Skip to main content

All Options

Provided below are working, documented YAML configs for each BuildBuddy binary containing every option that that binary accepts, each set to the default value for that option. Any option that can be specified in the YAML config can also be passed on the command line. For nested options, be sure to write out the full YAML path, with a . separating each part.

For example:

storage:
disk:
root_directory: /tmp/buildbuddy

becomes:

buildbuddy -storage.disk.root_directory="/tmp/buildbuddy"

For specifying lists of structures using flags on the command line, use the JSON representation of the list you wish to concatenate to the end or the element you wish to append:

For example, given the following schema:

cache:
disk:
partitions: [] # type: []disk.Partition
# e.g.:
# - id: "" # type: string
# max_size_bytes: 0 # type: int

We see that cache.disk.partitions is configured as a list of disk.Partition. In YAML, we'd normally configure it like this:

cache:
disk:
partitions:
- id: "1GB"
max_size_bytes: 1073741824
- id: "2GB"
max_size_bytes: 2147483648

The flag equivalent of this example would be:

buildbuddy -cache.disk.partitions='{"id": "1GB", "max_size_bytes": 1073741824}' -cache.disk.partitions='{"id": "2GB", "max_size_bytes": 2147483648}'

or

buildbuddy -cache.disk.partitions='[{"id": "1GB", "max_size_bytes": 1073741824}, {"id": "2GB", "max_size_bytes": 2147483648}]'

BuildBuddy Server (FOSS)

# Unstructured settings

# app_directory (string): the directory containing app binary files to host
app_directory: ""
# auto_migrate_db (bool): If true, attempt to automigrate the db when
# connecting
auto_migrate_db: true
# auto_migrate_db_and_exit (bool): If true, attempt to automigrate the db when
# connecting, then exit the program.
auto_migrate_db_and_exit: false
# cache_stats_finalization_delay (time.Duration): The time allowed for all
# metrics collectors across all apps to flush their local cache stats to the
# backing storage, before finalizing stats in the DB.
cache_stats_finalization_delay: 500ms
# cleanup_interval (time.Duration): How often the janitor cleanup tasks will
# run
cleanup_interval: 10m0s
# cleanup_workers (int): How many cleanup tasks to run
cleanup_workers: 1
# disable_ga (bool): If true; ga will be disabled
disable_ga: false
# disable_telemetry (bool): If true; telemetry will be disabled
disable_telemetry: false
# drop_invocation_pk_cols (bool): If true, attempt to drop invocation PK cols
drop_invocation_pk_cols: false
# exit_when_ready (bool): If set, the app will exit as soon as it becomes
# ready (useful for migrations)
exit_when_ready: false
# grpc_port (int): The port to listen for gRPC traffic on
grpc_port: 1985
# grpcs_port (int): The port to listen for gRPCS traffic on
grpcs_port: 1986
# internal_grpc_port (int): The port to listen for internal gRPC traffic on
internal_grpc_port: 1987
# internal_grpcs_port (int): The port to listen for internal gRPCS traffic on
internal_grpcs_port: 1988
# internal_http_port (int): The port to listen for internal HTTP traffic
internal_http_port: 0
# js_entry_point_path (string): Absolute URL path of the app JS entry point
js_entry_point_path: /app/app_bundle/app.js?hash={APP_BUNDLE_HASH}
# listen (string): The interface to listen on (default: 0.0.0.0)
listen: 0.0.0.0
# log_deletion_errors (bool): If true; log errors when ttl-deleting expired
# data
log_deletion_errors: false
# max_shutdown_duration (time.Duration): Time to wait for shutdown
max_shutdown_duration: 25s
# migrate_disk_cache_to_v2_and_exit (bool): If true, attempt to migrate disk
# cache to v2 layout.
migrate_disk_cache_to_v2_and_exit: false
# monitoring_port (int): The port to listen for monitoring traffic on
monitoring_port: 9090
# port (int): The port to listen for HTTP traffic on
port: 8080
# server_type (string): The server type to match on health checks
server_type: buildbuddy-server
# ssl_port (int): The port to listen for HTTPS traffic on
ssl_port: 8081
# static_directory (string): the directory containing static files to host
static_directory: ""
# telemetry_endpoint (string): The telemetry endpoint to use
telemetry_endpoint: grpcs://t.buildbuddy.io:443
# telemetry_interval (time.Duration): How often telemetry data will be
# reported
telemetry_interval: 24h0m0s
# verbose_telemetry_client (bool): If true; print telemetry client information
verbose_telemetry_client: false

# Structured settings

api:
# api.api_key (string): The default API key to use for on-prem enterprise
# deploys with a single organization/group.
api_key: ""
# api.enable_api (bool): Whether or not to enable the BuildBuddy API.
enable_api: true
# api.enable_cache (bool): Whether or not to enable the API cache.
enable_cache: false
app:
# app.build_buddy_url (URL): The external URL where your BuildBuddy
# instance can be found.
build_buddy_url: http://localhost:8080
# app.cache_api_url (URL): Overrides the default remote cache protocol
# gRPC address shown by BuildBuddy on the configuration screen.
cache_api_url: ""
# app.code_editor_enabled (bool): If set, code editor functionality will
# be enabled.
code_editor_enabled: false
# app.default_to_dense_mode (bool): Enables the dense UI mode by default.
default_to_dense_mode: false
# app.disable_cert_config (bool): If true, the certificate based auth
# option will not be shown in the config widget.
disable_cert_config: false
# app.enable_grpc_metrics_by_group_id (bool): If enabled, grpc metrics by
# group ID will be recorded
enable_grpc_metrics_by_group_id: false
# app.enable_prometheus_histograms (bool): If true, collect prometheus
# histograms for all RPCs
enable_prometheus_histograms: true
# app.enable_structured_logging (bool): If true, log messages will be
# json-formatted.
enable_structured_logging: false
# app.enable_target_tracking (bool): Cloud-Only
enable_target_tracking: false
# app.events_api_url (URL): Overrides the default build event protocol
# gRPC address shown by BuildBuddy on the configuration screen.
events_api_url: ""
# app.expanded_suggestions_enabled (bool): If set, enable more build
# suggestions in the UI.
expanded_suggestions_enabled: false
# app.global_filter_enabled (bool): If set, the global filter will be
# enabled in the UI.
global_filter_enabled: true
# app.grpc_max_recv_msg_size_bytes (int): Configures the max GRPC receive
# message size [bytes]
grpc_max_recv_msg_size_bytes: 50000000
# app.grpc_over_http_port_enabled (bool): Cloud-Only
grpc_over_http_port_enabled: false
# app.ignore_forced_tracing_header (bool): If set, we will not honor the
# forced tracing header.
ignore_forced_tracing_header: false
# app.log_enable_gcp_logging_format (bool): If true, the output structured
# logs will be compatible with format expected by GCP Logging.
log_enable_gcp_logging_format: false
# app.log_error_stack_traces (bool): If true, stack traces will be printed
# for errors that have them.
log_error_stack_traces: false
# app.log_include_short_file_name (bool): If true, log messages will
# include shortened originating file name.
log_include_short_file_name: false
# app.log_level (string): The desired log level. Logs with a level >= this
# level will be emitted. One of {'fatal', 'error', 'warn', 'info',
# 'debug'}
log_level: info
# app.remote_execution_api_url (URL): Overrides the default remote
# execution protocol gRPC address shown by BuildBuddy on the configuration
# screen.
remote_execution_api_url: ""
# app.require_invocation_event_parse_on_read (bool): If true, invocation
# responses will be filled from database values and then by parsing the
# events on read.
require_invocation_event_parse_on_read: false
# app.test_grid_v2_enabled (bool): Whether to enable test grid V2
test_grid_v2_enabled: true
# app.trace_fraction (float64): Fraction of requests to sample for
# tracing.
trace_fraction: 0
# app.trace_fraction_overrides ([]string): Tracing fraction override based
# on name in format name=fraction.
trace_fraction_overrides: []
# app.trace_jaeger_collector (string): Address of the Jager collector
# endpoint where traces will be sent.
trace_jaeger_collector: ""
# app.trace_project_id (string): Optional GCP project ID to export traces
# to. If not specified, determined from default credentials or metadata
# server if running on GCP.
trace_project_id: ""
# app.trace_service_name (string): Name of the service to associate with
# traces.
trace_service_name: ""
# app.usage_enabled (bool): If set, the usage page will be enabled in the
# UI.
usage_enabled: false
# app.user_management_enabled (bool): If set, the user management page
# will be enabled in the UI.
user_management_enabled: true
build_event_proxy:
# build_event_proxy.buffer_size (int): The number of build events to
# buffer locally when proxying build events.
buffer_size: 100
# build_event_proxy.hosts ([]string): The list of hosts to pass build
# events onto.
hosts: []
cache:
# cache.detailed_stats_enabled (bool): Whether to enable detailed stats
# recording for all cache requests.
detailed_stats_enabled: false
disk:
# cache.disk.enable_live_updates (bool): If set, enable live updates
# of disk cache adds / removes
enable_live_updates: false
# cache.disk.partition_mappings ([]disk.PartitionMapping)
partition_mappings: []
# For example:
# - group_id: "" # The Group ID to which this mapping applies. (type: string)
# prefix: "" # The remote instance name prefix used to select this partition. (type: string)
# partition_id: "" # The partition to use if the Group ID and prefix match. (type: string)

