config/default.yaml

---
auth:
    # A private key used for signing jwt tokens
    # Easily generate one by running
    # $ openssl genrsa -out jwt.pem 2048
    jwtPrivateKey: |
        -----BEGIN RSA PRIVATE KEY-----
        YOUR-KEY-HERE
        -----END RSA PRIVATE KEY-----
    # The public key used for verifying the signature
    # Generate one by running
    # $ openssl rsa -in jwt.pem -pubout -out jwt.pub
    jwtPublicKey: |
        -----BEGIN PUBLIC KEY-----
        YOUR-KEY-HERE
        -----END PUBLIC KEY-----
    # A password used for encrypting session data.
    # **Needs to be minimum 32 characters**
    cookiePassword: WOW-ANOTHER-INSECURE-PASSWORD!!!
    # A password used for encrypting stored secrets.
    # **Needs to be minimum 32 characters**
    encryptionPassword: WOW-ANOTHER-MORE-INSECURE-PASSWORD!!!
    # A flag to set if the server is running over https.
    # Used as a flag for the OAuth flow
    https: false
    # Whitelist of users able to authenticate against the system
    # if empty, it allows everyone
    # @TODO Move this content to our configuration and change the default to []
    whitelist:
        # Primary Contributors
        - github:FenrirUnbound
        - github:cynthiax
        - github:d2lam
        - github:dvdizon
        - github:jer
        - github:jithin1987
        - github:minz1027
        - github:petey
        - github:r3rastogi
        - github:stjohnjohnson
        - github:tkyi
        # Automated Account
        - github:sd-buildbot
        # Pilots
        - github:aressem
        - github:bjorncs
        - github:drewfish
        - github:gjoranv2
        - github:jpcollins
        - github:tonytamsf
        - github:pranavrc
    admins:
        - github:FenrirUnbound
        - github:cynthiax
        - github:d2lam
        - github:dvdizon
        - github:jer
        - github:minz1027
        - github:petey
        - github:r3rastogi
        - github:stjohnjohnson
        - github:tkyi

httpd:
    # Port to listen on
    port: 80
    # Host to listen on (set to localhost to only accept connections from this machine)
    host: 0.0.0.0
    # Externally routable URI (usually your load balancer or CNAME)
    uri: http://localhost:80
    # SSL Support
    tls: false
        # If you want SSL, you can easily add it by replacing `tls: false` with an object that
        # provides the options required by `tls.createServer`
        # https://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener
        # key: |
        #     PRIVATE KEY HERE
        # cert: |
        #     YOUR CERT HERE

datastore:
    plugin: sequelize
    sequelize:
        # Type of server to talk to
        dialect: sqlite
        # More arguments here:
        # http://docs.sequelizejs.com/en/latest/api/sequelize/

executor:
    # Default executor
    plugin: k8s
    k8s:
      enabled: true
      options:
        kubernetes:
            # The host or IP of the kubernetes cluster
            host: kubernetes.default
            # The jwt token used for authenticating kubernetes requests
            # Loaded from /var/run/secrets/kubernetes.io/serviceaccount/token by default

        # Container tags to use
        launchVersion: stable
    docker:
      enabled: true
      options:
        # Dockerode configuration https://github.com/apocas/dockerode#getting-started
        docker: {}

        # Container tags to use
        launchVersion: stable
    k8s-vm:
      enabled: true
      options:
        # Configuration of Docker
        kubernetes:
            # The host or IP of the kubernetes cluster
            host: kubernetes.default
            # The jwt token used for authenticating kubernetes requests
            # Loaded from /var/run/secrets/kubernetes.io/serviceaccount/token by default

        # Launcher container tag to use
        launchVersion: stable
#     jenkins:
#       options:
#         # Configuration of Jenkins
#         jenkins:
#             host: jenkins.default
#             port: 8080
#             username: screwdriver
#             password: "WOW-AN-EVEN-MORE-INSECURE-PASSWORD!!!!"
    queue:
      enabled: true
      options:
        # Configuration of the redis instance containing resque
        redisConnection:
          host: "127.0.0.1"
          port: 9999
          password: "THIS-IS-A-PASSWORD"
          database: 0

scms: {}
#     github:
#         plugin: github
#         config:
#             # The client id used for OAuth with github. Look up GitHub OAuth for details
#             # https://developer.github.com/v3/oauth/
#             oauthClientId: YOU-PROBABLY-WANT-SOMETHING-HERE
#             # The client secret used for OAuth with github
#             oauthClientSecret: AGAIN-SOMETHING-HERE-IS-USEFUL
#             # You can also configure for use with GitHub enterprise
#             # gheHost: github.screwdriver.cd
#             # The username and email used for checkout with github
#             username: sd-buildbot
#             email: dev-null@screwdriver.cd
#             # Secret to add to GitHub webhooks so that we can validate them
#             secret: SUPER-SECRET-SIGNING-THING
#             # Whether it supports private repo: boolean value.
#             # If true, it will ask for read and write access to public and private repos
#             # https://developer.github.com/v3/oauth/#scopes
#             privateRepo: false
#     bitbucket:
#         plugin: bitbucket
#         config:
#             oauthClientId: YOUR-BITBUCKET-OAUTH-CLIENT-ID
#             oauthClientSecret: YOUR-BITBUCKET-OAUTH-CLIENT-SECRET
#             # The username and email used for checkout with bitbucket
#             username: sd-buildbot
#             email: dev-null@screwdriver.cd
#     gitlab:
#         plugin: gitlab
#         config:
#             oauthClientId: YOUR-GITLAB-OAUTH-CLIENT-ID
#             oauthClientSecret: YOUR-GITLAB-OAUTH-CLIENT-SECRET
#             # If you have on-premise gitlab, you can specify that here
#             # gitlabHost: mygitlab.com
#             # gitlabProtocol: https
#             # The username and email used for checkout with gitlab
#             # username: sd-buildbot
#             # email: dev-null@screwdriver.cd
webhooks:
    # Obtains the SCM token for a given user. If a user does not have a valid SCM token registered with Screwdriver, it will use this user's token instead.
    username: sd-buildbot

bookends:
    # Plugins for build setup
    setup:
        - scm
    teardown:
        - screwdriver-artifact-bookend

notifications:
    # Email notification when build finishes
    # email:
    #     host: email-host
    #     port: email-port
    #     from: email-address-to-send-from
ecosystem:
    # Externally routable URL for the User Interface
    ui: https://cd.screwdriver.cd
    # Externally routable URL for the Artifact Store
    store: https://store.screwdriver.cd
    # Badge service (needs to add a status and color)
    badges: https://img.shields.io/badge/build-{{status}}-{{color}}.svg
    # Default registry to pull build containers from. Uses Docker Hub if nothing/empty string is provided
    dockerRegistry: ""
    # Extra origins allowed to do CORS to API
    allowCors: []