forked from kubernetes/test-infra
-
Notifications
You must be signed in to change notification settings - Fork 0
/
prow-config-documented.yaml
1324 lines (1070 loc) · 55.6 KB
/
prow-config-documented.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
branch-protection:
# AllowDeletions allows deletion of the protected branch by anyone with write access to the repository.
allow_deletions: false
# AllowDisabledJobPolicies allows a branch to choose to opt out of branch protection
# even if Prow has registered required jobs for that branch.
allow_disabled_job_policies: false
# AllowDisabledPolicies allows a child to disable all protection even if the
# branch has inherited protection options from a parent.
allow_disabled_policies: false
# AllowForcePushes permits force pushes to the protected branch by anyone with write access to the repository.
allow_force_pushes: false
# Admins overrides whether protections apply to admins if set.
enforce_admins: false
# Exclude specifies a set of regular expressions which identify branches
# that should be excluded from the protection policy, mutually exclusive with Include
exclude:
- ""
# Include specifies a set of regular expressions which identify branches
# that should be included from the protection policy, mutually exclusive with Exclude
include:
- ""
# Orgs holds branch protection options for orgs by name
orgs:
"":
# AllowDeletions allows deletion of the protected branch by anyone with write access to the repository.
allow_deletions: false
# AllowForcePushes permits force pushes to the protected branch by anyone with write access to the repository.
allow_force_pushes: false
# Admins overrides whether protections apply to admins if set.
enforce_admins: false
# Exclude specifies a set of regular expressions which identify branches
# that should be excluded from the protection policy, mutually exclusive with Include
exclude:
- ""
# Include specifies a set of regular expressions which identify branches
# that should be included from the protection policy, mutually exclusive with Exclude
include:
- ""
# Protect overrides whether branch protection is enabled if set.
protect: false
repos:
"":
# AllowDeletions allows deletion of the protected branch by anyone with write access to the repository.
allow_deletions: false
# AllowForcePushes permits force pushes to the protected branch by anyone with write access to the repository.
allow_force_pushes: false
branches:
"":
# AllowDeletions allows deletion of the protected branch by anyone with write access to the repository.
allow_deletions: false
# AllowForcePushes permits force pushes to the protected branch by anyone with write access to the repository.
allow_force_pushes: false
# Admins overrides whether protections apply to admins if set.
enforce_admins: false
# Exclude specifies a set of regular expressions which identify branches
# that should be excluded from the protection policy, mutually exclusive with Include
exclude:
- ""
# Include specifies a set of regular expressions which identify branches
# that should be included from the protection policy, mutually exclusive with Exclude
include:
- ""
# Protect overrides whether branch protection is enabled if set.
protect: false
# RequiredLinearHistory enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch.
required_linear_history: false
# RequiredPullRequestReviews specifies github approval/review criteria.
required_pull_request_reviews:
# DismissStale overrides whether new commits automatically dismiss old reviews if set
dismiss_stale_reviews: false
# Restrictions appends users/teams that are allowed to merge
dismissal_restrictions:
teams:
- ""
users:
- ""
# RequireOwners overrides whether CODEOWNERS must approve PRs if set
require_code_owner_reviews: false
# Approvals overrides the number of approvals required if set (set to 0 to disable)
required_approving_review_count: 0
# RequiredStatusChecks configures github contexts
required_status_checks:
# Contexts appends required contexts that must be green to merge
contexts:
- ""
# Strict overrides whether new commits in the base branch require updating the PR if set
strict: false
# Restrictions limits who can merge
restrictions:
teams:
- ""
users:
- ""
# Unmanaged makes us not manage the branchprotection.
unmanaged: false
# Admins overrides whether protections apply to admins if set.
enforce_admins: false
# Exclude specifies a set of regular expressions which identify branches
# that should be excluded from the protection policy, mutually exclusive with Include
exclude:
- ""
# Include specifies a set of regular expressions which identify branches
# that should be included from the protection policy, mutually exclusive with Exclude
include:
- ""
