env.example - incubator-devlake - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #

 #############
 # Lake core #
 #############

 # Lake plugin dir, absolute path or relative path
 PLUGIN_DIR=bin/plugins
 REMOTE_PLUGIN_DIR=python/plugins

 # Lake Database Connection String
 DB_URL=mysql://merico:merico@mysql:3306/lake?charset=utf8mb4&parseTime=True&loc=UTC
 E2E_DB_URL=mysql://merico:merico@mysql:3306/lake_test?charset=utf8mb4&parseTime=True&loc=UTC
 # Silent Error Warn Info
 DB_LOGGING_LEVEL=Error
 # Skip to update progress of subtasks, default is false (#8142)
 SKIP_SUBTASK_PROGRESS=false

 # Lake REST API
 PORT=8080
 MODE=release

 # PUSH_API_ALLOWED_TABLES=table1,table2
 NOTIFICATION_ENDPOINT=
 NOTIFICATION_SECRET=

 API_TIMEOUT=120s
 API_RETRY=3
 API_REQUESTS_PER_HOUR=10000
 PIPELINE_MAX_PARALLEL=1
 # resume undone pipelines on start
 RESUME_PIPELINES=true
 # Debug Info Warn Error
 LOGGING_LEVEL=
 LOGGING_DIR=./logs
 ENABLE_STACKTRACE=true
 FORCE_MIGRATION=false

 # Lake TAP API
 TAP_PROPERTIES_DIR=

 DISABLED_REMOTE_PLUGINS=

 ##########################
 # Sensitive information encryption key
 ##########################
 ENCRYPTION_SECRET=

 ##########################
 # Security settings
 ##########################
 # Set if skip verify and connect with out trusted certificate when use https
 IN_SECURE_SKIP_VERIFY=false
 # Forbid accessing sensity networks, CIDR form separated by comma: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
 ENDPOINT_CIDR_BLACKLIST=
 # Do not follow redirection when requesting data source APIs
 FORBID_REDIRECTION=false

 ##########################
 # Plugin settings
 ##########################
 GITLAB_SERVER_COLLECT_ALL_USERS=true

 ##########################
 # In plugin gitextractor, use go-git to collector repo's data
 ##########################
 USE_GO_GIT_IN_GIT_EXTRACTOR=false
 # NOTE that COMMIT_FILES is part of the COMMIT_STAT
 SKIP_COMMIT_STAT=false
 SKIP_COMMIT_FILES=true

 # Set if response error when requesting /connections/{connection_id}/test should be wrapped or not
 ##########################
 WRAP_RESPONSE_ERROR=

 # Enable subtasks by default: plugin_name:subtask_name:enabled
 ENABLE_SUBTASKS_BY_DEFAULT="jira:collectIssueChangelogs:true,jira:extractIssueChangelogs:true,jira:convertIssueChangelogs:true,tapd:collectBugChangelogs:true,tapd:extractBugChangelogs:true,tapd:convertBugChangelogs:true,zentao:collectBugRepoCommits:true,zentao:extractBugRepoCommits:true,zentao:convertBugRepoCommits:true,zentao:collectStoryRepoCommits:true,zentao:extractStoryRepoCommits:true,zentao:convertStoryRepoCommits:true,zentao:collectTaskRepoCommits:true,zentao:extractTaskRepoCommits:true,zentao:convertTaskRepoCommits:true"

 ##########################
 # OIDC / Authentication
 ##########################
 # Master switch. When false (default) DevLake behaves as before: API keys for
 # /rest/* and trust X-Forwarded-User from an upstream proxy. Set true to
 # require authentication on all non-whitelisted routes.
 AUTH_ENABLED=false

 # OIDC user login. Requires AUTH_ENABLED=true.
 OIDC_ENABLED=false

 # Comma-separated provider identifiers. Each name <NAME> binds to the env
 # vars OIDC_<NAME>_ISSUER_URL, OIDC_<NAME>_CLIENT_ID, etc. Add a name and a
 # matching block of vars to onboard another IdP.
 #   Example: OIDC_PROVIDERS=entra,google
 OIDC_PROVIDERS=

