forked from ubccpsc/classy
-
Notifications
You must be signed in to change notification settings - Fork 2
/
.env.sample
218 lines (174 loc) · 8.26 KB
/
.env.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
#####
##### Sample Classy Configuration
#####
##### NEVER NEVER NEVER commit your .env to version control.
##### GitHub monitors these and if it sees tokens in the repo it will
##### automatically invalidate them and your course _will_ break.
#####
#####
#####
##### Core Settings
#####
#####
## Name of the org (e.g., cs310, cs340, sdmm, classytest)
NAME=cs310
## GitHub org identifier for the course (e.g., CS310-2017Jan, classytest)
## This org must have a team called admin and a team called staff manually
## created inside it.
ORG=CS310-2017Jan
## CLASSLIST API INTEGRATION
## https://{host}:{port}/classlist/v1/CPSC/{courseNum}/{YEAR}{SEMESTER W or S}/{SectionNumbers}
CLASSLIST_URI=https://randomhost.ubc.ca:9999/classlist/v1/CPSC/910/2019W/101,201
CLASSLIST_USERNAME=getUsernameFromTechStaff
CLASSLIST_PASSWORD=randomLongString
## The external name used for the Classy service (used by GitHub WebHooks)
## Must start with https:// and should not have a trailing slash
PUBLICHOSTNAME=https://classy.cs.ubc.ca
#####
#####
##### Mongo Configuration
#####
#####
## To spin up a mongo instance with authentication, specify a username and password below.
## Notes:
## - you must specify the username and password twice (once for the MONGO_INITDB_ROOT_* and once in the DB_URL)
## - the username/password will only be applied on the **FIRST** launch of the db service (otherwise they have no effect)
## - when deploying with Docker Compose, replace `localhost` with `db`.
## - the DB_URL must be URI encoded if it contains special characters
## For local testing, you can spin up a basic mongo instance (w/o authentication) using: `docker run -p 27017:27017 mongo`
## and setting DB_URL=mongodb://localhost:27017
MONGO_INITDB_ROOT_USERNAME=mongoadmin
MONGO_INITDB_ROOT_PASSWORD=strongpasswd
DB_URL=mongodb://mongoadmin:strongpasswd@localhost:27017/?authMechanism=DEFAULT
#####
#####
##### GitHub Configuration
#####
#####
## A GitHub token so the bot can use the GitHub API without going
## through authentication. It is important that this token be well
## protected as without it you can lose programmatic access to student
## projects. The token can be generated in GitHub by going to the user
## who owns the account, visiting their personal profile page, and
## using the developer option on the side panel.
# The format should be:
## GH_BOT_TOKEN=token d4951x....
## (yes the word token is required)
## If you want to use ubcbot, contact Reid Holmes for a token.
GH_BOT_TOKEN=token d4951x...
## Before you can authenticate against GitHub you will need to create
## two OAuth applications on the org; e.g., for public GitHub you can
## do this here: https://github.com/organizations/ORGNAME/settings/applications
##
## For Testing, create one with an Authorization callback URL similar to:
## https://localhost:3000/authCallback?orgName=ORGNAME
## For Production, create another with your production backend host:
## e.g., https://sdmm.cs.ubc.ca/authCallback?orgName=ORGNAME
##
## The Client ID and Client Secret for the OAuth profile (testing or prod)
## you intend to use should be included below. These _must_ be protected.
GH_CLIENT_ID=f42b49hut...
GH_CLIENT_SECRET=1337secretTokenCharsHere...
### GITHUB/GITHUB ENTERPRISE USERNAMES USED FOR CI TESTS
GH_ADMIN=classytest-admin
GH_ADMIN_STAFF=classytest-admstaff
GH_STAFF=classytest-staff
GH_BOT_01=classytest-bot01
GH_BOT_02=classytest-bot02
GH_TEST_USERS=atest-01, atest-02, atest-03, atest-04, atest-05, atest-06, atest-07, atest-08, atest-09
## GitHub API host (no trailing slash). This is because the API host is often different than the web host.
## For public github it will be: https://api.github.com
## For hosted github it will be: https://https://api.github.ugrad.cs.ubc.ca (or possibly https://github.ugrad.cs.ubc.ca/api/v3)
