Documentation
¶
Index ¶
- type BranchProtectionControlConfig
- type Configuration
- type ControlsConfig
- type ImageAuthorizedSourcesControlConfig
- type ImageForbiddenTagsControlConfig
- type PlumberConfig
- func (c *PlumberConfig) GetBranchMustBeProtectedConfig() *BranchProtectionControlConfig
- func (c *PlumberConfig) GetContainerImageMustComeFromAuthorizedSourcesConfig() *ImageAuthorizedSourcesControlConfig
- func (c *PlumberConfig) GetContainerImageMustNotUseForbiddenTagsConfig() *ImageForbiddenTagsControlConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BranchProtectionControlConfig ¶
type BranchProtectionControlConfig struct {
// Enabled controls whether this check runs
Enabled *bool `yaml:"enabled,omitempty"`
// NamePatterns is a list of branch name patterns that must be protected (supports wildcards)
NamePatterns []string `yaml:"namePatterns,omitempty"`
// DefaultMustBeProtected requires the default branch to be protected
DefaultMustBeProtected *bool `yaml:"defaultMustBeProtected,omitempty"`
// AllowForcePush when false, force push must be disabled on protected branches
AllowForcePush *bool `yaml:"allowForcePush,omitempty"`
// CodeOwnerApprovalRequired when true, code owner approval is required
CodeOwnerApprovalRequired *bool `yaml:"codeOwnerApprovalRequired,omitempty"`
// MinMergeAccessLevel minimum access level required to merge (0=No one, 30=Developer, 40=Maintainer)
MinMergeAccessLevel *int `yaml:"minMergeAccessLevel,omitempty"`
// MinPushAccessLevel minimum access level required to push (0=No one, 30=Developer, 40=Maintainer)
MinPushAccessLevel *int `yaml:"minPushAccessLevel,omitempty"`
}
BranchProtectionControlConfig configuration for the branch protection control
func (*BranchProtectionControlConfig) IsEnabled ¶
func (c *BranchProtectionControlConfig) IsEnabled() bool
IsEnabled returns whether the control is enabled Returns false if not properly configured
type Configuration ¶
type Configuration struct {
// GitLab connection settings
GitlabURL string // URL of the GitLab instance (e.g., https://gitlab.com)
GitlabToken string // GitLab API token
// Project settings
ProjectPath string // Full path of the project (e.g., group/project)
ProjectID int // Project ID on GitLab
Branch string // Branch to analyze (from --branch flag, defaults to project's default branch)
// HTTP client settings
HTTPClientTimeout time.Duration // Timeout for HTTP clients (REST and GraphQL)
// GitLab API retry configuration
GitlabRetryMaxRetries int // Maximum number of retries for GitLab API requests
GitlabRetryInitialBackoff time.Duration // Initial backoff time for GitLab API retries
GitlabRetryMaxBackoff time.Duration // Maximum backoff time for GitLab API retries
GitlabRetryBackoffFactor float64 // Backoff multiplication factor for exponential backoff
// Logging
LogLevel logrus.Level
// Version info
Version string
// Plumber Configuration (from .plumber.yaml file)
PlumberConfig *PlumberConfig
}
Configuration represents the simplified CLI configuration options
func NewDefaultConfiguration ¶
func NewDefaultConfiguration() *Configuration
NewDefaultConfiguration creates a Configuration with sensible defaults
type ControlsConfig ¶
type ControlsConfig struct {
// ContainerImageMustNotUseForbiddenTags control configuration
ContainerImageMustNotUseForbiddenTags *ImageForbiddenTagsControlConfig `yaml:"containerImageMustNotUseForbiddenTags,omitempty"`
// ContainerImageMustComeFromAuthorizedSources control configuration
ContainerImageMustComeFromAuthorizedSources *ImageAuthorizedSourcesControlConfig `yaml:"containerImageMustComeFromAuthorizedSources,omitempty"`
// BranchMustBeProtected control configuration
BranchMustBeProtected *BranchProtectionControlConfig `yaml:"branchMustBeProtected,omitempty"`
}
ControlsConfig holds configuration for all controls
type ImageAuthorizedSourcesControlConfig ¶
type ImageAuthorizedSourcesControlConfig struct {
// Enabled controls whether this check runs
Enabled *bool `yaml:"enabled,omitempty"`
// TrustedUrls is a list of trusted registry URLs/patterns (supports wildcards)
TrustedUrls []string `yaml:"trustedUrls,omitempty"`
// TrustDockerHubOfficialImages trusts official Docker Hub images (e.g., nginx, alpine)
TrustDockerHubOfficialImages *bool `yaml:"trustDockerHubOfficialImages,omitempty"`
}
ImageAuthorizedSourcesControlConfig configuration for the authorized image sources control
func (*ImageAuthorizedSourcesControlConfig) IsEnabled ¶
func (c *ImageAuthorizedSourcesControlConfig) IsEnabled() bool
IsEnabled returns whether the control is enabled Returns false if not properly configured
type ImageForbiddenTagsControlConfig ¶
type ImageForbiddenTagsControlConfig struct {
// Enabled controls whether this check runs
Enabled *bool `yaml:"enabled,omitempty"`
// Tags is a list of forbidden tags (e.g., latest, dev)
Tags []string `yaml:"tags,omitempty"`
}
ImageForbiddenTagsControlConfig configuration for the forbidden image tags control
func (*ImageForbiddenTagsControlConfig) IsEnabled ¶
func (c *ImageForbiddenTagsControlConfig) IsEnabled() bool
IsEnabled returns whether the control is enabled Returns false if not properly configured
type PlumberConfig ¶
type PlumberConfig struct {
// Version of the config file format
Version string `yaml:"version"`
// Controls configuration
Controls ControlsConfig `yaml:"controls"`
}
PlumberConfig represents the .plumber.yaml configuration file structure
func LoadPlumberConfig ¶
func LoadPlumberConfig(configPath string) (*PlumberConfig, string, error)
LoadPlumberConfig loads configuration from a file path The config file path is required - returns error if empty or not found
func (*PlumberConfig) GetBranchMustBeProtectedConfig ¶
func (c *PlumberConfig) GetBranchMustBeProtectedConfig() *BranchProtectionControlConfig
GetBranchMustBeProtectedConfig returns the control configuration Returns nil if not configured
func (*PlumberConfig) GetContainerImageMustComeFromAuthorizedSourcesConfig ¶
func (c *PlumberConfig) GetContainerImageMustComeFromAuthorizedSourcesConfig() *ImageAuthorizedSourcesControlConfig
GetContainerImageMustComeFromAuthorizedSourcesConfig returns the control configuration Returns nil if not configured
func (*PlumberConfig) GetContainerImageMustNotUseForbiddenTagsConfig ¶
func (c *PlumberConfig) GetContainerImageMustNotUseForbiddenTagsConfig() *ImageForbiddenTagsControlConfig
GetContainerImageMustNotUseForbiddenTagsConfig returns the control configuration Returns nil if not configured
Source Files
Click to show internal directories.
Click to hide internal directories.