# Protect overrides whether branch protection is enabled if set.
protect: false
# RequiredLinearHistory enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch.
required_linear_history: false
# RequiredPullRequestReviews specifies github approval/review criteria.
required_pull_request_reviews:
# DismissStale overrides whether new commits automatically dismiss old reviews if set
dismiss_stale_reviews: false
# Restrictions appends users/teams that are allowed to merge
dismissal_restrictions:
teams:
- ""
users:
- ""
# RequireOwners overrides whether CODEOWNERS must approve PRs if set
require_code_owner_reviews: false
# Approvals overrides the number of approvals required if set (set to 0 to disable)
required_approving_review_count: 0
# RequiredStatusChecks configures github contexts
required_status_checks:
# Contexts appends required contexts that must be green to merge
contexts:
- ""
# Strict overrides whether new commits in the base branch require updating the PR if set
strict: false
# Restrictions limits who can merge
restrictions:
teams:
- ""
users:
- ""
# Unmanaged makes us not manage the branchprotection.
unmanaged: false
# RequiredLinearHistory enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch.
required_linear_history: false
# RequiredPullRequestReviews specifies github approval/review criteria.
required_pull_request_reviews:
# DismissStale overrides whether new commits automatically dismiss old reviews if set
dismiss_stale_reviews: false
# Restrictions appends users/teams that are allowed to merge
dismissal_restrictions:
teams:
- ""
users:
- ""
# RequireOwners overrides whether CODEOWNERS must approve PRs if set
require_code_owner_reviews: false
# Approvals overrides the number of approvals required if set (set to 0 to disable)
required_approving_review_count: 0
# RequiredStatusChecks configures github contexts
required_status_checks:
# Contexts appends required contexts that must be green to merge
contexts:
- ""
# Strict overrides whether new commits in the base branch require updating the PR if set
strict: false
# Restrictions limits who can merge
restrictions:
teams:
- ""
users:
- ""
# Unmanaged makes us not manage the branchprotection.
unmanaged: false
# Protect overrides whether branch protection is enabled if set.
protect: false
# ProtectTested determines if branch protection rules are set for all repos
# that Prow has registered jobs for, regardless of if those repos are in the
# branch protection config.
protect-tested-repos: false
# ProtectReposWithOptionalJobs will make the Branchprotector manage required status
# contexts on repositories that only have optional jobs (default: false)
protect_repos_with_optional_jobs: false
# RequiredLinearHistory enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch.
required_linear_history: false
# RequiredPullRequestReviews specifies github approval/review criteria.
required_pull_request_reviews:
# DismissStale overrides whether new commits automatically dismiss old reviews if set
dismiss_stale_reviews: false
# Restrictions appends users/teams that are allowed to merge
dismissal_restrictions:
teams:
- ""
users:
- ""
# RequireOwners overrides whether CODEOWNERS must approve PRs if set
require_code_owner_reviews: false
# Approvals overrides the number of approvals required if set (set to 0 to disable)
required_approving_review_count: 0
# RequiredStatusChecks configures github contexts
required_status_checks:
# Contexts appends required contexts that must be green to merge
contexts:
- ""
# Strict overrides whether new commits in the base branch require updating the PR if set
strict: false
# Restrictions limits who can merge
restrictions:
teams:
- ""
users:
- ""
# Unmanaged makes us not manage the branchprotection.
unmanaged: false
# The git sha from which this config was generated.
config_version_sha: ' '
deck:
# AdditionalAllowedBuckets is a list of storage buckets to allow in artifact requests
# (in addition to those listed in the GCSConfiguration).
# Setting this field requires "SkipStoragePathValidation" also be set to `false`.
additional_allowed_buckets:
- ""
# Branding of the frontend
branding:
# BackgroundColor is the color of the background.
background_color: ' '
# Favicon is the location of the favicon that will be loaded in deck.
favicon: ' '
# HeaderColor is the color of the header.
header_color: ' '
# Logo is the location of the logo that will be loaded in deck.
logo: ' '
