-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathenv.example
More file actions
79 lines (62 loc) · 2.98 KB
/
env.example
File metadata and controls
79 lines (62 loc) · 2.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# GitHub OAuth App credentials (create at github.com/settings/developers)
GITHUB_CLIENT_ID=your_oauth_app_client_id
GITHUB_CLIENT_SECRET=your_oauth_app_client_secret
# Session signing secret — minimum 32 characters, random (openssl rand -base64 32)
SESSION_SECRET=your-minimum-32-character-random-secret-here
PORT=8080
NODE_ENV=production
# debug | info | warn | error
LOG_LEVEL=info
VITE_LOG_LEVEL=warn
# Set to "true" when serving over HTTPS — enables the Secure flag on session cookies.
# Leave false for HTTP (local Docker, plain HTTP deployments).
COOKIE_SECURE=false
# URL of the web frontend — used for CORS and the post-login redirect.
# Must match where the React app is served. The OAuth callback redirects here
# so the session cookie is set as first-party for the frontend origin.
FRONTEND_URL=http://localhost:5174
# ----
# Limit which repositories are shown. If neither is set, all user repos appear.
# Show only repositories in this organization (e.g. my-company)
GITHUB_ORG=
# Show only these specific repos, comma-separated owner/repo pairs.
# Takes precedence over GITHUB_ORG when both are set.
# e.g. my-company/api,my-company/web,my-company/infra
GITHUB_REPOS=
# ----
# In-memory LRU cache max size in MB
CACHE_MAX_SIZE_MB=128
# ─── CA Certificate (optional, build-time only) ──────────────────────────────
# Use when Docker builds run in a corporate network that intercepts TLS.
# EXTRA_CA_CERTS_B64 is a BUILD ARG, not a runtime env var — the cert bundle is
# baked into the image during `docker compose build` and never passed at runtime.
#
# Encode your PEM file (or concatenated bundle for multiple CAs):
# base64 < my-ca.pem # macOS / Linux
# base64 -w0 < my-ca.pem # Linux (no line wrapping)
#
# Recommended: write to a separate env file and pass it to docker compose:
# echo "EXTRA_CA_CERTS_B64=$(base64 -w0 < my-ca.pem)" > .docker-certs.env
# docker compose --env-file .env --env-file .docker-certs.env build
#
# Leave empty for standard public TLS only.
EXTRA_CA_CERTS_B64=
# ---- Corporate HTTP Proxy (optional)
# If outbound HTTPS to api.github.com requires an HTTP proxy.
# The server uses these at runtime for all outbound GitHub API calls
# (via EnvHttpProxyAgent — see packages/server/src/lib/certs.ts).
# e.g. http://proxy.corp.example.com:8080
HTTPS_PROXY=
HTTP_PROXY=
NO_PROXY=localhost,127.0.0.1
# ----
# Set to "true" only when the server runs behind a trusted reverse proxy
# (e.g. nginx, Traefik, Caddy) that strips and re-sets X-Forwarded-For.
# When unset (default), the direct TCP connection address is used for rate limiting
# so clients cannot spoof their IP via the X-Forwarded-For header.
TRUST_PROXY=
# GitHub OAuth scopes to request. Leave blank to use the built-in default
# (read:user,user:email,read:org,repo), which covers private repos.
# Only set this to override — e.g. for public-repo-only installations:
# GITHUB_SCOPE=read:user,user:email,read:org,public_repo
GITHUB_SCOPE=