + "gitSSHCipher": { + "description": "SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`.", + "$ref": "git.schema.json#/definitions/gitSSHCipher" + }, + "rateLimit": { + "description": "Rate limit applied when making background API requests to GitHub.", + "title": "GitHubRateLimit", + "type": "object", + "required": ["enabled", "requestsPerHour"], + "properties": { + "enabled": { + "description": "true if rate limiting is enabled.", + "type": "boolean", + "default": true + }, + "requestsPerHour": { + "description": "Requests per hour permitted. This is an average, calculated per second. Internally, the burst limit is set to 100, which implies that for a requests per hour limit as low as 1, users will continue to be able to send a maximum of 100 requests immediately, provided that the complexity cost of each request is 1.", + "type": "number", + "default": 5000, + "minimum": 0 + } + }, + "default": { + "enabled": true, + "requestsPerHour": 5000 + } + }, + "certificate": { + "description": "TLS certificate of the GitHub Enterprise instance. This is only necessary if the certificate is self-signed or signed by an internal CA. To get the certificate run `openssl s_client -connect HOST:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform PEM`. To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh.", + "type": "string", + "pattern": "^-----BEGIN CERTIFICATE-----\n", + "examples": ["-----BEGIN CERTIFICATE-----\n..."] + }, + "repos": { + "description": "An array of repository \"owner/name\" strings specifying which GitHub or GitHub Enterprise repositories to mirror on Sourcegraph.", + "type": "array", + "items": { + "type": "string", + "pattern": "^[\\w-]+/[\\w.-]+$" + }, + "examples": [["owner/name"], ["kubernetes/kubernetes", "golang/go", "facebook/react"]] + }, + "orgs": { + "description": "An array of organization names identifying GitHub organizations whose repositories should be mirrored on Sourcegraph.", + "type": "array", + "items": { + "type": "string", + "pattern": "^[\\w-]+$" + }, + "examples": [["name"], ["kubernetes", "golang", "facebook"]] + }, + "webhooks": { + "description": "An array of configurations defining existing GitHub webhooks that send updates back to Sourcegraph.", + "deprecationMessage": "Deprecated in favour of first class webhooks. See https://sourcegraph.com/docs/admin/config/webhooks/incoming#deprecation-notice", + "type": "array", + "items": { + "type": "object", + "title": "GitHubWebhook", + "required": ["org", "secret"], + "properties": { + "org": { + "description": "The name of the GitHub organization to which the webhook belongs", + "type": "string", + "minLength": 1 + }, + "secret": { + "description": "The secret used when creating the webhook", + "type": "string", + "minLength": 1 + } + } + }, + "examples": [ + [ + { + "org": "yourorgname", + "secret": "webhook-secret" + } + ] + ] + }, + "exclude": { + "description": "A list of repository entries that define which repositories to never mirror from this GitHub instance. Takes precedence over \"orgs\", \"repos\", and \"repositoryQuery\" configuration.\n\nEach entry in the list can be either a name ({\"name\": \"owner/name\"}), an ID ({\"id\": \"MDEwOlJlcG9zaXRvcnkxMTczMDM0Mg==\"}), or a set of conditions like pattern, size, stars, etc. If multiple conditions are specified within a single entry, ALL of those conditions must be met for a repository to be excluded (AND). If multiple entries exist in the exclude list, a repository matching ANY of the entries (OR) will be excluded from syncing.\n\nNote: ID is the GitHub GraphQL ID, not the GitHub database ID. eg: \"curl https://api.github.com/repos/vuejs/vue | jq .node_id\"", + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "title": "ExcludedGitHubRepo", + "additionalProperties": false, + "oneOf": [ + { + "anyOf": [ + { + "required": ["name"] + }, + { + "required": ["id"] + } + ] + }, + { + "anyOf": [ + { + "required": ["pattern"] + }, + { + "required": ["forks"] + }, + { + "required": ["archived"] + }, + { + "required": ["stars"] + }, + { + "required": ["size"] + } + ] + } + ], + "properties": { + "archived": { + "description": "If set to true, archived repositories will be excluded.", + "type": "boolean" + }, + "forks": { + "description": "If set to true, forks will be excluded.", + "type": "boolean" + }, + "name": { + "description": "The name of a GitHub repository (\"owner/name\") to exclude from mirroring.", + "type": "string", + "pattern": "^[\\w-]+/[\\w.-]+$" + }, + "id": { + "description": "The node ID of a GitHub repository (as returned by the GitHub instance's API) to exclude from mirroring. Use this to exclude the repository, even if renamed. Note: This is the GraphQL ID, not the GitHub database ID. eg: \"curl https://api.github.com/repos/vuejs/vue | jq .node_id\"", + "type": "string", + "minLength": 1 + }, + "pattern": { + "description": "Regular expression which matches against the name of a GitHub repository (\"owner/name\").", + "type": "string", + "format": "regex" + }, + "size": { + "description": "If set, repositories with a size above the specified one will be excluded.", + "type": "string", + "minLength": 2, + "pattern": "^[<>]{1}[=]{0,1}\\s*\\d+\\s*\\w+$" + }, + "stars": { + "description": "If set, repositories stars less than the specified number will be.", + "type": "string", + "minLength": 2, + "pattern": "^[<>]{1}[=]{0,1}\\s*\\d+$" + } + } + }, + "examples": [ + [ + { + "forks": true + } + ], + [ + { + "name": "owner/name" + }, + { + "id": "MDEwOlJlcG9zaXRvcnkxMTczMDM0Mg==" + } + ], + [ + { + "name": "vuejs/vue" + }, + { + "name": "php/php-src" + }, + { + "pattern": "^topsecretorg/.*" + } + ], + [ + { + "size": ">= 1GB", + "stars": "< 100" + } + ] + ] + }, + "repositoryQuery": { + "description": "An array of strings specifying which GitHub or GitHub Enterprise repositories to mirror on Sourcegraph. The valid values are:\n\n- `public` mirrors all public repositories for GitHub Enterprise and is the equivalent of `none` for GitHub\n\n- `internal` mirrors all internal repositories for GitHub Enterprise and is the equivalent of `none` for GitHub\n\n- `affiliated` mirrors all repositories affiliated with the configured token's user:\n\t- Private repositories with read access\n\t- Public repositories owned by the user or their orgs\n\t- Public repositories with write access\n\n- `none` mirrors no repositories (except those specified in the `repos` configuration property or added manually)\n\n- All other values are executed as a GitHub advanced repository search as described at https://github.com/search/advanced. Example: to sync all repositories from the \"sourcegraph\" organization including forks the query would be \"org:sourcegraph fork:true\".\n\nIf multiple values are provided, their results are unioned.\n\nIf you need to narrow the set of mirrored repositories further (and don't want to enumerate it with a list or query set as above), create a new bot/machine user on GitHub or GitHub Enterprise that is only affiliated with the desired repositories.", + "type": "array", + "items": { + "type": "string", + "minLength": 1 + }, + "default": ["none"], + "minItems": 1 + }, + "repositoryPathPattern": { + "description": "The pattern used to generate the corresponding Sourcegraph repository name for a GitHub or GitHub Enterprise repository. In the pattern, the variable \"{host}\" is replaced with the GitHub host (such as github.example.com), and \"{nameWithOwner}\" is replaced with the GitHub repository's \"owner/path\" (such as \"myorg/myrepo\").\n\nFor example, if your GitHub Enterprise URL is https://github.example.com and your Sourcegraph URL is https://src.example.com, then a repositoryPathPattern of \"{host}/{nameWithOwner}\" would mean that a GitHub repository at https://github.example.com/myorg/myrepo is available on Sourcegraph at https://src.example.com/github.example.com/myorg/myrepo.\n\nIt is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined.", + "type": "string", + "default": "{host}/{nameWithOwner}" + }, + "initialRepositoryEnablement": { + "description": "Deprecated and ignored field which will be removed entirely in the next release. GitHub repositories can no longer be enabled or disabled explicitly. Configure repositories to be mirrored via \"repos\", \"exclude\" and \"repositoryQuery\" instead.", + "type": "boolean" + }, + "authorization": { + "title": "GitHubAuthorization", + "description": "If non-null, enforces GitHub repository permissions. This requires that there is an item in the [site configuration json](https://sourcegraph.com/docs/admin/config/site_config#auth-providers) `auth.providers` field, of type \"github\" with the same `url` field as specified in this `GitHubConnection`.", + "type": "object", + "properties": { + "groupsCacheTTL": { + "description": "Experimental: If set, configures hours cached permissions from teams and organizations should be kept for. Setting a negative value disables syncing from teams and organizations, and falls back to the default behaviour of syncing all permisisons directly from user-repository affiliations instead. [Learn more](https://sourcegraph.com/docs/admin/code_hosts/github#teams-and-organizations-permissions-caching).", + "type": "number", + "default": 72 + }, + "syncInternalRepoPermissions": { + "description": "If true, access to internal repositories will be synced as part of user permission syncs. This can lead to slower user permission syncs for organizations with many internal repositories. Defaults to false.", + "type": "boolean", + "default": false + }, + "markInternalReposAsPublic": { + "description": "If true, internal repositories will be accessible to all users on Sourcegraph as if they were public. This overrides repository permissions but allows easier discovery and access to internal repositories, and may be desirable if all users on the Sourcegraph instance should have access to all internal repositories anyways. Defaults to false.", + "type": "boolean", + "default": false + } + } + }, + "githubAppInstallationID": { + "description": "DEPRECATED: The installation ID of the GitHub App.", + "type": "string" + }, + "gitHubAppDetails": { + "description": "If non-null, this is a GitHub App connection with some additional properties.", + "type": "object", + "properties": { + "baseURL": { + "description": "The base URL of the GitHub App.", + "type": "string", + "pattern": "^https?://" + }, + "appID": { + "description": "The ID of the GitHub App.", + "type": "integer", + "minimum": 1 + }, + "installationID": { + "description": "The installation ID of this connection.", + "type": "integer", + "minimum": 1 + }, + "cloneAllRepositories": { + "description": "Clone all repositories for this App installation.", + "type": "boolean", + "default": false + } + } + }, + "maxDeletions": { + "description": "The maximum number of repos that will be deleted per sync. A value of 0 or less indicates no maximum.", + "type": "integer", + "default": 0 + }, + "pending": { + "description": "Whether the code host connection is in a pending state.", + "type": "boolean", + "default": false + } + } } ``` {/* SCHEMA_SYNC_END: admin/code_hosts/github.schema.json */} diff --git a/docs/admin/code_hosts/gitlab.mdx b/docs/admin/code_hosts/gitlab.mdx index e17d1a6d5..9c52429bd 100644 --- a/docs/admin/code_hosts/gitlab.mdx +++ b/docs/admin/code_hosts/gitlab.mdx @@ -186,147 +186,291 @@ See [Internal rate limits](/admin/code_hosts/rate_limits#internal-rate-limits). ### admin/code_hosts/gitlab.schema.json {/* SCHEMA_SYNC_START: admin/code_hosts/gitlab.schema.json */} -{/* WARNING: This section is auto-generated during releases. Do not edit manually. */} -{/* Last updated: 2025-07-10T00:07:28Z via sourcegraph/sourcegraph@v6.5.2654 */} ```json { - // If non-null, enforces GitLab repository permissions. This requires that there be an item in the `auth.providers` field of type "gitlab" with the same `url` field as specified in this `GitLabConnection`. - "authorization": { - "identityProvider": { - "type": null - } - }, - - // TLS certificate of the GitLab instance. This is only necessary if the certificate is self-signed or signed by an internal CA. To get the certificate run `openssl s_client -connect HOST:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform PEM`. To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh. - // Other example values: - // - "-----BEGIN CERTIFICATE-----\n..." - "certificate": null, - - // A list of projects to never mirror from this GitLab instance. Takes precedence over "projects" and "projectQuery" configuration. You can exclude projects by: name ({"name": "group/name"}), ID ({"id": 42}), regular expression matching pattern ({"pattern": "^group\/project-.*"}), or by excluding empty repositories ({"emptyRepos": true}). - // Other example values: - // - [ - // { - // "name": "group/name" - // }, - // { - // "id": 42 - // }, - // { - // "emptyRepos": true - // } - // ] - // - [ - // { - // "name": "gitlab-org/gitlab-ee" - // }, - // { - // "name": "gitlab-com/www-gitlab-com" - // } - // ] - "exclude": null, - - // SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`. - "gitSSHCipher": null, - - // SSH keys to use when cloning Git repo. - "gitSSHCredential": null, - - // The type of Git URLs to use for cloning and fetching Git repositories on this GitLab instance. - // If "http", Sourcegraph will access GitLab repositories using Git URLs of the form http(s)://gitlab.example.com/myteam/myproject.git (using https: if the GitLab instance uses HTTPS). - // If "ssh", Sourcegraph will access GitLab repositories using Git URLs of the form git@example.gitlab.com:myteam/myproject.git. See the documentation for how to provide SSH private keys and known_hosts: https://sourcegraph.com/docs/admin/repo/auth#repositories-that-need-http-s-or-ssh-authentication. - // Valid options: "http", "ssh" - "gitURLType": "http", - - // Deprecated and ignored field which will be removed entirely in the next release. GitLab repositories can no longer be enabled or disabled explicitly. - "initialRepositoryEnablement": false, - - // If true, internal repositories will be accessible to all users on Sourcegraph as if they were public, and user permission syncs will no longer check for public repositories. This overrides repository permissions but allows easier discovery and access to internal repositories, and may be desirable if all users on the Sourcegraph instance should have access to all internal repositories anyways. Defaults to false. - "markInternalReposAsPublic": false, - - // The maximum number of repos that will be deleted per sync. A value of 0 or less indicates no maximum. - "maxDeletions": 0, - - // An array of transformations will apply to the repository name. Currently, only regex replacement is supported. All transformations happen after "repositoryPathPattern" is processed. - // Other example values: - // - [ - // { - // "regex": "\\.d/", - // "replacement": "/" - // }, - // { - // "regex": "-git$", - // "replacement": "" - // } - // ] - "nameTransformations": null, - - // REQUIRED: - // An array of strings specifying which GitLab projects to mirror on Sourcegraph. Each string is a URL path and query that targets a GitLab API endpoint returning a list of projects. If the string only contains a query, then "projects" is used as the path. Examples: "?membership=true&search=foo", "groups/mygroup/projects". - // The special string "none" can be used as the only element to disable this feature. Projects matched by multiple query strings are only imported once. Here are a few endpoints that return a list of projects: https://docs.gitlab.com/ee/api/projects.html#list-all-projects, https://docs.gitlab.com/ee/api/groups.html#list-a-groups-projects, https://docs.gitlab.com/ee/api/search.html#scope-projects. - // Other example values: - // - [ - // "?membership=true\u0026search=foo", - // "groups/mygroup/projects" - // ] - "projectQuery": [ - "none" - ], - - // A list of projects to mirror from this GitLab instance. Supports including by name ({"name": "group/name"}) or by ID ({"id": 42}). - // Other example values: - // - [ - // { - // "name": "group/name" - // }, - // { - // "id": 42 - // } - // ] - // - [ - // { - // "name": "gnachman/iterm2" - // }, - // { - // "name": "gitlab-org/gitlab-ce" - // } - // ] - "projects": null, - - // Rate limit applied when making background API requests to GitLab. - "rateLimit": { - "enabled": true, - "requestsPerHour": 36000 - }, - - // The pattern used to generate a the corresponding Sourcegraph repository name for a GitLab project. In the pattern, the variable "{host}" is replaced with the GitLab URL's host (such as gitlab.example.com), and "{pathWithNamespace}" is replaced with the GitLab project's "namespace/path" (such as "myteam/myproject"). - // For example, if your GitLab is https://gitlab.example.com and your Sourcegraph is https://src.example.com, then a repositoryPathPattern of "{host}/{pathWithNamespace}" would mean that a GitLab project at https://gitlab.example.com/myteam/myproject is available on Sourcegraph at https://src.example.com/gitlab.example.com/myteam/myproject. - // It is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined. - "repositoryPathPattern": "{host}/{pathWithNamespace}", - - // REQUIRED: - // A GitLab access token with "api" scope. Can be a personal access token (PAT) or an OAuth token. If you are enabling permissions with identity provider type "username", this token should also have "sudo" scope. - "token": null, - - // The OAuth token expiry (Unix timestamp in seconds) - "token.oauth.expiry": 0, - - // The OAuth refresh token - "token.oauth.refresh": null, - - // The type of the token - // Valid options: "pat", "oauth" - "token.type": "pat", - - // REQUIRED: - // URL of a GitLab instance, such as https://gitlab.example.com or (for GitLab.com) https://gitlab.com. - // Other example values: - // - "https://gitlab.com" - // - "https://gitlab.example.com" - "url": null, - - // ⚠️ DEPRECATED: Deprecated in favour of first class webhooks. See https://sourcegraph.com/docs/admin/config/webhooks/incoming#deprecation-notice - // An array of webhook configurations - "webhooks": null + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "gitlab.schema.json#", + "title": "GitLabConnection", + "description": "Configuration for a connection to GitLab (GitLab.com or GitLab self-managed).", + "allowComments": true, + "type": "object", + "additionalProperties": false, + "required": ["url", "token", "projectQuery"], + "properties": { + "url": { + "description": "URL of a GitLab instance, such as https://gitlab.example.com or (for GitLab.com) https://gitlab.com.", + "type": "string", + "pattern": "^https?://", + "not": { + "type": "string", + "pattern": "example\\.com" + }, + "format": "uri", + "examples": ["https://gitlab.com", "https://gitlab.example.com"], + "!go": { + "typeName": "NormalizedURL" + } + }, + "token": { + "description": "A GitLab access token with \"api\" scope. Can be a personal access token (PAT) or an OAuth token. If you are enabling permissions with identity provider type \"username\", this token should also have \"sudo\" scope.", + "type": "string", + "minLength": 1 + }, + "token.type": { + "description": "The type of the token", + "type": "string", + "enum": ["pat", "oauth"], + "default": "pat" + }, + "token.oauth.refresh": { + "description": "The OAuth refresh token", + "type": "string" + }, + "token.oauth.expiry": { + "description": "The OAuth token expiry (Unix timestamp in seconds)", + "type": "integer" + }, + "rateLimit": { + "description": "Rate limit applied when making background API requests to GitLab.", + "title": "GitLabRateLimit", + "type": "object", + "required": ["enabled", "requestsPerHour"], + "properties": { + "enabled": { + "description": "true if rate limiting is enabled.", + "type": "boolean", + "default": true + }, + "requestsPerHour": { + "description": "Requests per hour permitted. This is an average, calculated per second. Internally the burst limit is set to 100, which implies that for a requests per hour limit as low as 1, users will continue to be able to send a maximum of 100 requests immediately, provided that the complexity cost of each request is 1.", + "type": "number", + "default": 36000, + "minimum": 0 + } + }, + "default": { + "enabled": true, + "requestsPerHour": 36000 + } + }, + "gitURLType": { + "description": "The type of Git URLs to use for cloning and fetching Git repositories on this GitLab instance.\n\nIf \"http\", Sourcegraph will access GitLab repositories using Git URLs of the form http(s)://gitlab.example.com/myteam/myproject.git (using https: if the GitLab instance uses HTTPS).\n\nIf \"ssh\", Sourcegraph will access GitLab repositories using Git URLs of the form git@example.gitlab.com:myteam/myproject.git. See the documentation for how to provide SSH private keys and known_hosts: https://sourcegraph.com/docs/admin/repo/auth#repositories-that-need-http-s-or-ssh-authentication.", + "type": "string", + "enum": ["http", "ssh"], + "default": "http" + }, + "gitSSHCredential": { + "description": "SSH keys to use when cloning Git repo.", + "$ref": "git.schema.json#/definitions/gitSSHCredential" + }, + "gitSSHCipher": { + "description": "SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`.", + "$ref": "git.schema.json#/definitions/gitSSHCipher" + }, + "certificate": { + "description": "TLS certificate of the GitLab instance. This is only necessary if the certificate is self-signed or signed by an internal CA. To get the certificate run `openssl s_client -connect HOST:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform PEM`. To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh.", + "type": "string", + "pattern": "^-----BEGIN CERTIFICATE-----\n", + "examples": ["-----BEGIN CERTIFICATE-----\n..."] + }, + "projects": { + "description": "A list of projects to mirror from this GitLab instance. Supports including by name ({\"name\": \"group/name\"}) or by ID ({\"id\": 42}).", + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "title": "GitLabProject", + "additionalProperties": false, + "oneOf": [{ "required": ["name"] }, { "required": ["id"] }], + "properties": { + "name": { + "description": "The name of a GitLab project (\"group/name\") to mirror.", + "type": "string", + "pattern": "^[\\w.-]+(/[\\w.-]+)+$" + }, + "id": { + "description": "The ID of a GitLab project (as returned by the GitLab instance's API) to mirror.", + "type": "integer" + } + } + }, + "examples": [ + [{ "name": "group/name" }, { "id": 42 }], + [{ "name": "gnachman/iterm2" }, { "name": "gitlab-org/gitlab-ce" }] + ] + }, + "exclude": { + "description": "A list of projects to never mirror from this GitLab instance. Takes precedence over \"projects\" and \"projectQuery\" configuration. You can exclude projects by: name ({\"name\": \"group/name\"}), ID ({\"id\": 42}), regular expression matching pattern ({\"pattern\": \"^group\\/project-.*\"}), or by excluding empty repositories ({\"emptyRepos\": true}).", + "type": "array", + "items": { + "type": "object", + "title": "ExcludedGitLabProject", + "additionalProperties": false, + "anyOf": [ + { "required": ["name"] }, + { "required": ["id"] }, + { "required": ["emptyRepos"] }, + { "required": ["pattern"] } + ], + "properties": { + "name": { + "description": "The name of a GitLab project (\"group/name\") to exclude from mirroring.", + "type": "string", + "pattern": "^[\\w.-]+(/[\\w.-]+)+$" + }, + "id": { + "description": "The ID of a GitLab project (as returned by the GitLab instance's API) to exclude from mirroring.", + "type": "integer" + }, + "emptyRepos": { + "description": "Whether to exclude empty repositories.", + "type": "boolean" + }, + "pattern": { + "description": "Regular expression which matches against the name of a GitLab project (\"group/name\").", + "type": "string", + "format": "regex" + } + } + }, + "examples": [ + [{ "name": "group/name" }, { "id": 42 }, { "emptyRepos": true }], + [{ "name": "gitlab-org/gitlab-ee" }, { "name": "gitlab-com/www-gitlab-com" }] + ] + }, + "projectQuery": { + "description": "An array of strings specifying which GitLab projects to mirror on Sourcegraph. Each string is a URL path and query that targets a GitLab API endpoint returning a list of projects. If the string only contains a query, then \"projects\" is used as the path. Examples: \"?membership=true&search=foo\", \"groups/mygroup/projects\".\n\nThe special string \"none\" can be used as the only element to disable this feature. Projects matched by multiple query strings are only imported once. Here are a few endpoints that return a list of projects: https://docs.gitlab.com/ee/api/projects.html#list-all-projects, https://docs.gitlab.com/ee/api/groups.html#list-a-groups-projects, https://docs.gitlab.com/ee/api/search.html#scope-projects.", + "type": "array", + "default": ["none"], + "items": { + "type": "string", + "minLength": 1 + }, + "minItems": 1, + "examples": [["?membership=true&search=foo", "groups/mygroup/projects"]] + }, + "repositoryPathPattern": { + "description": "The pattern used to generate a the corresponding Sourcegraph repository name for a GitLab project. In the pattern, the variable \"{host}\" is replaced with the GitLab URL's host (such as gitlab.example.com), and \"{pathWithNamespace}\" is replaced with the GitLab project's \"namespace/path\" (such as \"myteam/myproject\").\n\nFor example, if your GitLab is https://gitlab.example.com and your Sourcegraph is https://src.example.com, then a repositoryPathPattern of \"{host}/{pathWithNamespace}\" would mean that a GitLab project at https://gitlab.example.com/myteam/myproject is available on Sourcegraph at https://src.example.com/gitlab.example.com/myteam/myproject.\n\nIt is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined.", + "type": "string", + "default": "{host}/{pathWithNamespace}" + }, + "nameTransformations": { + "description": "An array of transformations will apply to the repository name. Currently, only regex replacement is supported. All transformations happen after \"repositoryPathPattern\" is processed.", + "type": "array", + "items": { + "$ref": "#/definitions/NameTransformation" + }, + "examples": [ + [ + { + "regex": "\\.d/", + "replacement": "/" + }, + { + "regex": "-git$", + "replacement": "" + } + ] + ] + }, + "initialRepositoryEnablement": { + "description": "Deprecated and ignored field which will be removed entirely in the next release. GitLab repositories can no longer be enabled or disabled explicitly.", + "type": "boolean" + }, + "markInternalReposAsPublic": { + "description": "If true, internal repositories will be accessible to all users on Sourcegraph as if they were public, and user permission syncs will no longer check for public repositories. This overrides repository permissions but allows easier discovery and access to internal repositories, and may be desirable if all users on the Sourcegraph instance should have access to all internal repositories anyways. Defaults to false.", + "type": "boolean", + "default": false + }, + "authorization": { + "title": "GitLabAuthorization", + "description": "If non-null, enforces GitLab repository permissions. This requires that there be an item in the `auth.providers` field of type \"gitlab\" with the same `url` field as specified in this `GitLabConnection`.", + "type": "object", + "additionalProperties": false, + "required": ["identityProvider"], + "properties": { + "identityProvider": { + "description": "The source of identity to use when computing permissions. This defines how to compute the GitLab identity to use for a given Sourcegraph user.", + "type": "object", + "required": ["type"], + "properties": { + "type": { + "type": "string", + "enum": ["oauth", "username"] + } + }, + "oneOf": [{ "$ref": "#/definitions/OAuthIdentity" }, { "$ref": "#/definitions/UsernameIdentity" }], + "!go": { + "taggedUnionType": true + } + } + } + }, + "webhooks": { + "description": "An array of webhook configurations", + "deprecationMessage": "Deprecated in favour of first class webhooks. See https://sourcegraph.com/docs/admin/config/webhooks/incoming#deprecation-notice", + "type": "array", + "items": { + "type": "object", + "title": "GitLabWebhook", + "required": ["secret"], + "additionalProperties": false, + "properties": { + "secret": { + "description": "The secret used to authenticate incoming webhook requests", + "type": "string", + "minLength": 1 + } + } + } + }, + "maxDeletions": { + "description": "The maximum number of repos that will be deleted per sync. A value of 0 or less indicates no maximum.", + "type": "integer", + "default": 0 + } + }, + "definitions": { + "OAuthIdentity": { + "type": "object", + "additionalProperties": false, + "required": ["type"], + "properties": { + "type": { + "type": "string", + "const": "oauth" + } + } + }, + "UsernameIdentity": { + "type": "object", + "additionalProperties": false, + "required": ["type"], + "properties": { + "type": { + "type": "string", + "const": "username" + } + } + }, + "NameTransformation": { + "title": "GitLabNameTransformation", + "type": "object", + "additionalProperties": false, + "anyOf": [{ "required": ["regex", "replacement"] }], + "properties": { + "regex": { + "type": "string", + "format": "regex", + "description": "The regex to match for the occurrences of its replacement." + }, + "replacement": { + "type": "string", + "description": "The replacement used to replace all matched occurrences by the regex." + } + } + } + } } ``` {/* SCHEMA_SYNC_END: admin/code_hosts/gitlab.schema.json */} diff --git a/docs/admin/code_hosts/gitolite.mdx b/docs/admin/code_hosts/gitolite.mdx index 90846b876..28e6a5451 100644 --- a/docs/admin/code_hosts/gitolite.mdx +++ b/docs/admin/code_hosts/gitolite.mdx @@ -26,52 +26,110 @@ To connect Gitolite to Sourcegraph: ### admin/code_hosts/gitolite.schema.json {/* SCHEMA_SYNC_START: admin/code_hosts/gitolite.schema.json */} -{/* WARNING: This section is auto-generated during releases. Do not edit manually. */} -{/* Last updated: 2025-07-10T00:07:33Z via sourcegraph/sourcegraph@v6.5.2654 */} ```json { - // A list of repositories to never mirror from this Gitolite instance. Supports excluding by exact name ({"name": "foo"}). - // Other example values: - // - [ - // { - // "name": "myrepo" - // }, - // { - // "pattern": ".*secret.*" - // } - // ] - "exclude": null, - - // SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`. - "gitSSHCipher": null, - - // SSH keys to use when cloning Git repo. - "gitSSHCredential": null, - - // REQUIRED: - // Gitolite host that stores the repositories (e.g., git@gitolite.example.com, ssh://git@gitolite.example.com:2222/). - // Other example values: - // - "git@gitolite.example.com" - // - "ssh://git@gitolite.example.com:2222/" - "host": null, - - // ⚠️ DEPRECATED: DEPRECATED: the Phabricator integration with Gitolite code hosts is deprecated - // This is DEPRECATED - "phabricator": { - "callsignCommand": null, - "url": null - }, - - // ⚠️ DEPRECATED: DEPRECATED: the Phabricator integration with Gitolite code hosts is deprecated - // This is DEPRECATED - "phabricatorMetadataCommand": null, - - // REQUIRED: - // Repository name prefix that will map to this Gitolite host. This should likely end with a trailing slash. E.g., "gitolite.example.com/". - // It is important that the Sourcegraph repository name generated with this prefix be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined. - // Other example values: - // - "gitolite.example.com/" - "prefix": null + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "gitolite.schema.json#", + "title": "GitoliteConnection", + "description": "Configuration for a connection to Gitolite.", + "allowComments": true, + "type": "object", + "additionalProperties": false, + "required": ["prefix", "host"], + "properties": { + "prefix": { + "description": "Repository name prefix that will map to this Gitolite host. This should likely end with a trailing slash. E.g., \"gitolite.example.com/\".\n\nIt is important that the Sourcegraph repository name generated with this prefix be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined.", + "not": { + "type": "string", + "pattern": "example\\.com" + }, + "type": "string", + "examples": ["gitolite.example.com/"] + }, + "host": { + "description": "Gitolite host that stores the repositories (e.g., git@gitolite.example.com, ssh://git@gitolite.example.com:2222/).", + "not": { + "type": "string", + "pattern": "example\\.com" + }, + "type": "string", + "examples": ["git@gitolite.example.com", "ssh://git@gitolite.example.com:2222/"] + }, + "gitSSHCredential": { + "description": "SSH keys to use when cloning Git repo.", + "$ref": "git.schema.json#/definitions/gitSSHCredential" + }, + "gitSSHCipher": { + "description": "SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`.", + "$ref": "git.schema.json#/definitions/gitSSHCipher" + }, + "exclude": { + "description": "A list of repositories to never mirror from this Gitolite instance. Supports excluding by exact name ({\"name\": \"foo\"}).", + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "title": "ExcludedGitoliteRepo", + "additionalProperties": false, + "anyOf": [ + { + "required": ["name"] + }, + { + "required": ["pattern"] + } + ], + "properties": { + "name": { + "description": "The name of a Gitolite repo (\"my-repo\") to exclude from mirroring.", + "type": "string", + "minLength": 1 + }, + "pattern": { + "description": "Regular expression which matches against the name of a Gitolite repo to exclude from mirroring.", + "type": "string", + "format": "regex" + } + } + }, + "examples": [ + [ + { + "name": "myrepo" + }, + { + "pattern": ".*secret.*" + } + ] + ] + }, + "phabricatorMetadataCommand": { + "description": "This is DEPRECATED", + "deprecationMessage": "DEPRECATED: the Phabricator integration with Gitolite code hosts is deprecated", + "type": "string" + }, + "phabricator": { + "description": "This is DEPRECATED", + "deprecationMessage": "DEPRECATED: the Phabricator integration with Gitolite code hosts is deprecated", + "type": "object", + "required": ["url", "callsignCommand"], + "additionalProperties": false, + "properties": { + "url": { + "description": "URL of the Phabricator instance that integrates with this Gitolite instance. This should be set ", + "type": "string", + "format": "uri", + "!go": { + "typeName": "NormalizedURL" + } + }, + "callsignCommand": { + "description": " Bash command that prints out the Phabricator callsign for a Gitolite repository. This will be run with environment variable $REPO set to the name of the repository and used to obtain the Phabricator metadata for a Gitolite repository. (Note: this requires `bash` to be installed.)", + "type": "string" + } + } + } + } } ``` {/* SCHEMA_SYNC_END: admin/code_hosts/gitolite.schema.json */} diff --git a/docs/admin/code_hosts/other.mdx b/docs/admin/code_hosts/other.mdx index 4b08f9ec2..489e1862e 100644 --- a/docs/admin/code_hosts/other.mdx +++ b/docs/admin/code_hosts/other.mdx @@ -69,47 +69,101 @@ Repositories must be listed individually: ### admin/code_hosts/other_external_service.schema.json {/* SCHEMA_SYNC_START: admin/code_hosts/other_external_service.schema.json */} -{/* WARNING: This section is auto-generated during releases. Do not edit manually. */} -{/* Last updated: 2025-07-10T00:07:35Z via sourcegraph/sourcegraph@v6.5.2654 */} ```json { - // A list of repositories to never mirror by name after applying repositoryPathPattern. Supports excluding by exact name ({"name": "myrepo"}) or regular expression ({"pattern": ".*secret.*"}). - // Other example values: - // - [ - // { - // "name": "myrepo" - // }, - // { - // "pattern": ".*secret.