forked from leanprover-community/queueboard-core
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
252 lines (241 loc) · 12.4 KB
/
.env.example
File metadata and controls
252 lines (241 loc) · 12.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
# Queueboard Django environment configuration
# Copy to `.env` (or use docker-compose env_file) and adjust values as needed.
# Zulip bot (outgoing webhook + API access)
ZULIP_WEBHOOK_TOKEN=
ZULIP_BASE_URL=
ZULIP_BOT_EMAIL=
ZULIP_BOT_API_KEY=
# User credentials for Zulip endpoints that reject bot auth (required for membership checks).
ZULIP_USER_EMAIL=
ZULIP_USER_API_KEY=
# Public base URL used when generating prefs links (e.g. https://queueboard.example.com).
ZULIP_PREFS_URL_BASE=
# Optional dedicated encryption/signing secret for prefs links; falls back to DJANGO_SECRET_KEY when empty.
ZULIP_PREFS_TOKEN_SECRET=
# Salt namespace used for key derivation; changing it invalidates existing links.
ZULIP_PREFS_TOKEN_SALT=zulip_bot.prefs
# Expiry for prefs links in seconds (default 30 minutes).
ZULIP_PREFS_TOKEN_TTL_SECONDS=1800
# Optional: compact JSON policy for command gating (see `manage.py zulip_policy`)
ZULIP_COMMAND_POLICY=
# Zulip registration flow (GitHub verification handshake)
ZULIP_REGISTRATION_TOKEN_SALT=zulip_bot.registration
ZULIP_REGISTRATION_TOKEN_TTL_SECONDS=1800
ZULIP_REGISTRATION_OAUTH_STATE_SALT=zulip_bot.registration.oauth_state
ZULIP_REGISTRATION_OAUTH_STATE_TTL_SECONDS=600
# Zulip assignment command behavior
ZULIP_ASSIGNMENT_SUCCESS_EMOJI=thumbs_up
# Enable live GitHub assign/unassign mutations (true/false, 1/0, yes/no)
ZULIP_ASSIGNMENT_MUTATIONS_ENABLED=
# Core Django settings
DJANGO_SETTINGS_MODULE=qb_site.settings.local
DJANGO_SECRET_KEY=change-me
DJANGO_DEBUG=1
DJANGO_ALLOWED_HOSTS=localhost,127.0.0.1,[::1]