# cache.disk.partitions ([]disk.Partition)
partitions: []
# For example:
# - id: "" # The ID of the partition. (type: string)
# max_size_bytes: 0 # Maximum size of the partition. (type: int64)

# cache.disk.root_directory (string): The root directory to store all
# blobs in, if using disk based storage.
root_directory: ""
# cache.disk.use_v2_layout (bool): If enabled, files will be stored
# using the v2 layout. See disk_cache.MigrateToV2Layout for a
# description.
use_v2_layout: false
# cache.enable_query_write_status_cache_check (bool): If enabled,
# QueryWriteStatus ByteStream RPC will check whether digest is present in
# the cache.
enable_query_write_status_cache_check: false
# cache.enable_tree_caching (bool): If true, cache GetTree responses (full
# and partial)
enable_tree_caching: true
# cache.in_memory (bool): Whether or not to use the in_memory cache.
in_memory: false
# cache.max_size_bytes (int64): How big to allow the cache to be (in
# bytes).
max_size_bytes: 10000000000
# cache.tree_cache_seed (string): If set, hash this with digests before
# caching / reading from tree cache
tree_cache_seed: treecache-07012022
# cache.zstd_transcoding_enabled (bool): Whether to accept requests to
# read/write zstd-compressed blobs, compressing/decompressing
# outgoing/incoming blobs on the fly.
zstd_transcoding_enabled: false
database:
# database.conn_max_lifetime_seconds (int): The maximum lifetime of a
# connection to the db
conn_max_lifetime_seconds: 0
# database.data_source (string): The SQL database to connect to, specified
# as a connection string.
data_source: sqlite3:///tmp/buildbuddy.db
# database.log_queries (bool): If true, log all queries
log_queries: false
# database.max_idle_conns (int): The maximum number of idle connections to
# maintain to the db
max_idle_conns: 0
# database.max_open_conns (int): The maximum number of open connections to
# maintain to the db
max_open_conns: 0
# database.read_replica (string): A secondary, read-only SQL database to
# connect to, specified as a connection string.
read_replica: ""
# database.slow_query_threshold (time.Duration): Queries longer than this
# duration will be logged with a 'Slow SQL' warning.
slow_query_threshold: 500ms
# database.stats_poll_interval (time.Duration): How often to poll the DB
# client for connection stats (default: '5s').
stats_poll_interval: 5s
github:
# github.access_token (string): The GitHub access token used to post
# GitHub commit statuses. ** Enterprise only **
access_token: ""
# github.client_id (string): The client ID of your GitHub Oauth App. **
# Enterprise only **
client_id: ""
# github.client_secret (string): The client secret of your GitHub Oauth
# App. ** Enterprise only **
client_secret: ""
# github.status_name_suffix (string): Suffix to be appended to all
# reported GitHub status names. Useful for differentiating BuildBuddy
# deployments. For example: '(dev)' ** Enterprise only **
status_name_suffix: ""
# github.status_per_test_target (bool): If true, report status per test
# target. ** Enterprise only **
status_per_test_target: false
integrations:
invocation_upload:
# integrations.invocation_upload.enabled (bool): Whether to upload
# webhook data to the webhook URL configured per-Group. ** Enterprise
# only **
enabled: false
# integrations.invocation_upload.gcs_credentials (string): Credentials
# JSON for the Google service account used to authenticate when GCS is
# used as the invocation upload target. ** Enterprise only **
gcs_credentials: ""
slack:
# integrations.slack.webhook_url (string): A Slack webhook url to post
# build update messages to.
webhook_url: ""
remote_execution:
# remote_execution.enable_executor_key_creation (bool): If enabled, UI
# will allow executor keys to be created.
enable_executor_key_creation: false
# remote_execution.enable_remote_exec (bool): If true, enable remote-exec.
# ** Enterprise only **
enable_remote_exec: true
# remote_execution.enable_user_owned_executors (bool): If enabled, users
# can register their own executors with the scheduler.
enable_user_owned_executors: false
# remote_execution.enable_workflows (bool): Whether to enable BuildBuddy
# workflows.
enable_workflows: false
# remote_execution.force_user_owned_darwin_executors (bool): If enabled,
# darwin actions will always run on user-owned executors.
force_user_owned_darwin_executors: false
ssl:
# ssl.cert_file (string): Path to a PEM encoded certificate file to use
# for TLS if not using ACME.
cert_file: ""
# ssl.client_ca_cert_file (string): Path to a PEM encoded certificate
# authority file used to issue client certificates for mTLS auth.
client_ca_cert_file: ""
# ssl.client_ca_key_file (string): Path to a PEM encoded certificate
# authority key file used to issue client certificates for mTLS auth.
client_ca_key_file: ""
# ssl.default_host (string): Host name to use for ACME generated cert if
# TLS request does not contain SNI.
default_host: ""
# ssl.enable_ssl (bool): Whether or not to enable SSL/TLS on gRPC
# connections (gRPCS).
enable_ssl: false
# ssl.host_whitelist ([]string): Cloud-Only
host_whitelist: []
# ssl.key_file (string): Path to a PEM encoded key file to use for TLS if
# not using ACME.
key_file: ""
# ssl.self_signed (bool): If true, a self-signed cert will be generated
# for TLS termination.
self_signed: false
# ssl.upgrade_insecure (bool): True if http requests should be redirected
# to https
upgrade_insecure: false
# ssl.use_acme (bool): Whether or not to automatically configure SSL certs
# using ACME. If ACME is enabled, cert_file and key_file should not be
# set.
use_acme: false
storage:
aws_s3:
# storage.aws_s3.bucket (string): The AWS S3 bucket to store files in.
bucket: ""
# storage.aws_s3.credentials_profile (string): A custom credentials
# profile to use.
credentials_profile: ""
# storage.aws_s3.disable_ssl (bool): Disables the use of SSL, useful
# for configuring the use of MinIO.
disable_ssl: false
# storage.aws_s3.endpoint (string): The AWS endpoint to use, useful
# for configuring the use of MinIO.
endpoint: ""
# storage.aws_s3.region (string): The AWS region.
region: ""
# storage.aws_s3.role_arn (string): The role ARN to use for web
# identity auth.
role_arn: ""
# storage.aws_s3.role_session_name (string): The role session name to
# use for web identity auth.
role_session_name: ""
# storage.aws_s3.s3_force_path_style (bool): Force path style urls for
# objects, useful for configuring the use of MinIO.
s3_force_path_style: false
# storage.aws_s3.static_credentials_id (string): Static credentials ID
# to use, useful for configuring the use of MinIO.
static_credentials_id: ""
# storage.aws_s3.static_credentials_secret (string): Static
# credentials secret to use, useful for configuring the use of MinIO.
static_credentials_secret: ""
# storage.aws_s3.static_credentials_token (string): Static credentials
# token to use, useful for configuring the use of MinIO.
static_credentials_token: ""
# storage.aws_s3.web_identity_token_file (string): The file path to
# the web identity token file.
web_identity_token_file: ""
azure:
# storage.azure.account_key (string): The key for the Azure storage
# account
account_key: ""
# storage.azure.account_name (string): The name of the Azure storage
# account
account_name: ""
# storage.azure.container_name (string): The name of the Azure storage
# container
container_name: ""
# storage.chunk_file_size_bytes (int): How many bytes to buffer in memory
# before flushing a chunk of build protocol data to disk.
chunk_file_size_bytes: 3000000
disk:
# storage.disk.root_directory (string): The root directory to store
# all blobs in, if using disk based storage.
root_directory: /tmp/buildbuddy
# storage.disk.use_v2_layout (bool): If enabled, files will be stored
# using the v2 layout. See disk_cache.MigrateToV2Layout for a
# description.
use_v2_layout: false
# storage.enable_chunked_event_logs (bool): If true, Event logs will be
# stored separately from the invocation proto in chunks.
enable_chunked_event_logs: false
gcs:
# storage.gcs.bucket (string): The name of the GCS bucket to store
# build artifact files in.
bucket: ""
# storage.gcs.credentials_file (string): A path to a JSON credentials
# file that will be used to authenticate to GCS.
credentials_file: ""
# storage.gcs.project_id (string): The Google Cloud project ID of the
# project owning the above credentials and GCS bucket.
project_id: ""
# storage.ttl_seconds (int): The time, in seconds, to keep invocations
# before deletion. 0 disables invocation deletion.
ttl_seconds: 0