 # Per-provider config. Replicate the OIDC_ENTRA_* block under a different
 # prefix for each name listed in OIDC_PROVIDERS.
 # Microsoft Entra ID example: https://login.microsoftonline.com/<TENANT_ID>/v2.0
 OIDC_ENTRA_ISSUER_URL=
 OIDC_ENTRA_CLIENT_ID=
 OIDC_ENTRA_CLIENT_SECRET=
 # Must match the redirect URI registered with the IdP. The path is the same
 # for every provider; the state cookie disambiguates which one comes back.
 #   Devcontainer dev: http://localhost:4000/api/auth/callback
 OIDC_ENTRA_REDIRECT_URL=
 # Comma-separated. `openid` is required.
 OIDC_ENTRA_SCOPES=openid,profile,email
 # Label rendered on the UI login button.
 OIDC_ENTRA_DISPLAY_NAME=Entra ID
 # Authenticate the code exchange with an Azure Workload Identity federated
 # assertion (read from the SA token file injected by the workload-identity
 # webhook) instead of OIDC_ENTRA_CLIENT_SECRET. Requires the pod label
 # `azure.workload.identity/use: "true"` and a federated credential on the
 # Entra App Registration. Entra-only.
 OIDC_ENTRA_USE_WORKLOAD_IDENTITY=false

 # Google example — create an OAuth 2.0 Web client at console.cloud.google.com
 # (APIs & Services → Credentials). Configure the OAuth consent screen first
 # and add yourself as a test user while the app is in Testing status.
 OIDC_GOOGLE_ISSUER_URL=https://accounts.google.com
 OIDC_GOOGLE_CLIENT_ID=
 OIDC_GOOGLE_CLIENT_SECRET=
 OIDC_GOOGLE_REDIRECT_URL=
 OIDC_GOOGLE_SCOPES=openid,profile,email
 OIDC_GOOGLE_DISPLAY_NAME=Google

 # When true, /auth/logout returns the IdP's end_session_endpoint so the UI
 # can also sign the user out at the IdP.
 OIDC_LOGOUT_REDIRECT=false

 # Required when AUTH_ENABLED=true. At least 32 bytes of high-entropy data.
 # Used to sign session JWTs (HS256) and to derive the AES-GCM key that
 # encrypts the OIDC state cookie. Rotating this invalidates all sessions.
 SESSION_SECRET=
 # How long a session cookie is valid. Format: any time.ParseDuration value.
 SESSION_TTL=8h
 # Leave empty for host-only cookies. Set when serving the API and UI from
 # different subdomains of the same parent (e.g. .example.com).
 COOKIE_DOMAIN=
 # Set to false ONLY for local HTTP development.
 COOKIE_SECURE=true
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#

	#############
	# Lake core #
	#############

	# Lake plugin dir, absolute path or relative path
	PLUGIN_DIR=bin/plugins
	REMOTE_PLUGIN_DIR=python/plugins

	# Lake Database Connection String
	DB_URL=mysql://merico:merico@mysql:3306/lake?charset=utf8mb4&parseTime=True&loc=UTC
	E2E_DB_URL=mysql://merico:merico@mysql:3306/lake_test?charset=utf8mb4&parseTime=True&loc=UTC
	# Silent Error Warn Info
	DB_LOGGING_LEVEL=Error
	# Skip to update progress of subtasks, default is false (#8142)
	SKIP_SUBTASK_PROGRESS=false

	# Lake REST API
	PORT=8080
	MODE=release

	# PUSH_API_ALLOWED_TABLES=table1,table2
	NOTIFICATION_ENDPOINT=
	NOTIFICATION_SECRET=

	API_TIMEOUT=120s
	API_RETRY=3
	API_REQUESTS_PER_HOUR=10000
	PIPELINE_MAX_PARALLEL=1
	# resume undone pipelines on start
	RESUME_PIPELINES=true
	# Debug Info Warn Error
	LOGGING_LEVEL=
	LOGGING_DIR=./logs
	ENABLE_STACKTRACE=true
	FORCE_MIGRATION=false

	# Lake TAP API
	TAP_PROPERTIES_DIR=

	DISABLED_REMOTE_PLUGINS=

	##########################
	# Sensitive information encryption key
	##########################
	ENCRYPTION_SECRET=

	##########################
	# Security settings
	##########################
	# Set if skip verify and connect with out trusted certificate when use https
	IN_SECURE_SKIP_VERIFY=false
	# Forbid accessing sensity networks, CIDR form separated by comma: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
	ENDPOINT_CIDR_BLACKLIST=
	# Do not follow redirection when requesting data source APIs
	FORBID_REDIRECTION=false

	##########################
	# Plugin settings
	##########################
	GITLAB_SERVER_COLLECT_ALL_USERS=true

	##########################
	# In plugin gitextractor, use go-git to collector repo's data
	##########################
	USE_GO_GIT_IN_GIT_EXTRACTOR=false
	# NOTE that COMMIT_FILES is part of the COMMIT_STAT
	SKIP_COMMIT_STAT=false
	SKIP_COMMIT_FILES=true