DJANGO_CSRF_TRUSTED_ORIGINS=
DJANGO_TIME_ZONE=UTC
DJANGO_LOG_LEVEL=INFO
# Database (PostgreSQL is required in all environments)
DJANGO_DB_ENGINE=django.db.backends.postgresql
DJANGO_DB_NAME=queueboard
DJANGO_DB_USER=queueboard
DJANGO_DB_PASSWORD=
DJANGO_DB_HOST=localhost
DJANGO_DB_PORT=5432
# Celery/Redis task processing
CELERY_BROKER_URL=redis://redis:6379/0
# To store task results in the Django DB admin, set the result backend to 'django-db'
# (requires the 'django-celery-results' app and running migrations).
CELERY_RESULT_BACKEND=django-db
CELERY_RESULT_EXTENDED=1
# Track STARTED state for tasks in the result backend
CELERY_TASK_TRACK_STARTED=1
# Optional Celery queue for GitHub-bound syncer tasks; leave blank to use default queue.
SYNCER_GITHUB_QUEUE=
# Paths for collected static/media files (override when running outside Docker)
DJANGO_STATIC_ROOT=/app/staticfiles
DJANGO_MEDIA_ROOT=/app/media
# Production-only security toggles (optional)
DJANGO_SECURE_HSTS_SECONDS=
DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS=
DJANGO_SECURE_HSTS_PRELOAD=
# GitHub API
# Personal access token used by the syncer GraphQL client and by the `gh` CLI.
# Set either GH_TOKEN or GITHUB_TOKEN. Provide "repo" scope at minimum for private repos.
GH_TOKEN=
# GITHUB_TOKEN=
# REST API base URL used by OAuth/GitHub App token flows.
GITHUB_API_URL=https://api.github.com
# GitHub OAuth (used by Zulip registration flow)
GITHUB_OAUTH_CLIENT_ID=
GITHUB_OAUTH_CLIENT_SECRET=
GITHUB_OAUTH_REDIRECT_URI=
GITHUB_OAUTH_AUTHORIZE_URL=https://github.com/login/oauth/authorize
GITHUB_OAUTH_TOKEN_URL=https://github.com/login/oauth/access_token
GITHUB_OAUTH_SCOPE=read:user
# Shared secret used to validate GitHub webhook signatures (X-Hub-Signature-256).
GITHUB_WEBHOOK_SECRET=
# JSON object describing GitHub App credentials and operation mapping.
# Assignment commands require app-token resolution for assign/unassign operations.
# Syncer operations try app tokens first and fall back to GH_TOKEN/GITHUB_TOKEN. (see `manage.py github_app_config`)
GITHUB_APP_TOKEN_CONFIG=
# Example:
# GITHUB_APP_TOKEN_CONFIG={"api_base_url":"https://api.github.com","cache_skew_seconds":60,"operation_app_map":{"assign_pr":"queueboard-assignment","unassign_pr":"queueboard-assignment","syncer_repo_discovery":"queueboard-syncer-read","syncer_pr_read":"queueboard-syncer-read","syncer_ci_read":"queueboard-syncer-read"},"apps":[{"name":"queueboard-assignment","app_id":123456,"private_key_path":"/run/secrets/queueboard-assignment.pem","installation_lookup":"repo","operations":["assign_pr","unassign_pr"]},{"name":"queueboard-syncer-read","app_id":234567,"private_key_path":"/run/secrets/queueboard-syncer-read.pem","installation_lookup":"owner","installation_owner_type":"org","installation_owner":"leanprover-community","operations":["syncer_repo_discovery","syncer_pr_read","syncer_ci_read"]}]}