BuildBuddy Server (Enterprise)

# Unstructured settings

# app_directory (string): the directory containing app binary files to host
app_directory: ""
# auto_migrate_db (bool): If true, attempt to automigrate the db when
# connecting
auto_migrate_db: true
# auto_migrate_db_and_exit (bool): If true, attempt to automigrate the db when
# connecting, then exit the program.
auto_migrate_db_and_exit: false
# cache_stats_finalization_delay (time.Duration): The time allowed for all
# metrics collectors across all apps to flush their local cache stats to the
# backing storage, before finalizing stats in the DB.
cache_stats_finalization_delay: 500ms
# cleanup_interval (time.Duration): How often the janitor cleanup tasks will
# run
cleanup_interval: 10m0s
# cleanup_workers (int): How many cleanup tasks to run
cleanup_workers: 1
# disable_ga (bool): If true; ga will be disabled
disable_ga: false
# disable_telemetry (bool): If true; telemetry will be disabled
disable_telemetry: false
# drop_invocation_pk_cols (bool): If true, attempt to drop invocation PK cols
drop_invocation_pk_cols: false
# exit_when_ready (bool): If set, the app will exit as soon as it becomes
# ready (useful for migrations)
exit_when_ready: false
# grpc_port (int): The port to listen for gRPC traffic on
grpc_port: 1985
# grpcs_port (int): The port to listen for gRPCS traffic on
grpcs_port: 1986
# internal_grpc_port (int): The port to listen for internal gRPC traffic on
internal_grpc_port: 1987
# internal_grpcs_port (int): The port to listen for internal gRPCS traffic on
internal_grpcs_port: 1988
# internal_http_port (int): The port to listen for internal HTTP traffic
internal_http_port: 0
# js_entry_point_path (string): Absolute URL path of the app JS entry point
js_entry_point_path: /app/app_bundle/app.js?hash={APP_BUNDLE_HASH}
# listen (string): The interface to listen on (default: 0.0.0.0)
listen: 0.0.0.0
# log_deletion_errors (bool): If true; log errors when ttl-deleting expired
# data
log_deletion_errors: false
# max_shutdown_duration (time.Duration): Time to wait for shutdown
max_shutdown_duration: 25s
# migrate_disk_cache_to_v2_and_exit (bool): If true, attempt to migrate disk
# cache to v2 layout.
migrate_disk_cache_to_v2_and_exit: false
# monitoring_port (int): The port to listen for monitoring traffic on
monitoring_port: 9090
# port (int): The port to listen for HTTP traffic on
port: 8080
# redis_command_buffer_flush_period (time.Duration): How long to wait between
# flushing buffered redis commands. Setting this to 0 will disable buffering
# at the cost of higher redis QPS.
redis_command_buffer_flush_period: 250ms
# server_type (string): The server type to match on health checks
server_type: buildbuddy-server
# ssl_port (int): The port to listen for HTTPS traffic on
ssl_port: 8081
# static_directory (string): the directory containing static files to host
static_directory: ""
# telemetry_endpoint (string): The telemetry endpoint to use
telemetry_endpoint: grpcs://t.buildbuddy.io:443
# telemetry_interval (time.Duration): How often telemetry data will be
# reported
telemetry_interval: 24h0m0s
# telemetry_port (int): The port on which to listen for telemetry events
telemetry_port: 9099
# verbose_telemetry_client (bool): If true; print telemetry client information
verbose_telemetry_client: false
# verbose_telemetry_server (bool): If true; print telemetry server information
verbose_telemetry_server: false
# zone_override (string): A value that will override the auto-detected zone.
# Ignored if empty
zone_override: ""

# Structured settings

api:
# api.api_key (string): The default API key to use for on-prem enterprise
# deploys with a single organization/group.
api_key: ""
# api.enable_api (bool): Whether or not to enable the BuildBuddy API.
enable_api: true
# api.enable_cache (bool): Whether or not to enable the API cache.
enable_cache: false
app:
# app.add_user_to_domain_group (bool): Cloud-Only
add_user_to_domain_group: false
# app.build_buddy_url (URL): The external URL where your BuildBuddy
# instance can be found.
build_buddy_url: http://localhost:8080
# app.cache_api_url (URL): Overrides the default remote cache protocol
# gRPC address shown by BuildBuddy on the configuration screen.
cache_api_url: ""
# app.code_editor_enabled (bool): If set, code editor functionality will
# be enabled.
code_editor_enabled: false
# app.create_group_per_user (bool): Cloud-Only
create_group_per_user: false
# app.default_redis_target (string): A Redis target for storing remote
# shared state. To ease migration, the redis target from the remote
# execution config will be used if this value is not specified.
default_redis_target: ""
default_sharded_redis:
# app.default_sharded_redis.password (string): Redis password
password: ""
# app.default_sharded_redis.shards ([]string): Ordered list of Redis
# shard addresses.
shards: []
# app.default_sharded_redis.username (string): Redis username
username: ""
# app.default_to_dense_mode (bool): Enables the dense UI mode by default.
default_to_dense_mode: false
# app.disable_cert_config (bool): If true, the certificate based auth
# option will not be shown in the config widget.
disable_cert_config: false
# app.enable_grpc_metrics_by_group_id (bool): If enabled, grpc metrics by
# group ID will be recorded
enable_grpc_metrics_by_group_id: false
# app.enable_prometheus_histograms (bool): If true, collect prometheus
# histograms for all RPCs
enable_prometheus_histograms: true
# app.enable_quota_management (bool): If set, quota management will be
# enabled
enable_quota_management: false
# app.enable_structured_logging (bool): If true, log messages will be
# json-formatted.
enable_structured_logging: false
# app.enable_target_tracking (bool): Cloud-Only
enable_target_tracking: false
# app.events_api_url (URL): Overrides the default build event protocol
# gRPC address shown by BuildBuddy on the configuration screen.
events_api_url: ""
# app.expanded_suggestions_enabled (bool): If set, enable more build
# suggestions in the UI.
expanded_suggestions_enabled: false
# app.global_filter_enabled (bool): If set, the global filter will be
# enabled in the UI.
global_filter_enabled: true
# app.grpc_max_recv_msg_size_bytes (int): Configures the max GRPC receive
# message size [bytes]
grpc_max_recv_msg_size_bytes: 50000000
# app.grpc_over_http_port_enabled (bool): Cloud-Only
grpc_over_http_port_enabled: false
# app.ignore_forced_tracing_header (bool): If set, we will not honor the
# forced tracing header.
ignore_forced_tracing_header: false
# app.log_enable_gcp_logging_format (bool): If true, the output structured
# logs will be compatible with format expected by GCP Logging.
log_enable_gcp_logging_format: false
# app.log_error_stack_traces (bool): If true, stack traces will be printed
# for errors that have them.
log_error_stack_traces: false
# app.log_include_short_file_name (bool): If true, log messages will
# include shortened originating file name.
log_include_short_file_name: false
# app.log_level (string): The desired log level. Logs with a level >= this
# level will be emitted. One of {'fatal', 'error', 'warn', 'info',
# 'debug'}
log_level: info
# app.no_default_user_group (bool): Cloud-Only
no_default_user_group: false
# app.region (string): The region in which the app is running.
region: ""
# app.remote_execution_api_url (URL): Overrides the default remote
# execution protocol gRPC address shown by BuildBuddy on the configuration
# screen.
remote_execution_api_url: ""
# app.require_invocation_event_parse_on_read (bool): If true, invocation
# responses will be filled from database values and then by parsing the
# events on read.
require_invocation_event_parse_on_read: false
# app.test_grid_v2_enabled (bool): Whether to enable test grid V2
test_grid_v2_enabled: true
# app.trace_fraction (float64): Fraction of requests to sample for
# tracing.
trace_fraction: 0
# app.trace_fraction_overrides ([]string): Tracing fraction override based
# on name in format name=fraction.
trace_fraction_overrides: []
# app.trace_jaeger_collector (string): Address of the Jager collector
# endpoint where traces will be sent.
trace_jaeger_collector: ""
# app.trace_project_id (string): Optional GCP project ID to export traces
# to. If not specified, determined from default credentials or metadata
# server if running on GCP.
trace_project_id: ""
# app.trace_service_name (string): Name of the service to associate with
# traces.
trace_service_name: ""
# app.usage_enabled (bool): If set, the usage page will be enabled in the
# UI.
usage_enabled: false
# app.usage_start_date (string): If set, usage data will only be viewable
# on or after this timestamp. Specified in RFC3339 format, like
# 2021-10-01T00:00:00Z
usage_start_date: ""
# app.usage_tracking_enabled (bool): If set, enable usage data collection.
usage_tracking_enabled: false
# app.user_management_enabled (bool): If set, the user management page
# will be enabled in the UI.
user_management_enabled: true
auth:
# auth.admin_group_id (string): ID of a group whose members can perform
# actions only accessible to server admins.
admin_group_id: ""
# auth.api_key_group_cache_ttl (time.Duration): TTL for API Key to Group
# caching. Set to '0' to disable cache.
api_key_group_cache_ttl: 5m0s
# auth.disable_refresh_token (bool): If true, the offline_access scope
# which requests refresh tokens will not be requested.
disable_refresh_token: false
# auth.enable_anonymous_usage (bool): If true, unauthenticated build
# uploads will still be allowed but won't be associated with your
# organization.
enable_anonymous_usage: false
# auth.enable_self_auth (bool): If true, enables a single user login via
# an oauth provider on the buildbuddy server. Recommend use only when
# server is behind a firewall; this option may allow anyone with access to
# the webpage admin rights to your buildbuddy installation. ** Enterprise
# only **
enable_self_auth: false
# auth.https_only_cookies (bool): If true, cookies will only be set over
# https connections.
https_only_cookies: false
# auth.jwt_key (string): The key to use when signing JWT tokens.
jwt_key: set_the_jwt_in_config
# auth.oauth_providers ([]auth.OauthProvider): The list of oauth providers
# to use to authenticate.
oauth_providers: []
# For example:
# - issuer_url: "" # The issuer URL of this OIDC Provider. (type: string)
# client_id: "" # The oauth client ID. (type: string)
# client_secret: "" # The oauth client secret. (type: string)
# slug: "" # The slug of this OIDC Provider. (type: string)

