checks-out ships as a single binary file. If you are planning on integrating with GitHub Enterprise it requires version 2.4 or higher.
This is a full list of configuration options. Please note that many of these options use default configuration value that should work for the majority of installations.
This document contains information about all the environment variables that can or must be defined for checks-out to function.
SERVER_ADDR="_ip_address_:_port_"
but more specifically see the documentation for golang’s http.ListenAndServe
and http.ListanAndServeTLS
:8000
, which means port 8000 on all interfacesSee https://golang.org/pkg/net/http/#ListenAndServe for detailed documentation on the format.
SERVER_CERT="_full_path_and_filename_of_ssl_server_cert_file_"
If SERVER_CERT is not specified, checks-out runs without SSL. See https://golang.org/pkg/net/http/#ListenAndServeTLS for detailed documentation on the format.
SERVER_KEY="_full_path_and_filename_of_ssl_server_key_file_"
SERVER_CERT
is also specifiedIf SERVER_CERT is specified, then SERVER_KEY must be specified as well. See https://golang.org/pkg/net/http/#ListenAndServeTLS for detailed documentation on the format.
DB_DRIVER=sqlite3|postgres|mysql
DB_SOURCE="_db_driver_specific_datasource_spec_"
Please refer to the datasource specifications for the sqlite3, lib/pq, and mysql drivers for their respective specifications for this environment variable.
SLACK_TARGET_URL="_slack_integration_url"
If the SLACK_TARGET_URL
is not defined, then no logging into slack will happen, however it will also
currently cause logging that Slack is not configured to get generated every time a slackable event happens.
GITHUB_EMAIL="_valid_email_address_"
Email address for git commits.
GITHUB_URL="_protocol_plus_hostname_plus_path_prefix_of_url_"
https://github.com
https://github.com
which is fine unless you are using your own enterprise githubGITHUB_CLIENT="_your_OAuth2_client_id_"
GITHUB_SECRET="_your_OAuth2_secret_"
GITHUB_SCOPE="_valid_github_scope_specification_"
. Please see github documentation for specifics on the specification formatread:org,repo:status,admin:repo_hook,admin:org_hook
Permissions granted to checks-out by Github. The minimum required permissions are the default ones.
GITHUB_BATCH_PER_SECOND=int
GitHub batch access rate limiter. For certain calls that might happen in rapid succession, this limits how fast those calls are made to the server. The value is in Hertz; the default value of 10 means that you cannot send more than 10 calls a second to Github.
GITHUB_TEST_ENABLE=true|false
Enable Github integration tests to run
GITHUB_TEST_TOKEN=__OAUTH2_TOKEN_TO_USE
This is an OAuth2 token to be sent to the github endpoint for github integration test API requests
LOG_LEVEL=debug|info|warn|error|fatal|panic
Specifies the default logging level used in checks-out.
CHECKS_OUT_SUNLIGHT=true|false
If set to true, exposes endpoints and data that might not be suitable for a live site. Specifically, the following behaviors are enabled:
/api/repos
endpoint is available that will show all repositories managed under checks-out/version
endpoint is available that will show the checks-out versionX-CHECKS-OUT-VERSION
HTTP header with the checks-out version in every responseBLACKLIST_USER_AGENTS=user_agent1[]:user_agent2...:user_agent_N]
Specify a colon-separated list of user agent strings for the middleware that does request logging to skip logging on. This allows suppressing logging of user agents like the health checker from aws that are generally operational noise.
LOG_STATS_PERIOD=_valid_time.ParseDuration()_string_
Specify a time duration in a valid format understood by the time.ParseDuraction() method to periodically log activity of checks-out such as number of commits, approvers, and disapprovers in the specified time period.
CACHE_TTL=_time_specified_in_time.Duration_format_
Determines the length of time the gin middleware will cache. Default is 15 minutes.
LONG_CACHE_TTL=_time_specified_in_time.Duration_format_
Determines the length of time checks-out will cache github artifacts like user information, organization members, and team members in memory before going back to the server. Default is 24 hours.
LIMIT_USERS=true|false
If enabled, only users listed in the limit_users
table in the database are
allowed to create accounts. Any existing accounts will still function, even
if the user’s name is not in the limit_users
table.
LIMIT_ORGS=true|false
If enabled, only users in the organizations listed in the limit_orgs
table
in the database are allowed to create accounts. Any existing accounts will
still function, even if the user is not any of the orgs named in the
limit_orgs
table.
If both LIMIT_ORGS
and LIMIT_USERS
are set to true
then a user can
either be explicitly named in limit_users
or can belong to an org named
in limit_orgs
.
CHECKS_OUT_DOCS_URL=_URL_for_docs_no_closing_slash_
https://www.capitalone.io/checks-out
Provides the base URL for links to the documentation in the UI.
SLACK_TARGET_URL=url
Provides the default Slack notification url. This is the URL that’s used by defaut for slack integration when the target specified in the .checks-out file is “slack”.
GITHUB_ADMIN_ORG=_github_org_name_
Specifies the Github organization whose members have admin privleges in checks-out. If this is not specified, there are no admin users in checks-out. Admin users have access to certain REST API endpoints that other users do not.
ORG_REPOSITORY_NAME=_name_for_template_repo_per_org_
Org management repo name. This is the name of the repo in an org that is used to hold the default .checks-out and MAINTAINERS files for all repos in the org.
The following environment variables exist to provide system-wide defaults for repos that are still using a .lgtm file. They are considered obsolete
CHECKS_OUT_APPROVALS=_number_of_approvals_
Legacy default number of approvals
CHECKS_OUT_PATTERN=_regex_for_approval_comments_
Legacy matching pattern
CHECKS_OUT_SELF_APPROVAL_OFF=true|false
Legacy self-approval behavior. Set to true to disable self-approvals.
Register your application with GitHub (or GitHub Enterprise) to create your client
id and secret. It is very import that the redirect URL matches your http(s) scheme
and hostname exactly with /login
as the path.
Please use this screenshot for reference:
If you are running behind a reverse proxy please ensure the X-Forwarded-For
and X-Forwarded-Proto
variables are configured.
This is an example nginx configuration:
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:8000;
}
This is an example caddy server configuration:
checks-out.mycomopany.com {
proxy / localhost:8000 {
proxy_header X-Forwarded-Proto {scheme}
proxy_header X-Forwarded-For {host}
proxy_header Host {host}
}
}
Note that when running behind a reverse proxy you should change the recommended
port mappings from --publish=80:8000
to something like --publish=8000:8000
.