*" - // } - // ] - "exclude": null, - - // SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`. - "gitSSHCipher": null, - - // SSH keys to use when cloning Git repo. - "gitSSHCredential": null, - - // Whether or not these repositories should be marked as public on Sourcegraph.com. Defaults to false. - "makeReposPublicOnDotCom": false, - - // REQUIRED: - "repos": null, - - // The pattern used to generate the corresponding Sourcegraph repository name for the repositories. In the pattern, the variable "{base}" is replaced with the Git clone base URL host and path, and "{repo}" is replaced with the repository path taken from the `repos` field. - // For example, if your Git clone base URL is https://git.example.com/repos and `repos` contains the value "my/repo", then a repositoryPathPattern of "{base}/{repo}" would mean that a repository at https://git.example.com/repos/my/repo is available on Sourcegraph at https://sourcegraph.example.com/git.example.com/repos/my/repo. - // It is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined. - // Note: These patterns are ignored if using src-expose / src-serve. - // Other example values: - // - "pretty-host-name/{repo}" - "repositoryPathPattern": "{base}/{repo}", - - // Other example values: - // - "https://github.com/?access_token=secret" - // - "ssh://user@host.xz:2333/" - // - "git://host.xz:2333/" - "url": null + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "other_external_service.schema.json#", + "title": "OtherExternalServiceConnection", + "description": "Configuration for a Connection to Git repositories for which an external service integration isn't yet available.", + "allowComments": true, + "type": "object", + "additionalProperties": false, + "required": ["repos"], + "properties": { + "url": { + "title": "Git clone base URL", + "type": "string", + "format": "uri", + "pattern": "^(git|ssh|https?)://", + "not": { + "type": "string", + "pattern": "example\\.com" + }, + "examples": ["https://github.com/?access_token=secret", "ssh://user@host.xz:2333/", "git://host.xz:2333/"], + "!go": { + "typeName": "NormalizedURL" + } + }, + "repos": { + "title": "List of repository clone URLs to be discovered.", + "type": "array", + "items": { + "type": "string", + "minLength": 1, + "format": "uri-reference", + "examples": ["path/to/my/repo", "path/to/my/repo.git/"] + } + }, + "repositoryPathPattern": { + "description": "The pattern used to generate the corresponding Sourcegraph repository name for the repositories. In the pattern, the variable \"{base}\" is replaced with the Git clone base URL host and path, and \"{repo}\" is replaced with the repository path taken from the `repos` field.\n\nFor example, if your Git clone base URL is https://git.example.com/repos and `repos` contains the value \"my/repo\", then a repositoryPathPattern of \"{base}/{repo}\" would mean that a repository at https://git.example.com/repos/my/repo is available on Sourcegraph at https://sourcegraph.example.com/git.example.com/repos/my/repo.\n\nIt is important that the Sourcegraph repository name generated with this pattern be unique to this code host. If different code hosts generate repository names that collide, Sourcegraph's behavior is undefined.\n\nNote: These patterns are ignored if using src-expose / src-serve.", + "type": "string", + "default": "{base}/{repo}", + "examples": ["pretty-host-name/{repo}"] + }, + "exclude": { + "description": "A list of repositories to never mirror by name after applying repositoryPathPattern. Supports excluding by exact name ({\"name\": \"myrepo\"}) or regular expression ({\"pattern\": \".*secret.*\"}).", + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "title": "ExcludedOtherRepo", + "additionalProperties": false, + "anyOf": [ + { + "required": ["name"] + }, + { + "required": ["pattern"] + } + ], + "properties": { + "name": { + "description": "The name of a Other repo (\"my-repo\") to exclude from mirroring.", + "type": "string", + "minLength": 1 + }, + "pattern": { + "description": "Regular expression which matches against the name of a Other repo to exclude from mirroring.", + "type": "string", + "format": "regex" + } + } + }, + "examples": [ + [ + { + "name": "myrepo" + }, + { + "pattern": ".*secret.*" + } + ] + ] + }, + "makeReposPublicOnDotCom": { + "description": "Whether or not these repositories should be marked as public on Sourcegraph.com. Defaults to false.", + "type": "boolean", + "default": false + }, + "gitSSHCredential": { + "description": "SSH keys to use when cloning Git repo.", + "$ref": "git.schema.json#/definitions/gitSSHCredential" + }, + "gitSSHCipher": { + "description": "SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`.", + "$ref": "git.schema.json#/definitions/gitSSHCipher" + } + } } ``` {/* SCHEMA_SYNC_END: admin/code_hosts/other_external_service.schema.json */} diff --git a/docs/admin/code_hosts/phabricator.mdx b/docs/admin/code_hosts/phabricator.mdx index 9defd8e81..f4bec6e0f 100644 --- a/docs/admin/code_hosts/phabricator.mdx +++ b/docs/admin/code_hosts/phabricator.mdx @@ -78,30 +78,62 @@ The Sourcegraph instance's site admin must [update the `corsOrigin` site config ### admin/code_hosts/phabricator.schema.json {/* SCHEMA_SYNC_START: admin/code_hosts/phabricator.schema.json */} -{/* WARNING: This section is auto-generated during releases. Do not edit manually. */} -{/* Last updated: 2025-07-10T00:07:34Z via sourcegraph/sourcegraph@v6.5.2654 */} ```json { - // SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`. - "gitSSHCipher": null, - - // SSH keys to use when cloning Git repo. - "gitSSHCredential": null, - - // The type of Git URLs to use for cloning and fetching Git repositories. - // Valid options: "http", "ssh" - "gitURLType": "http", - - // The list of repositories available on Phabricator. - "repos": null, - - // API token for the Phabricator instance. - "token": null, - - // URL of a Phabricator instance, such as https://phabricator.example.com - // Other example values: - // - "https://phabricator.example.com" - "url": null + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "phabricator.schema.json#", + "title": "PhabricatorConnection", + "description": "Configuration for a connection to Phabricator.", + "allowComments": true, + "type": "object", + "additionalProperties": false, + "anyOf": [{ "required": ["token"] }, { "required": ["repos"] }], + "properties": { + "url": { + "description": "URL of a Phabricator instance, such as https://phabricator.example.com", + "type": "string", + "examples": ["https://phabricator.example.com"] + }, + "token": { + "description": "API token for the Phabricator instance.", + "type": "string", + "minLength": 1 + }, + "repos": { + "description": "The list of repositories available on Phabricator.", + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "additionalProperties": false, + "required": ["path", "callsign"], + "properties": { + "path": { + "description": "Display path for the url e.g. gitolite/my/repo", + "type": "string" + }, + "callsign": { + "description": "The unique Phabricator identifier for the repository, like 'MUX'.", + "type": "string" + } + } + } + }, + "gitURLType": { + "description": "The type of Git URLs to use for cloning and fetching Git repositories.", + "type": "string", + "enum": ["http", "ssh"], + "default": "http" + }, + "gitSSHCredential": { + "description": "SSH keys to use when cloning Git repo.", + "$ref": "git.schema.json#/definitions/gitSSHCredential" + }, + "gitSSHCipher": { + "description": "SSH cipher to use when cloning via SSH. Must be a valid choice from `ssh -Q cipher`.", + "$ref": "git.schema.json#/definitions/gitSSHCipher" + } + } } ``` {/* SCHEMA_SYNC_END: admin/code_hosts/phabricator.schema.json */} diff --git a/docs/admin/config/settings.mdx b/docs/admin/config/settings.mdx index d8a22ad9a..0cda1beae 100644 --- a/docs/admin/config/settings.mdx +++ b/docs/admin/config/settings.mdx @@ -26,165 +26,611 @@ Settings options and their default values are shown below. ### admin/config/settings.schema.json {/* SCHEMA_SYNC_START: admin/config/settings.schema.json */} -{/* WARNING: This section is auto-generated during releases. Do not edit manually. */} -{/* Last updated: 2025-07-10T00:07:26Z via sourcegraph/sourcegraph@v6.5.2654 */} ```json { - - ////////////////////////////////////////////////////////////// - // General Configuration - ////////////////////////////////////////////////////////////// - - // Disables observability-related site alert banners. - "alerts.hideObservabilitySiteAlerts": true, - - // Whether to show alerts for major and minor version updates. Alerts for patch version updates will be shown if `alerts.showPatchUpdates` is true. - "alerts.showMajorMinorUpdates": true, - - // Whether to show alerts for patch version updates. Alerts for major and minor version updates will be shown if `alerts.showMajorMinorUpdatess` is true. - "alerts.showPatchUpdates": true, - - // Whether to run global searches over all repositories. On instances with many repositories, this can lead to issues such as: low quality results, slow response times, or significant load on the Sourcegraph instance. Defaults to true. - "basicCodeIntel.globalSearchesEnabled": false, - - // Whether to include archived repositories in search results. - "basicCodeIntel.includeArchives": false, - - // Whether to include forked repositories in search results. - "basicCodeIntel.includeForks": false, - - // Whether to use only indexed requests to the search API. - "basicCodeIntel.indexOnly": false, - - // The timeout (in milliseconds) for un-indexed search requests. - "basicCodeIntel.unindexedSearchTimeout": 0, - - // Whether to fetch multiple precise definitions and references on hover. - "codeIntel.disableRangeQueries": false, - - // Never fall back to search-based code intelligence. - "codeIntel.disableSearchBased": false, - - // Whether to supplement precise references with search-based results. - "codeIntel.mixPreciseAndSearchBasedReferences": false, - - // Whether to enable trace logging on the extension. - "codeIntel.traceExtension": false, - - // Custom informational messages to display to users at Cody clients locations. - // Usually this setting is used in global and organization settings. If set in user settings, the message will only be displayed to that single user. - "cody.notices": null, - - // Experimental features and settings. - "experimentalFeatures": { - "batchChangesExecution": true, - "boostRelevantRepositories": true, - "clientSearchResultRanking": "by-zoekt-ranking", - "codeInsightsCompute": false, - "codeInsightsRepoUI": "single-search-query", - "disableOrderBySimilarity": false, - "enableLazyBlobSyntaxHighlighting": true, - "enableLazyFileResultSyntaxHighlighting": true, - "enableSearchFilePrefetch": true, - "enableSidebarFilePrefetch": true, - "fuzzyFinder": false, - "fuzzyFinderActions": false, - "fuzzyFinderAll": false, - "fuzzyFinderCaseInsensitiveFileCountThreshold": 25000, - "fuzzyFinderNavbar": false, - "fuzzyFinderRepositories": false, - "fuzzyFinderSymbols": false, - "goCodeCheckerTemplates": false, - "keywordSearch": true, - "newSearchNavigationUI": false, - "newSearchResultFiltersPanel": false, - "newSearchResultsUI": true, - "proactiveSearchResultsAggregations": true, - "searchContextsQuery": false, - "searchQueryInput": "v1", - "searchResultsAggregations": false, - "showCodeMonitoringLogs": false, - "symbolKindTags": false - }, - - // Whether the sidebar on the repo view should be open by default. - "fileSidebarVisibleByDefault": true, - - // Custom page size for the history tab. If set, the history tab will populate that number of commits the first time the history tab is opened and then double the number of commits progressively. - "history.defaultPageSize": 0, - - // Show absolute timestamps in the history panel and only show relative timestamps (e.g.: "5 days ago") in tooltip when hovering. - "history.preferAbsoluteTimestamps": false, - - // The number of seconds to execute the aggregation for when running in extended timeout mode. This value should always be less than any proxy timeout if one exists. The maximum value is equal to searchLimits.maxTimeoutSeconds - "insights.aggregations.extendedTimeout": 55, - - // DEPRECATED: Use `notices` instead. - // An array (often with just one element) of messages to display at the top of all pages, including for unauthenticated users. Users may dismiss a message (and any message with the same string value will remain dismissed for the user). - // Markdown formatting is supported. - // Usually this setting is used in global and organization settings. If set in user settings, the message will only be displayed to that user. (This is useful for testing the correctness of the message's Markdown formatting.) - // MOTD stands for "message of the day" (which is the conventional Unix name for this type of message). - "motd": null, - - // Custom informational messages to display to users at specific locations in the Sourcegraph user interface. - // Usually this setting is used in global and organization settings. If set in user settings, the message will only be displayed to that single user. - "notices": null, - - // Group of settings related to opening files in an editor. - "openInEditor": { - "custom.urlPattern": null, - "editorIds": null, - "jetbrains.forceApi": null, - "projectPaths.default": null, - "projectPaths.linux": null, - "projectPaths.mac": null, - "projectPaths.windows": null, - "replacements": null, - "vscode.isProjectPathUNCPath": false, - "vscode.remoteHostForSSH": null, - "vscode.useInsiders": false, - "vscode.useSSH": false - }, - - // If enabled, all members of the org will be treated as admins (e.g. can edit, apply, delete) for all batch changes created in that org. - "orgs.allMembersBatchChangesAdmin": false, - - // Key-value pairs of code host URLs to Swarm URLs. Keys should have no prefix and should not end with a slash, like "perforce.company.com:1666". Values should look like "https://swarm.company.com/", with a slash at the end. - "perforce.codeHostToSwarmMap": {}, - - // DEPRECATED: This setting will be removed in a future version of Sourcegraph. - "quicklinks": null, - - // The default number of lines to show as context below and above search results. Default is 1. - "search.contextLines": 1, - - // Whether query patterns are treated case sensitively. Patterns are case insensitive by default. - "search.defaultCaseSensitive": false, - - // DEPRECATED: this setting is no longer read when the default 'keyword' patterntype is enabled, which always uses the 'precise' mode. Smart search will be removed in a future release. - "search.defaultMode": null, - - // The default pattern type that search queries will be interpreted as. - "search.defaultPatternType": null, - - // The number of results we send down during a search. Note: this is different to the count: in the query. The search will continue once we hit displayLimit and updated filters and statistics will continue to stream down. Defaults to 1500. - "search.displayLimit": 1500, - - // Disable search suggestions below the search bar when constructing queries. Defaults to false. - "search.hideSuggestions": false, - - // Whether searches should include searching archived repositories. - "search.includeArchived": false, - - // Whether searches should include searching forked repositories. - "search.includeForks": false, - - // Predefined search snippets that can be appended to any search (also known as search scopes) - "search.scopes": null, - - // Enables default site wide search context. Only admins can set this. Individual users can override with their own search context. - "siteWideSearchContext": null - + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "settings.schema.json#", + "title": "Settings", + "description": "Configuration settings for users and organizations on Sourcegraph.", + "allowComments": true, + "type": "object", + "additionalProperties": true, + "properties": { + "siteWideSearchContext": { + "title": "SettingsSiteWideSearchContext", + "description": "Enables default site wide search context. Only admins can set this. Individual users can override with their own search context.", + "type": "string", + "!go": { + "pointer": true + } + }, + "experimentalFeatures": { + "title": "SettingsExperimentalFeatures", + "description": "Experimental features and settings.", + "type": "object", + "additionalProperties": true, + "properties": { + "newSearchResultFiltersPanel": { + "description": "Enables new experimental search results filters panel", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + } + }, + "newSearchNavigationUI": { + "description": "Enables new experimental search UI navigation", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + } + }, + "newSearchResultsUI": { + "description": "Enables new experimental search results UI, such as preview panel feature and updated search and filter layouts.", + "type": "boolean", + "default": true, + "!go": { + "pointer": true + } + }, + "codeInsightsRepoUI": { + "description": "Specifies which (code insight repo) editor to use for repo query UI", + "type": "string", + "default": "single-search-query", + "enum": ["old-strict-list", "single-search-query", "search-query-or-strict-list"], + "!go": { + "pointer": true + } + }, + "searchContextsQuery": { + "description": "DEPRECATED: This feature is now permanently enabled. Enables query based search contexts", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + } + }, + "fuzzyFinder": { + "description": "Enables fuzzy finder with the keyboard shortcut `Cmd+K` on macOS and `Ctrl+K` on Linux/Windows.", + "type": "boolean", + "!go": { + "pointer": true + } + }, + "fuzzyFinderNavbar": { + "description": "Enables the 'Fuzzy finder' action in the global navigation bar", + "type": "boolean", + "!go": { + "pointer": true + } + }, + "fuzzyFinderAll": { + "description": "Enables the 'All' tab of the fuzzy finder", + "type": "boolean", + "!go": { + "pointer": true + } + }, + "fuzzyFinderActions": { + "description": "Enables the 'Actions' tab of the fuzzy finder", + "type": "boolean", + "!go": { + "pointer": true + } + }, + "fuzzyFinderRepositories": { + "description": "Enables the 'Repositories' tab of the fuzzy finder", + "type": "boolean", + "!go": { + "pointer": true + } + }, + "fuzzyFinderSymbols": { + "description": "Enables the 'Symbols' tab of the fuzzy finder", + "type": "boolean", + "!go": { + "pointer": true + } + }, + "fuzzyFinderCaseInsensitiveFileCountThreshold": { + "description": "The maximum number of files a repo can have to use case-insensitive fuzzy finding", + "type": "number", + "default": 25000, + "!go": { + "pointer": true + } + }, + "batchChangesExecution": { + "description": "Enables/disables the Batch Changes server side execution feature.", + "type": "boolean", + "default": true, + "!go": { + "pointer": true + } + }, + "clientSearchResultRanking": { + "description": "How to rank search results in the client", + "type": "string", + "default": "by-zoekt-ranking", + "examples": ["by-line-number", "by-zoekt-ranking"], + "!go": { + "pointer": true + } + }, + "showCodeMonitoringLogs": { + "description": "Shows code monitoring logs tab.", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + } + }, + "goCodeCheckerTemplates": { + "description": "Shows a panel with code insights templates for go code checker results.", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + } + }, + "codeInsightsCompute": { + "description": "Enables Compute powered Code Insights", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + } + }, + "enableLazyBlobSyntaxHighlighting": { + "description": "Fetch un-highlighted blob contents to render immediately, decorate with syntax highlighting once loaded.", + "type": "boolean", + "default": true, + "!go": { + "pointer": true + } + }, + "enableSidebarFilePrefetch": { + "description": "Pre-fetch plaintext file revisions from sidebar on hover/focus.", + "type": "boolean", + "default": true, + "!go": { + "pointer": true + } + }, + "enableSearchFilePrefetch": { + "description": "Pre-fetch plaintext file revisions from search results on hover/focus.", + "type": "boolean", + "default": true, + "!go": { + "pointer": true + } + }, + "enableLazyFileResultSyntaxHighlighting": { + "description": "Fetch un-highlighted file result contents to render immediately, decorate with syntax highlighting once loaded.", + "type": "boolean", + "default": true, + "!go": { + "pointer": true + } + }, + "searchResultsAggregations": { + "description": "Display aggregations for your search results on the search screen.", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + } + }, + "proactiveSearchResultsAggregations": { + "description": "Search results aggregations are triggered automatically with a search.", + "type": "boolean", + "default": true, + "!go": { + "pointer": true + } + }, + "symbolKindTags": { + "description": "Show the initial letter of the symbol kind instead of icons.", + "type": "boolean", + "default": false + }, + "searchQueryInput": { + "description": "Specify which version of the search query input to use", + "type": "string", + "default": "v1", + "enum": ["v1", "v2"], + "!go": { + "pointer": true + } + }, + "keywordSearch": { + "description": "DEPRECATED: this setting is no longer used. To disable keyword search, set `search.defaultPatternType: standard` instead.", + "type": "boolean", + "default": true + }, + "disableOrderBySimilarity": { + "description": "Disables ordering of repository search results by similarity.", + "type": "boolean", + "default": false + }, + "boostRelevantRepositories": { + "description": "Boosts repositories that users have contributed to in the search results.", + "type": "boolean", + "default": true, + "!go": { + "pointer": true + } + } + }, + "group": "Experimental" + }, + "openInEditor": { + "title": "SettingsOpenInEditor", + "description": "Group of settings related to opening files in an editor.", + "type": "object", + "additionalProperties": false, + "properties": { + "editorIds": { + "description": "The editor to open files in. If set to this to \"custom\", you must also set \"custom.urlPattern\"", + "type": "array", + "items": { + "type": "string", + "enum": [ + "appcode", + "atom", + "clion", + "goland", + "idea", + "phpstorm", + "pycharm", + "rider", + "rubymine", + "sublime", + "vscode", + "webstorm", + "custom" + ] + } + }, + "projectPaths.default": { + "description": "The absolute path on your computer where your git repositories live. All git repos to open have to be cloned under this path with their original names. \"/Users/yourusername/src\" is a valid absolute path, \"~/src\" is not. Works both with and without a trailing slash.", + "type": "string" + }, + "projectPaths.linux": { + "description": "Overrides the default path when the browser detects Linux. Works both with and without a trailing slash.", + "type": "string" + }, + "projectPaths.mac": { + "description": "Overrides the default path when the browser detects macOS. Works both with and without a trailing slash.", + "type": "string" + }, + "projectPaths.windows": { + "description": "Overrides the default path when the browser detects Windows. Doesn't need a trailing backslash.", + "type": "string" + }, + "replacements": { + "description": "Each key will be replaced by the corresponding value in the final URL. Keys are regular expressions, values can contain backreferences ($1, $2, ...).", + "type": "object", + "propertyNames": { + "type": "string", + "description": "A regular expression to match against URLs." + }, + "additionalProperties": { + "type": "string", + "description": "Replace string. For backreferences to capturing groups, use $1, $2, ..." + } + }, + "jetbrains.forceApi": { + "description": "Forces using protocol handlers (like ikea://open?file=...) or the built-in REST API (http://localhost:63342/api/file...). If omitted, protocol handlers are used if available, otherwise the built-in REST API is used.", + "type": "string", + "enum": ["protocolHandler", "builtInServer"] + }, + "vscode.isProjectPathUNCPath": { + "description": "Indicates that the given project path is a UNC (Universal Naming Convention) path.", + "type": "boolean", + "default": false + }, + "vscode.useInsiders": { + "description": "If set, files will open in VS Code Insiders rather than VS Code.", + "type": "boolean", + "default": false + }, + "vscode.useSSH": { + "description": "If set, files will open on a remote server via SSH. This requires vscode.remoteHostForSSH to be specified and VS Code extension \"Remote Development by Microsoft\" installed in your VS Code.", + "type": "boolean", + "default": false + }, + "vscode.remoteHostForSSH": { + "description": "The remote host as \"USER@HOSTNAME\". This needs you to install the extension called \"Remote Development by Microsoft\" in your VS Code.", + "type": "string" + }, + "custom.urlPattern": { + "description": "If you add \"custom\" to openineditor.editorIds, this must be set. Use the placeholders \"%file\", \"%line\", and \"%col\" to mark where the file path, line number, and column number must be insterted. Example URL for IntelliJ IDEA: \"idea://open?file=%file&line=%line&column=%col\"", + "type": "string" + } + } + }, + "search.scopes": { + "description": "Predefined search snippets that can be appended to any search (also known as search scopes)", + "type": "array", + "items": { + "$ref": "#/definitions/SearchScope" + } + }, + "codeIntel.disableSearchBased": { + "description": "Never fall back to search-based code intelligence.", + "type": "boolean" + }, + "codeIntel.traceExtension": { + "description": "Whether to enable trace logging on the extension.", + "type": "boolean" + }, + "codeIntel.disableRangeQueries": { + "description": "Whether to fetch multiple precise definitions and references on hover.", + "type": "boolean" + }, + "codeIntel.mixPreciseAndSearchBasedReferences": { + "description": "Whether to supplement precise references with search-based results.", + "type": "boolean" + }, + "basicCodeIntel.includeForks": { + "description": "Whether to include forked repositories in search results.", + "type": "boolean" + }, + "basicCodeIntel.includeArchives": { + "description": "Whether to include archived repositories in search results.", + "type": "boolean" + }, + "basicCodeIntel.globalSearchesEnabled": { + "description": "Whether to run global searches over all repositories. On instances with many repositories, this can lead to issues such as: low quality results, slow response times, or significant load on the Sourcegraph instance. Defaults to true.", + "type": "boolean" + }, + "basicCodeIntel.indexOnly": { + "description": "Whether to use only indexed requests to the search API.", + "type": "boolean" + }, + "basicCodeIntel.unindexedSearchTimeout": { + "description": "The timeout (in milliseconds) for un-indexed search requests.", + "type": "number" + }, + "search.contextLines": { + "description": "The default number of lines to show as context below and above search results. Default is 1.", + "type": "integer", + "minimum": 0, + "default": 1, + "!go": { + "pointer": true + } + }, + "search.defaultMode": { + "description": "DEPRECATED: this setting is no longer read when the default 'keyword' patterntype is enabled, which always uses the 'precise' mode. Smart search will be removed in a future release.", + "type": "string", + "pattern": "precise|smart" + }, + "search.defaultPatternType": { + "description": "The default pattern type that search queries will be interpreted as.", + "type": "string", + "pattern": "standard|literal|regexp|keyword|codycontext" + }, + "search.defaultCaseSensitive": { + "description": "Whether query patterns are treated case sensitively. Patterns are case insensitive by default.", + "type": "boolean", + "default": false + }, + "search.displayLimit": { + "description": "The number of results we send down during a search. Note: this is different to the count: in the query. The search will continue once we hit displayLimit and updated filters and statistics will continue to stream down. Defaults to 1500.", + "type": "integer", + "minimum": 1, + "default": 1500, + "!go": { + "pointer": true + } + }, + "search.includeForks": { + "description": "Whether searches should include searching forked repositories.", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + } + }, + "search.includeArchived": { + "description": "Whether searches should include searching archived repositories.", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + } + }, + "quicklinks": { + "description": "DEPRECATED: This setting will be removed in a future version of Sourcegraph.", + "type": "array", + "items": { + "$ref": "#/definitions/QuickLink" + } + }, + "fileSidebarVisibleByDefault": { + "description": "Whether the sidebar on the repo view should be open by default.", + "type": "boolean", + "default": true + }, + "motd": { + "description": "DEPRECATED: Use `notices` instead.\n\nAn array (often with just one element) of messages to display at the top of all pages, including for unauthenticated users. Users may dismiss a message (and any message with the same string value will remain dismissed for the user).\n\nMarkdown formatting is supported.\n\nUsually this setting is used in global and organization settings. If set in user settings, the message will only be displayed to that user. (This is useful for testing the correctness of the message's Markdown formatting.)\n\nMOTD stands for \"message of the day\" (which is the conventional Unix name for this type of message).", + "type": "array", + "items": { + "type": "string" + } + }, + "history.preferAbsoluteTimestamps": { + "description": "Show absolute timestamps in the history panel and only show relative timestamps (e.g.: \"5 days ago\") in tooltip when hovering.", + "type": "boolean", + "default": false + }, + "history.defaultPageSize": { + "description": "Custom page size for the history tab. If set, the history tab will populate that number of commits the first time the history tab is opened and then double the number of commits progressively.", + "type": "integer", + "minimum": 1, + "maximum": 100 + }, + "notices": { + "description": "Custom informational messages to display to users at specific locations in the Sourcegraph user interface.\n\nUsually this setting is used in global and organization settings. If set in user settings, the message will only be displayed to that single user.", + "type": "array", + "items": { + "title": "Notice", + "type": "object", + "required": ["message", "location"], + "additionalProperties": false, + "properties": { + "message": { + "description": "The message to display. Markdown formatting is supported.", + "type": "string" + }, + "location": { + "description": "The location where this notice is shown: \"top\" for the top of every page, \"home\" for the homepage.", + "type": "string", + "enum": ["top", "home"] + }, + "variant": { + "type": "string", + "enum": ["primary", "secondary", "success", "danger", "warning", "info", "note"] + }, + "dismissible": { + "description": "Whether this notice can be dismissed (closed) by the user.", + "type": "boolean", + "default": false + }, + "styleOverrides": { + "description": "Overrides for the notice's default style. You probably want to use notice 'variant' setting instead.", + "type": "object", + "properties": { + "backgroundColor": { + "description": "The hex code of the background color for this notice.", + "type": "string" + }, + "textColor": { + "description": "The hex code of the text color for this notice.", + "type": "string" + }, + "textCentered": { + "description": "Whether the notice text should be centered.", + "type": "boolean" + } + } + } + } + } + }, + "cody.notices": { + "description": "Custom informational messages to display to users at Cody clients locations.\n\nUsually this setting is used in global and organization settings. If set in user settings, the message will only be displayed to that single user.", + "type": "array", + "items": { + "title": "Cody Notice", + "type": "object", + "required": ["key", "title", "message"], + "additionalProperties": false, + "properties": { + "key": { + "type": "string", + "description": "The notice key, everytime this field is updated the notice message appears in the cody client even if it was previously dismissed." + }, + "title": { + "type": "string", + "description": "The title of the notice/message." + }, + "message": { + "type": "string", + "description": "The message to display. Markdown formatting is supported." + } + } + } + }, + "alerts.showPatchUpdates": { + "description": "Whether to show alerts for patch version updates. Alerts for major and minor version updates will be shown if `alerts.showMajorMinorUpdatess` is true.", + "type": "boolean", + "default": true + }, + "alerts.showMajorMinorUpdates": { + "description": "Whether to show alerts for major and minor version updates. Alerts for patch version updates will be shown if `alerts.showPatchUpdates` is true.", + "type": "boolean", + "default": true + }, + "alerts.hideObservabilitySiteAlerts": { + "description": "Disables observability-related site alert banners.", + "type": "boolean", + "default": true, + "!go": { + "pointer": true + } + }, + "search.hideSuggestions": { + "description": "Disable search suggestions below the search bar when constructing queries. Defaults to false.", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + } + }, + "insights.aggregations.extendedTimeout": { + "description": "The number of seconds to execute the aggregation for when running in extended timeout mode. This value should always be less than any proxy timeout if one exists. The maximum value is equal to searchLimits.maxTimeoutSeconds", + "type": "integer", + "group": "CodeInsights", + "default": 55 + }, + "perforce.codeHostToSwarmMap": { + "description": "Key-value pairs of code host URLs to Swarm URLs. Keys should have no prefix and should not end with a slash, like \"perforce.company.com:1666\". Values should look like \"https://swarm.company.com/\", with a slash at the end.", + "type": "object", + "additionalProperties": { + "type": "string" + }, + "default": {} + }, + "orgs.allMembersBatchChangesAdmin": { + "description": "If enabled, all members of the org will be treated as admins (e.g. can edit, apply, delete) for all batch changes created in that org.", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + } + } + }, + "definitions": { + "SearchScope": { + "type": "object", + "additionalProperties": false, + "required": ["name", "value"], + "properties": { + "name": { + "type": "string", + "description": "The human-readable name for this search scope" + }, + "value": { + "type": "string", + "description": "The query string of this search scope" + } + } + }, + "QuickLink": { + "type": "object", + "additionalProperties": false, + "required": ["name", "url"], + "properties": { + "name": { + "type": "string", + "description": "The human-readable name for this quick link" + }, + "url": { + "type": "string", + "description": "The URL of this quick link (absolute or relative)", + "pattern": "^(https?://|/)" + }, + "description": { + "type": "string", + "description": "A description for this quick link" + } + } + } + } } ``` {/* SCHEMA_SYNC_END: admin/config/settings.schema.json */} diff --git a/docs/admin/config/site_config.mdx b/docs/admin/config/site_config.mdx index e26a2ab2e..8f2fc6e35 100644 --- a/docs/admin/config/site_config.mdx +++ b/docs/admin/config/site_config.mdx @@ -20,1234 +20,5230 @@ All site configuration options and their default values are shown below. ### admin/config/site.schema.json {/* SCHEMA_SYNC_START: admin/config/site.schema.json */} -{/* WARNING: This section is auto-generated during releases. Do not edit manually. */} -{/* Last updated: 2025-07-10T00:07:25Z via sourcegraph/sourcegraph@v6.5.2654 */} ```json { - - ////////////////////////////////////////////////////////////// - // General Configuration - ////////////////////////////////////////////////////////////// - - // Prompts user to install new browser for non es5 - "RedirectUnsupportedBrowser": false, - - // Enable/Disable attribution search for Cody-generated snippets - "attribution.enabled": false, - - // Use this gateway parameters for customers that bring their own key. Otherwise gateway endpoint is used. - "attribution.gateway": { - "accessToken": null, - "endpoint": null - }, - - // Hide Cody-generated snippets that have attribution matches ("enforced"), or show the snippet but passively inform the user about attribution ("permissive", the default). Requires attribution.enabled = true. - // Valid options: "permissive", "enforced" - "attribution.mode": "permissive", - - // Automatically delete branches created for Batch Changes changesets when the changeset is merged or closed, for supported code hosts. Overrides any setting on the repository on the code host itself. - "batchChanges.autoDeleteBranch": false, - - // How long changesets will be retained after they have been detached from a batch change. - // Other example values: - // - "336h" - // - "48h" - // - "5h30m40s" - "batchChanges.changesetsRetention": null, - - // A list of permitted container registries for use in batch changes, e.g., docker.io. If empty, all container registries are allowed. It cannot be used together with 'batchChanges.containerRegistryDenylist' - // Other example values: - // - "docker.io" - // - "artifactory.acme.com" - "batchChanges.containerRegistryAllowlist": null, - - // A list of forbidden container registries for use in batch changes, e.g., docker.io. If empty, all container registries are allowed. It cannot be used together with 'batchChanges.containerRegistryAllowlist' - // Other