saml:
# auth.saml.cert_file (string): Path to a PEM encoded certificate file
# used for SAML auth.
cert_file: ""
# auth.saml.key_file (string): Path to a PEM encoded certificate key
# file used for SAML auth.
key_file: ""
build_event_proxy:
# build_event_proxy.buffer_size (int): The number of build events to
# buffer locally when proxying build events.
buffer_size: 100
# build_event_proxy.hosts ([]string): The list of hosts to pass build
# events onto.
hosts: []
cache:
client:
# cache.client.enable_upload_compression (bool): If true, enable
# compression of uploads to remote caches
enable_upload_compression: false
# cache.detailed_stats_enabled (bool): Whether to enable detailed stats
# recording for all cache requests.
detailed_stats_enabled: false
disk:
# cache.disk.enable_live_updates (bool): If set, enable live updates
# of disk cache adds / removes
enable_live_updates: false
# cache.disk.partition_mappings ([]disk.PartitionMapping)
partition_mappings: []
# For example:
# - group_id: "" # The Group ID to which this mapping applies. (type: string)
# prefix: "" # The remote instance name prefix used to select this partition. (type: string)
# partition_id: "" # The partition to use if the Group ID and prefix match. (type: string)

# cache.disk.partitions ([]disk.Partition)
partitions: []
# For example:
# - id: "" # The ID of the partition. (type: string)
# max_size_bytes: 0 # Maximum size of the partition. (type: int64)

# cache.disk.root_directory (string): The root directory to store all
# blobs in, if using disk based storage.
root_directory: ""
# cache.disk.use_v2_layout (bool): If enabled, files will be stored
# using the v2 layout. See disk_cache.MigrateToV2Layout for a
# description.
use_v2_layout: false
distributed_cache:
# cache.distributed_cache.cluster_size (int): The total number of
# nodes in this cluster. Required for health checking. ** Enterprise
# only **
cluster_size: 0
# cache.distributed_cache.enable_local_writes (bool): If enabled,
# shortcuts distributed writes that belong to the local shard to local
# cache instead of making an RPC.
enable_local_writes: false
# cache.distributed_cache.group_name (string): A unique name for this
# distributed cache group. ** Enterprise only **
group_name: ""
# cache.distributed_cache.listen_addr (string): The address to listen
# for local BuildBuddy distributed cache traffic on.
listen_addr: ""
# cache.distributed_cache.nodes ([]string): The hardcoded list of peer
# distributed cache nodes. If this is set, redis_target will be
# ignored. ** Enterprise only **
nodes: []
# cache.distributed_cache.redis_target (string): A redis target for
# improved Caching/RBE performance. Target can be provided as either a
# redis connection URI or a host:port pair. URI schemas supported:
# redis[s]://[[USER][:PASSWORD]@][HOST][:PORT][/DATABASE] or
# unix://[[USER][:PASSWORD]@]SOCKET_PATH[?db=DATABASE] ** Enterprise
# only **
redis_target: ""
# cache.distributed_cache.replication_factor (int): How many total
# servers the data should be replicated to. Must be >= 1. **
# Enterprise only **
replication_factor: 0
# cache.enable_query_write_status_cache_check (bool): If enabled,
# QueryWriteStatus ByteStream RPC will check whether digest is present in
# the cache.
enable_query_write_status_cache_check: false
# cache.enable_tree_caching (bool): If true, cache GetTree responses (full
# and partial)
enable_tree_caching: true
gcs:
# cache.gcs.bucket (string): The name of the GCS bucket to store cache
# files in.
bucket: ""
# cache.gcs.credentials_file (string): A path to a JSON credentials
# file that will be used to authenticate to GCS.
credentials_file: ""
# cache.gcs.project_id (string): The Google Cloud project ID of the
# project owning the above credentials and GCS bucket.
project_id: ""
# cache.gcs.ttl_days (int64): The period after which cache files
# should be TTLd. Disabled if 0.
ttl_days: 0
# cache.in_memory (bool): Whether or not to use the in_memory cache.
in_memory: false
# cache.max_size_bytes (int64): How big to allow the cache to be (in
# bytes).
max_size_bytes: 10000000000
# cache.memcache_targets ([]string): Deprecated. Use Redis Target instead.
memcache_targets: []
pebble:
# cache.pebble.atime_buffer_size (int): Buffer up to this many atime
# updates in a channel before dropping atime updates
atime_buffer_size: 100000
# cache.pebble.atime_update_threshold (time.Duration): Don't update
# atime if it was updated more recently than this
atime_update_threshold: 10m0s
# cache.pebble.atime_write_batch_size (int): Buffer this many writes
# before writing atime data
atime_write_batch_size: 1000
# cache.pebble.block_cache_size_bytes (int64): How much ram to give
# the block cache
block_cache_size_bytes: 1000000000
# cache.pebble.clear_cache_before_migration (bool): If set, clear any
# existing cache content before migrating
clear_cache_before_migration: false
# cache.pebble.dir_deletion_delay (time.Duration): How old directories
# must be before being eligible for deletion when empty
dir_deletion_delay: 1h0m0s
# cache.pebble.force_allow_migration (bool): If set, allow migrating
# into an existing pebble cache
force_allow_migration: false
# cache.pebble.max_inline_file_size_bytes (int64): Files smaller than
# this may be inlined directly into pebble
max_inline_file_size_bytes: 1024
# cache.pebble.migrate_from_disk_dir (string): If set, attempt to
# migrate this disk dir to a new pebble cache
migrate_from_disk_dir: ""
# cache.pebble.min_eviction_age (time.Duration): Don't evict anything
# unless it's been idle for at least this long
min_eviction_age: 6h0m0s
# cache.pebble.mirror_active_disk_cache (bool): Alias for
# cache.disk.enable_live_updates
mirror_active_disk_cache: false
# cache.pebble.orphan_delete_dry_run (bool): If set, log orphaned
# files instead of deleting them
orphan_delete_dry_run: true
# cache.pebble.partition_mappings ([]disk.PartitionMapping)
partition_mappings: []
# For example:
# - group_id: "" # The Group ID to which this mapping applies. (type: string)
# prefix: "" # The remote instance name prefix used to select this partition. (type: string)
# partition_id: "" # The partition to use if the Group ID and prefix match. (type: string)