# DefaultRerunAuthConfigs is a list of DefaultRerunAuthConfigEntry structures that specify who can
# trigger job reruns. Reruns are based on whether the entry's org/repo or cluster matches with the
# expected fields in the given configuration.
# Each entry in the slice specifies Repo and Cluster regexp filter fields to
# match against jobs and a corresponding RerunAuthConfig. The entry matching the job with the
# most specification is for authentication purposes.
# This field is smarter than the RerunAuthConfigs, because each
# entry includes additional Cluster regexp information that the old format
# does not consider.
# This field is mutually exclusive with the RerunAuthConfigs field.
default_rerun_auth_configs:
- # Cluster matches against the cluster alias of the build cluster that the
# ProwJob is configured to run on. Recall that ProwJobs default to running on
# the "default" build cluster if they omit the "cluster" field in config.
cluster: ' '
# OrgRepo matches against the "org" or "org/repo" that the presubmit or postsubmit
# is associated with. If the job is a periodic, extra_refs[0] is used. If the
# job is a periodic without extra_refs, the empty string will be used.
# If this field is omitted all jobs will match.
repo: ' '
# Config is the RerunAuthConfig to apply if the filter fields all match the
# ProwJob. Note that when multiple entries match a ProwJob the entry with the
# highest specification is used.
rerun_auth_configs:
# If AllowAnyone is set to true, any user can rerun the job
allow_anyone: true
# GitHubOrgs contains names of GitHub organizations whose members can rerun the job
github_orgs:
- ""
# GitHubTeams contains IDs of GitHub teams of users who can rerun the job
# If you know the name of a team and the org it belongs to,
# you can look up its ID using this command, where the team slug is the hyphenated name:
# curl -H "Authorization: token <token>" "https://api.github.com/orgs/<org-name>/teams/<team slug>"
# or, to list all teams in a given org, use
# curl -H "Authorization: token <token>" "https://api.github.com/orgs/<org-name>/teams"
github_team_ids:
- 0
# GitHubTeamSlugs contains slugs and orgs of teams of users who can rerun the job
github_team_slugs:
- org: ' '
slug: ' '
# GitHubUsers contains names of individual users who can rerun the job
github_users:
- ""
# ExternalAgentLogs ensures external agents can expose
# their logs in prow.
external_agent_logs:
- # Agent is an external prow agent that supports exposing
# logs via deck.
agent: ' '
# SelectorString compiles into Selector at load time.
selector: ' '
# URLTemplateString compiles into URLTemplate at load time.
url_template: ' '
# GoogleAnalytics, if specified, include a Google Analytics tracking code on each page.
google_analytics: ' '
# HiddenRepos is a list of orgs and/or repos that should not be displayed by Deck.
hidden_repos:
- ""
# RerunAuthConfigs is not deprecated but DefaultRerunAuthConfigs should be used in favor.
# It remains a part of Deck for the purposes of backwards compatibility.
# RerunAuthConfigs is a map of configs that specify who is able to trigger job reruns. The field
# accepts a key of: `org/repo`, `org` or `*` (wildcard) to define what GitHub org (or repo) a particular
# config applies to and a value of: `RerunAuthConfig` struct to define the users/groups authorized to rerun jobs.
rerun_auth_configs:
"":
allow_anyone: true
github_orgs:
- ""
github_team_ids:
- 0
github_team_slugs:
- org: ' '
slug: ' '
github_users:
- ""
# SkipStoragePathValidation skips validation that restricts artifact requests to specific buckets.
# By default, buckets listed in the GCSConfiguration are automatically allowed.
# Additional locations can be allowed via `AdditionalAllowedBuckets` fields.
# When unspecified (nil), it defaults to true (until ~Jan 2021).
skip_storage_path_validation: false
# Spyglass specifies which viewers will be used for which artifacts when viewing a job in Deck.
spyglass:
# If set, Announcement is used as a Go HTML template string to be displayed at the top of
# each spyglass page. Using HTML in the template is acceptable.
# Currently the only variable available is .ArtifactPath, which contains the GCS path for the job artifacts.
announcement: ' '