example values: - // - "docker.io" - // - "artifactory.acme.com" - "batchChanges.containerRegistryDenylist": null, - - // Hides Batch Changes warnings about webhooks not being configured. - "batchChanges.disableWebhooksWarning": false, - - // Enables/disables the Batch Changes feature. - "batchChanges.enabled": true, - - // When enabled, all branches created by batch changes will be pushed to forks of the original repository. - "batchChanges.enforceForks": false, - - // Reject unverified commits when creating a Batch Change - "batchChanges.rejectUnverifiedCommit": false, - - // When enabled, only site admins can create and apply batch changes. - "batchChanges.restrictToAdmins": false, - - // Specifies specific windows, which can have associated rate limits, to be used when reconciling published changesets (creating or updating). All days and times are handled in UTC. - // Other example values: - // - { - // "days": [ - // "saturday", - // "sunday" - // ], - // "end": "20:00", - // "rate": "10/hour", - // "start": "06:00" - // } - "batchChanges.rolloutWindows": null, - - // Maximum number of batch spec templates to display in the template library UI. Default is 20. - "batchChanges.templateLibrary.displayLimit": 20, - - // Whether auto-indexing policies may apply to all repositories on the Sourcegraph instance. Default is false. The policyRepositoryMatchLimit setting still applies to such auto-indexing policies. - "codeIntelAutoIndexing.allowGlobalPolicies": false, - - // Enables/disables the code intel auto-indexing feature. Currently experimental. - "codeIntelAutoIndexing.enabled": false, - - // Overrides the default Docker images used by auto-indexing. - // Other example values: - // - { - // "go": "sourcegraph/lsif-go:latest", - // "java": "sourcegraph/lsif-java:latest" - // } - "codeIntelAutoIndexing.indexerMap": null, - - // The maximum number of repositories to which a single auto-indexing policy can apply. Default is -1, which is unlimited. - "codeIntelAutoIndexing.policyRepositoryMatchLimit": -1, - - // Configuration options for code monitors - "codeMonitors": { - "concurrency": 4, - "maxRuntime": 1, - "pollInterval": "5m" - }, - - // Rules defining the repositories that will never be shared by Cody with third-party LLM providers. - "cody.contextFilters": { - "exclude": null, - "include": null - }, - - // Enable or disable Cody instance-wide. When Cody is disabled, all Cody endpoints and GraphQL queries will return errors, Cody will not show up in the site-admin sidebar, and Cody in the global navbar will only show a call-to-action for site-admins to enable Cody. - "cody.enabled": false, - - // Whether to enable Cody role-based access controls. Only respected if cody.restrictUsersFeatureFlag is not set. See https://sourcegraph.com/docs/admin/access_control - "cody.permissions": true, - - // DEPRECATED; see cody.permissions instead. PRIOR DESCRIPTION: Cody to only be enabled for users that have a feature flag labeled "cody" set to true. You must create a feature flag with this ID after enabling this setting: https://www.notion.so/sourcegraph/How-to-use-feature-flags-70f42bcacd9045d4a55de22f5dd87df0?source=copy_link. This setting only has an effect if cody.enabled is true. - "cody.restrictUsersFeatureFlag": false, - - // Configuration for Server-side context API - "cody.serverSideContext": { - "reranker": { - "type": null - } - }, - - // Configuration for the completions service. - // Other example values: - // - { - // "chat": true - // } - "configFeatures": { - "autoComplete": false, - "chat": false, - "chatVision": false, - "commands": false - }, - - // Enables the computation of contributor statistics per author and repository. Will all commits of each repository initially, and then work on deltas. - // Other example values: - // - true - "contributorsDataEnabled": true, - - // Required when using any of the native code host integrations for Phabricator, GitLab, or Bitbucket Server. It is a space-separated list of allowed origins for cross-origin HTTP requests which should be the base URL for your Phabricator, GitLab, or Bitbucket Server instance. - // Other example values: - // - "https://my-phabricator.example.com https://my-bitbucket.example.com https://my-gitlab.example.com" - "corsOrigin": null, - - // (debug) controls the amount of symbol search parallelism. Defaults to 20. It is not recommended to change this outside of debugging scenarios. This option will be removed in a future version. - // Other example values: - // - "20" - "debug.search.symbolsParallelism": 0, - - // The rate limit (in requests per hour) for the default rate limiter in the rate limiters registry. By default this is disabled and the default rate limit is infinity. - "defaultRateLimit": -1, - - // Disable periodic syncs of configured code host connections (repository metadata, permissions, batch changes changesets, etc) - "disableAutoCodeHostSyncs": false, - - // Disable periodically fetching git contents for existing repositories. - "disableAutoGitUpdates": false, - - // Disable the feedback survey - "disableFeedbackSurvey": false, - - // DEPRECATED. Has no effect. - "disableNonCriticalTelemetry": false, - - // ⚠️ DEPRECATED: Deprecated because it's no longer supported and hasn't been working for a while. - // DEPRECATED! Disable redirects to sourcegraph.com when visiting public repositories that can't exist on this server. - // Other example values: - // - true - "disablePublicRepoRedirects": false, - - // Configuration options for Sourcegraph.com only. - "dotcom": { - "codyGateway": { - "bigQueryDataset": null, - "bigQueryGoogleProjectID": null, - "bigQueryTable": null - }, - "codyProConfig": { - "samsBackendOrigin": "", - "sscBackendOrigin": "", - "sscBaseUrl": "https://accounts.sourcegraph.com/cody", - "stripePublishableKey": null, - "useEmbeddedUI": false - }, - "enterprisePortal.enableProxies": true, - "sams.clientID": null, - "sams.clientSecret": null, - "sams.server": null, - "samsDev.clientID": null, - "samsDev.clientSecret": null, - "samsDev.server": "https://accounts.sgdev.org", - "srcCliVersionCache": { - "enabled": false, - "github": { - "repository": { - "name": "src-cli", - "owner": "sourcegraph" - }, - "token": null, - "uri": "https://github.com", - "webhookSecret": null - }, - "interval": "1h" - } - }, - - // The "from" address for emails sent by this server. - // Please see https://sourcegraph.com/docs/admin/config/email - // Other example values: - // - "noreply@sourcegraph.example.com" - "email.address": null, - - // The name to use in the "from" address for emails sent by this server. - // Other example values: - // - "Our Company Sourcegraph" - // - "Example Inc Sourcegraph" - "email.senderName": "Sourcegraph", - - // The SMTP server used to send transactional emails. - // Please see https://sourcegraph.com/docs/admin/config/email - // Other example values: - // - { - // "authentication": "PLAIN", - // "host": "smtp.example.com", - // "password": "mypassword", - // "port": 465, - // "username": "alice" - // } - "email.smtp": null, - - // Configurable templates for some email types sent by Sourcegraph. - // Other example values: - // - { - // "resetPassword": { - // "body": "To reset your password on {{.Host}}, please click the link below:\n\n{{.URL}}\n\nIf you did not request a password reset, please ignore this email. Your password will not change until you click the link and set a new password.", - // "subject": "Reset your password on {{.Host}}" - // }, - // "setPassword": { - // "body": "To set your password on {{.Host}} and complete your account registration, please click the link below:\n\n{{.URL}}\n\nYour username is: {{.Username}}\n\nIf you did not sign up for an account on {{.Host}}, please ignore this email.", - // "subject": "Set your password on {{.Host}}" - // } - // } - "email.templates": { - "resetPassword": null, - "setPassword": null - }, - - // Configure completion credits entitlement enablement - "entitlements.completionCredits": { - "mode": "disabled" - }, - - // Experimental features and settings. - // Other example values: - // - { - // "customGitFetch": [ - // { - // "domainPath": "somecodehost.com/path/to/repo", - // "fetch": "customgitbinary someflag" - // }, - // { - // "domainPath": "somecodehost.com/path/to/anotherrepo", - // "fetch": "customgitbinary someflag anotherflag" - // } - // ] - // } - // - { - // "tls.external": { - // "certificates": [ - // "-----BEGIN CERTIFICATE-----\n..." - // ], - // "insecureSkipVerify": true - // } - // } - "experimentalFeatures": { - "batchChanges.enableForkNameSuffix": false, - "batchChanges.enablePerforce": false, - "codeintelSyntacticIndexing.enabled": false, - "cody.auditLog": { - "enabled": false - }, - "codyContextIgnore": false, - "commitGraphUpdates": { - "defaultBranchOnly": null - }, - "customGitFetch": null, - "debug.log": { - "extsvc.gitlab": false - }, - "deepSearch.enabled": false, - "deepSearch.model": "anthropic::2024-10-22::claude-sonnet-4-latest", - "deepSearch.sharing.enabled": false, - "enableGithubInternalRepoVisibility": false, - "enablePermissionsWebhooks": false, - "enableStorm": false, - "eventLogging": "enabled", - "gitServerPinnedRepos": null, - "goPackages": "disabled", - "insightsAlternateLoadingStrategy": false, - "insightsBackfillerV2": true, - "insightsDataRetention": true, - "jvmPackages": "disabled", - "languageDetection": { - "graphQL": "useFileContents" - }, - "npmPackages": "disabled", - "pagure": "disabled", - "passwordPolicy": { - "enabled": true, - "minimumLength": 12, - "numberOfSpecialCharacters": 2, - "requireAtLeastOneNumber": true, - "requireUpperandLowerCase": true - }, - "perforceChangelistMapping": "enabled", - "pythonPackages": "disabled", - "ranking": { - "flushWallTimeMS": 500, - "maxQueueMatchCount": -1, - "maxQueueSizeBytes": -1, - "maxReorderDurationMS": 0, - "maxReorderQueueSize": 24, - "repoScores": {} - }, - "rateLimitAnonymous": 500, - "rubyPackages": "disabled", - "rustPackages": "disabled", - "scipBasedAPIs": true, - "search.index.branches": null, - "search.index.query.contexts": false, - "search.index.revisions": null, - "search.sanitization": { - "orgName": null, - "sanitizePatterns": null - }, - "searchJobs": false, - "structuralSearch": "disabled", - "subRepoPermissions": { - "allowCodeInsights": false, - "enabled": false, - "enforceIPRestrictions": false, - "ipParseCacheSize": 1000, - "redactInaccessibleCommits": false, - "rulesInterpretationMode": "unified", - "userCacheSize": 1000, - "userCacheTTLSeconds": 10 - }, - "tls.external": { - "certificates": null, - "insecureSkipVerify": false - } - }, - - // The externally accessible URL for Sourcegraph (i.e., what you type into your browser). Previously called `appURL`. Only root URLs are allowed. - // Other example values: - // - "https://sourcegraph.example.com" - "externalURL": null, - - // HTML to inject at the bottom of the `` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true. - "htmlBodyBottom": null, - - // HTML to inject at the top of the `` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true. - "htmlBodyTop": null, - - // HTML to inject at the bottom of the `` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true. - "htmlHeadBottom": null, - - // HTML to inject at the top of the `` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true. - "htmlHeadTop": null, - - // The size of the buffer for aggregations ran in-memory. A higher limit might strain memory for the frontend - "insights.aggregations.bufferSize": 500, - - // The maximum number of results a proactive search aggregation can accept before stopping - "insights.aggregations.proactiveResultLimit": 50000, - - // Set the number of seconds an insight series will spend backfilling before being interrupted. Series are interrupted to prevent long running insights from exhausting all of the available workers. Interrupted series will be placed back in the queue and retried based on their priority. - "insights.backfill.interruptAfter": 60, - - // Number of repositories within the batch to backfill concurrently. - "insights.backfill.repositoryConcurrency": 3, - - // Set the number of repositories to batch in a group during backfilling. - "insights.backfill.repositoryGroupSize": 10, - - // Maximum number of historical Code Insights data frames that may be analyzed per second. - // Other example values: - // - 50 - // - 0.5 - "insights.historical.worker.rateLimit": 20, - - // The allowed burst rate for the Code Insights historical worker rate limiter. - // Other example values: - // - 10 - // - 20 - "insights.historical.worker.rateLimitBurst": 20, - - // The maximum number of data points that will be available to view for a series on a code insight. Points beyond that will be stored in a separate table and available for data export. - // Other example values: - // - 12 - // - 24 - // - 50 - "insights.maximumSampleSize": 30, - - // Number of concurrent executions of a code insight query on a worker node - // Other example values: - // - 10 - "insights.query.worker.concurrency": 1, - - // Maximum number of Code Insights queries initiated per second on a worker node. - // Other example values: - // - 10 - // - 0.5 - "insights.query.worker.rateLimit": 20, - - // The allowed burst rate for the Code Insights queries per second rate limiter. - // Other example values: - // - 10 - // - 20 - "insights.query.worker.rateLimitBurst": 20, - - // Settings for repository language stats inventory - // Other example values: - // - { - // "disableEnhancedLanguageDetection": false, - // "gitServerConcurrency": 4, - // "maxInventoryInMemory": 1000, - // "redisConcurrency": 20, - // "timeoutInMinutes": 5 - // } - "inventory": { - "disableEnhancedLanguageDetection": false, - "gitServerConcurrency": 4, - "maxInventoryInMemory": 1000, - "redisConcurrency": 20, - "timeoutInMinutes": 5 - }, - - // The license key associated with a Sourcegraph product subscription, which is necessary to activate Sourcegraph Enterprise functionality. To obtain this value, contact Sourcegraph to purchase a subscription. To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh. - "licenseKey": null, - - // Whether or not LSIF uploads will be blocked unless a valid LSIF upload token is provided. - "lsifEnforceAuth": false, - - // DEPRECATED: Configure maxRepos in search.limits. The maximum number of repositories to search across. The user is prompted to narrow their query if exceeded. Any value less than or equal to zero means unlimited. - "maxReposToSearch": -1, - - "modelConfiguration": null, - - // Notifications recieved from Sourcegraph.com to display in Sourcegraph. - // Other example values: - // - { - // "key": "2023-03-10-my-key", - // "message": "This is a test notification message." - // } - "notifications": null, - - // Configuration for organization invitations. - // Other example values: - // - { - // "expiryTime": 48, - // "signingKey": "your-signing-key" - // } - "organizationInvitations": { - "expiryTime": 48, - "signingKey": null - }, - - // The maximum number of outbound requests to retain. This is a global limit across all outbound requests. If the limit is exceeded, older items will be deleted. If the limit is 0, no outbound requests are logged. - "outboundRequestLogLimit": 50, - - // The max number of concurrent Own jobs that will run per worker node. - "own.background.repoIndexConcurrencyLimit": 5, - - // The maximum per second burst of repositories for Own jobs per worker node. Generally this value should not be less than the max concurrency. - "own.background.repoIndexRateBurstLimit": 5, - - // The maximum per second rate of repositories for Own jobs per worker node. - "own.background.repoIndexRateLimit": 20, - - // The Own service will attempt to match a Team by the last part of its handle if it contains a slash and no match is found for its full handle. - "own.bestEffortTeamMatching": true, - - // URL to fetch unreachable repository details from. Defaults to "https://sourcegraph.com" - // Other example values: - // - { - // "url": "https://sourcegraph.example.com" - // } - "parentSourcegraph": { - "url": "https://sourcegraph.com" - }, - - // Time interval (in seconds) of how often cleanup worker should remove old jobs from permissions sync jobs table. - "permissions.syncJobCleanupInterval": 3600, - - // The number of last repo/user permission jobs to keep for history. Will be cleaned up occasionally to only keep the most recent N jobs. - "permissions.syncJobsHistorySize": 5, - - // Number of repo permissions to schedule for syncing in single scheduler iteration. - "permissions.syncOldestRepos": 100, - - // Number of user permissions to schedule for syncing in single scheduler iteration. - "permissions.syncOldestUsers": 100, - - // Don't sync a repo's permissions if it has synced within the last n seconds. - "permissions.syncReposBackoffSeconds": 900, - - // The maximum number of repo-centric permissions syncing jobs that can be spawned concurrently. Service restart is required to take effect for changes. - "permissions.syncReposMaxConcurrency": 5, - - // Time interval (in seconds) of how often each component picks up authorization changes in external services. - "permissions.syncScheduleInterval": 60, - - // Don't sync a user's permissions if they have synced within the last n seconds. - "permissions.syncUsersBackoffSeconds": 900, - - // The maximum number of user-centric permissions syncing jobs that can be spawned concurrently. Service restart is required to take effect for changes. - "permissions.syncUsersMaxConcurrency": 5, - - // Settings for Sourcegraph explicit permissions, which allow the site admin to explicitly manage repository permissions via the GraphQL API. This will mark repositories as restricted by default. - // Other example values: - // - { - // "bindID": "email" - // } - // - { - // "bindID": "username" - // } - "permissions.userMapping": { - "bindID": "email", - "enabled": true - }, - - // Enables users access to the product research page in their settings. - "productResearchPage.enabled": true, - - "rateLimits": { - "graphQLMaxAliases": 500, - "graphQLMaxDepth": 30, - "graphQLMaxDuplicateFieldCount": 500, - "graphQLMaxFieldCount": 500000, - "graphQLMaxUniqueFieldCount": 500 - }, - - // Enables redacting sensitive information from outbound requests. Important: We only respect this setting in development environments. In production, we always redact outbound requests. - // Other example values: - // - true - "redactOutboundRequestHeaders": false, - - // The number of concurrent external service syncers that can run. - "repoConcurrentExternalServiceSyncers": 3, - - // Interval (in minutes) for checking code hosts (such as GitHub, Gitolite, etc.) for new repositories. - "repoListUpdateInterval": 1, - - // Configuration for repository purge worker. - "repoPurgeWorker": { - "deletedTTLMinutes": 60, - "intervalMinutes": 15 - }, - - // The SCIM auth token is used to authenticate SCIM requests. If not set, SCIM is disabled. - "scim.authToken": "", - - // Identity provider used for SCIM support. "STANDARD" should be used unless a more specific value is available - // Valid options: "STANDARD", "Azure AD" - "scim.identityProvider": "STANDARD", - - // The number of threads each indexserver should use to index shards. If not set, indexserver will use the number of available CPUs. This is exposed as a safeguard and should usually not require being set. - // Other example values: - // - "10" - "search.index.shardConcurrency": 0, - - // Whether indexed symbol search is enabled. This is contingent on the indexed search configuration, and is true by default for instances with indexed search enabled. Enabling this will cause every repository to re-index, which is a time consuming (several hours) operation. Additionally, it requires more storage and ram to accommodate the added symbols information in the search index. - // Other example values: - // - true - "search.index.symbols.enabled": false, - - // A list of file glob patterns where matching files will be indexed and searched regardless of their size. Files still need to be valid utf-8 to be indexed. The glob pattern syntax can be found here: https://github.com/bmatcuk/doublestar#patterns. - // Other example values: - // - [ - // "go.sum", - // "package-lock.json", - // "**/*.thrift" - // ] - "search.largeFiles": null, - - // Limits that search applies for number of repositories searched and timeouts. - // Other example values: - // - { - // "commitDiffMaxRepos": 50, - // "commitDiffWithTimeFilterMaxRepos": 5000, - // "maxRepos": 200, - // "maxTimeoutSeconds": 60 - // } - "search.limits": { - "commitDiffMaxRepos": 50, - "commitDiffWithTimeFilterMaxRepos": 10000, - "maxRepos": -1, - "maxTimeoutSeconds": "60" - }, - - // The base URL of the Self-Serve Cody API. - "ssc.apiBaseUrl": "https://accounts.sourcegraph.com/cody/api", - - // The hostname of SAMS instance to connect. - "ssc.samsHostName": "accounts.sourcegraph.com", - - // Syntax highlighting configuration - // Other example values: - // - { - // "engine": { - // "default": "tree-sitter", - // "overrides": { - // "go": "syntect" - // } - // }, - // "languages": { - // "extensions": { - // "go": "go", - // "ts": "typescript" - // }, - // "patterns": [ - // { - // "language": "cobol", - // "match": "cobol_.*\\.txt" - // } - // ] - // } - // } - "syntaxHighlighting": { - "engine": { - "default": null, - "overrides": null - }, - "languages": { - "extensions": null, - "patterns": null - }, - "symbols": { - "engine": null - } - }, - - // Configuration for application user telemetry. - "telemetry": { - "disableLocalEventLogs": false - }, - - // The channel on which to automatically check for Sourcegraph updates. - // Valid options: "release", "none" - // Other example values: - // - "none" - "update.channel": "release", - - // Configuration for logging incoming webhooks. - // Other example values: - // - { - // "enabled": true, - // "retention": "7d" - // } - "webhook.logging": { - "enabled": false, - "retention": "72h" - }, - - - ////////////////////////////////////////////////////////////// - // Authentication & Authorization - ////////////////////////////////////////////////////////////// - - // The config options for access requests - // Other example values: - // - { - // "enabled": true - // } - // - { - // "enabled": false - // } - "auth.accessRequest": { - "enabled": true - }, - - // Settings for access tokens, which enable external tools to access the Sourcegraph API with the privileges of the user. - // Other example values: - // - { - // "allow": "site-admin-create", - // "allowNoExpiration": true, - // "defaultExpirationDays": 90, - // "expirationOptionDays": [ - // 7, - // 14, - // 30, - // 60, - // 90 - // ] - // } - // - { - // "allow": "none", - // "allowNoExpiration": false, - // "defaultExpirationDays": 45, - // "expirationOptionDays": [ - // 7, - // 14, - // 30, - // 60, - // 90 - // ] - // } - "auth.accessTokens": { - "allow": "all-users-create", - "allowNoExpiration": false, - "defaultExpirationDays": 90, - "expirationOptionDays": [ - 7, - 14, - 30, - 60, - 90 - ] - }, - - // IP allowlist for access to the Sourcegraph instance. If set, only requests from these IP addresses will be allowed. By default client IP is infered connected client IP address, and you may configure to use a request header to determine the user IP. - "auth.allowedIpAddress": { - "clientIpAddress": null, - "enabled": false, - "errorMessageTemplate": "Access from your IP address is not allowed.", - "trustedClientIpAddress": null, - "userIpAddress": null, - "userIpRequestHeaders": null - }, - - // Enables users to change their username after account creation. Warning: setting this to be true has security implications if you have enabled (or will at any point in the future enable) repository permissions with an option that relies on username equivalency between Sourcegraph and an external service or authentication provider. Do NOT set this to true if you are using non-built-in authentication OR rely on username equivalency for repository permissions. - "auth.enableUsernameChanges": false, - - // The config options for account lockout - // Other example values: - // - { - // "consecutivePeriod": 300, - // "failedAttemptThreshold": 3, - // "lockoutPeriod": 600 - // } - "auth.lockout": { - "consecutivePeriod": 3600, - "failedAttemptThreshold": 5, - "lockoutPeriod": 1800 - }, - - // The maximum duration a user session may be idle (not making any requests), after which it expires and the user is required to re-authenticate. Must be at least 1 hour. Defaults to no idle expiry. - // Other example values: - // - "2h" - "auth.maxSessionIdleDuration": "0", - - // The minimum number of Unicode code points that a password must contain. - "auth.minPasswordLength": 12, - - // Enables and configures password policy. This will allow admins to enforce password complexity and length requirements. - // Other example values: - // - { - // "enabled": true, - // "numberOfSpecialCharacters": 1, - // "requireAtLeastOneNumber": true, - // "requireUpperandLowerCase": true - // } - "auth.passwordPolicy": { - "enabled": false, - "numberOfSpecialCharacters": 0, - "requireAtLeastOneNumber": true, - "requireUpperandLowerCase": true - }, - - // The duration (in seconds) that a password reset link is considered valid. - "auth.passwordResetLinkExpiry": 14400, - - // The number of auth providers that will be shown to the user on the login screen. Other providers are shown under `Other login methods` section. - "auth.primaryLoginProvidersCount": 3, - - // The authentication providers to use for identifying and signing in users. See instructions below for configuring SAML, OpenID Connect (including Google Workspace), and HTTP authentication proxies. Multiple authentication providers are supported (by specifying multiple elements in this array). - "auth.providers": [ - { - "allowSignup": true, - "type": "builtin" - } - ], - - // The maximum duration of a user session, after which it expires and the user is required to re-authenticate. The default is 90 days. Must be at least 1 hour. There is typically no need to set this, but some users may have specific internal security requirements. - // The string format is that of the Duration type in the Go time package (https://golang.org/pkg/time/#ParseDuration). E.g., "720h", "43200m", "2592000s" all indicate a timespan of 30 days. - // Other example values: - // - "168h" - "auth.sessionExpiry": "2160h", - - // Validity expressed in minutes of the unlock account token - "auth.unlockAccountLinkExpiry": 5, - - // Base64-encoded HMAC signing key to sign the JWT token for account unlock URLs - // Other example values: - // - "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUJGZ0FBQUhVQkFBQQ" - "auth.unlockAccountLinkSigningKey": null, - - // Ensure that matching users are members of the specified orgs (auto-joining users to the orgs if they are not already a member). Provide a JSON object of the form `{"*": ["org1", "org2"]}`, where org1 and org2 are orgs that all users are automatically joined to. Currently the only supported key is `"*"`. - // Other example values: - // - { - // "*": [ - // "myorg1" - // ] - // } - "auth.userOrgMap": null, - - // When true, site admins will only be able to see private code they have access to via our authz system. - "authz.enforceForSiteAdmins": false, - - - ////////////////////////////////////////////////////////////// - // Security & Encryption - ////////////////////////////////////////////////////////////// - - // Configuration for encryption keys used to encrypt data at rest in the database. - // Other example values: - // - { - // "externalServiceKey": { - // "filePath": "/path/to/external_service.key", - // "type": "mounted" - // } - // } - // - { - // "userExternalAccountKey": { - // "keyname": "projects/my-project/locations/global/keyRings/my-keyring/cryptoKeys/my-key", - // "type": "cloudkms" - // } - // } - "encryption.keys": { - "batchChangesCredentialKey": null, - "cacheSize": 2048, - "enableCache": false, - "executorSecretKey": null, - "externalServiceKey": null, - "gitHubAppKey": null, - "outboundWebhookKey": null, - "userExternalAccountKey": null, - "webhookKey": null, - "webhookLogKey": null - }, - - - ////////////////////////////////////////////////////////////// - // AI & Completions - ////////////////////////////////////////////////////////////// - - // Configuration for the completions service. - // Other example values: - // - { - // "accessToken": "abc123", - // "chatModel": "chat", - // "completionModel": "code-completion", - // "enabled": true, - // "perUserDailyLimit": 100, - // "provider": "openai" - // } - "completions": { - "accessToken": null, - "azureChatModel": null, - "azureCompletionModel": null, - "azureUseDeprecatedCompletionsAPIForOldModels": true, - "chatModel": null, - "chatModelMaxTokens": 0, - "completionModel": null, - "completionModelMaxTokens": 0, - "disableClientConfigAPI": false, - "enabled": true, - "endpoint": null, - "fastChatModel": null, - "fastChatModelMaxTokens": 0, - "model": null, - "perCommunityUserChatMonthlyInteractionLimit": 0, - "perCommunityUserChatMonthlyLLMRequestLimit": 0, - "perCommunityUserCodeCompletionsMonthlyInteractionLimit": 0, - "perCommunityUserCodeCompletionsMonthlyLLMRequestLimit": 0, - "perProUserChatDailyInteractionLimit": 0, - "perProUserChatDailyLLMRequestLimit": 0, - "perProUserCodeCompletionsDailyInteractionLimit": 0, - "perProUserCodeCompletionsDailyLLMRequestLimit": 0, - "perUserCodeCompletionsDailyLimit": 0, - "perUserDailyLimit": 0, - "provider": "sourcegraph", - "smartContextWindow": "enabled", - "user": null - }, - - // ⚠️ DEPRECATED: Deprecated changes to this section will not be respected. - // Configuration for embeddings service. - // Other example values: - // - { - // "accessToken": "your-access-token", - // "dimensions": 1536, - // "enabled": true, - // "excludedFilePathPatterns": [ - // "*.svg", - // "**/__mocks__/**", - // "**/test/**" - // ], - // "model": "text-embedding-ada-002", - // "url": "https://api.openai.com/v1/embeddings" - // } - "embeddings": { - "accessToken": null, - "dimensions": 0, - "enabled": true, - "endpoint": null, - "excludeChunkOnError": true, - "excludedFilePathPatterns": [ - ".*ignore", - ".gitattributes", - ".mailmap", - "*.csv", - "*.svg", - "*.xml", - "__fixtures__/", - "node_modules/", - "testdata/", - "mocks/", - "vendor/" - ], - "fileFilters": { - "excludedFilePathPatterns": [ - ".*ignore", - ".gitattributes", - ".mailmap", - "*.csv", - "*.svg", - "*.xml", - "__fixtures__/", - "node_modules/", - "testdata/", - "mocks/", - "vendor/" - ], - "includedFilePathPatterns": null, - "maxFileSizeBytes": 1000000 - }, - "incremental": true, - "maxEmbeddingsPerRepo": 0, - "minimumInterval": "24h", - "model": null, - "perCommunityUserEmbeddingsMonthlyLimit": 0, - "perProUserEmbeddingsMonthlyLimit": 0, - "policyRepositoryMatchLimit": "5000", - "provider": null, - "url": null - }, - - - ////////////////////////////////////////////////////////////// - // Executors - ////////////////////////////////////////////////////////////// - - // The shared secret between Sourcegraph and executors. The value must contain at least 20 characters. - // Other example values: - // - "my-super-secret-access-token" - "executors.accessToken": null, - - // The image to use for batch changes in executors when using native execution. Use this value to pull from a custom image registry. - "executors.batcheshelperImage": "sourcegraph/batcheshelper", - - // The tag to use for the batcheshelper image in executors when using native execution. Use this value to use a custom tag. Sourcegraph by default uses the best match, so use this setting only if you really need to overwrite it and make sure to keep it updated. - // Other example values: - // - "4.1.0" - "executors.batcheshelperImageTag": null, - - // The URL where Sourcegraph executors can reach the Sourcegraph instance. If not set, defaults to externalURL. URLs with a path (other than `/`) are not allowed. For Docker executors, the special hostname `host.docker.internal` can be used to refer to the Docker container's host. - // Other example values: - // - "https://sourcegraph.example.com" - "executors.frontendURL": null, - - // The tag to use for the lsif-go image in executors. Use this value to use a custom tag. Sourcegraph by default uses the best match, so use this setting only if you really need to overwrite it and make sure to keep it updated. - // Other example values: - // - "sourcegraph/lsif-go" - "executors.lsifGoImage": null, - - // The configuration for multiqueue executors. - "executors.multiqueue": { - "dequeueCacheConfig": { - "batches": { - "limit": 50, - "weight": 4 - }, - "codeintel": { - "limit": 250, - "weight": 1 - } - } - }, - - // The image to use for src-cli in executors. Use this value to pull from a custom image registry. - "executors.srcCLIImage": "sourcegraph/src-cli", - - // The tag to use for the src-cli image in executors. Use this value to use a custom tag. Sourcegraph by default uses the best match, so use this setting only if you really need to overwrite it and make sure to keep it updated. - // Other example values: - // - "4.1.0" - "executors.srcCLIImageTag": null, - - - ////////////////////////////////////////////////////////////// - // Git & Repository Management - ////////////////////////////////////////////////////////////// - - // Whether clone progress should be logged to a file. If enabled, logs are written to files in the OS default path for temporary files. - "cloneProgress.log": false, - - // JSON array of configuration that maps from Git clone URL to repository name. Sourcegraph automatically resolves remote clone URLs to their proper code host. However, there may be non-remote clone URLs (e.g., in submodule declarations) that Sourcegraph cannot automatically map to a code host. In this case, use this field to specify the mapping. The mappings are tried in the order they are specified and take precedence over automatic mappings. - // Other example values: - // - [ - // { - // "from": "^../(?P\u003cname\u003e\\w+)$", - // "to": "github.com/user/{name}" - // } - // ] - "git.cloneURLToRepositoryName": null, - - // DEPRECATED: The config options for Sourcegraph GitHub App. - // Other example values: - // - { - // "appID": "1234", - // "clientID": "client-id", - // "clientSecret": "client-secret", - // "privateKey": "base64-encoded-private-key", - // "slug": "sourcegraph" - // } - "gitHubApp": { - "appID": null, - "clientID": null, - "clientSecret": null, - "privateKey": null, - "slug": null - }, - - // Maximum number of seconds that a long Git command (e.g. clone or remote update) is allowed to execute. The default is 7200 seconds, or 2 hours. - "gitLongCommandTimeout": 7200, - - // Maximum number of remote code host git operations (e.g. clone or ls-remote) to be run per second per gitserver. Default is -1, which is unlimited. - "gitMaxCodehostRequestsPerSecond": -1, - - // Maximum number of git clone processes that will be run concurrently per gitserver to update repositories. <= 0 means disabled. - "gitMaxConcurrentCleanups": 5, - - // Maximum number of git clone processes that will be run concurrently per gitserver to update repositories. Note: the global git update scheduler respects gitMaxConcurrentClones. However, we allow each gitserver to run upto gitMaxConcurrentClones to allow for urgent fetches. Urgent fetches are used when a user is browsing a PR and we do not have the commit yet. - "gitMaxConcurrentClones": 5, - - // Record git operations that are executed on configured repositories. - // Other example values: - // - { - // "ignoredGitCommands": [ - // "show", - // "rev-parse", - // "log", - // "diff", - // "ls-tree" - // ], - // "repos": [ - // "github.com/sourcegraph/sourcegraph", - // "github.com/gorilla/mux" - // ], - // "size": 1000 - // } - "gitRecorder": { - "ignoredGitCommands": [ - "show", - "rev-parse", - "log", - "diff", - "ls-tree" - ], - "repos": null, - "size": 10000 - }, - - // ⚠️ DEPRECATED: Deprecated because it's no longer supported. Sourcegraph relies on user traffic, webhooks, and heuristics now. - // DEPRECATED: As of Sourcegraph 5.10, this option is no longer in use. Remove this block. - // Other example values: - // - [ - // { - // "interval": 5, - // "pattern": "^github.com/sourcegraph/.*" - // }, - // { - // "interval": 10, - // "pattern": "^bitbucket.org/.