# cache.pebble.partitions ([]disk.Partition)
partitions: []
# For example:
# - id: "" # The ID of the partition. (type: string)
# max_size_bytes: 0 # Maximum size of the partition. (type: int64)

# cache.pebble.root_directory (string): The root directory to store
# the database in.
root_directory: ""
# cache.pebble.scan_for_orphaned_files (bool): If true, scan for
# orphaned files
scan_for_orphaned_files: false
raft:
# cache.raft.grpc_port (int): The address to listen for internal API
# traffic on. Ex. '1993'
grpc_port: 0
# cache.raft.http_port (int): The address to listen for HTTP raft
# traffic. Ex. '1992'
http_port: 0
# cache.raft.join ([]string): The list of nodes to use when joining
# clusters Ex. '1.2.3.4:1991,2.3.4.5:1991...'
join: []
# cache.raft.listen_addr (string): The address to listen for local
# gossip traffic on. Ex. 'localhost:1991
listen_addr: ""
# cache.raft.root_directory (string): The root directory to use for
# storing cached data.
root_directory: ""
redis:
# cache.redis.max_value_size_bytes (int64): The maximum value size to
# cache in redis (in bytes).
max_value_size_bytes: 10000000
# cache.redis.redis_target (string): A redis target for improved
# Caching/RBE performance. Target can be provided as either a redis
# connection URI or a host:port pair. URI schemas supported:
# redis[s]://[[USER][:PASSWORD]@][HOST][:PORT][/DATABASE] or
# unix://[[USER][:PASSWORD]@]SOCKET_PATH[?db=DATABASE] ** Enterprise
# only **
redis_target: ""
sharded:
# cache.redis.sharded.password (string): Redis password
password: ""
# cache.redis.sharded.shards ([]string): Ordered list of Redis
# shard addresses.
shards: []
# cache.redis.sharded.username (string): Redis username
username: ""
# cache.redis_target (string): A redis target for improved Caching/RBE
# performance. Target can be provided as either a redis connection URI or
# a host:port pair. URI schemas supported:
# redis[s]://[[USER][:PASSWORD]@][HOST][:PORT][/DATABASE] or
# unix://[[USER][:PASSWORD]@]SOCKET_PATH[?db=DATABASE] ** Enterprise only
# **
redis_target: ""
s3:
# cache.s3.bucket (string): The AWS S3 bucket to store files in.
bucket: ""
# cache.s3.credentials_profile (string): A custom credentials profile
# to use.
credentials_profile: ""
# cache.s3.disable_ssl (bool): Disables the use of SSL, useful for
# configuring the use of MinIO.
disable_ssl: false
# cache.s3.endpoint (string): The AWS endpoint to use, useful for
# configuring the use of MinIO.
endpoint: ""
# cache.s3.region (string): The AWS region.
region: ""
# cache.s3.role_arn (string): The role ARN to use for web identity
# auth.
role_arn: ""
# cache.s3.role_session_name (string): The role session name to use
# for web identity auth.
role_session_name: ""
# cache.s3.s3_force_path_style (bool): Force path style urls for
# objects, useful for configuring the use of MinIO.
s3_force_path_style: false
# cache.s3.static_credentials_id (string): Static credentials ID to
# use, useful for configuring the use of MinIO.
static_credentials_id: ""
# cache.s3.static_credentials_secret (string): Static credentials
# secret to use, useful for configuring the use of MinIO.
static_credentials_secret: ""
# cache.s3.static_credentials_token (string): Static credentials token
# to use, useful for configuring the use of MinIO.
static_credentials_token: ""
# cache.s3.ttl_days (int64): The period after which cache files should
# be TTLd. Disabled if 0.
ttl_days: 0
# cache.s3.web_identity_token_file (string): The file path to the web
# identity token file.
web_identity_token_file: ""
# cache.tree_cache_seed (string): If set, hash this with digests before
# caching / reading from tree cache
tree_cache_seed: treecache-07012022
# cache.zstd_transcoding_enabled (bool): Whether to accept requests to
# read/write zstd-compressed blobs, compressing/decompressing
# outgoing/incoming blobs on the fly.
zstd_transcoding_enabled: false
database:
# database.conn_max_lifetime_seconds (int): The maximum lifetime of a
# connection to the db
conn_max_lifetime_seconds: 0
# database.data_source (string): The SQL database to connect to, specified
# as a connection string.
data_source: sqlite3:///tmp/buildbuddy.db
# database.log_queries (bool): If true, log all queries
log_queries: false
# database.max_idle_conns (int): The maximum number of idle connections to
# maintain to the db
max_idle_conns: 0
# database.max_open_conns (int): The maximum number of open connections to
# maintain to the db
max_open_conns: 0
# database.read_replica (string): A secondary, read-only SQL database to
# connect to, specified as a connection string.
read_replica: ""
# database.slow_query_threshold (time.Duration): Queries longer than this
# duration will be logged with a 'Slow SQL' warning.
slow_query_threshold: 500ms
# database.stats_poll_interval (time.Duration): How often to poll the DB
# client for connection stats (default: '5s').
stats_poll_interval: 5s
executor:
# executor.default_image (string): The default docker image to use to warm
# up executors or if no platform property is set. Ex:
# gcr.io/flame-public/executor-docker-default:enterprise-v1.5.4
default_image: gcr.io/flame-public/executor-docker-default:enterprise-v1.6.0
# executor.default_isolation_type (string): The default workload isolation
# type when no type is specified in an action. If not set, we use the
# first of the following that is set: docker, firecracker, podman, or
# barerunner
default_isolation_type: ""
# executor.default_xcode_version (string): Sets the default Xcode version
# number to use if an action doesn't specify one. If not set,
# /Applications/Xcode.app/ is used.
default_xcode_version: ""
# executor.docker_socket (string): If set, run execution commands in
# docker using the provided socket.
docker_socket: ""
# executor.enable_bare_runner (bool): Enables running execution commands
# directly on the host without isolation.
enable_bare_runner: false
# executor.enable_firecracker (bool): Enables running execution commands
# inside of firecracker VMs
enable_firecracker: false
# executor.enable_podman (bool): Enables running execution commands inside
# podman container.
enable_podman: false
# executor.enable_sandbox (bool): Enables running execution commands
# inside of sandbox-exec.
enable_sandbox: false
# executor.enable_vfs (bool): Whether FUSE based filesystem is enabled.
enable_vfs: false
# executor.extra_env_vars ([]string): Additional environment variables to
# pass to remotely executed actions. i.e. MY_ENV_VAR=foo
extra_env_vars: []
# executor.memory_bytes (int64): Optional maximum memory to allocate to
# execution tasks (approximate). Cannot set both this option and the
# SYS_MEMORY_BYTES env var.
memory_bytes: 0
# executor.millicpu (int64): Optional maximum CPU milliseconds to allocate
# to execution tasks (approximate). Cannot set both this option and the
# SYS_MILLICPU env var.
millicpu: 0
github:
# github.access_token (string): The GitHub access token used to post
# GitHub commit statuses. ** Enterprise only **
access_token: ""
# github.client_id (string): The client ID of your GitHub Oauth App. **
# Enterprise only **
client_id: ""
# github.client_secret (string): The client secret of your GitHub Oauth
# App. ** Enterprise only **
client_secret: ""
# github.status_name_suffix (string): Suffix to be appended to all
# reported GitHub status names. Useful for differentiating BuildBuddy
# deployments. For example: '(dev)' ** Enterprise only **
status_name_suffix: ""
# github.status_per_test_target (bool): If true, report status per test
# target. ** Enterprise only **
status_per_test_target: false
integrations:
invocation_upload:
# integrations.invocation_upload.enabled (bool): Whether to upload
# webhook data to the webhook URL configured per-Group. ** Enterprise
# only **
enabled: false
# integrations.invocation_upload.gcs_credentials (string): Credentials
# JSON for the Google service account used to authenticate when GCS is
# used as the invocation upload target. ** Enterprise only **
gcs_credentials: ""
slack:
# integrations.slack.webhook_url (string): A Slack webhook url to post
# build update messages to.
webhook_url: ""
org:
# org.domain (string): Your organization's email domain. If this is set,
# only users with email addresses in this domain will be able to register
# for a BuildBuddy account.
domain: ""