# Syncer scheduling defaults
# How far back to look for changed PRs each tick (minutes)
SYNCER_DISCOVERY_LOOKBACK_MINUTES=60
# Max PRs to enqueue per repo per tick
SYNCER_DISCOVERY_LIMIT=100
# Overlap (seconds) applied to the last successful discovery watermark when computing fresh cutoffs
SYNCER_DISCOVERY_OVERLAP_SECONDS=300
# Delay (seconds) before scheduling continuation runs after local cap/page exhaustion
SYNCER_DISCOVERY_CONTINUATION_DELAY_SECONDS=5
# Default PR states for discovery (comma-separated)
SYNCER_DISCOVERY_STATES_DEFAULT=OPEN,MERGED,CLOSED
# Enable GitHub webhook endpoint processing (0/1).
SYNCER_GITHUB_WEBHOOK_ENABLED=0
# Dry-run webhook routing mode (0/1): parse and record summaries, but do not enqueue tasks.
SYNCER_GITHUB_WEBHOOK_DRY_RUN=0
# Threshold to stop early when remaining tokens drop below this value (future use)
SYNCER_RATE_REMAINING_MIN=200
# Default bundle sizes
SYNCER_TIMELINE_K_DEFAULT=150
SYNCER_COMMITS_M_DEFAULT=15
# Epsilon window (seconds) to avoid boundary-equal misses when comparing last_synced_at
SYNCER_LAST_SYNC_EPSILON_SECONDS=300
# Budgeted backfill of older timeline pages per PR run (0 = off)
SYNCER_TIMELINE_BACKFILL_PAGES=2
# Budgeted backfill of older commit pages per PR run (0 = off)
SYNCER_COMMITS_BACKFILL_PAGES=2
# CI-by-SHA paging (pages per commit when Analyzer requests historical CI)
SYNCER_CI_BY_SHA_PAGES=1
# Enqueue dedupe TTLs (seconds) for sync fanout suppression.
SYNCER_SYNC_CI_DEDUPE_TTL_SECONDS=300
SYNCER_SYNC_PR_DEDUPE_TTL_SECONDS=300
# Runtime dedupe TTL (seconds) for skipping repeated sync_pr executions.
SYNCER_SYNC_PR_RUNTIME_DEDUPE_TTL_SECONDS=300
# CI-by-SHA backoff (seconds)
SYNCER_CI_SHA_BACKOFF_EMPTY_SECONDS=300
SYNCER_CI_SHA_BACKOFF_ERROR_SECONDS=300
# CI-by-SHA settle window (seconds). Set to 0 to disable.
SYNCER_CI_SHA_SETTLE_WINDOW_SECONDS=1800
# CI-by-SHA hard cap (days). Set to 0 to disable.
SYNCER_CI_SHA_HARD_CAP_DAYS=400
# CI-by-SHA min attempts before treating empty/filtered/not_found as terminal.
SYNCER_CI_SHA_MIN_ATTEMPTS_TERMINAL=2
# GitHub throttling: minimum spacing between GraphQL requests (ms) and max wait per request (ms).
SYNCER_GH_THROTTLE_MS=250
SYNCER_GH_THROTTLE_MAX_WAIT_MS=5000
# Beat interval for active repo syncs (seconds)
SYNCER_ACTIVE_REPOS_PERIOD_SECONDS=300
# Max PRs to enqueue per repo run (batch)
SYNCER_REPO_ENQUEUE_BATCH_MAX=30
# Estimated token cost per PR sync (header + bundle + small overhead)
SYNCER_EST_COST_PER_PR=150
# History backfill: default page size and max pages per run
SYNCER_HISTORY_BACKFILL_PAGE_SIZE=50
SYNCER_HISTORY_BACKFILL_MAX_PAGES=1
# History backfill: default PR states (comma-separated)
SYNCER_HISTORY_BACKFILL_STATES_DEFAULT=OPEN,MERGED,CLOSED
# History backfill: beat interval (seconds)
SYNCER_HISTORY_BACKFILL_PERIOD_SECONDS=600
# Incomplete-PR backfill: how often to run across active repos (seconds)
SYNCER_INCOMPLETE_BACKFILL_PERIOD_SECONDS=600
# Incomplete-PR backfill: max incomplete PRs to enqueue per repo per run
SYNCER_INCOMPLETE_BACKFILL_LIMIT=20
# Engagement backfill: how often to enqueue engagement snapshot backfill (seconds). Set to 0 to disable.
SYNCER_ENGAGEMENT_BACKFILL_PERIOD_SECONDS=900
# Engagement backfill: max PRs to enqueue per repo per run
SYNCER_ENGAGEMENT_BACKFILL_LIMIT=5
# Pending-CI refresh: max hours to keep polling a CI item reported as pending
SYNCER_PENDING_CI_MAX_AGE_HOURS=48
# Pending-CI refresh: how often to run across active repos (seconds)
SYNCER_PENDING_CI_REFRESH_PERIOD_SECONDS=600
# Pending-CI refresh: caps per run
SYNCER_PENDING_CI_REFRESH_MAX_PRS=5
SYNCER_PENDING_CI_REFRESH_MAX_SHAS_PER_PR=5
# Commit-history harvest sweep: how often to retry has_more harvest jobs (seconds)
SYNCER_COMMIT_HISTORY_SWEEP_PERIOD_SECONDS=600
# Commit-history harvest sweep: caps per run
SYNCER_COMMIT_HISTORY_SWEEP_MAX_JOBS=25
SYNCER_COMMIT_HISTORY_SWEEP_MAX_PAGES=1
SYNCER_COMMIT_HISTORY_SWEEP_PAGE_SIZE=20
# Analyzer missing-CI sweep: how often to plan CI-by-SHA for revision heads missing CI (seconds)
ANALYZER_MISSING_CI_SWEEP_PERIOD_SECONDS=600
# Analyzer missing-CI sweep: caps per run
ANALYZER_MISSING_CI_SWEEP_MAX_PRS_PER_REPO=20