*" - // } - // ] - "gitUpdateInterval": null, - - // Disk usage threshold at which to display warning notification. Value is a percentage. - "gitserver.diskUsageWarningThreshold": 90, - - - ////////////////////////////////////////////////////////////// - // Branding & UI - ////////////////////////////////////////////////////////////// - - // Customize Sourcegraph homepage logo and search icon. - // Other example values: - // - { - // "dark": { - // "logo": "https://example.com/logo_dark.png", - // "symbol": "https://example.com/search_symbol_dark_24x24.png" - // }, - // "disableSymbolSpin": true, - // "favicon": "https://example.com/favicon.ico", - // "light": { - // "logo": "https://example.com/logo_light.png", - // "symbol": "https://example.com/search_symbol_light_24x24.png" - // } - // } - "branding": { - "brandName": "Sourcegraph", - "dark": null, - "disableSymbolSpin": false, - "favicon": null, - "light": null - }, - - - ////////////////////////////////////////////////////////////// - // Observability & Monitoring - ////////////////////////////////////////////////////////////// - - // Configuration for logging and alerting, including to external services. - "log": { - "auditLog": { - "gitserverAccess": false, - "graphQL": false, - "internalTraffic": false, - "severityLevel": null - }, - "sentry": { - "backendDSN": null, - "codeIntelDSN": null, - "dsn": null - } - }, - - // Configure notifications for Sourcegraph's built-in alerts. - // Other example values: - // - { - // "level": "critical", - // "notifier": { - // "channel": "#alerts", - // "type": "slack", - // "url": "https://hooks.slack.com/services/..." - // } - // } - // - { - // "level": "warning", - // "notifier": { - // "addresses": [ - // "alerts@example.com" - // ], - // "type": "email" - // } - // } - "observability.alerts": null, - - // (debug) Set a limit to the amount of captured slow GraphQL requests being stored for visualization. For defining the threshold for a slow GraphQL request, see observability.logSlowGraphQLRequests. - // Other example values: - // - 2000 - "observability.captureSlowGraphQLRequestsLimit": 0, - - // EXPERIMENTAL: Configuration for client observability - // Other example values: - // - { - // "openTelemetry": { - // "endpoint": "/-/debug/otlp" - // } - // } - // - { - // "openTelemetry": { - // "endpoint": "https://opentelemetry.example.com" - // } - // } - "observability.client": { - "openTelemetry": { - "endpoint": "/-/debug/otlp", - "webVitalsInstrumentation": false - } - }, - - // (debug) logs all GraphQL requests slower than the specified number of milliseconds. - // Other example values: - // - 10000 - "observability.logSlowGraphQLRequests": 0, - - // (debug) logs all search queries (issued by users, code intelligence, or API requests) slower than the specified number of milliseconds. - // Other example values: - // - 10000 - "observability.logSlowSearches": 0, - - // Silence individual Sourcegraph alerts by identifier. - // Other example values: - // - [ - // "warning_gitserver_disk_space_remaining" - // ] - // - [ - // "critical_frontend_down", - // "warning_high_load" - // ] - "observability.silenceAlerts": null, - - // Configures distributed tracing within Sourcegraph. To learn more, refer to https://sourcegraph.com/docs/admin/observability/tracing - // Other example values: - // - { - // "debug": false, - // "sampling": "selective", - // "type": "opentelemetry", - // "urlTemplate": "https://ui.honeycomb.io/$ORG/environments/$DATASET/trace?trace_id={{ .TraceID }}" - // } - // - { - // "debug": true, - // "sampling": "all", - // "type": "jaeger", - // "urlTemplate": "{{ .ExternalURL }}/-/debug/jaeger/trace/{{ .TraceID }}" - // } - "observability.tracing": { - "debug": false, - "sampling": "selective", - "type": "opentelemetry", - "urlTemplate": null - } - + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "site.schema.json#", + "title": "Site configuration", + "description": "Configuration for a Sourcegraph site.", + "allowComments": true, + "type": "object", + "additionalProperties": true, + "properties": { + "inventory": { + "description": "Settings for repository language stats inventory", + "type": "object", + "additionalProperties": false, + "properties": { + "disableEnhancedLanguageDetection": { + "description": "Disable more accurate but slower language detection that uses file contents.", + "type": "boolean", + "default": false + }, + "gitServerConcurrency": { + "description": "Number of concurrent requests against the gitserver for getInventory requests. Higher concurrency means faster inventory, but more strain on gitserver.", + "type": "integer", + "minimum": 1, + "maximum": 1000, + "default": 4 + }, + "redisConcurrency": { + "description": "Number of concurrent requests against the redis cache for getInventory requests. Higher concurrency means faster inventory, but more strain on redis cache.", + "type": "integer", + "minimum": 1, + "maximum": 1000, + "default": 20 + }, + "maxInventoryInMemory": { + "description": "When computing the language stats, every nth iteration all loaded files are aggregated into the inventory to reduce the memory footprint. Increasing this value may make the computation run faster, but will require more memory.", + "type": "integer", + "minimum": 100, + "maximum": 1000000, + "default": 1000 + }, + "timeoutInMinutes": { + "description": "Time in minutes before cancelling getInventory requests. Raise this if your repositories are large and need a long time to process.", + "type": "integer", + "minimum": 1, + "maximum": 1440, + "default": 5 + } + }, + "examples": [ + { + "disableEnhancedLanguageDetection": false, + "gitServerConcurrency": 4, + "redisConcurrency": 20, + "maxInventoryInMemory": 1000, + "timeoutInMinutes": 5 + } + ] + }, + "ssc.apiBaseUrl": { + "type": "string", + "default": "https://accounts.sourcegraph.com/cody/api", + "description": "The base URL of the Self-Serve Cody API." + }, + "ssc.samsHostName": { + "type": "string", + "default": "accounts.sourcegraph.com", + "description": "The hostname of SAMS instance to connect." + }, + "search.index.symbols.enabled": { + "description": "Whether indexed symbol search is enabled. This is contingent on the indexed search configuration, and is true by default for instances with indexed search enabled. Enabling this will cause every repository to re-index, which is a time consuming (several hours) operation. Additionally, it requires more storage and ram to accommodate the added symbols information in the search index.", + "type": "boolean", + "!go": { + "pointer": true + }, + "group": "Search", + "examples": [true] + }, + "search.index.shardConcurrency": { + "description": "The number of threads each indexserver should use to index shards. If not set, indexserver will use the number of available CPUs. This is exposed as a safeguard and should usually not require being set.", + "type": "integer", + "group": "Search", + "examples": ["10"] + }, + "search.largeFiles": { + "description": "A list of file glob patterns where matching files will be indexed and searched regardless of their size. Files still need to be valid utf-8 to be indexed. The glob pattern syntax can be found here: https://github.com/bmatcuk/doublestar#patterns.", + "type": "array", + "items": { + "type": "string" + }, + "group": "Search", + "examples": [["go.sum", "package-lock.json", "**/*.thrift"]] + }, + "debug.search.symbolsParallelism": { + "description": "(debug) controls the amount of symbol search parallelism. Defaults to 20. It is not recommended to change this outside of debugging scenarios. This option will be removed in a future version.", + "type": "integer", + "group": "Debug", + "examples": ["20"] + }, + "cloneProgress.log": { + "description": "Whether clone progress should be logged to a file. If enabled, logs are written to files in the OS default path for temporary files.", + "type": "boolean", + "default": false + }, + "defaultRateLimit": { + "description": "The rate limit (in requests per hour) for the default rate limiter in the rate limiters registry. By default this is disabled and the default rate limit is infinity.", + "type": "integer", + "!go": { + "pointer": true + }, + "default": -1 + }, + "RedirectUnsupportedBrowser": { + "description": "Prompts user to install new browser for non es5", + "type": "boolean", + "default": false + }, + "rateLimits": { + "type": "object", + "additionalProperties": false, + "properties": { + "graphQLMaxDepth": { + "description": "Maximum depth of nested objects allowed for GraphQL queries. Changes to this setting require a restart.", + "type": "integer", + "default": 30 + }, + "graphQLMaxAliases": { + "description": "Maximum number of aliases allowed in a GraphQL query", + "type": "integer", + "default": 500 + }, + "graphQLMaxFieldCount": { + "description": "Maximum number of estimated fields allowed in a GraphQL response", + "type": "integer", + "default": 500000 + }, + "graphQLMaxDuplicateFieldCount": { + "description": "Maximum number of duplicate fields allowed in a GraphQL request", + "type": "integer", + "default": 500 + }, + "graphQLMaxUniqueFieldCount": { + "description": "Maximum number of unique fields allowed in a GraphQL request", + "type": "integer", + "default": 500 + } + } + }, + "auth.passwordPolicy": { + "type": "object", + "additionalProperties": false, + "description": "Enables and configures password policy. This will allow admins to enforce password complexity and length requirements.", + "properties": { + "enabled": { + "description": "Enables password policy", + "type": "boolean", + "default": false + }, + "numberOfSpecialCharacters": { + "description": "The required number of special characters", + "type": "integer", + "length": 2 + }, + "requireAtLeastOneNumber": { + "description": "Does the password require a number", + "type": "boolean", + "default": true + }, + "requireUpperandLowerCase": { + "description": "Require Mixed characters", + "type": "boolean", + "default": true + } + }, + "examples": [ + { + "enabled": true, + "numberOfSpecialCharacters": 1, + "requireAtLeastOneNumber": true, + "requireUpperandLowerCase": true + } + ] + }, + "experimentalFeatures": { + "description": "Experimental features and settings.", + "type": "object", + "additionalProperties": true, + "properties": { + "commitGraphUpdates": { + "description": "Customize strategy used for commit graph updates", + "type": "object", + "additionalProperties": false, + "properties": { + "defaultBranchOnly": { + "description": "Disables precise code nav on non-default branches. Specify repo names using regex syntax.", + "type": "array", + "items": { + "type": "string", + "examples": ["github.com/myorg/huge-monorepo", "github.com/other-org/.*"] + } + } + } + }, + "scipBasedAPIs": { + "description": "Enable usage of new CodeGraph and usagesForSymbol APIs", + "type": "boolean", + "default": true, + "_comment": "Keep default above in sync with NOTE(id: scip-based-apis-feature-flag)", + "!go": { + "pointer": true + } + }, + "codyContextIgnore": { + "description": "Enabled filtering of remote Cody context based on repositories ./cody/ignore file", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + } + }, + "searchJobs": { + "description": "DEPRECATED. This setting is no longer read. To disable search jobs, set DISABLE_SEARCH_JOBS=true for the \"frontend\" and \"worker\" services", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + } + }, + "rateLimitAnonymous": { + "description": "DEPRECATED: this setting was targeted at a specific incident is no longer read.", + "type": "integer", + "default": 500 + }, + "eventLogging": { + "description": "Enables user event logging inside of the Sourcegraph instance. This will allow admins to have greater visibility of user activity, such as frequently viewed pages, frequent searches, and more. These event logs (and any specific user actions) are only stored locally, and never leave this Sourcegraph instance.", + "type": "string", + "enum": ["enabled", "disabled"], + "default": "enabled" + }, + "passwordPolicy": { + "description": "DEPRECATED: this is now a standard feature see: auth.passwordPolicy", + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "description": "Enables password policy", + "type": "boolean", + "default": true + }, + "minimumLength": { + "description": "DEPRECATED: replaced by auth.minPasswordLength", + "type": "integer", + "default": 12 + }, + "numberOfSpecialCharacters": { + "description": "The required number of special characters", + "type": "integer", + "default": 2 + }, + "requireAtLeastOneNumber": { + "description": "Does the password require a number", + "type": "boolean", + "default": true + }, + "requireUpperandLowerCase": { + "description": "Require Mixed characters", + "type": "boolean", + "default": true + } + } + }, + "debug.log": { + "description": "Turns on debug logging for specific debugging scenarios.", + "type": "object", + "additionalProperties": false, + "properties": { + "extsvc.gitlab": { + "description": "Log GitLab API requests.", + "type": "boolean", + "default": false + } + }, + "deprecationMessage": "Deprecated in favor of internal debug logging." + }, + "structuralSearch": { + "description": "Enables structural search.", + "type": "string", + "enum": ["enabled", "disabled"], + "default": "disabled" + }, + "perforceChangelistMapping": { + "description": "Allow mapping of Perforce changelists to their commit SHAs in the DB", + "type": "string", + "enum": ["enabled", "disabled"], + "default": "enabled" + }, + "goPackages": { + "description": "Allow adding Go package host connections", + "type": "string", + "enum": ["enabled", "disabled"], + "default": "disabled" + }, + "jvmPackages": { + "description": "Allow adding JVM package host connections", + "type": "string", + "enum": ["enabled", "disabled"], + "default": "disabled" + }, + "npmPackages": { + "description": "Allow adding npm package code host connections", + "type": "string", + "enum": ["enabled", "disabled"], + "default": "disabled" + }, + "pythonPackages": { + "description": "Allow adding Python package code host connections", + "type": "string", + "enum": ["enabled", "disabled"], + "default": "disabled" + }, + "rustPackages": { + "description": "Allow adding Rust package code host connections", + "type": "string", + "enum": ["enabled", "disabled"], + "default": "disabled" + }, + "rubyPackages": { + "description": "Allow adding Ruby package host connections", + "type": "string", + "enum": ["enabled", "disabled"], + "default": "disabled" + }, + "pagure": { + "description": "Allow adding Pagure code host connections", + "type": "string", + "enum": ["enabled", "disabled"], + "default": "disabled" + }, + "subRepoPermissions": { + "type": "object", + "additionalProperties": false, + "if": { + "properties": { + "enforceIPRestrictions": { "const": true } + }, + "required": ["enforceIPRestrictions"] + }, + "then": { + "properties": { + "enabled": { "const": true } + }, + "required": ["enabled"] + }, + "properties": { + "enabled": { + "description": "Enables sub-repo permission checking", + "type": "boolean", + "default": false + }, + "redactInaccessibleCommits": { + "description": "Redacts commits in the history that the user does not have access to instead of removing them from history. DO NOT USE THIS UNLESS EXPLICITLY ASKED FOR BY THE SOURCEGRAPH TEAM.", + "type": "boolean", + "default": false + }, + "userCacheSize": { + "description": "The number of user permissions to cache", + "type": "integer", + "default": 1000, + "minimum": 1 + }, + "userCacheTTLSeconds": { + "description": "The TTL in seconds for cached user permissions", + "type": "integer", + "default": 10, + "minimum": 1 + }, + "rulesInterpretationMode": { + "description": "Controls how Perforce IP-based protection rules are interpreted. 'unified' (default) applies all rules regardless of proxy-prefix. 'directOnly' only applies rules without proxy- prefix. 'proxyOnly' only applies rules with proxy- prefix. Use this to align with your Perforce deployment model.", + "type": "string", + "enum": ["unified", "directOnly", "proxyOnly"], + "default": "unified" + }, + "enforceIPRestrictions": { + "description": "Enforces IP restrictions on sub-repo permissions. If true, relies on rightmost value X-FORWARDED-FOR header to determine the client IP address. You must configure your reverse proxy to set this header securely. Also incompoitable with the perforce ignoreRulesWithHost option.", + "type": "boolean", + "default": false + }, + "ipParseCacheSize": { + "description": "The number of Perforce \"Host\" to IP addresses translations to cache", + "type": "integer", + "default": 1000, + "minimum": 1 + }, + "allowCodeInsights": { + "description": "Allow Code Insights to run on repositories that use sub-repo permissions", + "type": "boolean", + "default": false + } + } + }, + "tls.external": { + "description": "Global TLS/SSL settings for Sourcegraph to use when communicating with code hosts.", + "type": "object", + "additionalProperties": false, + "properties": { + "insecureSkipVerify": { + "description": "insecureSkipVerify controls whether a client verifies the server's certificate chain and host name.\nIf InsecureSkipVerify is true, TLS accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks.", + "type": "boolean", + "default": false + }, + "certificates": { + "description": "TLS certificates to accept. This is only necessary if you are using self-signed certificates or an internal CA. Can be an internal CA certificate or a self-signed certificate. To get the certificate of a webserver run `openssl s_client -connect HOST:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform PEM`. To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh. NOTE: System Certificate Authorities are automatically included.", + "type": "array", + "items": { + "type": "string", + "pattern": "^-----BEGIN CERTIFICATE-----\n", + "examples": ["-----BEGIN CERTIFICATE-----\n..."] + } + } + } + }, + "customGitFetch": { + "description": "JSON array of configuration that maps from Git clone URL domain/path to custom git fetch command. To enable this feature set environment variable `ENABLE_CUSTOM_GIT_FETCH` as `true` on gitserver.", + "type": "array", + "items": { + "title": "CustomGitFetchMapping", + "description": "Mapping from Git clone URl domain/path to git fetch command. The `domainPath` field contains the Git clone URL domain/path part. The `fetch` field contains the custom git fetch command.", + "type": "object", + "additionalProperties": false, + "required": ["domainPath", "fetch"], + "properties": { + "domainPath": { + "description": "Git clone URL domain/path", + "type": "string" + }, + "fetch": { + "description": "Git fetch command", + "type": "string", + "minLength": 1 + } + } + }, + "examples": [ + [ + { + "domainPath": "somecodehost.com/path/to/repo", + "fetch": "customgitbinary someflag" + }, + { + "domainPath": "somecodehost.com/path/to/anotherrepo", + "fetch": "customgitbinary someflag anotherflag" + } + ] + ] + }, + "search.index.revisions": { + "description": "An array of objects describing rules for extra revisions (branch, ref, tag, commit sha, etc) to be indexed for all repositories that match them. We always index the default branch (\"HEAD\") and revisions in version contexts. This allows specifying additional revisions. Sourcegraph can index up to 64 branches per repository.", + "type": "array", + "items": { + "type": "object", + "title": "SearchIndexRevisionsRule", + "additionalProperties": false, + "required": ["revisions"], + "anyOf": [ + { + "required": ["name"] + } + ], + "properties": { + "name": { + "description": "Regular expression which matches against the name of a repository (e.g. \"^github\\.com/owner/name$\").", + "type": "string", + "format": "regex" + }, + "revisions": { + "description": "Revisions to index", + "type": "array", + "items": { + "type": "string", + "minLength": 1 + } + } + } + }, + "examples": [ + [ + { + "name": "^github.com/org/.*", + "revisions": ["3.17", "f6ca985c27486c2df5231ea3526caa4a4108ffb6", "v3.17.1"] + } + ] + ] + }, + "search.index.branches": { + "description": "A map from repository name to a list of extra revs (branch, ref, tag, commit sha, etc) to index for a repository. We always index the default branch (\"HEAD\") and revisions in version contexts. This allows specifying additional revisions. Sourcegraph can index up to 64 branches per repository.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string" + }, + "maxItems": 64 + }, + "examples": [ + { + "github.com/sourcegraph/sourcegraph": ["3.17", "f6ca985c27486c2df5231ea3526caa4a4108ffb6", "v3.17.1"], + "name/of/repo": ["develop"] + } + ] + }, + "search.index.query.contexts": { + "description": "Enables indexing of revisions of repos matching any query defined in search contexts.", + "type": "boolean", + "default": false + }, + "enablePermissionsWebhooks": { + "description": "DEPRECATED: No longer has any effect.", + "type": "boolean", + "default": false, + "!go": { + "pointer": false + } + }, + "enableStorm": { + "description": "Enables the Storm frontend architecture changes.", + "type": "boolean", + "default": false, + "!go": { + "pointer": false + } + }, + "ranking": { + "description": "Experimental search result ranking options.", + "type": "object", + "properties": { + "repoScores": { + "description": "a map of URI directories to numeric scores for specifying search result importance, like {\"github.com\": 500, \"github.com/sourcegraph\": 300, \"github.com/sourcegraph/sourcegraph\": 100}. Would rank \"github.com/sourcegraph/sourcegraph\" as 500+300+100=900, and \"github.com/other/foo\" as 500.", + "type": "object", + "default": {}, + "group": "Search", + "additionalProperties": { + "type": "number" + } + }, + "maxReorderQueueSize": { + "description": "DEPRECATED: This setting has no effect.", + "default": 24, + "type": "integer", + "group": "Search", + "!go": { + "pointer": true + } + }, + "maxQueueMatchCount": { + "description": "DEPRECATED: This setting has no effect.", + "default": -1, + "type": "integer", + "group": "Search", + "!go": { + "pointer": true + } + }, + "maxQueueSizeBytes": { + "description": "The maximum number of bytes that can be buffered to sort results. The default is -1 (unbounded). Setting this to a positive integer protects frontend against OOMs.", + "default": -1, + "type": "integer", + "group": "Search", + "!go": { + "pointer": true + } + }, + "maxReorderDurationMS": { + "description": "DEPRECATED: This setting has no effect.", + "type": "integer", + "default": 0, + "group": "Search" + }, + "flushWallTimeMS": { + "description": "Controls the amount of time that Zoekt shards collect and rank results. Larger values give a more stable ranking, but searches can take longer to return an initial result.", + "type": "integer", + "default": 500, + "group": "Search" + } + } + }, + "search.sanitization": { + "description": "Allows site admins to specify a list of regular expressions representing matched content that should be omitted from search results. Also allows admins to specify the name of an organization within their Sourcegraph instance whose members are trusted and will not have their search results sanitized. Enable this feature by adding at least one valid regular expression to the value of the `sanitizePatterns` field on this object. Site admins will not have their searches sanitized.", + "type": "object", + "properties": { + "sanitizePatterns": { + "description": "An array of regular expressions representing matched content that should be omitted from search result events. This does not prevent users from accessing file contents through other means if they have read access. Values added to this array must be valid Go regular expressions. Site admins will not have their search results sanitized.", + "type": "array", + "items": { + "type": "string", + "format": "regex" + } + }, + "orgName": { + "description": "Optionally specify the name of an organization within this Sourcegraph instance containing users whose searches should not be sanitized. Admins: ensure that ALL members of this org are trusted users. If no org exists with the given name then there will be no effect. If no org name is specified then all non-admin users will have their searches sanitized if this feature is enabled.", + "type": "string" + } + } + }, + "enableGithubInternalRepoVisibility": { + "description": "Enable support for visibility of internal Github repositories", + "type": "boolean", + "default": false + }, + "gitServerPinnedRepos": { + "description": "List of repositories pinned to specific gitserver instances. The specified repositories will remain at their pinned servers on scaling the cluster. If the specified pinned server differs from the current server that stores the repository, then it must be re-cloned to the specified server.", + "type": "object", + "additionalProperties": { + "type": "string" + }, + "examples": [ + { + "github.com/foo/bar": "gitserverHostname", + "github.com/foo/bar2": "gitserverHostname2" + } + ] + }, + "insightsAlternateLoadingStrategy": { + "description": "Use an in-memory strategy of loading Code Insights. Should only be used for benchmarking on large instances, not for customer use currently.", + "type": "boolean", + "default": false + }, + "insightsBackfillerV2": { + "description": "DEPRECATED: Setting any value to this flag has no effect.", + "type": "boolean", + "default": true, + "!go": { + "pointer": true + } + }, + "insightsDataRetention": { + "description": "Code insights data points beyond the sample size defined in the site configuration will be periodically archived", + "type": "boolean", + "default": true, + "!go": { + "pointer": true + } + }, + "batchChanges.enablePerforce": { + "description": "When enabled, batch changes will be executable on Perforce depots.", + "type": "boolean", + "group": "BatchChanges", + "default": false + }, + "batchChanges.enableForkNameSuffix": { + "description": "When enabled, batch changes will append a sequence of characters to new fork names to avoid name collisions. The sequence is unique per batch change. This does not apply to existing batch changes.", + "type": "boolean", + "group": "BatchChanges", + "default": false + }, + "languageDetection": { + "description": "Setting for customizing language detection behavior", + "type": "object", + "required": ["graphQL"], + "additionalProperties": false, + "properties": { + "graphQL": { + "description": "What to take into account for computing 'languages' for the GraphQL API. This setting indirectly affects client-side code attempting to determine languages, such as search-based code navigation and the files sidebar.", + "type": "string", + "enum": ["useFileContents", "useFileNamesOnly"], + "default": "useFileContents" + } + } + }, + "codeintelSyntacticIndexing.enabled": { + "description": "When enabled, syntactic indexing jobs will be scheduled for all enabled repos", + "type": "boolean", + "default": false + }, + "cody.auditLog": { + "description": "Configuration for the Cody Audit Log", + "type": "object", + "properties": { + "enabled": { + "description": "Whether to enable the Cody Audit Log", + "type": "boolean", + "default": false + } + } + }, + "deepSearch.enabled": { + "description": "Enable/disable the Deep Search feature", + "type": "boolean", + "!go": { + "pointer": true + }, + "default": false + }, + "deepSearch.model": { + "description": "The model reference to use for Deep Search.", + "type": "string", + "default": "anthropic::2024-10-22::claude-sonnet-4-latest", + "deprecationMessage": "Configuring a custom model (BYOK) for Deep Search is deprecated." + }, + "deepSearch.sharing.enabled": { + "description": "Enable/disable sharing of Deep Search conversations via read tokens", + "type": "boolean", + "!go": { + "pointer": true + }, + "default": false + } + }, + "examples": [ + { + "customGitFetch": [ + { + "domainPath": "somecodehost.com/path/to/repo", + "fetch": "customgitbinary someflag" + }, + { + "domainPath": "somecodehost.com/path/to/anotherrepo", + "fetch": "customgitbinary someflag anotherflag" + } + ] + }, + { + "tls.external": { + "certificates": ["-----BEGIN CERTIFICATE-----\n..."], + "insecureSkipVerify": true + } + } + ], + "group": "Experimental" + }, + "batchChanges.enabled": { + "description": "Enables/disables the Batch Changes feature.", + "type": "boolean", + "!go": { + "pointer": true + }, + "group": "BatchChanges", + "default": true + }, + "batchChanges.enforceForks": { + "description": "When enabled, all branches created by batch changes will be pushed to forks of the original repository.", + "type": "boolean", + "group": "BatchChanges", + "default": false + }, + "batchChanges.restrictToAdmins": { + "description": "When enabled, only site admins can create and apply batch changes.", + "type": "boolean", + "!go": { + "pointer": true + }, + "group": "BatchChanges", + "default": false + }, + "batchChanges.autoDeleteBranch": { + "description": "Automatically delete branches created for Batch Changes changesets when the changeset is merged or closed, for supported code hosts. Overrides any setting on the repository on the code host itself.", + "type": "boolean", + "group": "BatchChanges", + "default": false + }, + "batchChanges.rolloutWindows": { + "description": "Specifies specific windows, which can have associated rate limits, to be used when reconciling published changesets (creating or updating). All days and times are handled in UTC.", + "type": "array", + "!go": { + "pointer": true + }, + "group": "BatchChanges", + "items": { + "title": "BatchChangeRolloutWindow", + "type": "object", + "required": ["rate"], + "additionalProperties": false, + "properties": { + "rate": { + "description": "The rate changesets will be published at.", + "oneOf": [ + { + "type": "number", + "minimum": 0, + "maximum": 0 + }, + { + "type": "string", + "pattern": "^(unlimited|[0-9]+/(sec|secs|second|seconds|min|mins|minute|minutes|hr|hrs|hour|hours))$" + } + ] + }, + "start": { + "description": "Window start time. If omitted, no time window is applied to the day(s) that match this rule.", + "type": "string", + "pattern": "^[0-9]?[0-9]:[0-9]{2}$" + }, + "end": { + "description": "Window end time. If omitted, no time window is applied to the day(s) that match this rule.", + "type": "string", + "pattern": "^[0-9]?[0-9]:[0-9]{2}$" + }, + "days": { + "description": "Day(s) the window applies to. If omitted, this rule applies to all days of the week.", + "type": "array", + "items": { + "type": "string", + "pattern": "^([mM]on(day)?|[tT]ue(s|sday)?|[wW]ed(nesday)?|[tT]hu(r|rs|rsday)?|[fF]ri(day)?|[sS]at(urday)?|[sS]un(day)?)$" + } + } + }, + "dependencies": { + "start": ["end"] + } + }, + "examples": [ + { + "rate": "10/hour", + "days": ["saturday", "sunday"], + "start": "06:00", + "end": "20:00" + } + ] + }, + "batchChanges.disableWebhooksWarning": { + "description": "Hides Batch Changes warnings about webhooks not being configured.", + "type": "boolean", + "group": "BatchChanges", + "default": false + }, + "batchChanges.templateLibrary.displayLimit": { + "description": "Maximum number of batch spec templates to display in the template library UI. Default is 20.", + "type": "integer", + "minimum": 1, + "maximum": 1000, + "default": 20, + "group": "BatchChanges" + }, + "batchChanges.changesetsRetention": { + "description": "How long changesets will be retained after they have been detached from a batch change.", + "type": "string", + "group": "BatchChanges", + "examples": ["336h", "48h", "5h30m40s"] + }, + "batchChanges.containerRegistryAllowlist": { + "description": "A list of permitted container registries for use in batch changes, e.g., docker.io. If empty, all container registries are allowed. It cannot be used together with 'batchChanges.containerRegistryDenylist'", + "type": "array", + "items": { + "type": "string" + }, + "examples": ["docker.io", "artifactory.acme.com"] + }, + "batchChanges.containerRegistryDenylist": { + "description": "A list of forbidden container registries for use in batch changes, e.g., docker.io. If empty, all container registries are allowed. It cannot be used together with 'batchChanges.containerRegistryAllowlist'", + "type": "array", + "items": { + "type": "string" + }, + "examples": ["docker.io", "artifactory.acme.com"] + }, + "codeIntelAutoIndexing.enabled": { + "description": "Enables/disables the code intel auto-indexing feature. Currently experimental.", + "type": "boolean", + "!go": { + "pointer": true + }, + "group": "Code intelligence", + "default": false + }, + "codeIntelAutoIndexing.indexerMap": { + "description": "Overrides the default Docker images used by auto-indexing.", + "type": "object", + "additionalProperties": { + "type": "string" + }, + "group": "Code intelligence", + "default": null, + "examples": [ + { + "go": "sourcegraph/lsif-go:latest", + "java": "sourcegraph/lsif-java:latest" + } + ] + }, + "codeIntelAutoIndexing.policyRepositoryMatchLimit": { + "description": "The maximum number of repositories to which a single auto-indexing policy can apply. Default is -1, which is unlimited.", + "type": "integer", + "!go": { + "pointer": true + }, + "group": "Code intelligence", + "default": -1 + }, + "codeIntelAutoIndexing.allowGlobalPolicies": { + "description": "Whether auto-indexing policies may apply to all repositories on the Sourcegraph instance. Default is false. The policyRepositoryMatchLimit setting still applies to such auto-indexing policies.", + "type": "boolean", + "!go": { + "pointer": true + }, + "group": "Code intelligence", + "default": false + }, + "corsOrigin": { + "description": "Required when using any of the native code host integrations for Phabricator, GitLab, or Bitbucket Server. It is a space-separated list of allowed origins for cross-origin HTTP requests which should be the base URL for your Phabricator, GitLab, or Bitbucket Server instance.", + "type": "string", + "examples": ["https://my-phabricator.example.com https://my-bitbucket.example.com https://my-gitlab.example.com"], + "pattern": "^((https?://[\\w-.]+)( https?://[\\w-.]+)*)|\\*$", + "group": "Security" + }, + "lsifEnforceAuth": { + "description": "Whether or not LSIF uploads will be blocked unless a valid LSIF upload token is provided.", + "type": "boolean", + "default": false, + "group": "Security" + }, + "disableNonCriticalTelemetry": { + "description": "DEPRECATED. Has no effect.", + "type": "boolean", + "default": false, + "group": "Misc." + }, + "disableFeedbackSurvey": { + "description": "Disable the feedback survey", + "type": "boolean", + "default": false, + "group": "Misc." + }, + "disableAutoGitUpdates": { + "description": "Disable periodically fetching git contents for existing repositories.", + "type": "boolean", + "default": false, + "group": "External services" + }, + "disableAutoCodeHostSyncs": { + "description": "Disable periodic syncs of configured code host connections (repository metadata, permissions, batch changes changesets, etc)", + "type": "boolean", + "default": false, + "group": "External services" + }, + "gitUpdateInterval": { + "description": "DEPRECATED: As of Sourcegraph 5.10, this option is no longer in use. Remove this block.", + "deprecated": true, + "deprecationMessage": "Deprecated because it's no longer supported. Sourcegraph relies on user traffic, webhooks, and heuristics now.", + "type": "array", + "items": { + "title": "UpdateIntervalRule", + "type": "object", + "required": ["pattern", "interval"], + "additionalProperties": false, + "properties": { + "pattern": { + "description": "A regular expression matching a repo name", + "type": "string", + "minLength": 1 + }, + "interval": { + "description": "An integer representing the number of minutes to wait until the next update", + "type": "integer", + "minimum": 1 + } + } + }, + "group": "External services", + "examples": [ + [ + { + "pattern": "^github.com/sourcegraph/.*", + "interval": 5 + }, + { + "pattern": "^bitbucket.org/.*", + "interval": 10 + } + ] + ] + }, + "disablePublicRepoRedirects": { + "description": "DEPRECATED! Disable redirects to sourcegraph.com when visiting public repositories that can't exist on this server.", + "type": "boolean", + "group": "External services", + "examples": [true], + "deprecationMessage": "Deprecated because it's no longer supported and hasn't been working for a while." + }, + "git.cloneURLToRepositoryName": { + "description": "JSON array of configuration that maps from Git clone URL to repository name. Sourcegraph automatically resolves remote clone URLs to their proper code host. However, there may be non-remote clone URLs (e.g., in submodule declarations) that Sourcegraph cannot automatically map to a code host. In this case, use this field to specify the mapping. The mappings are tried in the order they are specified and take precedence over automatic mappings.", + "type": "array", + "items": { + "title": "CloneURLToRepositoryName", + "description": "Describes a mapping from clone URL to repository name. The `from` field contains a regular expression with named capturing groups. The `to` field contains a template string that references capturing group names. For instance, if `from` is \"^../(?P\\w+)$\" and `to` is \"github.com/user/{name}\", the clone URL \"../myRepository\" would be mapped to the repository name \"github.com/user/myRepository\".", + "type": "object", + "additionalProperties": false, + "required": ["from", "to"], + "properties": { + "from": { + "description": "A regular expression that matches a set of clone URLs. The regular expression should use the Go regular expression syntax (https://golang.org/pkg/regexp/) and contain at least one named capturing group. The regular expression matches partially by default, so use \"^...