-
Notifications
You must be signed in to change notification settings - Fork 1
/
app-config.production.yaml
103 lines (94 loc) · 3.6 KB
/
app-config.production.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
app:
# Should be the same as backend.baseUrl when using the `app-backend` plugin.
baseUrl: https://${BASE_URL}
analytics:
glean:
appId: moz_backstage
enabled: true
environment: production
backend:
# Note that the baseUrl should be the URL that the browser and other clients
# should use when communicating with the backend, i.e. it needs to be
# reachable not just from within the backend host, but from all of your
# callers. When its value is "http://localhost:7007", it's strictly private
# and can't be reached by others.
baseUrl: https://${BASE_URL}
reading:
allow:
- host: api.accounts.firefox.com
- host: accounts-static.cdn.mozilla.net
# The listener can also be expressed as a single <host>:<port> string. In this case we bind to
# all interfaces, the most permissive setting. The right value depends on your specific deployment.
listen: ':${PORT}'
# config options: https://node-postgres.com/apis/client
database:
client: pg
connection:
host: ${POSTGRES_HOST}
port: ${POSTGRES_PORT}
user: ${POSTGRES_USER}
password: ${POSTGRES_PASSWORD}
# https://node-postgres.com/features/ssl
# you can set the sslmode configuration option via the `PGSSLMODE` environment variable
# see https://www.postgresql.org/docs/current/libpq-ssl.html Table 33.1. SSL Mode Descriptions (e.g. require)
# ssl:
# ca: # if you have a CA file and want to verify it you can uncomment this section
# $file: <file-path>/ca/server.crt
# config options: https://backstage.io/docs/overview/architecture-overview/#cache
cache:
store: redis
connection: redis://:${REDIS_PASSWORD}@${REDIS_HOST}:${REDIS_PORT} # Don't set username when using authstring /w older redis versions
useRedisSets: true
integrations:
github:
- host: github.com
apps:
- $include: /app/keys/moz-backstage-gh-app-credentials.yaml
- $include: /app/keys/moz-backstage-template-app-credentials.yaml
catalog:
# Overrides the default list locations from app-config.yaml as these contain example data.
# See https://backstage.io/docs/features/software-catalog/#adding-components-to-the-catalog for more details
# on how to get entities into the catalog.
locations:
- type: file
target: /app/scaffolder-templates/*/template.yaml
rules:
- allow: [Template]
providers:
github:
# the provider ID can be any camelCase string
mozillaServicesProviderId:
organization: 'mozilla-services'
catalogPath: '/catalog-info.yaml'
validateLocationsExist: true
filters:
branch: 'main'
repository: '.*' # Regex
visibility:
- public
schedule: # same options as in TaskScheduleDefinition
# supports cron, ISO duration, "human duration" as used in code
frequency: { minutes: 60 }
# supports ISO duration, "human duration" as used in code
timeout: { minutes: 3 }
mozillaProviderId:
organization: 'mozilla'
catalogPath: '/catalog-info.yaml'
validateLocationsExist: true
filters:
branch: 'main'
repository: '(fxa|blurts-server)' # Regex
visibility:
- public
schedule:
frequency: { minutes: 60 }
timeout: { minutes: 3 }
auth:
environment: production
providers:
gcpIap:
audience: ${GCP_IAP_AUDIENCE}
github: # GitHub auth required for workflow data for service components
production:
clientId: ${AUTH_GITHUB_CLIENT_ID}
clientSecret: ${AUTH_GITHUB_CLIENT_SECRET}