# GCSBrowserPrefix is used to generate a link to a human-usable GCS browser.
# If left empty, the link will be not be shown. Otherwise, a GCS path (with no
# prefix or scheme) will be appended to GCSBrowserPrefix and shown to the user.
gcs_browser_prefix: ' '
# GCSBrowserPrefixesByRepo are used to generate a link to a human-usable GCS browser.
# They are mapped by org, org/repo or '*' which is the default value.
# These are the most specific and will override GCSBrowserPrefixesByBucket if both are resolved.
gcs_browser_prefixes:
"": ""
# GCSBrowserPrefixesByBucket are used to generate a link to a human-usable GCS browser.
# They are mapped by bucket name or '*' which is the default value.
# They will only be utilized if there is not a GCSBrowserPrefixesByRepo for the org/repo.
gcs_browser_prefixes_by_bucket:
"": ""
# HidePRHistLink allows prow hiding PR History link from deck, this is handy especially for
# prow instances that only serves gerrit.
# This might become obsolete once https://github.com/kubernetes/test-infra/issues/24130 is fixed.
hide_pr_history_link: true
# Lenses is a list of lens configurations.
lenses:
- # Lens is the lens to use, alongside any lens-specific configuration.
lens:
# Name is the name of the lens.
name: ' '
# OptionalFiles is a list of regexes of file paths that will be provided to the lens if they are
# present, but will not preclude the lens being rendered by their absence.
# The list entries are ORed together, so if only one of them is present it will be provided to
# the lens even if the others are not.
optional_files:
- ""
# RemoteConfig specifies how to access remote lenses.
remote_config:
# The endpoint for the lense.
endpoint: ' '
# HideTitle defines if we will keep showing the title after lens loads.
hide_title: false
# Priority for lens ordering, lowest priority first.
priority: 0
# The endpoint for static resources.
static_root: ' '
# The human-readable title for the lens.
title: ' '
# RequiredFiles is a list of regexes of file paths that must all be present for a lens to appear.
# The list entries are ANDed together, i.e. all of them are required. You can achieve an OR
# by using a pipe in a regex.
required_files:
- ""
# PRHistLinkTemplate is the template for constructing href of `PR History` button,
# by default it's "/pr-history?org={{.Org}}&repo={{.Repo}}&pr={{.Number}}"
pr_history_link_template: ' '
# TestGridConfig is the path to the TestGrid config proto. If the path begins with
# "gs://" it is assumed to be a GCS reference, otherwise it is read from the local filesystem.
# If left blank, TestGrid links will not appear.
testgrid_config: ' '
# TestGridRoot is the root URL to the TestGrid frontend, e.g. "https://testgrid.k8s.io/".
# If left blank, TestGrid links will not appear.
testgrid_root: ' '
# Viewers is deprecated, prefer Lenses instead.
# Viewers was a map of Regexp strings to viewer names that defines which sets
# of artifacts need to be consumed by which viewers. It is copied in to Lenses at load time.
viewers:
"": null
# TideUpdatePeriod specifies how often Deck will fetch status from Tide. Defaults to 10s.
tide_update_period: 0s
# DefaultJobTimeout this is default deadline for prow jobs. This value is used when
# no timeout is configured at the job level. This value is set to 24 hours.
default_job_timeout: 0s
gerrit:
# DeckURL is the root URL of Deck. This is used to construct links to
# job runs for a given CL.
deck_url: ' '
org_repos_config: null
# TickInterval is how often we do a sync with binded gerrit instance.
tick_interval: 0s
# GitHubOptions allows users to control how prow applications display GitHub website links.
github:
# LinkURLFromConfig is the string representation of the link_url config parameter.
# This config parameter allows users to override the default GitHub link url for all plugins.
# If this option is not set, we assume "https://github.com".
link_url: ' '
github_reporter:
# JobTypesToReport is used to determine which type of prowjob
# should be reported to github.
# defaults to both presubmit and postsubmit jobs.
job_types_to_report:
- ""
# NoCommentRepos is a list of orgs and org/repos for which failure report
# comments should not be maintained. Status contexts will still be written.
no_comment_repos:
- ""
# SummaryCommentRepos is a list of orgs and org/repos for which failure report
# comments is only sent when all jobs from current SHA are finished. Status
# contexts will still be written.
summary_comment_repos:
- ""
horologium:
# TickInterval is the interval in which we check if new jobs need to be
# created. Defaults to one minute.
tick_interval: 0s
in_repo_config:
# AllowedClusters is a list of allowed clusternames that can be used for jobs on
# a given repo. All clusters that are allowed for the specific repo, its org or
# globally can be used.
allowed_clusters:
"": null
# Enabled describes whether InRepoConfig is enabled for a given repository. This can
# be set globally, per org or per repo using '*', 'org' or 'org/repo' as key. The
# narrowest match always takes precedence.
enabled:
"": false
jenkins_operators:
- # JobURLTemplateString compiles into JobURLTemplate at load time.
job_url_template: ' '
# LabelSelectorString compiles into LabelSelector at load time.
# If set, this option needs to match --label-selector used by
# the desired jenkins-operator. This option is considered
# invalid when provided with a single jenkins-operator config.
# For label selector syntax, see below:
# https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
label_selector: ' '
# ReportTemplateString compiles into ReportTemplate at load time.
report_template: ' '
# ReportTemplateStrings is a mapping of template comments.
# Use `org/repo`, `org` or `*` as a key.
report_templates:
"": ""
# LogLevel enables dynamically updating the log level of the
# standard logger that is used by all prow components.
# Valid values:
# "debug", "info", "warn", "warning", "error", "fatal", "panic"
# Defaults to "info".
log_level: ' '
# ManagedWebhooks contains information about all github repositories and organizations which are using
# non-global Hmac token.
managed_webhooks:
# Controls whether org/repo invitation for prow bot should be automatically
# accepted or not. Only admin level invitations related to orgs and repos
# in the managed_webhooks config will be accepted and all other invitations
# will be left pending.
auto_accept_invitation: false
org_repo_config:
"":
token_created_after: "0001-01-01T00:00:00Z"
respect_legacy_global_token: false
# OwnersDirDenylist is used to configure regular expressions matching directories
# to ignore when searching for OWNERS{,_ALIAS} files in a repo.
owners_dir_denylist:
# Default configures a default denylist for all repos (or orgs).
# Some directories like ".git", "_output" and "vendor/.*/OWNERS"
# are already preconfigured to be denylisted, and need not be included here.
default:
- ""
# By default, some directories like ".git", "_output" and "vendor/.*/OWNERS"
# are preconfigured to be denylisted.
# If set, IgnorePreconfiguredDefaults will not add these preconfigured directories
# to the denylist.
ignore_preconfigured_defaults: true
# Repos configures a directory denylist per repo (or org).
repos:
"": null
plank:
# BuildClusterStatusFile is an optional field used to specify the blob storage location
# to publish cluster status information.
# e.g. gs://my-bucket/cluster-status.json
build_cluster_status_file: ' '
# DefaultDecorationConfigEntries is used to populate DefaultDecorationConfigs.
# Each entry in the slice specifies Repo and Cluster regexp filter fields to
# match against jobs and a corresponding DecorationConfig. All entries that
# match a job are used. Later matching entries override the fields of earlier
# matching entries.
# This field is smarter than the DefaultDecorationConfigsMap, because each
# entry includes additional Cluster regexp information that the old format
# does not consider.
# This field is mutually exclusive with the DefaultDecorationConfigsMap field.
default_decoration_config_entries:
- # Cluster matches against the cluster alias of the build cluster that the
# ProwJob is configured to run on. Recall that ProwJobs default to running on
# the "default" build cluster if they omit the "cluster" field in config.
cluster: ' '
# Config is the DecorationConfig to apply if the filter fields all match the
# ProwJob. Note that when multiple entries match a ProwJob they are all used
# by sequentially merging with later entries overriding fields from earlier
# entries.
config:
# CensorSecrets enables censoring output logs and artifacts.
censor_secrets: false
# CensoringOptions exposes options for censoring output logs and artifacts.
censoring_options:
# CensoringBufferSize is the size in bytes of the buffer allocated for every file
# being censored. We want to keep as little of the file in memory as possible in
# order for censoring to be reasonably performant in space. However, to guarantee
# that we censor every instance of every secret, our buffer size must be at least
# two times larger than the largest secret we are about to censor. While that size
# is the smallest possible buffer we could use, if the secrets being censored are
# small, censoring will not be performant as the number of I/O actions per file
# would increase. If unset, defaults to 10MiB.
censoring_buffer_size: 0
# CensoringConcurrency is the maximum number of goroutines that should be censoring
# artifacts and logs at any time. If unset, defaults to 10.
censoring_concurrency: 0
# ExcludeDirectories are directories which should not have their content censored. If
# present, content in these directories will not be censored even if the directory also
# matches a glob in IncludeDirectories. Entries in this list are relative to $ARTIFACTS,
# and are parsed with the go-zglob library, allowing for globbed matches.
exclude_directories:
- ""
# IncludeDirectories are directories which should have their content censored. If
# present, only content in these directories will be censored. Entries in this list
# are relative to $ARTIFACTS and are parsed with the go-zglob library, allowing for
# globbed matches.
include_directories:
- ""
# CookieFileSecret is the name of a kubernetes secret that contains
# a git http.cookiefile, which should be used during the cloning process.
cookiefile_secret: ""
# DefaultServiceAccountName is the name of the Kubernetes service account
# that should be used by the pod if one is not specified in the podspec.
default_service_account_name: ""
# GCSConfiguration holds options for pushing logs and
# artifacts to GCS from a job.
gcs_configuration:
# Bucket is the bucket to upload to, it can be:
# * a GCS bucket: with gs:// prefix
# * a S3 bucket: with s3:// prefix
# * a GCS bucket: without a prefix (deprecated, it's discouraged to use Bucket without prefix please add the gs:// prefix)
bucket: ' '
# DefaultOrg is omitted from GCS paths when using the
# legacy or simple strategy
default_org: ' '
# DefaultRepo is omitted from GCS paths when using the
# legacy or simple strategy
default_repo: ' '
# JobURLPrefix holds the baseURL under which the jobs output can be viewed.
# If unset, this will be derived based on org/repo from the job_url_prefix_config.
job_url_prefix: ' '
# LocalOutputDir specifies a directory where files should be copied INSTEAD of uploading to blob storage.
# This option is useful for testing jobs that use the pod-utilities without actually uploading.
local_output_dir: ' '
# MediaTypes holds additional extension media types to add to Go's
# builtin's and the local system's defaults. This maps extensions
# to media types, for example: MediaTypes["log"] = "text/plain"
mediaTypes:
"": ""
# PathPrefix is an optional path that follows the
# bucket name and comes before any structure
path_prefix: ' '
# PathStrategy dictates how the org and repo are used
# when calculating the full path to an artifact in GCS
path_strategy: ' '
# GCSCredentialsSecret is the name of the Kubernetes secret
# that holds GCS push credentials.
gcs_credentials_secret: ""
# GitHubAPIEndpoints are the endpoints of GitHub APIs.
github_api_endpoints:
- ""
# GitHubAppID is the ID of GitHub App, which is going to be used for fetching a private
# repository.
github_app_id: ' '
# GitHubAppPrivateKeySecret is a Kubernetes secret that contains the GitHub App private key,
# which is going to be used for fetching a private repository.
github_app_private_key_secret:
# Key is the key of the corresponding kubernetes secret that
# holds the value of the GitHub App private key.
key: ' '
# Name is the name of a kubernetes secret.
name: ' '