$\" if whole-string matching is desired.", + "type": "string" + }, + "to": { + "description": "The repository name output pattern. This should use `{matchGroup}` syntax to reference the capturing groups from the `from` field.", + "type": "string" + } + } + }, + "group": "External services", + "examples": [ + [ + { + "from": "^../(?P\\w+)$", + "to": "github.com/user/{name}" + } + ] + ] + }, + "gitLongCommandTimeout": { + "description": "Maximum number of seconds that a long Git command (e.g. clone or remote update) is allowed to execute. The default is 7200 seconds, or 2 hours.", + "type": "integer", + "default": 7200, + "group": "External services" + }, + "gitMaxConcurrentClones": { + "description": "Maximum number of git clone processes that will be run concurrently per gitserver to update repositories. Note: the global git update scheduler respects gitMaxConcurrentClones. However, we allow each gitserver to run upto gitMaxConcurrentClones to allow for urgent fetches. Urgent fetches are used when a user is browsing a PR and we do not have the commit yet.", + "type": "integer", + "default": 5, + "group": "External services" + }, + "gitMaxConcurrentCleanups": { + "description": "Maximum number of git clone processes that will be run concurrently per gitserver to update repositories. <= 0 means disabled.", + "type": "integer", + "default": 5, + "!go": { + "pointer": true + }, + "group": "External services" + }, + "gitMaxCodehostRequestsPerSecond": { + "description": "Maximum number of remote code host git operations (e.g. clone or ls-remote) to be run per second per gitserver. Default is -1, which is unlimited.", + "type": "integer", + "!go": { + "pointer": true + }, + "default": -1, + "group": "External services" + }, + "codeMonitors": { + "description": "Configuration options for code monitors", + "type": "object", + "properties": { + "pollInterval": { + "description": "The interval at which a monitor checks for new changes. Increase to reduce average load.", + "type": "string", + "default": "5m" + }, + "concurrency": { + "description": "The number of code monitor jobs allowed to run concurrently. Decrease to reduce peak load.", + "type": "integer", + "default": 4 + }, + "maxRuntime": { + "description": "The maximum runtime in minutes per code monitor jobs. Increase if jobs time out consistently", + "type": "integer", + "default": 1 + } + } + }, + "syntaxHighlighting": { + "title": "SyntaxHighlighting", + "description": "Syntax highlighting configuration", + "type": "object", + "properties": { + "engine": { + "title": "SyntaxHighlightingEngine", + "type": "object", + "properties": { + "default": { + "description": "The default syntax highlighting engine to use", + "type": "string", + "enum": ["tree-sitter", "syntect", "scip-syntax"] + }, + "overrides": { + "description": "Manually specify overrides for syntax highlighting engine per language", + "type": "object", + "additionalProperties": { + "type": "string", + "enum": ["tree-sitter", "syntect", "scip-syntax"] + } + } + } + }, + "languages": { + "title": "SyntaxHighlightingLanguage", + "type": "object", + "properties": { + "extensions": { + "description": "Map of extension to language", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "patterns": { + "description": "Map of patterns to language. Will return after first match, if any.", + "type": "array", + "items": { + "title": "SyntaxHighlightingLanguagePatterns", + "type": "object", + "required": ["pattern", "language"], + "properties": { + "pattern": { + "description": "Regular expression which matches the filepath", + "type": "string", + "format": "regex" + }, + "language": { + "description": "Name of the language if pattern matches", + "type": "string" + } + } + } + } + } + }, + "symbols": { + "title": "SymbolConfiguration", + "description": "Configure symbol generation", + "type": "object", + "required": ["engine"], + "properties": { + "engine": { + "description": "Manually specify overrides for symbol generation engine per language", + "type": "object", + "additionalProperties": { + "type": "string", + "enum": ["universal-ctags", "scip-ctags", "off"] + } + } + } + } + }, + "examples": [ + { + "engine": { + "default": "tree-sitter", + "overrides": { + "go": "syntect" + } + }, + "languages": { + "extensions": { + "go": "go", + "ts": "typescript" + }, + "patterns": [ + { + "match": "cobol_.*\\.txt", + "language": "cobol" + } + ] + } + } + ] + }, + "repoListUpdateInterval": { + "description": "Interval (in minutes) for checking code hosts (such as GitHub, Gitolite, etc.) for new repositories.", + "type": "integer", + "default": 1, + "group": "External services" + }, + "repoConcurrentExternalServiceSyncers": { + "description": "The number of concurrent external service syncers that can run.", + "type": "integer", + "default": 3, + "group": "External services" + }, + "repoPurgeWorker": { + "description": "Configuration for repository purge worker.", + "type": "object", + "group": "External services", + "additionalProperties": false, + "default": { + "intervalMinutes": 15, + "deletedTTLMinutes": 60 + }, + "properties": { + "intervalMinutes": { + "type": "integer", + "description": "Interval in minutes at which to run purge jobs. Set to 0 to disable.", + "default": "15", + "minimum": 0 + }, + "deletedTTLMinutes": { + "type": "integer", + "description": "Repository TTL in minutes after deletion before it becomes eligible to be purged. A migration or admin could accidentally remove all or a significant number of repositories - recloning all of them is slow, so a TTL acts as a grace period so that admins can recover from accidental deletions", + "default": "60", + "minimum": 0 + } + } + }, + "scim.authToken": { + "type": "string", + "description": "The SCIM auth token is used to authenticate SCIM requests. If not set, SCIM is disabled.", + "default": "", + "group": "External services" + }, + "scim.identityProvider": { + "type": "string", + "enum": ["STANDARD", "Azure AD"], + "description": "Identity provider used for SCIM support. \"STANDARD\" should be used unless a more specific value is available", + "default": "STANDARD", + "group": "External services" + }, + "maxReposToSearch": { + "description": "DEPRECATED: Configure maxRepos in search.limits. The maximum number of repositories to search across. The user is prompted to narrow their query if exceeded. Any value less than or equal to zero means unlimited.", + "type": "integer", + "default": -1, + "group": "Search" + }, + "search.limits": { + "description": "Limits that search applies for number of repositories searched and timeouts.", + "type": "object", + "group": "Search", + "additionalProperties": false, + "properties": { + "maxTimeoutSeconds": { + "description": "The maximum value for \"timeout:\" that search will respect. \"timeout:\" values larger than maxTimeoutSeconds are capped at maxTimeoutSeconds. Note: You need to ensure your load balancer / reverse proxy in front of Sourcegraph won't timeout the request for larger values. Note: Too many large rearch requests may harm Soucregraph for other users. Note: Experimental search jobs do not respect this limit. Defaults to 1 minute.", + "type": "integer", + "default": "60", + "minimum": 1 + }, + "maxRepos": { + "description": "The maximum number of repositories to search across. The user is prompted to narrow their query if exceeded. Any value less than or equal to zero means unlimited.", + "type": "integer", + "default": -1 + }, + "commitDiffMaxRepos": { + "description": "The maximum number of repositories to search across when doing a \"type:diff\" or \"type:commit\". The user is prompted to narrow their query if the limit is exceeded. There is a separate limit (commitDiffWithTimeFilterMaxRepos) when \"after:\" or \"before:\" is specified because those queries are faster. Defaults to 50.", + "type": "integer", + "default": 50, + "minimum": 1 + }, + "commitDiffWithTimeFilterMaxRepos": { + "description": "The maximum number of repositories to search across when doing a \"type:diff\" or \"type:commit\" with a \"after:\" or \"before:\" filter. The user is prompted to narrow their query if the limit is exceeded. There is a separate limit (commitDiffMaxRepos) when \"after:\" or \"before:\" is not specified because those queries are slower. Defaults to 10000.", + "type": "integer", + "default": 10000, + "minimum": 1 + } + }, + "examples": [ + { + "maxTimeoutSeconds": 60, + "maxRepos": 200, + "commitDiffMaxRepos": 50, + "commitDiffWithTimeFilterMaxRepos": 5000 + } + ] + }, + "parentSourcegraph": { + "description": "URL to fetch unreachable repository details from. Defaults to \"https://sourcegraph.com\"", + "type": "object", + "additionalProperties": false, + "properties": { + "url": { + "type": "string", + "default": "https://sourcegraph.com" + } + }, + "group": "External services", + "examples": [ + { + "url": "https://sourcegraph.example.com" + } + ] + }, + "auth.accessTokens": { + "description": "Settings for access tokens, which enable external tools to access the Sourcegraph API with the privileges of the user.", + "type": "object", + "additionalProperties": false, + "properties": { + "allow": { + "description": "Allow or restrict the use of access tokens. The default is \"all-users-create\", which enables all users to create access tokens. Use \"none\" to disable access tokens entirely. Use \"site-admin-create\" to restrict creation of new tokens to admin users (existing tokens will still work until revoked).", + "type": "string", + "enum": ["all-users-create", "site-admin-create", "none"], + "default": "all-users-create" + }, + "allowNoExpiration": { + "description": "Allows new tokens to be created without specifying an expiration.", + "type": "boolean", + "!go": { + "pointer": true + }, + "default": true + }, + "expirationOptionDays": { + "description": "Options users will see for the number of days until token expiration. The defaultExpirationDays will be added to the list if not already present.", + "type": "array", + "default": [7, 14, 30, 60, 90], + "items": { + "type": "integer", + "maximum": 365, + "minimum": 1 + }, + "examples": [[7, 14, 30, 60, 90]] + }, + "defaultExpirationDays": { + "description": "The default duration selection when creating a new access token. This value will be added to the expirationOptionDays if it is not already present", + "type": "integer", + "!go": { + "pointer": true + }, + "default": 90, + "maximum": 365, + "minimum": 1 + }, + "maxTokensPerUser": { + "description": "The maximum number of active access tokens a user may have.", + "type": "integer", + "!go": { + "pointer": true + }, + "default": 25, + "maximum": 100, + "minimum": 1 + } + }, + "default": { + "allow": "all-users-create", + "allowNoExpiration": false, + "expirationOptionDays": [7, 14, 30, 60, 90], + "defaultExpirationDays": 90 + }, + "examples": [ + { + "allow": "site-admin-create", + "allowNoExpiration": true, + "expirationOptionDays": [7, 14, 30, 60, 90], + "defaultExpirationDays": 90 + }, + { + "allow": "none", + "allowNoExpiration": false, + "expirationOptionDays": [7, 14, 30, 60, 90], + "defaultExpirationDays": 45 + } + ], + "group": "Security" + }, + "auth.allowedIpAddress": { + "description": "IP allowlist for access to the Sourcegraph instance. If set, only requests from these IP addresses will be allowed. By default client IP is infered connected client IP address, and you may configure to use a request header to determine the user IP.", + "type": "object", + "properties": { + "enabled": { + "description": "Whether to enable the IP allowlist.", + "type": "boolean", + "default": false + }, + "clientIpAddress": { + "description": "List of client IP addresses to allow. If empty, all IP addresses are allowed. This is useful to restrict who can open connection with the Sorcegraph instance, e.g., the request source range of the upsteam application load balancer.", + "type": "array", + "items": { + "type": "string" + }, + "examples": ["100.100.100.0/25", "23.34.56.21"] + }, + "trustedClientIpAddress": { + "description": "List of trusted client IP addresses that will bypass user IP address check. If empty, nothing can be bypass. This is useful to support access from trusted internal services. It will always permit connection from `127.0.0.1`. You must include the IP range allocated for the Sourcegraph deployment services to allow inter-service communication, e.g., kubernetes pod ip range.", + "type": "array", + "items": { + "type": "string" + }, + "examples": ["100.100.100.0/25", "23.34.56.21"] + }, + "userIpAddress": { + "description": "List of user IP addresses to allow. If empty, all IP addresses are allowed.", + "type": "array", + "items": { + "type": "string" + }, + "examples": ["100.100.100.0/25", "23.34.56.21"] + }, + "userIpRequestHeaders": { + "description": "An optional list of case-insensitive request header names to use for resolving the callers user IP address. You must ensure that the header is coming from a trusted source. If the header contains multiple IP addresses, the right-most is used. If no IP is found from provided headers, the connected client IP address is used.", + "type": "array", + "items": { + "type": "string" + }, + "examples": ["X-Forwarded-For", "X-Real-IP", "CF-Connecting-IP"] + }, + "errorMessageTemplate": { + "description": "A template to customize the error message display to users on unauthorized access. Available template variables: `{{.Error}}`, `{{.UserIP}}`", + "type": "string", + "default": "Access from your IP address is not allowed.", + "examples": [ + "Please reach out to your Sourcegraph instance admin at admin@acme.com to unblock your IP address: {{.UserIP}}.", + "{{.Error}}. Please reach out to your Sourcegraph instance admin at admin@acme.com to request access." + ] + } + }, + "group": "Security" + }, + "authz.enforceForSiteAdmins": { + "description": "When true, site admins will only be able to see private code they have access to via our authz system.", + "type": "boolean", + "default": false + }, + "permissions.userMapping": { + "description": "Settings for Sourcegraph explicit permissions, which allow the site admin to explicitly manage repository permissions via the GraphQL API. This will mark repositories as restricted by default.", + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "description": "Whether permissions user mapping is enabled.", + "type": "boolean", + "default": false + }, + "bindID": { + "description": "The type of identifier to identify a user. The default is \"email\", which uses the email address to identify a user. Use \"username\" to identify a user by their username. Changing this setting will erase any permissions created for users that do not yet exist.", + "type": "string", + "enum": ["email", "username"], + "default": "email" + } + }, + "default": { + "enabled": true, + "bindID": "email" + }, + "examples": [ + { + "bindID": "email" + }, + { + "bindID": "username" + } + ], + "group": "Security" + }, + "permissions.syncScheduleInterval": { + "description": "Time interval (in seconds) of how often each component picks up authorization changes in external services.", + "type": "integer", + "default": 60 + }, + "permissions.syncOldestUsers": { + "description": "Number of user permissions to schedule for syncing in single scheduler iteration.", + "type": "integer", + "default": 100, + "!go": { + "pointer": true + } + }, + "permissions.syncOldestRepos": { + "description": "Number of repo permissions to schedule for syncing in single scheduler iteration.", + "type": "integer", + "default": 100, + "!go": { + "pointer": true + } + }, + "permissions.syncUsersBackoffSeconds": { + "description": "Don't sync a user's permissions if they have synced within the last n seconds.", + "type": "integer", + "default": 900 + }, + "permissions.syncReposBackoffSeconds": { + "description": "Don't sync a repo's permissions if it has synced within the last n seconds.", + "type": "integer", + "default": 900 + }, + "permissions.syncUsersMaxConcurrency": { + "description": "The maximum number of user-centric permissions syncing jobs that can be spawned concurrently. Service restart is required to take effect for changes.", + "type": "integer", + "default": 5 + }, + "permissions.syncReposMaxConcurrency": { + "description": "The maximum number of repo-centric permissions syncing jobs that can be spawned concurrently. Service restart is required to take effect for changes.", + "type": "integer", + "default": 5 + }, + "permissions.syncJobsHistorySize": { + "description": "The number of last repo/user permission jobs to keep for history. Will be cleaned up occasionally to only keep the most recent N jobs.", + "type": "integer", + "default": 5, + "minimum": 5, + "!go": { + "pointer": true + } + }, + "permissions.syncJobCleanupInterval": { + "description": "Time interval (in seconds) of how often cleanup worker should remove old jobs from permissions sync jobs table.", + "type": "integer", + "default": 3600, + "minimum": 1 + }, + "contributorsDataEnabled": { + "description": "Enables the computation of contributor statistics per author and repository. Will all commits of each repository initially, and then work on deltas.", + "type": "boolean", + "default": true, + "!go": { + "pointer": true + }, + "examples": [true] + }, + "branding": { + "description": "Customize Sourcegraph homepage logo and search icon.", + "type": "object", + "additionalProperties": false, + "properties": { + "light": { + "$ref": "#/definitions/BrandAssets" + }, + "dark": { + "$ref": "#/definitions/BrandAssets" + }, + "favicon": { + "description": "The URL of the favicon to be used for your instance. We recommend using the following file format: ICO", + "type": "string", + "format": "uri" + }, + "disableSymbolSpin": { + "deprecationMessage": "No effect, symbol does not spin anymore.", + "description": "Prevents the icon in the top-left corner of the screen from spinning on hover.", + "type": "boolean", + "default": false + }, + "brandName": { + "description": "String to display everywhere the brand name should be displayed. Defaults to \"Sourcegraph\"", + "type": "string", + "default": "Sourcegraph" + } + }, + "examples": [ + { + "favicon": "https://example.com/favicon.ico", + "light": { + "logo": "https://example.com/logo_light.png", + "symbol": "https://example.com/search_symbol_light_24x24.png" + }, + "dark": { + "logo": "https://example.com/logo_dark.png", + "symbol": "https://example.com/search_symbol_dark_24x24.png" + }, + "disableSymbolSpin": true + } + ] + }, + "email.smtp": { + "title": "SMTPServerConfig", + "description": "The SMTP server used to send transactional emails.\nPlease see https://sourcegraph.com/docs/admin/config/email", + "type": "object", + "additionalProperties": false, + "required": ["host", "port", "authentication"], + "properties": { + "host": { + "description": "The SMTP server host.", + "type": "string" + }, + "port": { + "description": "The SMTP server port.", + "type": "integer" + }, + "username": { + "description": "The username to use when communicating with the SMTP server.", + "type": "string" + }, + "password": { + "description": "The password to use when communicating with the SMTP server.", + "type": "string" + }, + "authentication": { + "description": "The type of authentication to use for the SMTP server.", + "type": "string", + "enum": ["none", "PLAIN", "CRAM-MD5"] + }, + "domain": { + "description": "The HELO domain to provide to the SMTP server (if needed).", + "type": "string" + }, + "noVerifyTLS": { + "description": "Disable TLS verification", + "type": "boolean" + }, + "additionalHeaders": { + "description": "Additional headers to include on SMTP messages that cannot be configured with other 'email.smtp' fields.", + "type": "array", + "items": { + "title": "Header", + "type": "object", + "required": ["key", "value"], + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + }, + "sensitive": { + "type": "boolean" + } + }, + "examples": [ + { + "key": "", + "value": "" + } + ] + } + } + }, + "default": null, + "examples": [ + { + "host": "smtp.example.com", + "port": 465, + "username": "alice", + "password": "mypassword", + "authentication": "PLAIN" + } + ], + "group": "Email" + }, + "email.address": { + "description": "The \"from\" address for emails sent by this server.\nPlease see https://sourcegraph.com/docs/admin/config/email", + "type": "string", + "format": "email", + "group": "Email", + "examples": ["noreply@sourcegraph.example.com"] + }, + "email.senderName": { + "description": "The name to use in the \"from\" address for emails sent by this server.", + "type": "string", + "group": "Email", + "default": "Sourcegraph", + "examples": ["Our Company Sourcegraph", "Example Inc Sourcegraph"] + }, + "email.templates": { + "description": "Configurable templates for some email types sent by Sourcegraph.", + "type": "object", + "properties": { + "resetPassword": { + "description": "Email sent on password resets. Available template variables: {{.Host}}, {{.Username}}, {{.URL}}", + "$ref": "#/definitions/EmailTemplate" + }, + "setPassword": { + "description": "Email sent on account creation, if a password reset URL is created. Available template variables: {{.Host}}, {{.Username}}, {{.URL}}", + "$ref": "#/definitions/EmailTemplate" + } + }, + "group": "Email", + "examples": [ + { + "resetPassword": { + "subject": "Reset your password on {{.Host}}", + "body": "To reset your password on {{.Host}}, please click the link below:\n\n{{.URL}}\n\nIf you did not request a password reset, please ignore this email. Your password will not change until you click the link and set a new password." + }, + "setPassword": { + "subject": "Set your password on {{.Host}}", + "body": "To set your password on {{.Host}} and complete your account registration, please click the link below:\n\n{{.URL}}\n\nYour username is: {{.Username}}\n\nIf you did not sign up for an account on {{.Host}}, please ignore this email." + } + } + ] + }, + "executors.frontendURL": { + "description": "The URL where Sourcegraph executors can reach the Sourcegraph instance. If not set, defaults to externalURL. URLs with a path (other than `/`) are not allowed. For Docker executors, the special hostname `host.docker.internal` can be used to refer to the Docker container's host.", + "type": "string", + "examples": ["https://sourcegraph.example.com"] + }, + "executors.srcCLIImage": { + "description": "The image to use for src-cli in executors. Use this value to pull from a custom image registry.", + "type": "string", + "default": "sourcegraph/src-cli" + }, + "executors.srcCLIImageTag": { + "description": "The tag to use for the src-cli image in executors. Use this value to use a custom tag. Sourcegraph by default uses the best match, so use this setting only if you really need to overwrite it and make sure to keep it updated.", + "type": "string", + "examples": ["4.1.0"] + }, + "executors.lsifGoImage": { + "description": "The tag to use for the lsif-go image in executors. Use this value to use a custom tag. Sourcegraph by default uses the best match, so use this setting only if you really need to overwrite it and make sure to keep it updated.", + "type": "string", + "examples": ["sourcegraph/lsif-go"] + }, + "executors.batcheshelperImage": { + "description": "The image to use for batch changes in executors when using native execution. Use this value to pull from a custom image registry.", + "type": "string", + "default": "sourcegraph/batcheshelper" + }, + "executors.batcheshelperImageTag": { + "description": "The tag to use for the batcheshelper image in executors when using native execution. Use this value to use a custom tag. Sourcegraph by default uses the best match, so use this setting only if you really need to overwrite it and make sure to keep it updated.", + "type": "string", + "examples": ["4.1.0"] + }, + "executors.accessToken": { + "description": "The shared secret between Sourcegraph and executors. The value must contain at least 20 characters.", + "type": "string", + "pattern": "^(.{20,}|REDACTED)$", + "examples": ["my-super-secret-access-token"] + }, + "executors.multiqueue": { + "description": "The configuration for multiqueue executors.", + "type": "object", + "properties": { + "dequeueCacheConfig": { + "description": "The configuration for the dequeue cache of multiqueue executors. Each queue defines a limit of dequeues in the expiration window as well as a weight, indicating how frequently a queue is picked at random. For example, a weight of 4 for batches and 1 for codeintel means out of 5 dequeues, statistically batches will be picked 4 times and codeintel 1 time (unless one of those queues is at its limit).", + "type": "object", + "properties": { + "batches": { + "description": "The configuration for the batches queue.", + "type": "object", + "required": ["limit", "weight"], + "properties": { + "limit": { + "description": "The maximum number of dequeues allowed within the expiration window.", + "type": "integer", + "default": 50 + }, + "weight": { + "description": "The relative weight of this queue. Higher weights mean a higher chance of being picked at random.", + "type": "integer", + "default": 4 + } + } + }, + "codeintel": { + "description": "The configuration for the codeintel queue.", + "type": "object", + "required": ["limit", "weight"], + "properties": { + "limit": { + "description": "The maximum number of dequeues allowed within the expiration window.", + "type": "integer", + "default": 250 + }, + "weight": { + "description": "The relative weight of this queue. Higher weights mean a higher chance of being picked at random.", + "type": "integer", + "default": 1 + } + } + } + } + } + } + }, + "auth.userOrgMap": { + "description": "Ensure that matching users are members of the specified orgs (auto-joining users to the orgs if they are not already a member). Provide a JSON object of the form `{\"*\": [\"org1\", \"org2\"]}`, where org1 and org2 are orgs that all users are automatically joined to. Currently the only supported key is `\"*\"`.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string" + } + }, + "examples": [ + { + "*": ["myorg1"] + } + ], + "hide": true + }, + "telemetry": { + "description": "Configuration for application user telemetry.", + "type": "object", + "additionalProperties": false, + "properties": { + "disableLocalEventLogs": { + "description": "Disable long-term local retention of user telemetry as 'event logs' entirely.", + "type": "boolean", + "default": false + } + } + }, + "log": { + "description": "Configuration for logging and alerting, including to external services.", + "type": "object", + "additionalProperties": false, + "properties": { + "sentry": { + "description": "Configuration for Sentry", + "type": "object", + "additionalProperties": false, + "properties": { + "dsn": { + "description": "Sentry Data Source Name (DSN). Per the Sentry docs (https://docs.sentry.io/quickstart/#about-the-dsn), it should match the following pattern: '{PROTOCOL}://{PUBLIC_KEY}@{HOST}/{PATH}{PROJECT_ID}'.", + "type": "string", + "pattern": "^https?://" + }, + "backendDSN": { + "description": "Sentry Data Source Name (DSN) for backend errors. Per the Sentry docs (https://docs.sentry.io/quickstart/#about-the-dsn), it should match the following pattern: '{PROTOCOL}://{PUBLIC_KEY}@{HOST}/{PATH}{PROJECT_ID}'.", + "type": "string", + "pattern": "^https?://" + }, + "codeIntelDSN": { + "description": "Sentry Data Source Name (DSN) for code intel errors. Per the Sentry docs (https://docs.sentry.io/quickstart/#about-the-dsn), it should match the following pattern: '{PROTOCOL}://{PUBLIC_KEY}@{HOST}/{PATH}{PROJECT_ID}'.", + "type": "string", + "pattern": "^https?://" + } + }, + "examples": [ + { + "sentry": { + "dsn": "https://public_key@sentry.example.com/project_id", + "backendDSN": "https://public_key@sentry.example.com/backend_project_id", + "codeIntelDSN": "https://public_key@sentry.example.com/codeintel_project_id" + } + } + ] + }, + "auditLog": { + "description": "EXPERIMENTAL: Configuration for audit logging (specially formatted log entries for tracking sensitive events)", + "type": "object", + "additionalProperties": false, + "properties": { + "internalTraffic": { + "description": "Capture security events performed by the internal traffic (adds significant noise).", + "type": "boolean", + "default": false + }, + "graphQL": { + "description": "Capture GraphQL requests and responses as part of the audit log.", + "type": "boolean", + "default": false + }, + "gitserverAccess": { + "description": "Capture gitserver access logs as part of the audit log.", + "type": "boolean", + "default": false + }, + "severityLevel": { + "deprecationMessage": "No effect, audit logs are always set to SRC_LOG_LEVEL", + "description": "DEPRECATED: No effect, audit logs are always set to SRC_LOG_LEVEL", + "type": "string", + "enum": ["DEBUG", "INFO", "WARN", "ERROR"] + } + }, + "required": ["internalTraffic", "graphQL", "gitserverAccess"], + "examples": [ + { + "internalTraffic": false, + "graphQL": false, + "gitserverAccess": false + } + ] + } + } + }, + "externalURL": { + "description": "The externally accessible URL for Sourcegraph (i.e., what you type into your browser). Previously called `appURL`. Only root URLs are allowed.", + "type": "string", + "examples": ["https://sourcegraph.example.com"] + }, + "observability.client": { + "description": "EXPERIMENTAL: Configuration for client observability", + "type": "object", + "additionalProperties": false, + "properties": { + "openTelemetry": { + "description": "Configuration for the client OpenTelemetry exporter", + "type": "object", + "properties": { + "endpoint": { + "description": "OpenTelemetry tracing collector endpoint. By default, Sourcegraph's \"/-/debug/otlp\" endpoint forwards data to the configured collector backend.", + "type": "string", + "examples": ["/-/debug/otlp", "https://COLLECTOR_ENDPOINT"], + "default": "/-/debug/otlp" + }, + "webVitalsInstrumentation": { + "description": "Enable web vitals instrumentation.", + "type": "boolean", + "default": false + } + } + } + }, + "examples": [ + { + "openTelemetry": { + "endpoint": "/-/debug/otlp" + } + }, + { + "openTelemetry": { + "endpoint": "https://opentelemetry.example.com" + } + } + ] + }, + "observability.tracing": { + "description": "Configures distributed tracing within Sourcegraph. To learn more, refer to https://sourcegraph.com/docs/admin/observability/tracing", + "type": "object", + "properties": { + "sampling": { + "description": "Determines the conditions under which distributed traces are recorded. \"none\" turns off tracing entirely. \"selective\" (default) sends traces whenever `?trace=1` is present in the URL (though background jobs may still emit traces). \"all\" sends traces on every request. Note that this only affects the behavior of the distributed tracing client. To learn more about additional sampling and traace export configuration with the default tracing type \"opentelemetry\", refer to https://sourcegraph.com/docs/admin/observability/opentelemetry#tracing ", + "type": "string", + "enum": ["selective", "all", "none"], + "default": "selective" + }, + "type": { + "description": "Determines what tracing provider to enable. For \"opentelemetry\", the required backend is an OpenTelemetry collector instance (deployed by default with Sourcegraph). For \"jaeger\", a Jaeger instance is required to be configured via Jaeger client environment variables: https://github.com/jaegertracing/jaeger-client-go#environment-variables", + "type": "string", + "enum": ["opentelemetry", "jaeger"], + "default": "opentelemetry" + }, + "debug": { + "description": "Turns on debug logging of tracing client requests. This can be useful for debugging connectivity issues between the tracing client and tracing backend, the performance overhead of tracing, and other issues related to the use of distributed tracing. May have performance implications in production.", + "type": "boolean", + "default": false + }, + "urlTemplate": { + "description": "Template for linking to trace URLs - '{{ .TraceID }}' is replaced with the trace ID, and {{ .ExternalURL }} is replaced with the value of 'externalURL'. If none is set, no links are generated.", + "type": "string", + "examples": [ + "https://ui.honeycomb.io/$ORG/environments/$DATASET/trace?trace_id={{ .TraceID }}", + "https://console.cloud.google.com/traces/list?tid={{ .TraceID }}&project=$PROJECT", + "https://$ORGANIZATION.grafana.net/explore?orgId=1&left=[\"now-1h\",\"now\",\"$DATASOURCE\",{\"query\":\"{{ .TraceID }}\",\"queryType\":\"traceId\"}]", + "{{ .ExternalURL }}/-/debug/jaeger/trace/{{ .TraceID }}" + ] + } + }, + "examples": [ + { + "sampling": "selective", + "type": "opentelemetry", + "debug": false, + "urlTemplate": "https://ui.honeycomb.io/$ORG/environments/$DATASET/trace?trace_id={{ .TraceID }}" + }, + { + "sampling": "all", + "type": "jaeger", + "debug": true, + "urlTemplate": "{{ .ExternalURL }}/-/debug/jaeger/trace/{{ .TraceID }}" + } + ] + }, + "observability.alerts": { + "description": "Configure notifications for Sourcegraph's built-in alerts.", + "type": "array", + "items": { + "type": "object", + "required": ["level", "notifier"], + "properties": { + "level": { + "description": "Sourcegraph alert level to subscribe to notifications for.", + "type": "string", + "enum": ["warning", "critical"] + }, + "notifier": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": ["slack", "pagerduty", "webhook", "email", "opsgenie"] + } + }, + "oneOf": [ + { + "$ref": "#/definitions/NotifierSlack" + }, + { + "$ref": "#/definitions/NotifierPagerduty" + }, + { + "$ref": "#/definitions/NotifierWebhook" + }, + { + "$ref": "#/definitions/NotifierEmail" + }, + { + "$ref": "#/definitions/NotifierOpsGenie" + } + ], + "!go": { + "taggedUnionType": true + } + }, + "disableSendResolved": { + "description": "Disable notifications when alerts resolve themselves.", + "type": "boolean", + "default": false + }, + "owners": { + "description": "Do not use. When set, only receive alerts owned by the specified teams. Used by Sourcegraph internally.", + "type": "array", + "items": { + "type": "string" + } + } + }, + "default": { + "level": "critical", + "notifier": { + "type": "" + } + } + }, + "examples": [ + { + "level": "critical", + "notifier": { + "type": "slack", + "url": "https://hooks.slack.com/services/...", + "channel": "#alerts" + } + }, + { + "level": "warning", + "notifier": { + "type": "email", + "addresses": ["alerts@example.com"] + } + } + ] + }, + "observability.silenceAlerts": { + "description": "Silence individual Sourcegraph alerts by identifier.", + "type": "array", + "items": { + "type": "string" + }, + "examples": [["warning_gitserver_disk_space_remaining"], ["critical_frontend_down", "warning_high_load"]] + }, + "observability.logSlowSearches": { + "description": "(debug) logs all search queries (issued by users, code intelligence, or API requests) slower than the specified number of milliseconds.", + "type": "integer", + "group": "Debug", + "examples": [10000] + }, + "observability.logSlowGraphQLRequests": { + "description": "(debug) logs all GraphQL requests slower than the specified number of milliseconds.", + "type": "integer", + "group": "Debug", + "examples": [10000] + }, + "observability.captureSlowGraphQLRequestsLimit": { + "description": "(debug) Set a limit to the amount of captured slow GraphQL requests being stored for visualization. For defining the threshold for a slow GraphQL request, see observability.logSlowGraphQLRequests.", + "type": "integer", + "group": "Debug", + "examples": [2000] + }, + "insights.backfill.interruptAfter": { + "description": "Set the number of seconds an insight series will spend backfilling before being interrupted. Series are interrupted to prevent long running insights from exhausting all of the