# org.name (string): The name of your organization, which is displayed on
# your organization's build history.
name: ""
registry:
# registry.enabled (bool): Whether to enable registry services
enabled: false
# registry.image_converter_backend (string): gRPC endpoint of the image
# converter service
image_converter_backend: ""
remote_execution:
# remote_execution.default_pool_name (string): The default executor pool
# to use if one is not specified.
default_pool_name: ""
# remote_execution.enable_action_merging (bool): If enabled, identical
# actions being executed concurrently are merged into a single execution.
enable_action_merging: true
# remote_execution.enable_executor_key_creation (bool): If enabled, UI
# will allow executor keys to be created.
enable_executor_key_creation: false
# remote_execution.enable_redis_availability_monitoring (bool): If
# enabled, the execution server will detect if Redis has lost state and
# will ask Bazel to retry executions.
enable_redis_availability_monitoring: false
# remote_execution.enable_remote_exec (bool): If true, enable remote-exec.
# ** Enterprise only **
enable_remote_exec: true
# remote_execution.enable_user_owned_executors (bool): If enabled, users
# can register their own executors with the scheduler.
enable_user_owned_executors: false
# remote_execution.enable_workflows (bool): Whether to enable BuildBuddy
# workflows.
enable_workflows: false
# remote_execution.force_user_owned_darwin_executors (bool): If enabled,
# darwin actions will always run on user-owned executors.
force_user_owned_darwin_executors: false
# remote_execution.redis_pubsub_pool_size (int): Maximum number of
# connections used for waiting for execution updates.
redis_pubsub_pool_size: 10000
# remote_execution.redis_target (string): A Redis target for storing
# remote execution state. Falls back to app.default_redis_target if
# unspecified. Required for remote execution. To ease migration, the redis
# target from the cache config will be used if neither this value nor
# app.default_redis_target are specified.
redis_target: ""
# remote_execution.remove_stale_executors (bool): If true, executors are
# removed if they are not heard from for a prolonged amount of time.
remove_stale_executors: false
# remote_execution.require_executor_authorization (bool): If true,
# executors connecting to this server must provide a valid executor API
# key.
require_executor_authorization: false
sharded_redis:
# remote_execution.sharded_redis.password (string): Redis password
password: ""
# remote_execution.sharded_redis.shards ([]string): Ordered list of
# Redis shard addresses.
shards: []
# remote_execution.sharded_redis.username (string): Redis username
username: ""
# remote_execution.shared_executor_pool_group_id (string): Group ID that
# owns the shared executor pool.
shared_executor_pool_group_id: ""
# remote_execution.use_measured_task_sizes (bool): Whether to use measured
# usage stats to determine task sizes.
use_measured_task_sizes: false
# remote_execution.workflows_ci_runner_bazel_command (string): Bazel
# command to be used by the CI runner.
workflows_ci_runner_bazel_command: ""
# remote_execution.workflows_ci_runner_debug (bool): Whether to run the CI
# runner in debug mode.
workflows_ci_runner_debug: false
# remote_execution.workflows_default_image (string): The default docker
# image to use for running workflows.
workflows_default_image: ""
# remote_execution.workflows_enable_firecracker (bool): Whether to enable
# firecracker for Linux workflow actions.
workflows_enable_firecracker: false
# remote_execution.workflows_linux_compute_units (int): Number of
# BuildBuddy compute units (BCU) to reserve for Linux workflow actions.
workflows_linux_compute_units: 3
# remote_execution.workflows_mac_compute_units (int): Number of BuildBuddy
# compute units (BCU) to reserve for Mac workflow actions.
workflows_mac_compute_units: 3
# remote_execution.workflows_pool_name (string): The executor pool to use
# for workflow actions. Defaults to the default executor pool if not
# specified.
workflows_pool_name: ""
ssl:
# ssl.cert_file (string): Path to a PEM encoded certificate file to use
# for TLS if not using ACME.
cert_file: ""
# ssl.client_ca_cert_file (string): Path to a PEM encoded certificate
# authority file used to issue client certificates for mTLS auth.
client_ca_cert_file: ""
# ssl.client_ca_key_file (string): Path to a PEM encoded certificate
# authority key file used to issue client certificates for mTLS auth.
client_ca_key_file: ""
# ssl.default_host (string): Host name to use for ACME generated cert if
# TLS request does not contain SNI.
default_host: ""
# ssl.enable_ssl (bool): Whether or not to enable SSL/TLS on gRPC
# connections (gRPCS).
enable_ssl: false
# ssl.host_whitelist ([]string): Cloud-Only
host_whitelist: []
# ssl.key_file (string): Path to a PEM encoded key file to use for TLS if
# not using ACME.
key_file: ""
# ssl.self_signed (bool): If true, a self-signed cert will be generated
# for TLS termination.
self_signed: false
# ssl.upgrade_insecure (bool): True if http requests should be redirected
# to https
upgrade_insecure: false
# ssl.use_acme (bool): Whether or not to automatically configure SSL certs
# using ACME. If ACME is enabled, cert_file and key_file should not be
# set.
use_acme: false
storage:
aws_s3:
# storage.aws_s3.bucket (string): The AWS S3 bucket to store files in.
bucket: ""
# storage.aws_s3.credentials_profile (string): A custom credentials
# profile to use.
credentials_profile: ""
# storage.aws_s3.disable_ssl (bool): Disables the use of SSL, useful
# for configuring the use of MinIO.
disable_ssl: false
# storage.aws_s3.endpoint (string): The AWS endpoint to use, useful
# for configuring the use of MinIO.
endpoint: ""
# storage.aws_s3.region (string): The AWS region.
region: ""
# storage.aws_s3.role_arn (string): The role ARN to use for web
# identity auth.
role_arn: ""
# storage.aws_s3.role_session_name (string): The role session name to
# use for web identity auth.
role_session_name: ""
# storage.aws_s3.s3_force_path_style (bool): Force path style urls for
# objects, useful for configuring the use of MinIO.
s3_force_path_style: false
# storage.aws_s3.static_credentials_id (string): Static credentials ID
# to use, useful for configuring the use of MinIO.
static_credentials_id: ""
# storage.aws_s3.static_credentials_secret (string): Static
# credentials secret to use, useful for configuring the use of MinIO.
static_credentials_secret: ""
# storage.aws_s3.static_credentials_token (string): Static credentials
# token to use, useful for configuring the use of MinIO.
static_credentials_token: ""
# storage.aws_s3.web_identity_token_file (string): The file path to
# the web identity token file.
web_identity_token_file: ""
azure:
# storage.azure.account_key (string): The key for the Azure storage
# account
account_key: ""
# storage.azure.account_name (string): The name of the Azure storage
# account
account_name: ""
# storage.azure.container_name (string): The name of the Azure storage
# container
container_name: ""
# storage.chunk_file_size_bytes (int): How many bytes to buffer in memory
# before flushing a chunk of build protocol data to disk.
chunk_file_size_bytes: 3000000
disk:
# storage.disk.root_directory (string): The root directory to store
# all blobs in, if using disk based storage.
root_directory: /tmp/buildbuddy
# storage.disk.use_v2_layout (bool): If enabled, files will be stored
# using the v2 layout. See disk_cache.MigrateToV2Layout for a
# description.
use_v2_layout: false
# storage.enable_chunked_event_logs (bool): If true, Event logs will be
# stored separately from the invocation proto in chunks.
enable_chunked_event_logs: false
gcs:
# storage.gcs.bucket (string): The name of the GCS bucket to store
# build artifact files in.
bucket: ""
# storage.gcs.credentials_file (string): A path to a JSON credentials
# file that will be used to authenticate to GCS.
credentials_file: ""
# storage.gcs.project_id (string): The Google Cloud project ID of the
# project owning the above credentials and GCS bucket.
project_id: ""
# storage.ttl_seconds (int): The time, in seconds, to keep invocations
# before deletion. 0 disables invocation deletion.
ttl_seconds: 0