ANALYZER_MISSING_CI_SWEEP_SHAS_PER_PR=2
# Analyzer missing-CI sweep: require commits backfill to be complete before planning CI (0/1)
ANALYZER_MISSING_CI_SWEEP_ONLY_COMPLETE_BACKFILL=0
# Analyzer pending-status stale guard for non-open PRs (hours)
ANALYZER_PENDING_STATUS_STALE_NON_OPEN_HOURS=8
# Analyzer revision sweep: how often to rebuild PRRevision for eligible PRs (seconds)
ANALYZER_REVISION_SWEEP_PERIOD_SECONDS=600
# Analyzer revision sweep: caps per run
ANALYZER_REVISION_SWEEP_MAX_PRS_PER_REPO=100
# Analyzer revision sweep: require commits backfill to be complete before rebuilding (0/1)
ANALYZER_REVISION_SWEEP_ONLY_COMPLETE_BACKFILL=0
# Analyzer queue window sweep: how often to rebuild PRQueueWindow for eligible PRs (seconds)
ANALYZER_QUEUE_WINDOWS_SWEEP_PERIOD_SECONDS=600
# Analyzer queue window sweep: caps per run
ANALYZER_QUEUE_WINDOWS_SWEEP_MAX_PRS_PER_REPO=100
# Analyzer queue window sweep: require commits backfill to be complete before rebuilding (0/1)
ANALYZER_QUEUE_WINDOWS_SWEEP_ONLY_COMPLETE_BACKFILL=0
# Analyzer dependency sweep: periodic parse of PR bodies for "depends on" checkboxes
ANALYZER_DEPENDENCY_SWEEP_PERIOD_SECONDS=600
ANALYZER_DEPENDENCY_SWEEP_MAX_PRS_PER_REPO=50
ANALYZER_DEPENDENCY_SWEEP_ONLY_OPEN=0
ANALYZER_DEPENDENCY_SWEEP_BUILDER_VERSION=1
ANALYZER_DEPENDENCY_SWEEP_FANOUT=1
# Queueboard snapshot refresh cadence (seconds) and TTL for reuse (seconds)
ANALYZER_QUEUEBOARD_SNAPSHOT_PERIOD_SECONDS=300
ANALYZER_QUEUEBOARD_SNAPSHOT_TTL_SECONDS=300
# Reviewer assignment refresh cadence (seconds) and TTL (seconds)
ANALYZER_REVIEWER_ASSIGNMENT_PERIOD_SECONDS=86400
ANALYZER_REVIEWER_ASSIGNMENT_TTL_SECONDS=300
# Reviewer attention daily sweep controls.
# ENABLED: run the sweep task at all (computes reports/counters).
ANALYZER_REVIEWER_ATTENTION_ENABLED=0
# ENFORCEMENT_ENABLED: execute GitHub auto-unassign for threshold hits.
ANALYZER_REVIEWER_ATTENTION_ENFORCEMENT_ENABLED=0
# DELIVERY_ENABLED: send reviewer DMs for events of interest.
ANALYZER_REVIEWER_ATTENTION_DELIVERY_ENABLED=0
# Recommended rollout:
# 1) ENABLED=1, DELIVERY_ENABLED=0, ENFORCEMENT_ENABLED=0
# 2) ENABLED=1, DELIVERY_ENABLED=1, ENFORCEMENT_ENABLED=0
# 3) ENABLED=1, DELIVERY_ENABLED=1, ENFORCEMENT_ENABLED=1
# Either interval mode:
ANALYZER_REVIEWER_ATTENTION_PERIOD_SECONDS=86400
# Or fixed UTC daily clock time (if either is set, these override PERIOD_SECONDS):
# ANALYZER_REVIEWER_ATTENTION_UTC_HOUR=16
# ANALYZER_REVIEWER_ATTENTION_UTC_MINUTE=30
# "Newly assigned" trigger window is derived from reviewer-attention schedule:
# - fixed UTC clock mode -> 24 hours
# - interval mode -> ANALYZER_REVIEWER_ATTENTION_PERIOD_SECONDS
# Optional policy floor for nudge/enforcement counting (UTC):
# - date format: YYYY-MM-DD (interpreted as 00:00:00Z)
# - or full ISO timestamp, e.g. 2026-03-01T12:00:00Z
# - assignment timestamps displayed to users remain unchanged
# ANALYZER_REVIEWER_ATTENTION_POLICY_START_AT=2026-03-01
# Reviewer-attention run-state cleanup schedule (UTC crontab-style).
# Default behavior is weekly on Sunday at 03:00 UTC.
ANALYZER_REVIEWER_ATTENTION_CLEANUP_DAY_OF_WEEK=sun
# ANALYZER_REVIEWER_ATTENTION_CLEANUP_UTC_HOUR=3
# ANALYZER_REVIEWER_ATTENTION_CLEANUP_UTC_MINUTE=0
# Reviewer-attention run-state retention windows (days).
ANALYZER_REVIEWER_ATTENTION_NOTIFICATION_RETENTION_DAYS=30
ANALYZER_REVIEWER_ATTENTION_AUTO_UNASSIGN_RETENTION_DAYS=90
ANALYZER_REVIEWER_ATTENTION_RUN_RETENTION_DAYS=30
# Area stats refresh cadence (seconds) and TTL (seconds)
ANALYZER_AREA_STATS_PERIOD_SECONDS=300
ANALYZER_AREA_STATS_TTL_SECONDS=300
# Convergence snapshots: how often to collect syncer/analyzer convergence counts (seconds)
ANALYTICS_CONVERGENCE_PERIOD_SECONDS=900
# CI filter (opt-in allowlist)
# Set SYNCER_CI_FILTER_MODE=allowlist to enable filtering by the allow lists below.
# Substrings matched case-insensitively against CheckRun.name and StatusContext.context.
SYNCER_CI_FILTER_MODE=all
# Examples for later use (ignored unless mode=allowlist):
# SYNCER_CI_ALLOW_CHECKRUN_NAMES=Build, Lint style, Post-Build Step
SYNCER_CI_ALLOW_CHECKRUN_NAMES=
SYNCER_CI_ALLOW_STATUS_NAMES=