available workers. Interrupted series will be placed back in the queue and retried based on their priority.", + "type": "integer", + "group": "CodeInsights", + "default": 60 + }, + "insights.backfill.repositoryGroupSize": { + "description": "Set the number of repositories to batch in a group during backfilling.", + "type": "integer", + "group": "CodeInsights", + "default": 10 + }, + "insights.backfill.repositoryConcurrency": { + "description": "Number of repositories within the batch to backfill concurrently.", + "type": "integer", + "group": "CodeInsights", + "default": 3, + "maximum": 10, + "minimum": 1 + }, + "insights.query.worker.concurrency": { + "description": "Number of concurrent executions of a code insight query on a worker node", + "type": "integer", + "group": "CodeInsights", + "default": 1, + "examples": [10] + }, + "insights.query.worker.rateLimit": { + "description": "Maximum number of Code Insights queries initiated per second on a worker node.", + "type": "number", + "group": "CodeInsights", + "default": 20, + "examples": [10.0, 0.5], + "!go": { + "pointer": true + } + }, + "insights.query.worker.rateLimitBurst": { + "description": "The allowed burst rate for the Code Insights queries per second rate limiter.", + "type": "integer", + "group": "CodeInsights", + "default": 20, + "examples": [10, 20] + }, + "insights.historical.worker.rateLimit": { + "description": "Maximum number of historical Code Insights data frames that may be analyzed per second.", + "type": "number", + "group": "CodeInsights", + "default": 20, + "examples": [50.0, 0.5], + "!go": { + "pointer": true + } + }, + "insights.historical.worker.rateLimitBurst": { + "description": "The allowed burst rate for the Code Insights historical worker rate limiter.", + "type": "integer", + "group": "CodeInsights", + "default": 20, + "examples": [10, 20] + }, + "insights.aggregations.bufferSize": { + "description": "The size of the buffer for aggregations ran in-memory. A higher limit might strain memory for the frontend", + "type": "integer", + "group": "CodeInsights", + "default": 500 + }, + "insights.aggregations.proactiveResultLimit": { + "description": "The maximum number of results a proactive search aggregation can accept before stopping", + "type": "integer", + "group": "CodeInsights", + "default": 50000 + }, + "insights.maximumSampleSize": { + "description": "The maximum number of data points that will be available to view for a series on a code insight. Points beyond that will be stored in a separate table and available for data export.", + "type": "integer", + "group": "CodeInsights", + "default": 30, + "maximum": 90, + "examples": [12, 24, 50] + }, + "own.bestEffortTeamMatching": { + "description": "The Own service will attempt to match a Team by the last part of its handle if it contains a slash and no match is found for its full handle.", + "type": "boolean", + "group": "Own", + "!go": { + "pointer": true + }, + "default": true + }, + "own.background.repoIndexConcurrencyLimit": { + "description": "The max number of concurrent Own jobs that will run per worker node.", + "type": "integer", + "group": "Own", + "default": 5 + }, + "own.background.repoIndexRateLimit": { + "description": "The maximum per second rate of repositories for Own jobs per worker node.", + "type": "integer", + "group": "Own", + "default": 20 + }, + "own.background.repoIndexRateBurstLimit": { + "description": "The maximum per second burst of repositories for Own jobs per worker node. Generally this value should not be less than the max concurrency.", + "type": "integer", + "group": "Own", + "default": 5 + }, + "htmlHeadTop": { + "description": "HTML to inject at the top of the `` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true.", + "type": "string", + "group": "Misc." + }, + "htmlHeadBottom": { + "description": "HTML to inject at the bottom of the `` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true.", + "type": "string", + "group": "Misc." + }, + "htmlBodyTop": { + "description": "HTML to inject at the top of the `` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true.", + "type": "string", + "group": "Misc." + }, + "htmlBodyBottom": { + "description": "HTML to inject at the bottom of the `` element on each page, for analytics scripts. Requires env var ENABLE_INJECT_HTML=true.", + "type": "string", + "group": "Misc." + }, + "licenseKey": { + "description": "The license key associated with a Sourcegraph product subscription, which is necessary to activate Sourcegraph Enterprise functionality. To obtain this value, contact Sourcegraph to purchase a subscription. To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh.", + "type": "string", + "group": "Sourcegraph Enterprise license" + }, + "gitHubApp": { + "description": "DEPRECATED: The config options for Sourcegraph GitHub App.", + "type": "object", + "properties": { + "slug": { + "description": "The slug of the GitHub App for Sourcegraph.", + "type": "string" + }, + "appID": { + "description": "The app ID of the GitHub App for Sourcegraph.", + "type": "string" + }, + "privateKey": { + "description": "The base64-encoded private key of the GitHub App for Sourcegraph.", + "type": "string" + }, + "clientID": { + "type": "string", + "description": "The Client ID of the GitHub App for Sourcegraph, accessible from https://github.com/settings/apps ." + }, + "clientSecret": { + "type": "string", + "description": "The Client Secret of the GitHub App for Sourcegraph, accessible from https://github.com/settings/apps ." + } + }, + "examples": [ + { + "slug": "sourcegraph", + "appID": "1234", + "privateKey": "base64-encoded-private-key", + "clientID": "client-id", + "clientSecret": "client-secret" + } + ] + }, + "gitRecorder": { + "description": "Record git operations that are executed on configured repositories.", + "type": "object", + "properties": { + "size": { + "description": "Defines how many recordings to keep. Once this size is reached, the oldest entry will be removed.", + "type": "integer", + "default": 10000, + "minimum": 1, + "maximum": 10000 + }, + "repos": { + "description": "List of repositories whose git operations should be recorded. To record commands on all repositories, simply pass in an asterisk as the only item in the array.", + "type": "array", + "items": { + "type": "string" + } + }, + "ignoredGitCommands": { + "description": "List of git commands that should be ignored and not recorded.", + "type": "array", + "items": { + "type": "string" + }, + "default": ["show", "rev-parse", "log", "diff", "ls-tree"] + } + }, + "examples": [ + { + "size": 1000, + "repos": ["github.com/sourcegraph/sourcegraph", "github.com/gorilla/mux"], + "ignoredGitCommands": ["show", "rev-parse", "log", "diff", "ls-tree"] + } + ] + }, + "batchChanges.rejectUnverifiedCommit": { + "description": "Reject unverified commits when creating a Batch Change", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + } + }, + "gitserver.diskUsageWarningThreshold": { + "description": "Disk usage threshold at which to display warning notification. Value is a percentage.", + "type": "integer", + "default": 90, + "!go": { + "pointer": true + } + }, + "dotcom": { + "description": "Configuration options for Sourcegraph.com only.", + "type": "object", + "properties": { + "sams.server": { + "type": "string", + "description": "The server URL for SAMS production instance." + }, + "sams.clientID": { + "type": "string", + "description": "The clientID for SAMS production instance." + }, + "sams.clientSecret": { + "type": "string", + "description": "The clientSecret for SAMS production instance." + }, + "samsDev.server": { + "type": "string", + "description": "The server URL for SAMS development instance.", + "default": "https://accounts.sgdev.org" + }, + "samsDev.clientID": { + "type": "string", + "description": "The clientID for SAMS development instance." + }, + "samsDev.clientSecret": { + "type": "string", + "description": "The clientSecret for SAMS development instance." + }, + "enterprisePortal.enableProxies": { + "type": "boolean", + "default": true, + "!go": { + "pointer": true + }, + "description": "Whether to enable Enterprise Portal auth proxies for site admins." + }, + "srcCliVersionCache": { + "description": "Configuration related to the src-cli version cache. This should only be used on sourcegraph.com.", + "type": "object", + "required": ["enabled", "github"], + "group": "Sourcegraph.com", + "properties": { + "enabled": { + "description": "Enables the src-cli version cache API endpoint.", + "type": "boolean", + "default": false + }, + "github": { + "description": "GitHub configuration, both for queries and receiving release webhooks.", + "type": "object", + "required": ["token", "webhookSecret"], + "properties": { + "repository": { + "description": "The repository to get the latest version of.", + "type": "object", + "properties": { + "owner": { + "description": "The repository namespace.", + "type": "string", + "default": "sourcegraph" + }, + "name": { + "description": "The repository name.", + "type": "string", + "default": "src-cli" + } + } + }, + "token": { + "description": "The access token to use when communicating with GitHub.", + "type": "string" + }, + "uri": { + "description": "The URI of the GitHub instance.", + "type": "string", + "default": "https://github.com" + }, + "webhookSecret": { + "description": "The release webhook secret.", + "type": "string" + } + } + }, + "interval": { + "description": "The interval between version checks, expressed as a string that can be parsed by Go's time.ParseDuration.", + "type": "string", + "default": "1h" + } + } + }, + "codyGateway": { + "description": "Configuration related to the Cody Gateway service management. This should only be used on sourcegraph.com.", + "type": "object", + "group": "Sourcegraph.com", + "properties": { + "bigQueryGoogleProjectID": { + "description": "The project ID to pull BigQuery Cody Gatewayrelated events from.", + "type": "string" + }, + "bigQueryDataset": { + "description": "The dataset to pull BigQuery Cody Gateway related events from.", + "type": "string" + }, + "bigQueryTable": { + "description": "The table in the dataset to pull BigQuery Cody Gateway related events from.", + "type": "string" + } + } + }, + "codyProConfig": { + "type": "object", + "additionalProperties": false, + "properties": { + "stripePublishableKey": { + "type": "string", + "default": null, + "description": "Stripe Publishable Key for use in Stripe Checkout, Stripe Elements. This is not considered a secret.", + "examples": ["pk_test_...", "pk_live_..."] + }, + "samsBackendOrigin": { + "type": "string", + "default": "", + "description": "Origin of the SAMS backend. (Must match the SAMS OIDC registration in auth.providers.)", + "examples": ["https://accounts.sourcegraph.com"] + }, + "sscBackendOrigin": { + "type": "string", + "default": "", + "description": "Origin of the Self-serve Cody backend.", + "examples": ["https://accounts.sourcegraph.com"] + }, + "sscBaseUrl": { + "type": "string", + "default": "https://accounts.sourcegraph.com/cody", + "description": "The base URL of the Self-Serve Cody site." + }, + "useEmbeddedUI": { + "type": "boolean", + "default": false, + "description": "Whether Cody Pro UI is served from sourcegraph.com. If false, users are directed to https://accounts.sourcegraph.com/cody to manage their Cody Pro subscription." + } + } + } + }, + "group": "Sourcegraph.com" + }, + "notifications": { + "description": "Notifications recieved from Sourcegraph.com to display in Sourcegraph.", + "type": "array", + "items": { + "type": "object", + "required": ["key", "message"], + "properties": { + "key": { + "description": "e.g. '2023-03-10-my-key'; MUST START WITH YYYY-MM-DD; a globally unique key used to track whether the message has been dismissed.", + "type": "string", + "minLength": 1 + }, + "message": { + "description": "The Markdown message to display", + "type": "string", + "minLength": 1 + } + } + }, + "examples": [ + { + "key": "2023-03-10-my-key", + "message": "This is a test notification message." + } + ] + }, + "auth.providers": { + "description": "The authentication providers to use for identifying and signing in users. See instructions below for configuring SAML, OpenID Connect (including Google Workspace), and HTTP authentication proxies. Multiple authentication providers are supported (by specifying multiple elements in this array).", + "type": "array", + "items": { + "required": ["type"], + "properties": { + "type": { + "type": "string", + "enum": [ + "azureDevOps", + "bitbucketcloud", + "bitbucketserver", + "builtin", + "gerrit", + "github", + "gitlab", + "http-header", + "openidconnect", + "saml" + ] + } + }, + "oneOf": [ + { + "$ref": "#/definitions/AzureDevOpsAuthProvider" + }, + { + "$ref": "#/definitions/BitbucketCloudAuthProvider" + }, + { + "$ref": "#/definitions/BitbucketServerAuthProvider" + }, + { + "$ref": "#/definitions/BuiltinAuthProvider" + }, + { + "$ref": "#/definitions/GerritAuthProvider" + }, + { + "$ref": "#/definitions/GitHubAuthProvider" + }, + { + "$ref": "#/definitions/GitLabAuthProvider" + }, + { + "$ref": "#/definitions/HTTPHeaderAuthProvider" + }, + { + "$ref": "#/definitions/OpenIDConnectAuthProvider" + }, + { + "$ref": "#/definitions/SAMLAuthProvider" + } + ], + "!go": { + "taggedUnionType": true + } + }, + "group": "Authentication", + "default": [ + { + "type": "builtin", + "allowSignup": true + } + ] + }, + "auth.sessionExpiry": { + "type": "string", + "description": "The maximum duration of a user session, after which it expires and the user is required to re-authenticate. The default is 90 days. Must be at least 1 hour. There is typically no need to set this, but some users may have specific internal security requirements.\n\nThe string format is that of the Duration type in the Go time package (https://golang.org/pkg/time/#ParseDuration). E.g., \"720h\", \"43200m\", \"2592000s\" all indicate a timespan of 30 days.", + "default": "2160h", + "examples": ["168h"], + "group": "Authentication" + }, + "auth.maxSessionIdleDuration": { + "type": "string", + "description": "The maximum duration a user session may be idle (not making any requests), after which it expires and the user is required to re-authenticate. Must be at least 1 hour. Defaults to no idle expiry.", + "default": "0", + "examples": ["2h"], + "group": "Authentication" + }, + "auth.enableUsernameChanges": { + "description": "Enables users to change their username after account creation. Warning: setting this to be true has security implications if you have enabled (or will at any point in the future enable) repository permissions with an option that relies on username equivalency between Sourcegraph and an external service or authentication provider. Do NOT set this to true if you are using non-built-in authentication OR rely on username equivalency for repository permissions.", + "type": "boolean", + "default": false, + "group": "Authentication" + }, + "auth.minPasswordLength": { + "description": "The minimum number of Unicode code points that a password must contain.", + "type": "integer", + "default": 12, + "group": "Authentication" + }, + "auth.passwordResetLinkExpiry": { + "description": "The duration (in seconds) that a password reset link is considered valid.", + "type": "integer", + "default": 14400, + "group": "Authentication" + }, + "auth.lockout": { + "description": "The config options for account lockout", + "type": "object", + "properties": { + "failedAttemptThreshold": { + "description": "The threshold of failed sign-in attempts in a consecutive period", + "type": "integer", + "default": 5 + }, + "lockoutPeriod": { + "description": "The number of seconds for the lockout period", + "type": "integer", + "default": 1800 + }, + "consecutivePeriod": { + "description": "The number of seconds to be considered as a consecutive period", + "type": "integer", + "default": 3600 + } + }, + "examples": [ + { + "failedAttemptThreshold": 3, + "lockoutPeriod": 600, + "consecutivePeriod": 300 + } + ], + "group": "Authentication" + }, + "auth.unlockAccountLinkSigningKey": { + "description": "Base64-encoded HMAC signing key to sign the JWT token for account unlock URLs", + "type": "string", + "group": "Authentication", + "examples": [ + "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUJGZ0FBQUhVQkFBQQ" + ] + }, + "auth.unlockAccountLinkExpiry": { + "description": "Validity expressed in minutes of the unlock account token", + "type": "integer", + "group": "Authentication", + "default": 5 + }, + "auth.accessRequest": { + "description": "The config options for access requests", + "type": "object", + "group": "Authentication", + "properties": { + "enabled": { + "description": "Enable/disable the access request feature, which allows users to request access if built-in signup is disabled.", + "type": "boolean", + "!go": { + "pointer": true + }, + "default": true + } + }, + "examples": [ + { + "enabled": true + }, + { + "enabled": false + } + ] + }, + "auth.primaryLoginProvidersCount": { + "description": "The number of auth providers that will be shown to the user on the login screen. Other providers are shown under `Other login methods` section.", + "type": "integer", + "group": "Authentication", + "default": 3 + }, + "update.channel": { + "description": "The channel on which to automatically check for Sourcegraph updates.", + "type": ["string"], + "enum": ["release", "none"], + "default": "release", + "examples": ["none"], + "group": "Misc." + }, + "productResearchPage.enabled": { + "description": "Enables users access to the product research page in their settings.", + "type": "boolean", + "!go": { + "pointer": true + }, + "group": "Misc.", + "default": true + }, + "encryption.keys": { + "description": "Configuration for encryption keys used to encrypt data at rest in the database.", + "type": "object", + "properties": { + "enableCache": { + "description": "enable LRU cache for decryption APIs", + "type": "boolean", + "default": false + }, + "cacheSize": { + "description": "number of values to keep in LRU cache", + "type": "integer", + "default": 2048 + }, + "batchChangesCredentialKey": { + "$ref": "#/definitions/EncryptionKey" + }, + "externalServiceKey": { + "$ref": "#/definitions/EncryptionKey" + }, + "gitHubAppKey": { + "$ref": "#/definitions/EncryptionKey" + }, + "outboundWebhookKey": { + "$ref": "#/definitions/EncryptionKey" + }, + "userExternalAccountKey": { + "$ref": "#/definitions/EncryptionKey" + }, + "webhookLogKey": { + "$ref": "#/definitions/EncryptionKey" + }, + "webhookKey": { + "$ref": "#/definitions/EncryptionKey" + }, + "executorSecretKey": { + "$ref": "#/definitions/EncryptionKey" + } + }, + "examples": [ + { + "externalServiceKey": { + "type": "mounted", + "filePath": "/path/to/external_service.key" + } + }, + { + "userExternalAccountKey": { + "type": "cloudkms", + "keyname": "projects/my-project/locations/global/keyRings/my-keyring/cryptoKeys/my-key" + } + } + ] + }, + "webhook.logging": { + "description": "Configuration for logging incoming webhooks.", + "type": "object", + "properties": { + "enabled": { + "description": "Whether incoming webhooks are logged. If omitted, logging is enabled on sites without encryption. If one or more encryption keys are present, this setting must be enabled manually; as webhooks may contain sensitive data, admins of encrypted sites may want to enable webhook encryption via encryption.keys.webhookLogKey.", + "type": "boolean", + "!go": { + "pointer": true + } + }, + "retention": { + "description": "How long incoming webhooks are retained. The string format is that of the Duration type in the Go time package (https://golang.org/pkg/time/#ParseDuration). Values lower than 1 hour will be treated as 1 hour. By default, this is \"72h\", or three days.", + "type": "string", + "default": "72h" + } + }, + "examples": [ + { + "enabled": true, + "retention": "7d" + } + ] + }, + "outboundRequestLogLimit": { + "description": "The maximum number of outbound requests to retain. This is a global limit across all outbound requests. If the limit is exceeded, older items will be deleted. If the limit is 0, no outbound requests are logged.", + "type": "integer", + "minimum": 0, + "default": 50, + "maximum": 500 + }, + "redactOutboundRequestHeaders": { + "description": "Enables redacting sensitive information from outbound requests. Important: We only respect this setting in development environments. In production, we always redact outbound requests.", + "type": "boolean", + "!go": { + "pointer": true + }, + "examples": [true] + }, + "organizationInvitations": { + "description": "Configuration for organization invitations.", + "type": "object", + "required": ["signingKey"], + "properties": { + "expiryTime": { + "description": "Time before the invitation expires, in hours (experimental, not enforced at the moment).", + "type": "integer", + "default": 48 + }, + "signingKey": { + "description": "Base64 encoded HMAC Signing key to sign a JWT token, which is attached to each invitation URL.\nMore documentation here: https://pkg.go.dev/github.com/golang-jwt/jwt#SigningMethodHMAC \n\nIf not provided, will fall back to legacy invitation to an organization.\n\nThe legacy invitation will be deprecated in the future and creating an organization invitation will fail with an error if this setting is not present.", + "type": "string" + } + }, + "examples": [ + { + "expiryTime": 48, + "signingKey": "your-signing-key" + } + ] + }, + "cody.enabled": { + "description": "Enable or disable Cody instance-wide. When Cody is disabled, all Cody endpoints and GraphQL queries will return errors, Cody will not show up in the site-admin sidebar, and Cody in the global navbar will only show a call-to-action for site-admins to enable Cody.", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + }, + "group": "Cody" + }, + "cody.contextFilters": { + "description": "Rules defining the repositories that will never be shared by Cody with third-party LLM providers.", + "type": "object", + "properties": { + "include": { + "description": "List of rules specifying repositories that Cody may include as context in requests to third-party LLMs. If defined, only repositories matching these rules will be considered for sharing. If not defined, all repositories may be shared.", + "type": "array", + "items": { + "$ref": "#/definitions/CodyContextFilterItem" + }, + "minItems": 1 + }, + "exclude": { + "description": "List of rules specifying repositories that Cody should excluded from context in requests to third-party LLMs. These rules are applied only to repositories matching the include rules.", + "type": "array", + "items": { + "$ref": "#/definitions/CodyContextFilterItem" + }, + "minItems": 1 + } + }, + "minProperties": 1, + "additionalProperties": false, + "group": "Cody" + }, + "cody.permissions": { + "description": "Whether to enable Cody role-based access controls. Only respected if cody.restrictUsersFeatureFlag is not set. See https://sourcegraph.com/docs/admin/access_control", + "type": "boolean", + "default": true, + "!go": { + "pointer": true + }, + "group": "Cody" + }, + "cody.restrictUsersFeatureFlag": { + "description": "DEPRECATED; see cody.permissions instead. PRIOR DESCRIPTION: Cody to only be enabled for users that have a feature flag labeled \"cody\" set to true. You must create a feature flag with this ID after enabling this setting: https://www.notion.so/sourcegraph/How-to-use-feature-flags-70f42bcacd9045d4a55de22f5dd87df0?source=copy_link. This setting only has an effect if cody.enabled is true.", + "type": "boolean", + "default": false, + "!go": { + "pointer": true + }, + "group": "Cody" + }, + "embeddings": { + "deprecationMessage": "Deprecated changes to this section will not be respected.", + "description": "Configuration for embeddings service.", + "type": "object", + "properties": { + "enabled": { + "description": "Toggles whether embedding service is enabled.", + "type": "boolean", + "!go": { + "pointer": true + }, + "default": true + }, + "dimensions": { + "description": "The dimensionality of the embedding vectors. Required field if not using the sourcegraph provider.", + "type": "integer", + "minimum": 0 + }, + "model": { + "description": "The model used for embedding. A default model will be used for each provider, if not set.", + "type": "string" + }, + "accessToken": { + "description": "The access token used to authenticate with the external embedding API service. For provider sourcegraph, this is optional.", + "type": "string" + }, + "provider": { + "type": "string", + "description": "The provider to use for generating embeddings. Defaults to sourcegraph.", + "enum": ["openai", "azure-openai", "sourcegraph"] + }, + "endpoint": { + "type": "string", + "description": "The endpoint under which to reach the provider. Sensible default will be used for each provider.", + "format": "uri" + }, + "url": { + "description": "The url to the external embedding API service. Deprecated, use endpoint instead.", + "type": "string", + "format": "uri" + }, + "perCommunityUserEmbeddingsMonthlyLimit": { + "description": "If > 0, limits the number of tokens allowed to be embedded by a Community user in a month. This is for Self-serve Cody and applies to Dotcom only.", + "type": "integer", + "default": 0 + }, + "perProUserEmbeddingsMonthlyLimit": { + "description": "If > 0, limits the number of tokens allowed to be embedded by a Pro user in a month. This is for Self-serve Cody and applies to Dotcom only.", + "type": "integer", + "default": 0 + }, + "fileFilters": { + "description": "Filters that allow you to specify which files in a repository should get embedded.", + "type": "object", + "properties": { + "excludedFilePathPatterns": { + "description": "A list of glob patterns that match file paths you want to exclude from embeddings. This is useful to exclude files with low information value (e.g., SVG files, test fixtures, mocks, auto-generated files, etc.).", + "type": "array", + "items": { + "type": "string" + }, + "default": [ + ".*ignore", + ".gitattributes", + ".mailmap", + "*.csv", + "*.svg", + "*.xml", + "__fixtures__/", + "node_modules/", + "testdata/", + "mocks/", + "vendor/" + ] + }, + "includedFilePathPatterns": { + "description": "A list of glob patterns that match file paths you want to include in embeddings. If specified, all files not matching these include patterns are excluded.", + "type": "array", + "items": { + "type": "string" + }, + "examples": ["*.go", "*.ts", "*.md", "src/", "cmd/"] + }, + "maxFileSizeBytes": { + "description": "The maximum file size (in bytes) to include in embeddings. Must be between 0 and 100000 (1 MB).", + "type": "integer", + "default": 1000000 + } + } + }, + "excludedFilePathPatterns": { + "description": "A list of glob patterns that match file paths you want to exclude from embeddings. This is useful to exclude files with low information value (e.g., SVG files, test fixtures, mocks, auto-generated files, etc.).", + "type": "array", + "items": { + "type": "string" + }, + "default": [ + ".*ignore", + ".gitattributes", + ".mailmap", + "*.csv", + "*.svg", + "*.xml", + "__fixtures__/", + "node_modules/", + "testdata/", + "mocks/", + "vendor/" + ], + "deprecationMessage": "Deprecated in favor of fileFilers.excludedFilePathPatterns" + }, + "maxEmbeddingsPerRepo": { + "description": "The maximum number of embeddings to generate per repo", + "type": "integer", + "minimum": 0 + }, + "incremental": { + "description": "Whether to generate embeddings incrementally. If true, only files that have changed since the last run will be processed.", + "type": "boolean", + "!go": { + "pointer": true + }, + "default": true + }, + "minimumInterval": { + "description": "The time to wait between runs. Valid time units are \"s\", \"m\", \"h\". Example values: \"30s\", \"5m\", \"1h\".", + "type": "string", + "default": "24h" + }, + "policyRepositoryMatchLimit": { + "description": "The maximum number of repositories that can be matched by a global embeddings policy", + "type": "integer", + "!go": { + "pointer": true + }, + "default": "5000" + }, + "excludeChunkOnError": { + "description": "Whether to cancel indexing a repo if embedding a single file fails. If true, the chunk that cannot generate embeddings is not indexed and the remainder of the repository proceeds with indexing.", + "type": "boolean", + "!go": { + "pointer": true + }, + "default": true + } + }, + "examples": [ + { + "enabled": true, + "dimensions": 1536, + "model": "text-embedding-ada-002", + "accessToken": "your-access-token", + "url": "https://api.openai.com/v1/embeddings", + "excludedFilePathPatterns": ["*.svg", "**/__mocks__/**", "**/test/**"] + } + ] + }, + "completions": { + "description": "Configuration for the completions service.", + "type": "object", + "properties": { + "enabled": { + "description": "DEPRECATED. Use cody.enabled instead to turn Cody on/off.", + "type": "boolean", + "!go": { + "pointer": true + }, + "default": true + }, + "model": { + "description": "DEPRECATED. Use chatModel instead.", + "type": "string" + }, + "user": { + "description": "The user field for OpenAI config for both AzureOpenAI and OpenAI", + "type": "string" + }, + "azureChatModel": { + "description": "Optional: Specify the Azure OpenAI model name for chat completions. This is only needed when you want to count tokens associated with your azure model", + "type": "string", + "enum": [ + "gpt-3.5-turbo", + "gpt-3.5-turbo-16k", + "gpt-3.5-turbo-instruct", + "gpt-3.5-turbo-0125", + "gpt-3.5-turbo-0301", + "gpt-3.5-turbo-0613", + "gpt-3.5-turbo-16k-0613", + "gpt-4-0314", + "gpt-4-32k-0314", + "gpt-4-0613", + "gpt-4-32k-0613", + "gpt-4o", + "gpt-4o-2024-05-13", + "gpt-4o-2024-08-06", + "gpt-4" + ] + }, + "azureCompletionModel": { + "description": "Optional: Specify the Azure OpenAI model name for chat completions. This is only needed when you want to count tokens associated with your azure model", + "type": "string", + "enum": [ + "gpt-3.5-turbo", + "gpt-3.5-turbo-instruct", + "gpt-3.5-turbo-16k", + "gpt-3.5-turbo-0125", + "gpt-3.5-turbo-0301", + "gpt-3.5-turbo-0613", + "gpt-3.5-turbo-16k-0613", + "gpt-4-0314", + "gpt-4-32k-0314", + "gpt-4-0613", + "gpt-4-32k-0613", + "gpt-4o", + "gpt-4o-2024-05-13", + "gpt-4o-2024-08-06", + "gpt-4" + ] + }, + "fastChatModel": { + "description": "The model used for fast chat completions. \n NOTE: The Anthropic messages API does not support model names like claude-2 or claude-instant-1 where only the major version is specified as they are retired. We recommend using a specific model identifier as specified here https://docs.anthropic.com/claude/docs/models-overview#model-comparison ", + "type": "string", + "not": { + "enum": ["claude-2", "claude-instant-1"] + } + }, + "azureUseDeprecatedCompletionsAPIForOldModels": { + "description": "Enables the use of the older completions API for select Azure OpenAI models.", + "type": "boolean", + "default": true + }, + "fastChatModelMaxTokens": { + "description": "The maximum number of tokens to use as client when talking to fastChatModel. If not set, clients need to set their own limit.", + "type": "integer" + }, + "chatModel": { + "description": "The model used for chat completions. If using the default provider 'sourcegraph', a reasonable default model will be set.\n NOTE: The Anthropic messages API does not support model names like claude-2 or claude-instant-1 where only the major version is specified as they are retired. We recommend using a specific model identifier as specified here https://docs.anthropic.com/claude/docs/models-overview#model-comparison ", + "type": "string", + "not": { + "enum": ["claude-2", "claude-instant-1"] + }, + "errorMessage": "The substring 'cumber' is not allowed because it is a bad idea and may lead to unexpected issues." + }, + "chatModelMaxTokens": { + "description": "The maximum number of tokens to use as client when talking to chatModel. If not set, clients need to set their own limit. If smartContextWindow is enabled, this value will be overridden by the clients.", + "type": "integer" + }, + "smartContextWindow": { + "description": "Whether the maximum number of tokens should be automatically adjusted by the client based on the name of chatModel. If enabled, it will override the value set in chatModelMaxTokens.", + "type": "string", + "default": "enabled", + "enum": ["enabled", "disabled"] + }, + "disableClientConfigAPI": { + "description": "Should not be set. If set to true, disables the use of the new client config API. This new API has no user-facing effect, this opt-out is provided only as an escape hatch in case of issues.", + "type": "boolean", + "!go": { + "pointer": true + }, + "deprecationMessage": "This opt-out feature flag will be removed soon." + }, + "completionModel": { + "description": "The model used for code completion. If using the default provider 'sourcegraph', a reasonable default model will be set.