BuildBuddy Executor

# Unstructured settings

# debug_stream_command_outputs (bool): If true, stream command outputs to the
# terminal. Intended for debugging purposes only and should not be used in
# production.
debug_stream_command_outputs: false
# debug_use_local_images_only (bool): Do not pull OCI images and only used
# locally cached images. This can be set to test local image builds during
# development without needing to push to a container registry. Not intended
# for production use.
debug_use_local_images_only: false
# docker_cap_add (string): Sets --cap-add= on the docker command. Comma
# separated.
docker_cap_add: ""
# drop_invocation_pk_cols (bool): If true, attempt to drop invocation PK cols
drop_invocation_pk_cols: false
# grpc_port (int): The port to listen for gRPC traffic on
grpc_port: 1985
# grpcs_port (int): The port to listen for gRPCS traffic on
grpcs_port: 1986
# internal_grpc_port (int): The port to listen for internal gRPC traffic on
internal_grpc_port: 1987
# internal_grpcs_port (int): The port to listen for internal gRPCS traffic on
internal_grpcs_port: 1988
# listen (string): The interface to listen on (default: 0.0.0.0)
listen: 0.0.0.0
# max_shutdown_duration (time.Duration): Time to wait for shutdown
max_shutdown_duration: 25s
# monitoring_port (int): The port to listen for monitoring traffic on
monitoring_port: 9090
# podman_runtime (string): Enables running podman with other runtimes, like
# gVisor (runsc).
podman_runtime: ""
# port (int): The port to listen for HTTP traffic on
port: 8080
# redis_command_buffer_flush_period (time.Duration): How long to wait between
# flushing buffered redis commands. Setting this to 0 will disable buffering
# at the cost of higher redis QPS.
redis_command_buffer_flush_period: 250ms
# server_type (string): The server type to match on health checks
server_type: prod-buildbuddy-executor
# zone_override (string): A value that will override the auto-detected zone.
# Ignored if empty
zone_override: ""

# Structured settings

app:
# app.build_buddy_url (URL): The external URL where your BuildBuddy
# instance can be found.
build_buddy_url: http://localhost:8080
# app.cache_api_url (URL): Overrides the default remote cache protocol
# gRPC address shown by BuildBuddy on the configuration screen.
cache_api_url: ""
# app.default_redis_target (string): A Redis target for storing remote
# shared state. To ease migration, the redis target from the remote
# execution config will be used if this value is not specified.
default_redis_target: ""
default_sharded_redis:
# app.default_sharded_redis.password (string): Redis password
password: ""
# app.default_sharded_redis.shards ([]string): Ordered list of Redis
# shard addresses.
shards: []
# app.default_sharded_redis.username (string): Redis username
username: ""
# app.enable_grpc_metrics_by_group_id (bool): If enabled, grpc metrics by
# group ID will be recorded
enable_grpc_metrics_by_group_id: false
# app.enable_prometheus_histograms (bool): If true, collect prometheus
# histograms for all RPCs
enable_prometheus_histograms: true
# app.enable_structured_logging (bool): If true, log messages will be
# json-formatted.
enable_structured_logging: false
# app.events_api_url (URL): Overrides the default build event protocol
# gRPC address shown by BuildBuddy on the configuration screen.
events_api_url: ""
# app.grpc_max_recv_msg_size_bytes (int): Configures the max GRPC receive
# message size [bytes]
grpc_max_recv_msg_size_bytes: 50000000
# app.grpc_over_http_port_enabled (bool): Cloud-Only
grpc_over_http_port_enabled: false
# app.ignore_forced_tracing_header (bool): If set, we will not honor the
# forced tracing header.
ignore_forced_tracing_header: false
# app.log_enable_gcp_logging_format (bool): If true, the output structured
# logs will be compatible with format expected by GCP Logging.
log_enable_gcp_logging_format: false
# app.log_error_stack_traces (bool): If true, stack traces will be printed
# for errors that have them.
log_error_stack_traces: false
# app.log_include_short_file_name (bool): If true, log messages will
# include shortened originating file name.
log_include_short_file_name: false
# app.log_level (string): The desired log level. Logs with a level >= this
# level will be emitted. One of {'fatal', 'error', 'warn', 'info',
# 'debug'}
log_level: info
# app.trace_fraction (float64): Fraction of requests to sample for
# tracing.
trace_fraction: 0
# app.trace_fraction_overrides ([]string): Tracing fraction override based
# on name in format name=fraction.
trace_fraction_overrides: []
# app.trace_jaeger_collector (string): Address of the Jager collector
# endpoint where traces will be sent.
trace_jaeger_collector: ""
# app.trace_project_id (string): Optional GCP project ID to export traces
# to. If not specified, determined from default credentials or metadata
# server if running on GCP.
trace_project_id: ""
# app.trace_service_name (string): Name of the service to associate with
# traces.
trace_service_name: ""
auth:
# auth.admin_group_id (string): ID of a group whose members can perform
# actions only accessible to server admins.
admin_group_id: ""
# auth.api_key_group_cache_ttl (time.Duration): TTL for API Key to Group
# caching. Set to '0' to disable cache.
api_key_group_cache_ttl: 5m0s
# auth.disable_refresh_token (bool): If true, the offline_access scope
# which requests refresh tokens will not be requested.
disable_refresh_token: false
# auth.enable_anonymous_usage (bool): If true, unauthenticated build
# uploads will still be allowed but won't be associated with your
# organization.
enable_anonymous_usage: false
# auth.enable_self_auth (bool): If true, enables a single user login via
# an oauth provider on the buildbuddy server. Recommend use only when
# server is behind a firewall; this option may allow anyone with access to
# the webpage admin rights to your buildbuddy installation. ** Enterprise
# only **
enable_self_auth: false
# auth.https_only_cookies (bool): If true, cookies will only be set over
# https connections.
https_only_cookies: false
# auth.jwt_key (string): The key to use when signing JWT tokens.
jwt_key: set_the_jwt_in_config
# auth.oauth_providers ([]auth.OauthProvider): The list of oauth providers
# to use to authenticate.
oauth_providers: []
# For example:
# - issuer_url: "" # The issuer URL of this OIDC Provider. (type: string)
# client_id: "" # The oauth client ID. (type: string)
# client_secret: "" # The oauth client secret. (type: string)
# slug: "" # The slug of this OIDC Provider. (type: string)
cache:
client:
# cache.client.enable_download_compression (bool): If true, enable
# compression of downloads from remote caches
enable_download_compression: false
# cache.client.enable_upload_compression (bool): If true, enable
# compression of uploads to remote caches
enable_upload_compression: false
# cache.detailed_stats_enabled (bool): Whether to enable detailed stats
# recording for all cache requests.
detailed_stats_enabled: false
# cache.enable_query_write_status_cache_check (bool): If enabled,
# QueryWriteStatus ByteStream RPC will check whether digest is present in
# the cache.
enable_query_write_status_cache_check: false
# cache.enable_tree_caching (bool): If true, cache GetTree responses (full
# and partial)
enable_tree_caching: true
gcs:
# cache.gcs.bucket (string): The name of the GCS bucket to store cache
# files in.
bucket: ""
# cache.gcs.credentials_file (string): A path to a JSON credentials
# file that will be used to authenticate to GCS.
credentials_file: ""
# cache.gcs.project_id (string): The Google Cloud project ID of the
# project owning the above credentials and GCS bucket.
project_id: ""
# cache.gcs.ttl_days (int64): The period after which cache files
# should be TTLd. Disabled if 0.
ttl_days: 0
# cache.memcache_targets ([]string): Deprecated. Use Redis Target instead.
memcache_targets: []
redis:
# cache.redis.max_value_size_bytes (int64): The maximum value size to
# cache in redis (in bytes).
max_value_size_bytes: 10000000
# cache.redis.redis_target (string): A redis target for improved
# Caching/RBE performance. Target can be provided as either a redis
# connection URI or a host:port pair. URI schemas supported:
# redis[s]://[[USER][:PASSWORD]@][HOST][:PORT][/DATABASE] or
# unix://[[USER][:PASSWORD]@]SOCKET_PATH[?db=DATABASE] ** Enterprise
# only **
redis_target: ""
sharded:
# cache.redis.sharded.password (string): Redis password
password: ""
# cache.redis.sharded.shards ([]string): Ordered list of Redis
# shard addresses.
shards: []
# cache.redis.sharded.username (string): Redis username
username: ""
# cache.redis_target (string): A redis target for improved Caching/RBE
# performance. Target can be provided as either a redis connection URI or
# a host:port pair. URI schemas supported:
# redis[s]://[[USER][:PASSWORD]@][HOST][:PORT][/DATABASE] or
# unix://[[USER][:PASSWORD]@]SOCKET_PATH[?db=DATABASE] ** Enterprise only
# **
redis_target: ""
s3:
# cache.s3.bucket (string): The AWS S3 bucket to store files in.
bucket: ""
# cache.s3.credentials_profile (string): A custom credentials profile
# to use.
credentials_profile: ""
# cache.s3.disable_ssl (bool): Disables the use of SSL, useful for
# configuring the use of MinIO.
disable_ssl: false
# cache.s3.endpoint (string): The AWS endpoint to use, useful for
# configuring the use of MinIO.
endpoint: ""
# cache.s3.region (string): The AWS region.
region: ""
# cache.s3.role_arn (string): The role ARN to use for web identity
# auth.
role_arn: ""
# cache.s3.role_session_name (string): The role session name to use
# for web identity auth.
role_session_name: ""
# cache.s3.s3_force_path_style (bool): Force path style urls for
# objects, useful for configuring the use of MinIO.
s3_force_path_style: false
# cache.s3.static_credentials_id (string): Static credentials ID to
# use, useful for configuring the use of MinIO.
static_credentials_id: ""
# cache.s3.static_credentials_secret (string): Static credentials
# secret to use, useful for configuring the use of MinIO.
static_credentials_secret: ""
# cache.s3.static_credentials_token (string): Static credentials token
# to use, useful for configuring the use of MinIO.
static_credentials_token: ""
# cache.s3.ttl_days (int64): The period after which cache files should
# be TTLd. Disabled if 0.
ttl_days: 0
# cache.s3.web_identity_token_file (string): The file path to the web
# identity token file.
web_identity_token_file: ""
# cache.tree_cache_seed (string): If set, hash this with digests before
# caching / reading from tree cache
tree_cache_seed: treecache-07012022
# cache.zstd_transcoding_enabled (bool): Whether to accept requests to
# read/write zstd-compressed blobs, compressing/decompressing
# outgoing/incoming blobs on the fly.
zstd_transcoding_enabled: false
executor:
# executor.api_key (string): API Key used to authorize the executor with
# the BuildBuddy app server.
api_key: ""
# executor.app_target (string): The GRPC url of a buildbuddy app server.
app_target: grpcs://remote.buildbuddy.io
bare:
# executor.bare.enable_stats (bool): Whether to enable stats for bare
# command execution.
enable_stats: false
# executor.container_registries ([]container.ContainerRegistry)
container_registries: []
# For example:
# - hostnames: [] # (type: []string)
# username: "" # (type: string)
# password: "" # (type: string)