GH_API=https://api.github.com
## GitHub Web root (no trailing slash)
## For public GitHub it will be https://github.com
GH_HOST=https://github.com
## The name of the GitHub bot account the students will call
## You must have access to this account because it needs to be
## added to the admin team so it can admin and
## comment on repos. Do not include the @ in the username.
## The bot needs to be added to your org with admin privileges
## e.g., for public GitHub here: https://github.com/orgs/ORGNAME/people
GH_BOT_USERNAME=autobot
#####
#####
##### AutoTest Settings
#####
#####
## The number of seconds that a student must wait between each grade request feedback from AutoBot.
## This value is a minimum of 900 seconds (15 minutes) if not set below. The back-end will enforce this.
## MINIMUM_STUDENT_DELAY=60
## The uid for the (non-root) user that should run the containers (if following deploy instructions, should be the uid
## for the classy user). Also used by the AutoTest service to configure permissions on directories shared between autotest
## and the grading container.
UID=993
## The group id for the docker group on the host. Use `cut -d: -f3 < <(getent group docker)` to get the id.
## Used by containers that need to access the docker socket.
GID=989
## GitHub token with permission to clone the repository containing the Dockerfile for the grading container
GH_DOCKER_TOKEN=asb865...
## Include a hostname to IP address mapping for outgoing requests from grading containers.
## This mapping is required since the grading container will not be able to make DNS requests.
## Format hostname:IP
HOSTS_ALLOW=classy.cs.ubc.ca:142.103.6.191
## When using docker-compose, an entry is added to the hosts file for each
## dependent service. Thus, we just need to specify the service name in the URL.
AUTOTEST_URL=http://autotest
## AutoTest instance port.
AUTOTEST_PORT=11333
## Password used for Classy backend to make sure results being posted are from
## valid grader instances.
## This is also used by local services to bypass normal authentication.
## Local services may make requests to classy's endpoints with staff privileges the token header set to this string.
AUTOTEST_SECRET=longRandomString
## Whether the bot will postback results to commits
## This is usually true in prod, but false when debugging
AUTOTEST_POSTBACK=true
## How many autotest job slots to run concurrently
#AUTOTEST_JOBS=5
## Where the AutoTest service should store persistent data (e.g. grade container execution logs)
## This path is on the HOST machine (and is the mount point for PERSIST_DIR inside the grade container)
## If testing, setting within /tmp should work
HOST_DIR=/var/opt/classy
## Where the AutoTest service should store persistent data (e.g. grade container execution logs)
## This path is INSIDE the container (and is bound to HOST_DIR on the host machine)
## If testing, set as relative path (will persist within HOST_DIR)
PERSIST_DIR=/output
#####
#####
##### Portal Settings
#####
#####
## URL (no trailing slash) for Classy backend; different than HOSTNAME as this is the
## internal name (e.g., as Classy is addressed to other local services)
## https://localhost is usually used for testing
BACKEND_URL=https://portal
BACKEND_PORT=3000
#####
#####
##### Miscellaneous Settings
#####
#####
## Full path to fullchain.pem (Can be self-signed for localhost testing)
## localhost version: sudo openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 365 -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=localhost" -keyout privkey.pem -out fullchain.pem
## localhost certs can be installed in classy/ (or anywhere else)
SSL_CERT_PATH=/etc/ssl/fullchain.pem
## Full path to privkey.pem (Can be self-signed for localhost testing)
SSL_KEY_PATH=/etc/ssl/privkey.pem
## The location of the SSL certificate and private key on the host (if deployed)
HOST_SSL_CERT_PATH=/opt/classy/ssl/fullchain.pem
HOST_SSL_KEY_PATH=/opt/classy/ssl/privkey.pem
## The name docker-compose will prefix to every container
COMPOSE_PROJECT_NAME=classy
## GitHub org identifier for the test organization (you probably do not want to change this)
ORGTEST=classytest
## Course name for the test instance (you probably do not want to change this)
NAMETEST=classytest
## Set the logging verbosity: TRACE (default), INFO, WARN, ERROR, TEST, NONE
LOG_LEVEL=INFO
## Github Team Names for the Admin and Staff list
ADMIN_TEAM_NAME=admin
STAFF_TEAM_NAME=staff
## Path classy/plugins/default contains 'default' plugin. For customization, copy `default` folder
## to a new folder and update plugin name accordingly.
PLUGIN=default