\n NOTE: The Anthropic messages API does not support model names like claude-2 or claude-instant-1 where only the major version is specified as they are retired. We recommend using a specific model identifier as specified here https://docs.anthropic.com/claude/docs/models-overview#model-comparison ", + "type": "string", + "not": { + "enum": ["claude-2", "claude-instant-1"] + } + }, + "completionModelMaxTokens": { + "description": "The maximum number of tokens to use as client when talking to completionModel. If not set, clients need to set their own limit.", + "type": "integer" + }, + "accessToken": { + "description": "The access token used to authenticate with the external completions provider. If using the default provider 'sourcegraph', and if 'licenseKey' is set, a default access token is generated.", + "type": "string" + }, + "provider": { + "type": "string", + "description": "The external completions provider. Defaults to 'sourcegraph'.", + "default": "sourcegraph", + "enum": ["anthropic", "openai", "sourcegraph", "azure-openai", "aws-bedrock", "fireworks", "google"] + }, + "endpoint": { + "type": "string", + "description": "The endpoint under which to reach the provider. Currently only used for provider types \"sourcegraph\", \"openai\" and \"anthropic\". The default values are \"https://cody-gateway.sourcegraph.com\", \"https://api.openai.com/v1/chat/completions\", and \"https://api.anthropic.com/v1/messages\" for Sourcegraph, OpenAI, and Anthropic, respectively." + }, + "perUserDailyLimit": { + "description": "If > 0, limits the number of completions requests allowed for a user in a day. On instances that allow anonymous requests, we enforce the rate limit by IP.", + "type": "integer", + "default": 0 + }, + "perUserCodeCompletionsDailyLimit": { + "description": "If > 0, limits the number of code completions requests allowed for a user in a day. On instances that allow anonymous requests, we enforce the rate limit by IP.", + "type": "integer", + "default": 0 + }, + "perCommunityUserChatMonthlyLLMRequestLimit": { + "description": "If > 0, limits the number of completions requests allowed for a Community user in a month. This is for Self-serve Cody and applies to Dotcom only.", + "type": "integer", + "default": 0 + }, + "perCommunityUserCodeCompletionsMonthlyLLMRequestLimit": { + "description": "If > 0, limits the number of code completions requests allowed for a Community user in a month. This is for Self-serve Cody and applies to Dotcom only.", + "type": "integer", + "default": 0 + }, + "perProUserChatDailyLLMRequestLimit": { + "description": "If > 0, limits the number of completions requests allowed for a Pro user in a day. This is for Self-serve Cody and applies to Dotcom only.", + "type": "integer", + "default": 0 + }, + "perProUserCodeCompletionsDailyLLMRequestLimit": { + "description": "If > 0, limits the number of code completions requests allowed for a Pro user in a day. This is for Self-serve Cody and applies to Dotcom only.", + "type": "integer", + "default": 0 + }, + "perCommunityUserChatMonthlyInteractionLimit": { + "description": "If > 0, enables the maximum number of completions interactions allowed to be made by a single Community user in a month. This is for Cody PLG and applies to Dotcom only.", + "type": "integer", + "default": 0 + }, + "perCommunityUserCodeCompletionsMonthlyInteractionLimit": { + "description": "If > 0, enables the maximum number of code completions interactions allowed to be made by a single Community user in a month. This is for Cody PLG and applies to Dotcom only.", + "type": "integer", + "default": 0 + }, + "perProUserChatDailyInteractionLimit": { + "description": "If > 0, enables the maximum number of completions interactions allowed to be made by a single Pro user in a day. This is for Cody PLG and applies to Dotcom only.", + "type": "integer", + "default": 0 + }, + "perProUserCodeCompletionsDailyInteractionLimit": { + "description": "If > 0, enables the maximum number of code completions interactions allowed to be made by a single Pro user in a day. This is for Cody PLG and applies to Dotcom only.", + "type": "integer", + "default": 0 + } + }, + "examples": [ + { + "enabled": true, + "chatModel": "chat", + "completionModel": "code-completion", + "accessToken": "abc123", + "provider": "openai", + "perUserDailyLimit": 100 + } + ] + }, + "configFeatures": { + "description": "Configuration for the completions service.", + "type": "object", + "properties": { + "chat": { + "description": "Enable/Disable Chat for the clients", + "type": "boolean" + }, + "chatVision": { + "description": "Enable/Disable uploading images to Chat", + "type": "boolean" + }, + "autoComplete": { + "description": "Enable/Disable AutoComplete for the clients", + "type": "boolean" + }, + "commands": { + "description": "Enable/Disable special commands for the clients", + "type": "boolean" + } + }, + "examples": [ + { + "chat": true + } + ] + }, + "attribution.enabled": { + "description": "Enable/Disable attribution search for Cody-generated snippets", + "type": "boolean", + "!go": { + "pointer": true + } + }, + "attribution.mode": { + "description": "Hide Cody-generated snippets that have attribution matches (\"enforced\"), or show the snippet but passively inform the user about attribution (\"permissive\", the default). Requires attribution.enabled = true.", + "type": "string", + "enum": ["permissive", "enforced"], + "default": "permissive", + "!go": { + "pointer": true + } + }, + "attribution.gateway": { + "description": "Use this gateway parameters for customers that bring their own key. Otherwise gateway endpoint is used.", + "type": "object", + "properties": { + "endpoint": { + "description": "Endpoint where Cody gateway can be accessed for attribution.", + "type": "string" + }, + "accessToken": { + "description": "Only for use to override token for attribution gateway access. If 'licenseKey' is set, a default access token is generated.", + "type": "string" + } + } + }, + "modelConfiguration": { + "$ref": "#/definitions/SiteModelConfiguration" + }, + "cody.serverSideContext": { + "description": "Configuration for Server-side context API", + "type": "object", + "group": "Cody", + "properties": { + "reranker": { + "description": "Reranker to use for rankContext requests", + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": ["sourcegraph", "identity", "cohere", "voyageai"] + } + }, + "oneOf": [ + { + "$ref": "#/definitions/CodyRerankerSourcegraph" + }, + { + "$ref": "#/definitions/CodyRerankerIdentity" + }, + { + "$ref": "#/definitions/CodyRerankerCohere" + }, + { + "$ref": "#/definitions/CodyRerankerVoyageAI" + } + ], + "!go": { + "taggedUnionType": true + } + } + } + }, + "entitlements.completionCredits": { + "description": "Configure completion credits entitlement enablement", + "type": "object", + "properties": { + "mode": { + "description": "Configure completions credits consumption tracking and enforcement mode", + "type": "string", + "default": "disabled", + "enum": ["disabled", "track", "trackStrict", "enforce"] + } + } + } + }, + "definitions": { + "SiteModelConfiguration": { + "type": "object", + "description": "BETA FEATURE, only enable if you know what you are doing. If set, Cody will use the new model configuration system and ignore the old 'completions' site configuration entirely.", + "properties": { + "sourcegraph": { + "$ref": "#/definitions/SourcegraphModelConfig" + }, + "providerOverrides": { + "description": "Configures model providers. Here you can override how Cody connects to model providers and e.g. bring your own API keys or self-hosted models.", + "type": "array", + "default": [], + "items": { + "$ref": "#/definitions/ProviderOverride" + } + }, + "modelOverrides": { + "description": "Override, or add to, the list of models Cody is aware of and how they are configured to work", + "type": "array", + "default": [], + "items": { + "$ref": "#/definitions/ModelOverride" + } + }, + "modelOverridesRecommendedSettings": { + "deprecationMessage": "Deprecated; use 'selfHostedModels' instead.", + "description": "Override, or add to, the list of models Cody is aware of - but let Sourcegraph configure how the model should work. Only available for select models.\n\nSpecifying the same model both here and in 'modelOverrides' is not allowed.", + "type": "array", + "default": [], + "items": { + "type": "string", + "enum": [ + "bigcode::v1::starcoder2-7b", + "bigcode::v1::starcoder2-15b", + "mistral::v1::mistral-7b-instruct", + "mistral::v1::mixtral-8x7b-instruct", + "mistral::v1::mixtral-8x22b-instruct" + ] + } + }, + "selfHostedModels": { + "description": "Add models to the list of models Cody is aware of, but let Sourcegraph provide default configuration for the model. Only available for select models, generic models can be configured in 'modelOverrides'.\n\nSpecifying the same model both here and in 'modelOverrides' is not allowed.", + "type": "array", + "default": [], + "items": { + "$ref": "#/definitions/SelfHostedModel" + } + }, + "defaultModels": { + "$ref": "#/definitions/DefaultModels" + }, + "systemPreInstruction": { + "description": "An optional global chat pre-instruction message to be prepended to all chat completions as a system message. This is useful for an admin to offer the LLM some global context or restrictions. This is an admin level prompt and thus will be unconditionally added, even if a client-level pre-instruction is present.", + "type": "string", + "maximum": 280 + } + } + }, + "SelfHostedModel": { + "type": "object", + "examples": [ + { + "provider": "mistral", + "model": "mixtral-8x7b-instruct", + "override": { + "serverSideConfig": { + "apiModel": "mixtral-8x7b-instruct" + } + } + } + ], + "required": ["provider"], + "properties": { + "provider": { + "description": "provider ID", + "type": "string", + "examples": ["mistral", "meta", "acme-corp-custom"] + }, + "apiVersion": { + "description": "API version", + "type": "string", + "examples": ["v1"], + "default": "v1" + }, + "model": { + "description": "Which default model configuration to use. Sourcegraph provides default model configuration for select models. Arbitrary models can be configured in 'modelOverrides'", + "type": "string", + "enum": [ + "starcoder2-7b@v1", + "starcoder2-15b@v1", + "mistral-7b-instruct@v1", + "mixtral-8x7b-instruct@v1", + "mixtral-8x22b-instruct@v1" + ] + }, + "override": { + "$ref": "#/definitions/SelfHostedModelOverride" + } + } + }, + "SelfHostedModelOverride": { + "description": "Properties to override in the default model configuration", + "type": "object", + "properties": { + "displayName": { + "description": "Display name", + "type": "string", + "examples": ["Claude 3 Sonnet", "GPT-4 Turbo"] + }, + "contextWindow": { + "$ref": "#/definitions/ContextWindow" + }, + "modelCost": { + "$ref": "#/definitions/ModelCost" + }, + "clientSideConfig": { + "$ref": "#/definitions/ClientSideModelConfigOpenAICompatible" + }, + "serverSideConfig": { + "$ref": "#/definitions/ServerSideModelConfigOpenAICompatible" + } + } + }, + "SourcegraphModelConfig": { + "description": "If null, Cody will not use Sourcegraph's servers for model discovery.", + "type": ["object", "null"], + "properties": { + "endpoint": { + "description": "The Cody gateway URL to use for making LLM requests. If null, the production URL for Cody gateway will be used.", + "type": "string", + "!go": { + "pointer": true + }, + "default": null + }, + "accessToken": { + "description": "The Cody gateway access token to use. If null, an access token will be automatically generated based on the product license.", + "type": "string", + "!go": { + "pointer": true + }, + "default": null + }, + "modelFilters": { + "$ref": "#/definitions/ModelFilters" + } + } + }, + "ModelFilters": { + "description": "Filters that allow you to constrain which models are available to users.", + "type": "object", + "default": null, + "properties": { + "statusFilter": { + "description": "Constrain models to just those matching one of the supplied statuses", + "type": "array", + "items": { + "type": "string", + "enum": ["experimental", "beta", "stable", "deprecated"] + }, + "examples": ["beta", "stable"], + "default": ["stable"] + }, + "allow": { + "description": "Constrain models to only those in this allow list. Wildcards may be used here, but not regexp.", + "type": "array", + "items": { + "type": "string" + }, + "examples": ["anthropic::*", "openai::2024-02-01::*"], + "default": ["*"] + }, + "deny": { + "description": "Any models in this deny list will not be allowed. Wildcards may be used here, but not regexp.", + "type": "array", + "items": { + "type": "string" + }, + "examples": [["*gpt*"]], + "default": [] + } + } + }, + "BasicAuth": { + "description": "Basic authentication credentials", + "type": "object", + "properties": { + "username": { + "type": "string" + }, + "password": { + "type": "string" + } + } + }, + "AccessTokenQuery": { + "description": "Configuration for how to fetch an access token from a HTTP URL. Currently only valid for ServerSideProviderConfigAWSBedrock, ServerSideProviderConfigAzureOpenAI, ServerSideProviderConfigAnthropicProvider, and ServerSideProviderConfigOpenAICompatibleProvider. Ignored when accessToken field is set at same level", + "type": "object", + "properties": { + "url": { + "description": "The HTTP URL where the token can be fetched", + "type": "string", + "format": "uri" + }, + "method": { + "description": "HTTP method to use when querying for the access token", + "type": "string", + "default": "GET" + }, + "headers": { + "description": "Optional headers that should be sent with the request", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "basicAuth": { + "description": "Basic authentication credentials", + "$ref": "#/definitions/BasicAuth" + }, + "formData": { + "description": "Form URL-encoded data for POST requests", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "queryParams": { + "description": "Any query parameters needed on the URL", + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "ProviderOverride": { + "type": "object", + "required": ["id", "displayName"], + "properties": { + "id": { + "description": "provider ID", + "type": "string", + "examples": ["anthropic", "google", "acme-corp-custom"] + }, + "displayName": { + "description": "display name", + "type": "string", + "examples": ["Anthropic", "Google", "ACME Corp Custom"] + }, + "clientSideConfig": { + "$ref": "#/definitions/ClientSideProviderConfig" + }, + "serverSideConfig": { + "$ref": "#/definitions/ServerSideProviderConfig" + }, + "defaultModelConfig": { + "$ref": "#/definitions/DefaultModelConfig" + } + } + }, + "ModelOverride": { + "type": "object", + "required": ["modelRef", "displayName", "modelName", "capabilities", "category", "status", "contextWindow"], + "properties": { + "modelRef": { + "description": "The qualified name of the model in '${ProviderID}::${APIVersionID}::${ModelID}' format", + "type": "string", + "examples": ["anthropic::2023-06-01::claude-3-sonnet", "openai::2024-02-01::gpt-4-turbo"] + }, + "displayName": { + "description": "display name", + "type": "string", + "examples": ["Claude 3 Sonnet", "GPT-4 Turbo"] + }, + "modelName": { + "description": "model name used when sending requests to the LLM provider's backend API.", + "type": "string", + "examples": ["claude-3-sonnet-20240229", "gpt-4-turbo"] + }, + "capabilities": { + "description": "Whether the model can be used for chat, just autocomplete, etc.", + "type": "array", + "items": { + "type": "string", + "enum": ["autocomplete", "chat", "vision", "reasoning", "edit", "tools", "fallback"] + }, + "examples": [["chat", "autocomplete", "vision", "reasoning", "edit", "tools"]] + }, + "category": { + "type": "string", + "enum": ["balanced", "speed", "other", "accuracy"], + "examples": ["balanced"] + }, + "status": { + "type": "string", + "enum": ["experimental", "beta", "stable", "deprecated"], + "examples": ["stable"] + }, + "contextWindow": { + "$ref": "#/definitions/ContextWindow" + }, + "reasoningEffort": { + "type": "string", + "enum": ["low", "medium", "high"], + "examples": ["low"] + }, + "modelCost": { + "$ref": "#/definitions/ModelCost" + }, + "clientSideConfig": { + "$ref": "#/definitions/ClientSideModelConfig" + }, + "serverSideConfig": { + "$ref": "#/definitions/ServerSideModelConfig" + } + } + }, + "ContextWindow": { + "description": "Context window for the model", + "type": "object", + "examples": [ + { + "maxInputTokens": 7000, + "maxOutputTokens": 4000 + } + ], + "required": ["maxInputTokens", "maxOutputTokens"], + "properties": { + "maxInputTokens": { + "type": "integer", + "examples": [7000] + }, + "maxOutputTokens": { + "type": "integer", + "examples": [4000] + } + } + }, + "ModelCost": { + "description": "Monetary cost of using a particular model with a given usage", + "type": "object", + "examples": [ + { + "unit": "mtok", + "inputTokenCredits": 7000, + "outputTokenCredits": 4000 + } + ], + "required": ["unit"], + "properties": { + "unit": { + "description": "Unit of measurement for token price, either per million or per billion tokens", + "type": "string", + "enum": ["mtok", "btok"], + "examples": ["mtok"] + }, + "inputTokenCredits": { + "description": "Cost per unit of input tokens in credits", + "examples": [7000], + "type": "integer", + "!go": { + "pointer": true + } + }, + "outputTokenCredits": { + "description": "Cost per unit of output tokens in credits", + "examples": [4000], + "type": "integer", + "!go": { + "pointer": true + } + }, + "inputTokenPennies": { + "description": "DEPRECATED: Use inputTokenCredits instead.", + "type": "integer", + "!go": { + "pointer": true + } + }, + "outputTokenPennies": { + "description": "DEPRECATED: Use outputTokenCredits instead.", + "type": "integer", + "!go": { + "pointer": true + } + } + } + }, + "DefaultModels": { + "type": "object", + "default": null, + "properties": { + "chat": { + "description": "The qualified name of the model to use for chat, in '${ProviderID}::${APIVersionID}::${ModelID}' format", + "type": "string", + "examples": [["anthropic::2023-06-01::claude-3-sonnet", "openai::2024-02-01::gpt-4-turbo"]] + }, + "fastChat": { + "description": "The qualified name of the model to use for fast chat, in '${ProviderID}::${APIVersionID}::${ModelID}' format", + "type": "string", + "examples": [["anthropic::2023-06-01::claude-3-sonnet", "openai::2024-02-01::gpt-4-turbo"]] + }, + "codeCompletion": { + "description": "The qualified name of the model to use for code completion, in '${ProviderID}::${APIVersionID}::${ModelID}' format", + "type": "string", + "examples": [["anthropic::2023-06-01::claude-3-sonnet", "openai::2024-02-01::gpt-4-turbo"]] + }, + "fallbackChat": { + "description": "The qualified name of the model to use for unlimited chat, in '${ProviderID}::${APIVersionID}::${ModelID}' format", + "type": "string", + "examples": [["google::v1::gemini-2.0-flash"]] + } + } + }, + "DefaultModelConfig": { + "description": "The model configuration that is applied to every model for a given provider.", + "type": "object", + "required": ["capabilities", "category", "status", "contextWindow"], + "properties": { + "capabilities": { + "description": "Whether the model can be used for chat, just autocomplete, etc.", + "type": "array", + "items": { + "type": "string", + "enum": ["autocomplete", "chat", "vision", "reasoning", "edit", "tools", "fallback"] + }, + "examples": [["chat", "autocomplete", "vision", "reasoning", "edit", "tools"]] + }, + "category": { + "type": "string", + "enum": ["balanced", "speed", "other", "accuracy"], + "examples": [["balanced"]] + }, + "status": { + "type": "string", + "enum": ["experimental", "beta", "stable", "deprecated"], + "examples": [["stable"]] + }, + "contextWindow": { + "$ref": "#/definitions/ContextWindow" + }, + "modelCost": { + "$ref": "#/definitions/ModelCost" + }, + "clientSideConfig": { + "$ref": "#/definitions/ClientSideModelConfig" + }, + "serverSideConfig": { + "$ref": "#/definitions/ServerSideModelConfig" + } + } + }, + "ClientSideProviderConfig": { + "type": "object", + "default": null, + "description": "No client-side provider configuration is currently available.", + "properties": {} + }, + "ServerSideProviderConfig": { + "type": "object", + "!go": { + "taggedUnionType": true + }, + "default": null, + "required": ["type"], + "properties": { + "type": { + "type": "string", + "enum": [ + "awsBedrock", + "azureOpenAI", + "anthropic", + "fireworks", + "google", + "openai", + "huggingface-tgi", + "openaicompatible", + "sourcegraph" + ] + } + }, + "oneOf": [ + { + "$ref": "#/definitions/ServerSideProviderConfigAWSBedrock" + }, + { + "$ref": "#/definitions/ServerSideProviderConfigAzureOpenAI" + }, + { + "$ref": "#/definitions/ServerSideProviderConfigAnthropicProvider" + }, + { + "$ref": "#/definitions/ServerSideProviderConfigFireworksProvider" + }, + { + "$ref": "#/definitions/ServerSideProviderConfigGoogleProvider" + }, + { + "$ref": "#/definitions/ServerSideProviderConfigOpenAIProvider" + }, + { + "$ref": "#/definitions/ServerSideProviderConfigHuggingfaceTGIProvider" + }, + { + "$ref": "#/definitions/ServerSideProviderConfigOpenAICompatibleProvider" + }, + { + "$ref": "#/definitions/ServerSideProviderConfigSourcegraphProvider" + }, + { + "$ref": "#/definitions/DoNotUsePhonyDiscriminantType" + } + ] + }, + "ServerSideProviderConfigAWSBedrock": { + "type": "object", + "required": ["type", "endpoint", "region"], + "properties": { + "type": { + "type": "string", + "const": "awsBedrock" + }, + "accessToken": { + "description": "Leave empty to rely on instance role bindings or other AWS configurations in frontend service. : if directly configuring the credentials, or :: if a session token is also required.", + "type": "string" + }, + "accessTokenQuery": { + "description": "Ignored when accessToken is set; this is a configuration for fetching a provider access token over HTTP.", + "$ref": "#/definitions/AccessTokenQuery" + }, + "endpoint": { + "description": "For Pay-as-you-go, set it to an AWS region code (e.g., us-west-2) when using a public Amazon Bedrock endpoint; For Provisioned Throughput, set it to the provisioned VPC endpoint for the bedrock-runtime API (e.g., 'https://vpce-0a10b2345cd67e89f-abc0defg.bedrock-runtime.us-west-2.vpce.amazonaws.com')", + "type": "string" + }, + "region": { + "description": "Region to use when configuring API clients. (Since the 'frontend' binary's container won't be able to pick this up from the host OS's environment variables.)", + "type": "string" + }, + "authMethod": { + "description": "Optional: the authentication method to use. If not specified or 'AWS' specified, AWS request signing will be used. If 'direct' specified, the provided accessToken will be used as a bearer token to authenticate requests to the endpoint.", + "type": "string", + "enum": ["AWS", "direct"], + "default": "AWS" + }, + "urlBuilder": { + "description": "Optional: the URL building method to use. If not specified or 'AWS' specified, region and model will be used to build the AWS Bedrock URL. If 'direct' specified, the provided endpoint will be used as the URL.", + "type": "string", + "enum": ["AWS", "direct"], + "default": "AWS" + } + } + }, + "ServerSideProviderConfigAzureOpenAI": { + "type": "object", + "required": ["type", "endpoint", "user", "useDeprecatedCompletionsAPI"], + "properties": { + "type": { + "type": "string", + "const": "azureOpenAI" + }, + "accessToken": { + "description": "As of 5.2.4 the access token can be left empty and it will rely on Environmental, Workload Identity or Managed Identity credentials configured for the frontend and worker services; Set it to if directly configuring the credentials using the API key specified in the Azure portal", + "type": "string" + }, + "accessTokenQuery": { + "description": "Ignored when accessToken is set; this is a configuration for fetching a provider access token over HTTP.", + "$ref": "#/definitions/AccessTokenQuery" + }, + "endpoint": { + "description": "Endpoint from the Azure OpenAI Service portal", + "type": "string" + }, + "user": { + "description": "The user field passed along to OpenAI-provided models.", + "type": "string" + }, + "useDeprecatedCompletionsAPI": { + "description": "Enables the use of the older completions API for select Azure OpenAI models. This is just an escape hatch, for backwards compatibility, because not all Azure OpenAI models are available on the 'newer' completions API.", + "type": "boolean" + }, + "apiVersion": { + "description": "The API version to use for the Azure OpenAI Service. Compatibility may be broken between versions - the only officially supported option here is to leave it unset.", + "type": "string" + } + } + }, + "ServerSideProviderConfigAnthropicProvider": { + "type": "object", + "required": ["type", "endpoint"], + "properties": { + "type": { + "type": "string", + "const": "anthropic" + }, + "accessToken": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "accessTokenQuery": { + "description": "Ignored when accessToken is set; this is a configuration for fetching a provider access token over HTTP.", + "$ref": "#/definitions/AccessTokenQuery" + } + } + }, + "ServerSideProviderConfigFireworksProvider": { + "type": "object", + "required": ["type", "accessToken", "endpoint"], + "properties": { + "type": { + "type": "string", + "const": "fireworks" + }, + "accessToken": { + "type": "string" + }, + "endpoint": { + "type": "string" + } + } + }, + "ServerSideProviderConfigGoogleProvider": { + "type": "object", + "required": ["type", "accessToken", "endpoint"], + "properties": { + "type": { + "type": "string", + "const": "google" + }, + "accessToken": { + "type": "string" + }, + "endpoint": { + "type": "string" + } + } + }, + "ServerSideProviderConfigOpenAIProvider": { + "type": "object", + "required": ["type", "accessToken", "endpoint"], + "properties": { + "type": { + "type": "string", + "const": "openai" + }, + "accessToken": { + "type": "string" + }, + "endpoint": { + "type": "string" + } + } + }, + "ServerSideProviderConfigHuggingfaceTGIProvider": { + "type": "object", + "required": ["type", "endpoints"], + "properties": { + "type": { + "type": "string", + "const": "huggingface-tgi" + }, + "endpoints": { + "$ref": "#/definitions/OpenAICompatibleEndpoint" + }, + "enableVerboseLogs": { + "description": "Whether to enable verbose logging of requests. When enabled, grep for 'OpenAICompatible' in the frontend container logs to see the requests Cody makes to the endpoint.", + "type": "boolean", + "default": false + } + } + }, + "ServerSideProviderConfigOpenAICompatibleProvider": { + "type": "object", + "required": ["type", "endpoints"], + "properties": { + "type": { + "type": "string", + "const": "openaicompatible" + }, + "endpoints": { + "$ref": "#/definitions/OpenAICompatibleEndpoint" + }, + "enableVerboseLogs": { + "description": "Whether to enable verbose logging of requests. When enabled, grep for 'OpenAICompatible' in the frontend container logs to see the requests Cody makes to the endpoint.", + "type": "boolean", + "default": false + }, + "useLegacyCompletions": { + "description": "If true (default), uses the /completions endpoint for autocomplete requests. If false, uses the /chat/completions endpoint for all requests, including autocomplete.", + "type": "boolean", + "default": true + } + } + }, + "OpenAICompatibleEndpoint": { + "description": "Endpoints to connect to. If multiple are specified, Sourcegraph will randomly distribute requests between them.", + "type": "array", + "items": { + "minLength": 1, + "type": "object", + "required": ["url"], + "properties": { + "url": { + "type": "string" + }, + "accessToken": { + "type": "string" + }, + "accessTokenQuery": { + "description": "Ignored when accessToken is set; this is a configuration for fetching a provider access token over HTTP.", + "$ref": "#/definitions/AccessTokenQuery" + }, + "headers": { + "description": "Optional static headers that should be sent with requests to this endpoint. If provided, both accessToken and accessTokenQuery will be ignored and no 'Authorization' header will be set unless configured here.", + "type": "object", + "additionalProperties": { + "type": "string" + } + } + } + } + }, + "ServerSideProviderConfigSourcegraphProvider": { + "type": "object", + "required": ["type", "accessToken", "endpoint"], + "properties": { + "type": { + "type": "string", + "const": "sourcegraph" + }, + "accessToken": { + "type": "string" + }, + "endpoint": { + "type": "string" + } + } + }, + "ClientSideModelConfig": { + "type": "object", + "default": null, + "description": "No client-side model configuration is currently available.", + "properties": { + "openaicompatible": { + "$ref": "#/definitions/ClientSideModelConfigOpenAICompatible" + } + } + }, + "ClientSideModelConfigOpenAICompatible": { + "type": "object", + "default": null, + "description": "Advanced configuration options that are only respected if the model is provided by an openaicompatible provider.", + "properties": { + "stopSequences": { + "type": "array", + "items": { + "type": "string", + "description": "List of stop sequences to use for this model.", + "examples": ["\n"] + } + }, + "endOfText": { + "type": "string", + "description": "End of text identifier used by the model.", + "examples": ["<|endoftext|>", ""] + }, + "contextSizeHintTotalCharacters": { + "!go": { + "pointer": true + }, + "default": null, + "type": "integer", + "description": "A hint the client should use when producing context to send to the LLM.\nThe maximum length of all context (prefix + suffix + snippets), in characters." + }, + "contextSizeHintPrefixCharacters": { + "!go": { + "pointer": true + }, + "default": null, + "type": "integer", + "description": "A hint the client should use when producing context to send to the LLM.\nThe maximum length of the document prefix (text before the cursor) to include, in characters." + }, + "contextSizeHintSuffixCharacters": { + "!go": { + "pointer": true + }, + "default": null, + "type": "integer", + "description": "A hint the client should use when producing context to send to the LLM.\nThe maximum length of the document suffix (text after the cursor) to include, in characters." + }, + "chatPreInstruction": { + "type": "string", + "description": "Custom instruction to be included at the start of all chat messages\nwhen using this model, e.g. 'Answer all questions in Spanish.'\n\nNote: similar to Cody client config option 'cody.chat.preInstruction'; if user has configured that it will be used instead of this." + }, + "editPostInstruction": { + "type": "string", + "description": "Custom instruction to be included at the end of all edit commands\nwhen using this model, e.g. 'Write all unit tests with Jest instead of detected framework.'\n\nNote: similar to Cody client config option 'cody.edit.preInstruction'; if user has configured that it will be respected instead of this." + }, + "autocompleteSinglelineTimeout": { + "type": "integer", + "description": "How long the client should wait for autocomplete results to come back (milliseconds), before giving up and not displaying an autocomplete result at all.\n\nThis applies on single-line completions, e.g. 'var i = '\n\nNote: similar to hidden Cody client config option 'cody.autocomplete.advanced.timeout.singleline' If user has configured that, it will be respected instead of this." + }, + "autocompleteMultilineTimeout": { + "type": "integer", + "description": "How long the client should wait for autocomplete results to come back (milliseconds), before giving up and not displaying an autocomplete result at all.\n\nThis applies on multi-line completions, which are based on intent-detection when e.g. a code block is being completed, e.g. 'func parseURL(url string) {'\n\nNote: similar to hidden Cody client config option 'cody.autocomplete.advanced.timeout.multiline' If user has configured that, it will be respected instead of this." + }, + "chatTopK": { + "!go": { + "pointer": true + }, + "type": "number" + }, + "chatTopP": { + "!go": { + "pointer": true + }, + "type": "number" + }, + "chatTemperature": { + "!go": { + "pointer": true + }, + "type": "number" + }, + "chatMaxTokens": { + "type": "integer" + }, + "autoCompleteTopK": { + "!go": { + "pointer": true + }, + "type": "number" + }, + "autoCompleteTopP": { + "!go": { + "pointer": true + }, + "type": "number" + }, + "autoCompleteTemperature": { + "!go": { + "pointer": true + }, + "type": "number" + }, + "autoCompleteSinglelineMaxTokens": { + "type": "integer" + }, + "autoCompleteMultilineMaxTokens": { + "type": "integer" + }, + "editTopK": { + "!go": { + "pointer": true + }, + "type": "number" + }, + "editTopP": { + "!go": { + "pointer": true + }, + "type": "number" + }, + "editTemperature": { + "!go": { + "pointer": true + }, + "type": "number" + }, + "editMaxTokens": { + "type": "integer" + } + } + }, + "ServerSideModelConfig": { + "type": "object", + "!go": { + "taggedUnionType": true + }, + "default": null, + "required": ["type"], + "properties": { + "type": { + "type": "string", + "enum": ["awsBedrockProvisionedThroughput", "awsBedrock", "openaicompatible"] + } + }, + "oneOf": [ + { + "$ref": "#/definitions/ServerSideModelConfigAwsBedrockProvisionedThroughput" + }, + { + "$ref": "#/definitions/ServerSideModelConfigAwsBedrock" + }, + { + "$ref": "#/definitions/ServerSideModelConfigOpenAICompatible" + }, + { + "$ref": "#/definitions/DoNotUsePhonyDiscriminantType" + } + ] + }, + "ServerSideModelConfigAwsBedrockProvisionedThroughput": { + "type": "object", + "required": ["type", "arn"], + "properties": { + "type": { + "type": "string", + "const": "awsBedrockProvisionedThroughput" + }, + "arn": { + "description": "The 'provisioned throughput ARN' to use when sending requests to AWS Bedrock", + "type": "string" + } + } + }, + "ServerSideModelConfigAwsBedrock": { + "description": "AWS Bedrock model configuration options.", + "type": "object", + "required": ["type"], + "properties": { + "type": { + "type": "string", + "const": "awsBedrock" + }, + "latencyOptimization": { + "description": "Configures whether to use latency-optimized inference for this model. Available options are 'standard' and 'optimized'. See: https://docs.aws.amazon.com/bedrock/latest/userguide/latency-optimized-inference.html", + "type": "string", + "enum": ["standard", "optimized"] + }, + "arn": { + "description": "The 'provisioned throughput ARN' to use when sending requests to AWS Bedrock", + "type": "string" + } + } + }, + "ServerSideModelConfigOpenAICompatible": { + "description": "Configuration that is only respected if the model is provided by an openaicompatible provider.", + "type": "object", + "required": ["type"], + "properties": { + "type": { + "type": "string", + "const": "openaicompatible" + }, + "apiModel": { + "description": "The literal string value of the 'model' field that will be sent to the /chat/completions API, for example. If set, Sourcegraph treats this as an opaque string and sends it directly to the API, inferring no information from it. By default, the configured model name is sent.", + "type": "string" + } + } + }, + "DoNotUsePhonyDiscriminantType": { + "type": "object", + "required": ["type"], + "properties": { + "type": { + "type": "string", + "const": "unused" + }, + "doNotUseThisProperty": { + "description": "Do not use/set this property, it is useless. go-jsonschema has an issue where it does not support writing a tagged union unless it can find a field each of the union types do NOT have in common; this type merely exists to provide a field that is not in common with all other oneOf types. https://sourcegraph.com/github.com/sourcegraph/go-jsonschema/-/blob/compiler/generator_tagged_union_type.go?L47-49", + "type": "string" + } + } + }, + "BrandAssets": { + "type": "object", + "properties": { + "logo": { + "description": "The URL to the image used on the homepage. This will replace the Sourcegraph logo on the homepage. Maximum width: 320px. We recommend using the following file formats: SVG, PNG", + "type": "string", + "format": "uri" + }, + "symbol": { + "description": "The URL to the symbol used as the search icon. Recommended size: 24x24px. We recommend using the following file formats: SVG, PNG, ICO", + "type": "string", + "format": "uri" + } + } + }, + "BuiltinAuthProvider": { + "description": "Configures the builtin username-password authentication provider.", + "type": "object", + "additionalProperties": false, + "required": ["type"], + "properties": { + "type": { + "type": "string", + "const": "builtin" + }, + "allowSignup": { + "description": "Allows new visitors to sign up for accounts. The sign-up page will be enabled and accessible to all visitors.\n\nSECURITY: If the site has no users (i.e., during initial setup), it will always allow the first user to sign up and become site admin **without any approval** (first user to sign up becomes the admin).", + "type": "boolean", + "default": false + } + } + }, + "OpenIDConnectAuthProvider": { + "description": "Configures the OpenID Connect authentication provider for SSO.", + "type": "object", + "additionalProperties": false, + "required": ["type", "issuer", "clientID", "clientSecret"], + "properties": { + "type": { + "type": "string", + "const": "openidconnect" + }, + "displayName": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayName" + }, + "displayPrefix": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", + "!go": { + "pointer": true + } + }, + "hidden": { + "$ref": "#/definitions/AuthProviderCommon/properties/hidden" + }, + "noSignIn": { + "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" + }, + "order": { + "$ref": "#/definitions/AuthProviderCommon/properties/order" + }, + "configID": { + "description": "An identifier that can be used to reference this authentication provider in other parts of the config. For example, in configuration for a code host, you may want to designate this authentication provider as the identity provider for the code host.", + "type": "string" + }, + "issuer": { + "description": "The URL of the OpenID Connect issuer.\n\nFor Google Apps: https://accounts.google.com", + "type": "string", + "format": "uri", + "pattern": "^https?://" + }, + "clientID": { + "description": "The client ID for the OpenID Connect client for this site.\n\nFor Google Apps: obtain this value from the API console (https://console.developers.google.com), as described at https://developers.google.com/identity/protocols/OpenIDConnect#getcredentials", + "type": "string", + "pattern": "^[^<]" + }, + "clientSecret": { + "description": "The client secret for the OpenID Connect client for this site.\n\nFor Google Apps: obtain this value from the API console (https://console.developers.google.com), as described at https://developers.google.com/identity/protocols/OpenIDConnect#getcredentials", + "type": "string", + "pattern": "^[^<]" + }, + "requireEmailDomain": { + "description": "Only allow users to authenticate if their email domain is equal to this value (example: mycompany.com). Do not include a leading \"@\". If not set, all users on this OpenID Connect provider can authenticate to Sourcegraph.", + "type": "string", + "pattern": "^[^<@]" + }, + "allowSignup": { + "description": "Allows new visitors to sign up for accounts via OpenID Connect authentication. If false, users signing in via OpenID Connect must have an existing Sourcegraph account, which will be linked to their OpenID Connect identity after sign-in.", + "type": "boolean", + "!go": { + "pointer": true + } + }, + "singleIdentityPerUser": { + "description": "When true, any user can connect exactly one identity from the identity provider.", + "type": "boolean", + "default": false + } + } + }, + "SAMLAuthProvider": { + "description": "Configures the SAML authentication provider for SSO.