	# Set if response error when requesting /connections/{connection_id}/test should be wrapped or not
	##########################
	WRAP_RESPONSE_ERROR=

	# Enable subtasks by default: plugin_name:subtask_name:enabled
	ENABLE_SUBTASKS_BY_DEFAULT="jira:collectIssueChangelogs:true,jira:extractIssueChangelogs:true,jira:convertIssueChangelogs:true,tapd:collectBugChangelogs:true,tapd:extractBugChangelogs:true,tapd:convertBugChangelogs:true,zentao:collectBugRepoCommits:true,zentao:extractBugRepoCommits:true,zentao:convertBugRepoCommits:true,zentao:collectStoryRepoCommits:true,zentao:extractStoryRepoCommits:true,zentao:convertStoryRepoCommits:true,zentao:collectTaskRepoCommits:true,zentao:extractTaskRepoCommits:true,zentao:convertTaskRepoCommits:true"

	##########################
	# OIDC / Authentication
	##########################
	# Master switch. When false (default) DevLake behaves as before: API keys for
	# /rest/* and trust X-Forwarded-User from an upstream proxy. Set true to
	# require authentication on all non-whitelisted routes.
	AUTH_ENABLED=false

	# OIDC user login. Requires AUTH_ENABLED=true.
	OIDC_ENABLED=false

	# Comma-separated provider identifiers. Each name <NAME> binds to the env
	# vars OIDC_<NAME>_ISSUER_URL, OIDC_<NAME>_CLIENT_ID, etc. Add a name and a
	# matching block of vars to onboard another IdP.
	# Example: OIDC_PROVIDERS=entra,google
	OIDC_PROVIDERS=

	# Per-provider config. Replicate the OIDC_ENTRA_* block under a different
	# prefix for each name listed in OIDC_PROVIDERS.
	# Microsoft Entra ID example: https://login.microsoftonline.com/<TENANT_ID>/v2.0
	OIDC_ENTRA_ISSUER_URL=
	OIDC_ENTRA_CLIENT_ID=
	OIDC_ENTRA_CLIENT_SECRET=
	# Must match the redirect URI registered with the IdP. The path is the same
	# for every provider; the state cookie disambiguates which one comes back.
	# Devcontainer dev: http://localhost:4000/api/auth/callback
	OIDC_ENTRA_REDIRECT_URL=
	# Comma-separated. `openid` is required.
	OIDC_ENTRA_SCOPES=openid,profile,email
	# Label rendered on the UI login button.
	OIDC_ENTRA_DISPLAY_NAME=Entra ID
	# Authenticate the code exchange with an Azure Workload Identity federated
	# assertion (read from the SA token file injected by the workload-identity
	# webhook) instead of OIDC_ENTRA_CLIENT_SECRET. Requires the pod label
	# `azure.workload.identity/use: "true"` and a federated credential on the
	# Entra App Registration. Entra-only.
	OIDC_ENTRA_USE_WORKLOAD_IDENTITY=false

	# Google example — create an OAuth 2.0 Web client at console.cloud.google.com
	# (APIs & Services → Credentials). Configure the OAuth consent screen first
	# and add yourself as a test user while the app is in Testing status.
	OIDC_GOOGLE_ISSUER_URL=https://accounts.google.com
	OIDC_GOOGLE_CLIENT_ID=
	OIDC_GOOGLE_CLIENT_SECRET=
	OIDC_GOOGLE_REDIRECT_URL=
	OIDC_GOOGLE_SCOPES=openid,profile,email
	OIDC_GOOGLE_DISPLAY_NAME=Google

	# When true, /auth/logout returns the IdP's end_session_endpoint so the UI
	# can also sign the user out at the IdP.
	OIDC_LOGOUT_REDIRECT=false

	# Required when AUTH_ENABLED=true. At least 32 bytes of high-entropy data.
	# Used to sign session JWTs (HS256) and to derive the AES-GCM key that
	# encrypts the OIDC state cookie. Rotating this invalidates all sessions.
	SESSION_SECRET=
	# How long a session cookie is valid. Format: any time.ParseDuration value.
	SESSION_TTL=8h
	# Leave empty for host-only cookies. Set when serving the API and UI from
	# different subdomains of the same parent (e.g. .example.com).
	COOKIE_DOMAIN=
	# Set to false ONLY for local HTTP development.
	COOKIE_SECURE=true