# GracePeriod is how long the pod utilities will wait
# after sending SIGINT to send SIGKILL when aborting
# a job. Only applicable if decorating the PodSpec.
grace_period: 0s
# OauthTokenSecret is a Kubernetes secret that contains the OAuth token,
# which is going to be used for fetching a private repository.
oauth_token_secret:
# Key is the key of the corresponding kubernetes secret that
# holds the value of the OAuth token.
key: ' '
# Name is the name of a kubernetes secret.
name: ' '
# Resources holds resource requests and limits for utility
# containers used to decorate a PodSpec.
resources:
clonerefs:
limits:
"": "0"
requests:
"": "0"
initupload:
limits:
"": "0"
requests:
"": "0"
place_entrypoint:
limits:
"": "0"
requests:
"": "0"
sidecar:
limits:
"": "0"
requests:
"": "0"
# S3CredentialsSecret is the name of the Kubernetes secret
# that holds blob storage push credentials.
s3_credentials_secret: ""
# SkipCloning determines if we should clone source code in the
# initcontainers for jobs that specify refs
skip_cloning: false
# SSHHostFingerprints are the fingerprints of known SSH hosts
# that the cloning process can trust.
# Create with ssh-keyscan [-t rsa] host
ssh_host_fingerprints:
- ""
# SSHKeySecrets are the names of Kubernetes secrets that contain
# SSK keys which should be used during the cloning process.
ssh_key_secrets:
- ""
# Timeout is how long the pod utilities will wait
# before aborting a job with SIGINT.
timeout: 0s
# UploadIgnoresInterrupts causes sidecar to ignore interrupts for the upload process in
# hope that the test process exits cleanly before starting an upload.
upload_ignores_interrupts: false
# UtilityImages holds pull specs for utility container
# images used to decorate a PodSpec.
utility_images:
# CloneRefs is the pull spec used for the clonerefs utility
clonerefs: ' '
# Entrypoint is the pull spec used for the entrypoint utility
entrypoint: ' '
# InitUpload is the pull spec used for the initupload utility
initupload: ' '
# sidecar is the pull spec used for the sidecar utility
sidecar: ' '
# OrgRepo matches against the "org" or "org/repo" that the presubmit or postsubmit
# is associated with. If the job is a periodic, extra_refs[0] is used. If the
# job is a periodic without extra_refs, the empty string will be used.
# If this field is omitted all jobs will match.
repo: ' '
# DefaultDecorationConfigsMap is a mapping from 'org', 'org/repo', or the
# literal string '*', to the default decoration config to use for that key.
# The '*' key matches all jobs. (Periodics use extra_refs[0] for matching
# if present.)
# This field is mutually exclusive with the DefaultDecorationConfigEntries field.
default_decoration_configs:
"":
# CensorSecrets enables censoring output logs and artifacts.
censor_secrets: false
# CensoringOptions exposes options for censoring output logs and artifacts.
censoring_options:
# CensoringBufferSize is the size in bytes of the buffer allocated for every file
# being censored. We want to keep as little of the file in memory as possible in
# order for censoring to be reasonably performant in space. However, to guarantee
# that we censor every instance of every secret, our buffer size must be at least
# two times larger than the largest secret we are about to censor. While that size
# is the smallest possible buffer we could use, if the secrets being censored are
# small, censoring will not be performant as the number of I/O actions per file
# would increase. If unset, defaults to 10MiB.
censoring_buffer_size: 0
# CensoringConcurrency is the maximum number of goroutines that should be censoring
# artifacts and logs at any time. If unset, defaults to 10.
censoring_concurrency: 0
# ExcludeDirectories are directories which should not have their content censored. If
# present, content in these directories will not be censored even if the directory also
# matches a glob in IncludeDirectories. Entries in this list are relative to $ARTIFACTS,
# and are parsed with the go-zglob library, allowing for globbed matches.
exclude_directories:
- ""
# IncludeDirectories are directories which should have their content censored. If
# present, only content in these directories will be censored. Entries in this list
# are relative to $ARTIFACTS and are parsed with the go-zglob library, allowing for
# globbed matches.
include_directories:
- ""
# CookieFileSecret is the name of a kubernetes secret that contains
# a git http.cookiefile, which should be used during the cloning process.
cookiefile_secret: ""