\n\nNote: if you are using IdP-initiated login, you must have *at most one* SAMLAuthProvider in the `auth.providers` array.", + "type": "object", + "additionalProperties": false, + "required": ["type"], + "dependencies": { + "serviceProviderCertificate": ["serviceProviderPrivateKey"], + "serviceProviderPrivateKey": ["serviceProviderCertificate"], + "signRequests": ["serviceProviderCertificate", "serviceProviderPrivateKey"] + }, + "properties": { + "type": { + "type": "string", + "const": "saml" + }, + "configID": { + "description": "An identifier that can be used to reference this authentication provider in other parts of the config. For example, in configuration for a code host, you may want to designate this authentication provider as the identity provider for the code host.", + "type": "string" + }, + "displayName": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayName" + }, + "displayPrefix": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", + "!go": { + "pointer": true + } + }, + "hidden": { + "$ref": "#/definitions/AuthProviderCommon/properties/hidden" + }, + "noSignIn": { + "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" + }, + "order": { + "$ref": "#/definitions/AuthProviderCommon/properties/order" + }, + "serviceProviderIssuer": { + "description": "The SAML Service Provider name, used to identify this Service Provider. This is required if the \"externalURL\" field is not set (as the SAML metadata endpoint is computed as \".auth/saml/metadata\"), or when using multiple SAML authentication providers.", + "type": "string" + }, + "identityProviderMetadataURL": { + "description": "The SAML Identity Provider metadata URL (for dynamic configuration of the SAML Service Provider).", + "type": "string", + "format": "uri", + "pattern": "^https?://" + }, + "identityProviderMetadata": { + "description": "The SAML Identity Provider metadata XML contents (for static configuration of the SAML Service Provider). The value of this field should be an XML document whose root element is `` or ``. To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh.", + "type": "string" + }, + "serviceProviderCertificate": { + "description": "The SAML Service Provider certificate in X.509 encoding (begins with \"-----BEGIN CERTIFICATE-----\"). This certificate is used by the Identity Provider to validate the Service Provider's AuthnRequests and LogoutRequests. It corresponds to the Service Provider's private key (`serviceProviderPrivateKey`). To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh.", + "type": "string", + "$comment": "The pattern matches either X.509 encoding or an env var.", + "pattern": "^(-----BEGIN CERTIFICATE-----\n|\\$)", + "minLength": 1 + }, + "serviceProviderPrivateKey": { + "description": "The SAML Service Provider private key in PKCS#8 encoding (begins with \"-----BEGIN PRIVATE KEY-----\"). This private key is used to sign AuthnRequests and LogoutRequests. It corresponds to the Service Provider's certificate (`serviceProviderCertificate`). To escape the value into a JSON string, you may want to use a tool like https://json-escape-text.now.sh.", + "type": "string", + "$comment": "The pattern matches either PKCS#8 encoding or an env var.", + "pattern": "^(-----BEGIN PRIVATE KEY-----\n|\\$)", + "minLength": 1 + }, + "nameIDFormat": { + "description": "The SAML NameID format to use when performing user authentication.", + "type": "string", + "pattern": "^urn:", + "default": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "examples": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:persistent", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:2.0:nameid-format:entity" + ] + }, + "signRequests": { + "description": "Sign AuthnRequests and LogoutRequests sent to the Identity Provider using the Service Provider's private key (`serviceProviderPrivateKey`). It defaults to true if the `serviceProviderPrivateKey` and `serviceProviderCertificate` are set, and false otherwise.", + "type": "boolean", + "!go": { + "pointer": true + } + }, + "insecureSkipAssertionSignatureValidation": { + "description": "Whether the Service Provider should (insecurely) accept assertions from the Identity Provider without a valid signature.", + "type": "boolean", + "default": false + }, + "allowSignup": { + "description": "Allows new visitors to sign up for accounts via SAML authentication. If false, users signing in via SAML must have an existing Sourcegraph account, which will be linked to their SAML identity after sign-in.", + "type": "boolean", + "!go": { + "pointer": true + } + }, + "allowGroups": { + "description": "Restrict login to members of these groups", + "type": "array", + "items": { + "type": "string", + "minLength": 1 + } + }, + "groupsAttributeName": { + "description": "Name of the SAML assertion attribute that holds group membership for allowGroups setting", + "type": "string", + "default": "groups" + }, + "usernameAttributeNames": { + "description": "Names of the SAML assertions attributes to check for a user's username. Checked in the order the names are provided.", + "type": "array", + "items": { + "type": "string", + "minLength": 1 + } + } + } + }, + "HTTPHeaderAuthProvider": { + "description": "Configures the HTTP header authentication provider (which authenticates users by consulting an HTTP request header set by an authentication proxy such as https://github.com/bitly/oauth2_proxy).", + "type": "object", + "additionalProperties": false, + "required": ["type", "usernameHeader"], + "properties": { + "type": { + "type": "string", + "const": "http-header" + }, + "usernameHeader": { + "description": "The name (case-insensitive) of an HTTP header whose value is taken to be the username of the client requesting the page. Set this value when using an HTTP proxy that authenticates requests, and you don't want the extra configurability of the other authentication methods.", + "type": "string", + "examples": ["X-Forwarded-User"] + }, + "stripUsernameHeaderPrefix": { + "description": "The prefix that precedes the username portion of the HTTP header specified in `usernameHeader`. If specified, the prefix will be stripped from the header value and the remainder will be used as the username. For example, if using Google Identity-Aware Proxy (IAP) with Google Sign-In, set this value to `accounts.google.com:`.", + "type": "string", + "examples": ["accounts.google.com:"] + }, + "emailHeader": { + "description": "The name (case-insensitive) of an HTTP header whose value is taken to be the email of the client requesting the page. Set this value when using an HTTP proxy that authenticates requests, and you don't want the extra configurability of the other authentication methods.", + "type": "string", + "examples": ["X-App-Email"] + }, + "allowSignup": { + "description": "Creates accounts for new users. Set this value to false to require users with HTTP header attestation to have an existing Sourcegraph account.", + "type": "boolean", + "default": true, + "examples": [false], + "!go": { + "pointer": true + } + } + } + }, + "GitHubAuthProvider": { + "description": "Configures the GitHub (or GitHub Enterprise) OAuth authentication provider for SSO. In addition to specifying this configuration object, you must also create a OAuth App on your GitHub instance: https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app/. When a user signs into Sourcegraph or links their GitHub account to their existing Sourcegraph account, GitHub will prompt the user for the repo scope.", + "type": "object", + "additionalProperties": false, + "required": ["type", "clientID", "clientSecret"], + "properties": { + "type": { + "type": "string", + "const": "github" + }, + "url": { + "type": "string", + "description": "URL of the GitHub instance, such as https://github.com/ or https://github-enterprise.example.com.", + "default": "https://github.com/", + "pattern": "^https?://", + "!go": { + "typeName": "NormalizedURL" + } + }, + "clientID": { + "type": "string", + "description": "The Client ID of the GitHub OAuth app, accessible from https://github.com/settings/developers (or the same path on GitHub Enterprise)." + }, + "clientSecret": { + "type": "string", + "description": "The Client Secret of the GitHub OAuth app, accessible from https://github.com/settings/developers (or the same path on GitHub Enterprise)." + }, + "displayName": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayName" + }, + "displayPrefix": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", + "!go": { + "pointer": true + } + }, + "hidden": { + "$ref": "#/definitions/AuthProviderCommon/properties/hidden" + }, + "noSignIn": { + "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" + }, + "order": { + "$ref": "#/definitions/AuthProviderCommon/properties/order" + }, + "allowSignup": { + "description": "Allows new visitors to sign up for accounts via GitHub authentication. If false, users signing in via GitHub must have an existing Sourcegraph account, which will be linked to their GitHub identity after sign-in.", + "default": false, + "type": "boolean" + }, + "allowOrgs": { + "description": "Restricts new logins and signups (if allowSignup is true) to members of these GitHub organizations. Existing sessions won't be invalidated. Leave empty or unset for no org restrictions.", + "default": [], + "type": "array", + "items": { + "type": "string", + "minLength": 1 + } + }, + "allowOrgsMap": { + "description": "Restricts new logins and signups (if allowSignup is true) to members of GitHub teams. Each list of teams should have their Github org name as a key. Subteams inheritance is not supported, therefore only members of the listed teams will be granted access. Existing sessions won't be invalidated. Leave empty or unset for no team restrictions.", + "default": {}, + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string" + } + }, + "examples": [ + { + "orgName": ["team1"], + "anotherOrgName": ["team2", "team3"] + } + ] + }, + "allowGroupsPermissionsSync": { + "description": "Experimental: Allows sync of GitHub teams and organizations permissions across all external services associated with this provider to allow enabling of [repository permissions caching](https://sourcegraph.com/docs/admin/code_hosts/github#teams-and-organizations-permissions-caching).", + "default": false, + "type": "boolean" + } + } + }, + "GitLabAuthProvider": { + "description": "Configures the GitLab OAuth authentication provider for SSO. In addition to specifying this configuration object, you must also create a OAuth App on your GitLab instance: https://docs.gitlab.com/ee/integration/oauth_provider.html. The application should have `api` and `read_user` scopes and the callback URL set to the concatenation of your Sourcegraph instance URL and \"/.auth/gitlab/callback\".", + "type": "object", + "additionalProperties": false, + "required": ["type", "clientID", "clientSecret"], + "properties": { + "type": { + "type": "string", + "const": "gitlab" + }, + "url": { + "type": "string", + "description": "URL of the GitLab instance, such as https://gitlab.com or https://gitlab.example.com.", + "default": "https://gitlab.com/", + "pattern": "^https?://", + "!go": { + "typeName": "NormalizedURL" + } + }, + "ssoURL": { + "type": "string", + "description": "An alternate sign-in URL used to ease SSO sign-in flows, such as https://gitlab.com/groups/your-group/saml/sso?token=xxxxxx", + "default": "" + }, + "clientID": { + "type": "string", + "description": "The Client ID of the GitLab OAuth app, accessible from https://gitlab.com/oauth/applications (or the same path on your private GitLab instance)." + }, + "clientSecret": { + "type": "string", + "description": "The Client Secret of the GitLab OAuth app, accessible from https://gitlab.com/oauth/applications (or the same path on your private GitLab instance)." + }, + "displayName": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayName" + }, + "displayPrefix": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", + "!go": { + "pointer": true + } + }, + "hidden": { + "$ref": "#/definitions/AuthProviderCommon/properties/hidden" + }, + "noSignIn": { + "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" + }, + "order": { + "$ref": "#/definitions/AuthProviderCommon/properties/order" + }, + "apiScope": { + "type": "string", + "description": "The OAuth API scope that should be used", + "default": "api", + "enum": ["api", "read_api"] + }, + "allowSignup": { + "description": "Allows new visitors to sign up for accounts via GitLab authentication. If false, users signing in via GitLab must have an existing Sourcegraph account, which will be linked to their GitLab identity after sign-in.", + "default": true, + "type": "boolean", + "!go": { + "pointer": true + } + }, + "allowGroups": { + "description": "Restricts new logins and signups (if allowSignup is true) to members of these GitLab groups. Existing sessions won't be invalidated. Make sure to inform the full path for groups or subgroups instead of their names. Leave empty or unset for no group restrictions.", + "default": [], + "type": "array", + "items": { + "type": "string", + "minLength": 1 + }, + "examples": [["group", "group/subgroup", "group/subgroup/subgroup"]] + }, + "tokenRefreshWindowMinutes": { + "description": "Time in minutes before token expiry when we should attempt to refresh it", + "default": 10, + "type": "integer" + }, + "syncInternalRepoPermissions": { + "description": "Whether to sync permissions for internal repositories on GitLab. Setting this to false can be useful when internal repositories are configured to be public on Sourcegraph.", + "default": true, + "type": "boolean", + "!go": { + "pointer": true + } + } + } + }, + "BitbucketCloudAuthProvider": { + "description": "Configures the Bitbucket Cloud OAuth authentication provider for SSO. In addition to specifying this configuration object, you must also create a OAuth App on your Bitbucket Cloud workspace: https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/. The application should have account, email, and repository scopes and the callback URL set to the concatenation of your Sourcegraph instance URL and \"/.auth/bitbucketcloud/callback\".", + "type": "object", + "additionalProperties": false, + "required": ["type", "clientKey", "clientSecret"], + "properties": { + "type": { + "type": "string", + "const": "bitbucketcloud" + }, + "url": { + "type": "string", + "description": "URL of the Bitbucket Cloud instance.", + "default": "https://bitbucket.org/", + "pattern": "^https?://", + "!go": { + "typeName": "NormalizedURL" + } + }, + "clientKey": { + "type": "string", + "description": "The Key of the Bitbucket OAuth app." + }, + "clientSecret": { + "type": "string", + "description": "The Client Secret of the Bitbucket OAuth app." + }, + "displayName": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayName" + }, + "displayPrefix": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", + "!go": { + "pointer": true + } + }, + "hidden": { + "$ref": "#/definitions/AuthProviderCommon/properties/hidden" + }, + "noSignIn": { + "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" + }, + "order": { + "$ref": "#/definitions/AuthProviderCommon/properties/order" + }, + "apiScope": { + "type": "string", + "description": "The OAuth API scope that should be used. For permission syncing, specify at least \"account,email,repository\"" + }, + "allowSignup": { + "description": "Allows new visitors to sign up for accounts via Bitbucket Cloud authentication. If false, users signing in via Bitbucket Cloud must have an existing Sourcegraph account, which will be linked to their Bitbucket Cloud identity after sign-in.", + "default": true, + "type": "boolean" + } + } + }, + "BitbucketServerAuthProvider": { + "description": "Configures the Bitbucket Server OAuth authentication provider for SSO. In addition to specifying this configuration object, you must also create a OAuth App on your Bitbucket Server instance: https://confluence.atlassian.com/bitbucketserver0720/configure-an-incoming-link-1116282013.html. The application should have the repository read permission and the callback URL set to the concatenation of your Sourcegraph instance URL and \"/.auth/bitbucketserver/callback\".", + "type": "object", + "additionalProperties": false, + "required": ["type", "clientID", "clientSecret"], + "properties": { + "type": { + "type": "string", + "const": "bitbucketserver" + }, + "url": { + "type": "string", + "description": "URL of the Bitbucket Server instance.", + "example": "https://bitbucket.example.org/", + "pattern": "^https?://", + "!go": { + "typeName": "NormalizedURL" + } + }, + "clientID": { + "type": "string", + "description": "The ID of the Bitbucket OAuth app." + }, + "clientSecret": { + "type": "string", + "description": "The Client Secret of the Bitbucket OAuth app." + }, + "displayName": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayName" + }, + "displayPrefix": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", + "!go": { + "pointer": true + } + }, + "hidden": { + "$ref": "#/definitions/AuthProviderCommon/properties/hidden" + }, + "noSignIn": { + "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" + }, + "order": { + "$ref": "#/definitions/AuthProviderCommon/properties/order" + }, + "allowSignup": { + "description": "Allows new visitors to sign up for accounts via Bitbucket Server OAuth. If false, users signing in via Bitbucket Server must have an existing Sourcegraph account, which will be linked to their Bitbucket Server identity after sign-in.", + "default": true, + "type": "boolean" + } + } + }, + "GerritAuthProvider": { + "description": "Gerrit auth provider", + "type": "object", + "additionalProperties": false, + "required": ["type", "url"], + "properties": { + "type": { + "type": "string", + "const": "gerrit" + }, + "url": { + "type": "string", + "description": "URL of the Gerrit instance, such as https://gerrit-review.googlesource.com or https://gerrit.example.com.", + "default": "https://gerrit-review.googlesource.com/", + "!go": { + "typeName": "NormalizedURL" + } + }, + "displayName": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayName" + }, + "displayPrefix": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", + "!go": { + "pointer": true + } + }, + "hidden": { + "$ref": "#/definitions/AuthProviderCommon/properties/hidden" + }, + "noSignIn": { + "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" + }, + "order": { + "$ref": "#/definitions/AuthProviderCommon/properties/order" + } + } + }, + "AzureDevOpsAuthProvider": { + "description": "Azure auth provider for dev.azure.com", + "type": "object", + "additionalProperties": false, + "required": ["type", "clientID", "clientSecret"], + "properties": { + "type": { + "type": "string", + "const": "azureDevOps" + }, + "url": { + "type": "string", + "description": "Endpoint to authorize with Entra. Required for Entra ID App registrations (all connections created after April 2025)", + "example": "https://login.microsoftonline.com/00000002-0000-0000-c000-000000000000", + "!go": { + "typeName": "NormalizedURL" + } + }, + "clientID": { + "type": "string", + "description": "The app ID of the Azure OAuth app." + }, + "clientSecret": { + "type": "string", + "description": "The client Secret of the Azure OAuth app." + }, + "displayName": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayName" + }, + "displayPrefix": { + "$ref": "#/definitions/AuthProviderCommon/properties/displayPrefix", + "!go": { + "pointer": true + } + }, + "hidden": { + "$ref": "#/definitions/AuthProviderCommon/properties/hidden" + }, + "noSignIn": { + "$ref": "#/definitions/AuthProviderCommon/properties/noSignIn" + }, + "order": { + "$ref": "#/definitions/AuthProviderCommon/properties/order" + }, + "apiScope": { + "type": "string", + "description": "DEPRECATED: The OAuth API scope that should be used", + "default": "vso.code,vso.identity,vso.project", + "deprecated": true, + "deprecationMessage": "Deprecated because this changed with the change to Entra Apps. Configure the scopes you want to grant within Entra under API permissions instead." + }, + "allowOrgs": { + "description": "Restricts new logins and signups (if allowSignup is true) to members of these Azure DevOps organizations only. Existing sessions won't be invalidated. Leave empty or unset for no org restrictions.", + "default": [], + "type": "array", + "items": { + "type": "string", + "minLength": 1 + } + }, + "allowSignup": { + "description": "Allows new visitors to sign up for accounts Azure DevOps authentication. If false, users signing in via Azure DevOps must have an existing Sourcegraph account, which will be linked to their Azure DevOps identity after sign-in.", + "default": true, + "type": "boolean", + "!go": { + "pointer": true + } + } + } + }, + "AuthProviderCommon": { + "$comment": "This schema is not used directly. The *AuthProvider schemas refer to its properties directly.", + "description": "Common properties for authentication providers.", + "type": "object", + "properties": { + "hidden": { + "description": "Hides the configured auth provider from regular use through our web interface by omitting it from the JSContext, useful for experimental auth setups.", + "type": "boolean", + "default": false + }, + "noSignIn": { + "description": "Hides the configured auth provider from the sign in page, but still allows users to connect an external account using their Account Security page to enable permissions syncing.", + "type": "boolean", + "default": false + }, + "order": { + "description": "Determines order of auth providers on the login screen. Ordered as numbers, for example 1, 2, 3.", + "type": "integer", + "minimum": 1 + }, + "displayName": { + "description": "The name to use when displaying this authentication provider in the UI. Defaults to an auto-generated name with the type of authentication provider and other relevant identifiers (such as a hostname).", + "type": "string" + }, + "displayPrefix": { + "description": "Defines the prefix of the auth provider button on the login screen. By default we show `Continue with `. This propery allows you to change the `Continue with ` part to something else. Useful in cases where the displayName is not compatible with the prefix.", + "type": "string", + "default": "Continue with ", + "!go": { + "pointer": true + } + } + } + }, + "NotifierSlack": { + "description": "Slack notifier", + "type": "object", + "required": ["type"], + "properties": { + "type": { + "type": "string", + "const": "slack" + }, + "url": { + "description": "Slack incoming webhook URL.", + "type": "string" + }, + "username": { + "description": "Set the username for the bot’s message.", + "type": "string" + }, + "recipient": { + "description": "Allows you to override the Slack recipient. You must either provide a channel Slack ID, a user Slack ID, a username reference (@, all lowercase, no whitespace), or a channel reference (#, all lowercase, no whitespace).", + "type": "string" + }, + "icon_emoji": { + "description": "Provide an emoji to use as the icon for the bot’s message. Ex :smile:", + "type": "string" + }, + "icon_url": { + "description": "Provide a URL to an image to use as the icon for the bot’s message.", + "type": "string" + } + } + }, + "NotifierPagerduty": { + "description": "PagerDuty notifier", + "type": "object", + "required": ["type", "integrationKey"], + "properties": { + "type": { + "type": "string", + "const": "pagerduty" + }, + "integrationKey": { + "description": "Integration key for the PagerDuty Events API v2 - see https://developer.pagerduty.com/docs/events-api-v2/overview", + "type": "string" + }, + "severity": { + "description": "Severity level for PagerDuty alert", + "type": "string" + }, + "apiUrl": { + "type": "string" + } + } + }, + "NotifierWebhook": { + "description": "Webhook notifier", + "type": "object", + "required": ["type", "url"], + "properties": { + "type": { + "type": "string", + "const": "webhook" + }, + "url": { + "type": "string" + }, + "username": { + "type": "string" + }, + "password": { + "type": "string" + }, + "bearerToken": { + "type": "string" + } + } + }, + "NotifierEmail": { + "description": "Email notifier", + "type": "object", + "required": ["type", "address"], + "properties": { + "type": { + "type": "string", + "const": "email" + }, + "address": { + "description": "Address to send email to", + "type": "string" + } + } + }, + "NotifierOpsGenie": { + "description": "OpsGenie notifier", + "type": "object", + "required": ["type"], + "properties": { + "type": { + "type": "string", + "const": "opsgenie" + }, + "apiKey": { + "type": "string" + }, + "apiUrl": { + "type": "string" + }, + "tags": { + "description": "Comma separated list of tags attached to the notifications - or a Go template that produces such a list. Sourcegraph provides some default ones if this value isn't specified.", + "type": "string" + }, + "priority": { + "description": "Defines the importance of an alert. Allowed values are P1, P2, P3, P4, P5 - or a Go template that resolves to one of those values. By default, Sourcegraph will fill this in for you if a value isn't specified here.", + "type": "string" + }, + "responders": { + "type": "array", + "description": "List of responders responsible for notifications.", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": ["team", "user", "escalation", "schedule"] + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "username": { + "type": "string" + } + }, + "oneOf": [ + { + "required": ["type", "id"] + }, + { + "required": ["type", "name"] + }, + { + "required": ["type", "username"] + } + ] + } + } + } + }, + "EncryptionKey": { + "description": "Config for a key", + "type": "object", + "required": ["type"], + "properties": { + "type": { + "type": "string", + "enum": ["cloudkms", "awskms", "mounted", "noop"] + } + }, + "oneOf": [ + { + "$ref": "#/definitions/CloudKMSEncryptionKey" + }, + { + "$ref": "#/definitions/AWSKMSEncryptionKey" + }, + { + "$ref": "#/definitions/MountedEncryptionKey" + }, + { + "$ref": "#/definitions/NoOpEncryptionKey" + } + ], + "!go": { + "taggedUnionType": true + } + }, + "CloudKMSEncryptionKey": { + "description": "Google Cloud KMS Encryption Key, used to encrypt data in Google Cloud environments", + "type": "object", + "required": ["type", "keyname"], + "properties": { + "type": { + "type": "string", + "const": "cloudkms" + }, + "keyname": { + "type": "string" + }, + "credentialsFile": { + "type": "string" + } + } + }, + "AWSKMSEncryptionKey": { + "description": "AWS KMS Encryption Key, used to encrypt data in AWS environments", + "type": "object", + "required": ["type", "keyId"], + "properties": { + "type": { + "type": "string", + "const": "awskms" + }, + "keyId": { + "type": "string" + }, + "region": { + "type": "string" + }, + "credentialsFile": { + "type": "string" + } + } + }, + "MountedEncryptionKey": { + "description": "This encryption key is mounted from a given file path or an environment variable.", + "type": "object", + "required": ["type", "keyname"], + "properties": { + "type": { + "type": "string", + "const": "mounted" + }, + "keyname": { + "type": "string" + }, + "filepath": { + "type": "string" + }, + "envVarName": { + "type": "string" + }, + "version": { + "type": "string" + } + } + }, + "NoOpEncryptionKey": { + "description": "This encryption key is a no op, leaving your data in plaintext (not recommended).", + "type": "object", + "required": ["type"], + "properties": { + "type": { + "type": "string", + "const": "noop" + } + } + }, + "EmailTemplate": { + "type": "object", + "required": ["subject", "html"], + "properties": { + "subject": { + "description": "Template for email subject header", + "type": "string" + }, + "html": { + "description": "Template for HTML body", + "type": "string" + }, + "text": { + "description": "Optional template for plain-text body. If not provided, a plain-text body will be automatically generated from the HTML template.", + "type": "string" + } + } + }, + "CodyContextFilterItem": { + "type": "object", + "required": ["repoNamePattern"], + "properties": { + "repoNamePattern": { + "description": "Regular expression which matches a set of repository names. The pattern is evaluated using Go regular expression syntax (https://golang.org/pkg/regexp/). By default, the pattern matches partially. Use \\\"^...$\\\" for whole-string matching.", + "type": "string", + "format": "regex" + } + } + }, + "CodyRerankerIdentity": { + "description": "Identity re-ranker", + "type": "object", + "required": ["type"], + "properties": { + "type": { + "type": "string", + "const": "identity" + } + } + }, + "CodyRerankerCohere": { + "description": "Re-ranker using Cohere API", + "type": "object", + "required": ["type", "apiKey"], + "properties": { + "type": { + "type": "string", + "const": "cohere" + }, + "apiKey": { + "type": "string" + }, + "model": { + "type": "string", + "default": "rerank-v3.5" + } + } + }, + "CodyRerankerVoyageAI": { + "description": "Re-ranker using VoyageAI API", + "type": "object", + "required": ["type", "apiKey"], + "properties": { + "type": { + "type": "string", + "const": "voyageai" + }, + "apiKey": { + "type": "string" + }, + "model": { + "type": "string", + "default": "rerank-2" + } + } + }, + "CodyRerankerSourcegraph": { + "description": "Re-ranker using Sourcegraph API", + "type": "object", + "required": ["type"], + "properties": { + "type": { + "type": "string", + "const": "sourcegraph" + }, + "endpoint": { + "type": "string" + }, + "accessToken": { + "type": "string" + } + } + } + } } ``` {/* SCHEMA_SYNC_END: admin/config/site.schema.json */} diff --git a/docs/admin/repo/perforce.mdx b/docs/admin/repo/perforce.mdx index fedcb2ecd..7c53fcdee 100644 --- a/docs/admin/repo/perforce.mdx +++ b/docs/admin/repo/perforce.mdx @@ -220,64 +220,140 @@ With this setting, Sourcegraph will ignore any rules with a host other than `*`, ### `admin/code_hosts/perforce.schema.json` {/* SCHEMA_SYNC_START: admin/code_hosts/perforce.schema.json */} -{/* WARNING: This section is auto-generated during releases. Do not edit manually. */} -{/* Last updated: 2025-07-10T00:07:36Z via sourcegraph/sourcegraph@v6.5.2654 */} ```json { - // If non-null, enforces Perforce depot permissions. - "authorization": { - "ignoreRulesWithHost": false, - "subRepoPermissions": false - }, - - // Depots can have arbitrary paths, e.g. a path to depot root or a subdirectory. - // Other example values: - // - [ - // "//Sourcegraph/", - // "//Engineering/Cloud/" - // ] - "depots": null, - - // Configuration for the experimental p4-fusion client - "fusionClient": { - "cacheLabels": false, - "enabled": false, - "fsyncEnable": false, - "includeBinaries": false, - "lookAhead": 2000, - "maxChanges": -1, - "networkThreads": 12, - "networkThreadsFetch": 12, - "noConvertLabels": false, - "printBatch": 100, - "refresh": 1000, - "retries": 10 - }, - - // Client specified as an option for p4 CLI (P4CLIENT, also enables '--use-client-spec') - "p4.client": null, - - // REQUIRED: - // The ticket value for the user (P4PASSWD). You can get this by running `p4 login -p` or `p4 login -pa`. It should look like `6211C5E719EDE6925855039E8F5CC3D2`. - "p4.passwd": null, - - // REQUIRED: - // The Perforce Server address to be used for p4 CLI (P4PORT). It's recommended to specify the protocol prefix (e.g. tcp: or ssl:) as part of the address. - // Other example values: - // - "ssl:111.222.333.444:1666" - // - "tcp:111.222.333.444:1666" - "p4.port": null, - - // REQUIRED: - // The user to be authenticated for p4 CLI (P4USER). - // Other example values: - // - "admin" - "p4.user": null, - - // The pattern used to generate the corresponding Sourcegraph repository name for a Perforce depot. In the pattern, the variable "{depot}" is replaced with the Perforce depot's path. - // For example, if your Perforce depot path is "//Sourcegraph/" and your Sourcegraph URL is https://src.example.com, then a repositoryPathPattern of "perforce/{depot}" would mean that the Perforce depot is available on Sourcegraph at https://src.example.com/perforce/Sourcegraph. - // It is important that the Sourcegraph repository name generated with this pattern be unique to this Perforce Server. If different Perforce Servers generate repository names that collide, Sourcegraph's behavior is undefined. - "repositoryPathPattern": "{depot}" + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "perforce.schema.json#", + "title": "PerforceConnection", + "description": "Configuration for a connection to Perforce Server.", + "allowComments": true, + "type": "object", + "additionalProperties": false, + "required": ["p4.port", "p4.user", "p4.passwd"], + "properties": { + "p4.port": { + "description": "The Perforce Server address to be used for p4 CLI (P4PORT). It's recommended to specify the protocol prefix (e.g. tcp: or ssl:) as part of the address.", + "type": "string", + "examples": ["ssl:111.222.333.444:1666", "tcp:111.222.333.444:1666"] + }, + "p4.user": { + "description": "The user to be authenticated for p4 CLI (P4USER).", + "type": "string", + "examples": ["admin"] + }, + "p4.passwd": { + "description": "The ticket value for the user (P4PASSWD). You can get this by running `p4 login -p` or `p4 login -pa`. It should look like `6211C5E719EDE6925855039E8F5CC3D2`.", + "type": "string" + }, + "p4.client": { + "description": "Client specified as an option for p4 CLI (P4CLIENT, also enables '--use-client-spec')", + "type": "string" + }, + "depots": { + "description": "Depots can have arbitrary paths, e.g. a path to depot root or a subdirectory.", + "type": "array", + "items": { + "type": "string", + "pattern": "^\\/[\\/ \\S]+\\/$" + }, + "examples": [["//Sourcegraph/", "//Engineering/Cloud/"]] + }, + "authorization": { + "title": "PerforceAuthorization", + "description": "If non-null, enforces Perforce depot permissions.", + "type": "object", + "properties": { + "subRepoPermissions": { + "description": "Experimental: infer sub-repository permissions from protection rules.", + "type": "boolean", + "default": false + }, + "ignoreRulesWithHost": { + "description": "Ignore host-based protection rules (any rule with something other than a wildcard in the Host field).", + "type": "boolean", + "default": false + } + } + }, + "repositoryPathPattern": { + "description": "The pattern used to generate the corresponding Sourcegraph repository name for a Perforce depot. In the pattern, the variable \"{depot}\" is replaced with the Perforce depot's path.\n\nFor example, if your Perforce depot path is \"//Sourcegraph/\" and your Sourcegraph URL is https://src.example.com, then a repositoryPathPattern of \"perforce/{depot}\" would mean that the Perforce depot is available on Sourcegraph at https://src.example.com/perforce/Sourcegraph.\n\nIt is important that the Sourcegraph repository name generated with this pattern be unique to this Perforce Server. If different Perforce Servers generate repository names that collide, Sourcegraph's behavior is undefined.", + "type": "string", + "default": "{depot}" + }, + "fusionClient": { + "type": "object", + "description": "Configuration for the experimental p4-fusion client", + "additionalProperties": false, + "properties": { + "enabled": { + "description": "DEPRECATED. p4-fusion is always enabled.", + "type": "boolean", + "default": false + }, + "networkThreads": { + "description": "The number of threads in the threadpool for running network calls. Defaults to the number of logical CPUs.", + "type": "integer", + "default": 12, + "minimum": 1 + }, + "networkThreadsFetch": { + "description": "The number of threads in the threadpool for running network calls when performing fetches. Defaults to the number of logical CPUs.", + "type": "integer", + "default": 12, + "minimum": 1 + }, + "printBatch": { + "description": "The p4 print batch size", + "type": "integer", + "default": 100, + "minimum": 1 + }, + "retries": { + "description": "How many times a command should be retried before the process exits in a failure", + "type": "integer", + "default": 10, + "minimum": 1 + }, + "refresh": { + "description": "How many times a connection should be reused before it is refreshed", + "type": "integer", + "default": 1000, + "minimum": 1 + }, + "lookAhead": { + "description": "How many CLs in the future, at most, shall we keep downloaded by the time it is to commit them", + "type": "integer", + "default": 2000, + "minimum": 1 + }, + "maxChanges": { + "description": "How many changes to fetch during initial clone. The default of -1 will fetch all known changes", + "type": "integer", + "default": -1 + }, + "includeBinaries": { + "description": "Whether to include binary files", + "type": "boolean", + "default": false + }, + "fsyncEnable": { + "description": " Enable fsync() while writing objects to disk to ensure they get written to permanent storage immediately instead of being cached. This is to mitigate data loss in events of hardware failure.", + "type": "boolean", + "default": false + }, + "noConvertLabels": { + "description": "Disable Perforce label to git tag conversion.", + "type": "boolean", + "default": false + }, + "cacheLabels": { + "description": "Whether to cache Perforce labels on disk to avoid unnecessary roundtrips to the Perforce server.", + "type": "boolean", + "default": false + } + } + } + } } ``` {/* SCHEMA_SYNC_END: admin/code_hosts/perforce.schema.json */}