# DefaultServiceAccountName is the name of the Kubernetes service account
# that should be used by the pod if one is not specified in the podspec.
default_service_account_name: ""
# GCSConfiguration holds options for pushing logs and
# artifacts to GCS from a job.
gcs_configuration:
# Bucket is the bucket to upload to, it can be:
# * a GCS bucket: with gs:// prefix
# * a S3 bucket: with s3:// prefix
# * a GCS bucket: without a prefix (deprecated, it's discouraged to use Bucket without prefix please add the gs:// prefix)
bucket: ' '
# DefaultOrg is omitted from GCS paths when using the
# legacy or simple strategy
default_org: ' '
# DefaultRepo is omitted from GCS paths when using the
# legacy or simple strategy
default_repo: ' '
# JobURLPrefix holds the baseURL under which the jobs output can be viewed.
# If unset, this will be derived based on org/repo from the job_url_prefix_config.
job_url_prefix: ' '
# LocalOutputDir specifies a directory where files should be copied INSTEAD of uploading to blob storage.
# This option is useful for testing jobs that use the pod-utilities without actually uploading.
local_output_dir: ' '
# MediaTypes holds additional extension media types to add to Go's
# builtin's and the local system's defaults. This maps extensions
# to media types, for example: MediaTypes["log"] = "text/plain"
mediaTypes:
"": ""
# PathPrefix is an optional path that follows the
# bucket name and comes before any structure
path_prefix: ' '
# PathStrategy dictates how the org and repo are used
# when calculating the full path to an artifact in GCS
path_strategy: ' '
# GCSCredentialsSecret is the name of the Kubernetes secret
# that holds GCS push credentials.
gcs_credentials_secret: ""
# GitHubAPIEndpoints are the endpoints of GitHub APIs.
github_api_endpoints:
- ""
# GitHubAppID is the ID of GitHub App, which is going to be used for fetching a private
# repository.
github_app_id: ' '
# GitHubAppPrivateKeySecret is a Kubernetes secret that contains the GitHub App private key,
# which is going to be used for fetching a private repository.
github_app_private_key_secret:
# Key is the key of the corresponding kubernetes secret that
# holds the value of the GitHub App private key.
key: ' '
# Name is the name of a kubernetes secret.
name: ' '
# GracePeriod is how long the pod utilities will wait
# after sending SIGINT to send SIGKILL when aborting
# a job. Only applicable if decorating the PodSpec.
grace_period: 0s
# OauthTokenSecret is a Kubernetes secret that contains the OAuth token,
# which is going to be used for fetching a private repository.
oauth_token_secret:
# Key is the key of the corresponding kubernetes secret that
# holds the value of the OAuth token.
key: ' '
# Name is the name of a kubernetes secret.
name: ' '
# Resources holds resource requests and limits for utility
# containers used to decorate a PodSpec.
resources:
clonerefs:
limits:
"": "0"
requests:
"": "0"
initupload:
limits:
"": "0"
requests:
"": "0"
place_entrypoint:
limits:
"": "0"
requests:
"": "0"
sidecar:
limits:
"": "0"
requests:
"": "0"
# S3CredentialsSecret is the name of the Kubernetes secret
# that holds blob storage push credentials.
s3_credentials_secret: ""
# SkipCloning determines if we should clone source code in the
# initcontainers for jobs that specify refs
skip_cloning: false
# SSHHostFingerprints are the fingerprints of known SSH hosts
# that the cloning process can trust.
# Create with ssh-keyscan [-t rsa] host
ssh_host_fingerprints:
- ""
# SSHKeySecrets are the names of Kubernetes secrets that contain
# SSK keys which should be used during the cloning process.
ssh_key_secrets:
- ""
# Timeout is how long the pod utilities will wait
# before aborting a job with SIGINT.
timeout: 0s
# UploadIgnoresInterrupts causes sidecar to ignore interrupts for the upload process in
# hope that the test process exits cleanly before starting an upload.
upload_ignores_interrupts: false
# UtilityImages holds pull specs for utility container
# images used to decorate a PodSpec.
utility_images:
# CloneRefs is the pull spec used for the clonerefs utility
clonerefs: ' '