# executor.context_based_shutdown_enabled (bool): Whether to remove
# runners using context cancelation. This is a transitional flag that will
# be removed in a future executor version.
context_based_shutdown_enabled: false
# executor.default_image (string): The default docker image to use to warm
# up executors or if no platform property is set. Ex:
# gcr.io/flame-public/executor-docker-default:enterprise-v1.5.4
default_image: gcr.io/flame-public/executor-docker-default:enterprise-v1.6.0
# executor.default_isolation_type (string): The default workload isolation
# type when no type is specified in an action. If not set, we use the
# first of the following that is set: docker, firecracker, podman, or
# barerunner
default_isolation_type: ""
# executor.default_xcode_version (string): Sets the default Xcode version
# number to use if an action doesn't specify one. If not set,
# /Applications/Xcode.app/ is used.
default_xcode_version: ""
# executor.disable_local_cache (bool): If true, a local file cache will
# not be used.
disable_local_cache: false
# executor.docker_devices ([]container.DockerDeviceMapping): Configure
# (docker) devices that will be available inside the sandbox container.
# Format is
# --executor.docker_devices='[{"PathOnHost":"/dev/foo","PathInContainer":"/some/dest","CgroupPermissions":"see,docker,docs"}]'
docker_devices: []
# For example:
# - path_on_host: "" # path to device that should be mapped from the host. (type: string)
# path_in_container: "" # path under which the device will be present in container. (type: string)
# cgroup_permissions: "" # cgroup permissions that should be assigned to device. (type: string)

# executor.docker_inherit_user_ids (bool): If set, run docker containers
# using the same uid and gid as the user running the executor process.
docker_inherit_user_ids: false
# executor.docker_mount_mode (string): Sets the mount mode of volumes
# mounted to docker images. Useful if running on SELinux
# https://www.projectatomic.io/blog/2015/06/using-volumes-with-docker-can-cause-problems-with-selinux/
docker_mount_mode: ""
# executor.docker_net_host (bool): Sets --net=host on the docker command.
# Intended for local development only.
docker_net_host: false
# executor.docker_sibling_containers (bool): If set, mount the configured
# Docker socket to containers spawned for each action, to enable
# Docker-out-of-Docker (DooD). Takes effect only if docker_socket is also
# set. Should not be set by executors that can run untrusted code.
docker_sibling_containers: false
# executor.docker_socket (string): If set, run execution commands in
# docker using the provided socket.
docker_socket: ""
# executor.docker_volumes ([]string): Additional --volume arguments to be
# passed to docker or podman.
docker_volumes: []
# executor.enable_bare_runner (bool): Enables running execution commands
# directly on the host without isolation.
enable_bare_runner: false
# executor.enable_firecracker (bool): Enables running execution commands
# inside of firecracker VMs
enable_firecracker: false
# executor.enable_podman (bool): Enables running execution commands inside
# podman container.
enable_podman: false
# executor.enable_sandbox (bool): Enables running execution commands
# inside of sandbox-exec.
enable_sandbox: false
# executor.enable_vfs (bool): Whether FUSE based filesystem is enabled.
enable_vfs: false
# executor.exclusive_task_scheduling (bool): If true, only one task will
# be scheduled at a time. Default is false
exclusive_task_scheduling: false
# executor.extra_env_vars ([]string): Additional environment variables to
# pass to remotely executed actions. i.e. MY_ENV_VAR=foo
extra_env_vars: []
# executor.firecracker_mount_workspace_file (bool): Enables mounting
# workspace filesystem to improve performance of copying action outputs.
firecracker_mount_workspace_file: false
# executor.host_root_directory (string): Path on the host where the
# executor container root directory is mounted.
host_root_directory: ""
# executor.local_cache_directory (string): A local on-disk cache
# directory. Must be on the same device (disk partition, Docker volume,
# etc.) as the configured root_directory, since files are hard-linked to
# this cache for performance reasons. Otherwise, 'Invalid cross-device
# link' errors may result.
local_cache_directory: /tmp/buildbuddy/filecache
# executor.local_cache_size_bytes (int64): The maximum size, in bytes, to
# use for the local on-disk cache
local_cache_size_bytes: 1000000000
# executor.memory_bytes (int64): Optional maximum memory to allocate to
# execution tasks (approximate). Cannot set both this option and the
# SYS_MEMORY_BYTES env var.
memory_bytes: 0
# executor.millicpu (int64): Optional maximum CPU milliseconds to allocate
# to execution tasks (approximate). Cannot set both this option and the
# SYS_MILLICPU env var.
millicpu: 0
podman:
# executor.podman.cpu_usage_path_template (string): Go template
# specifying a path pointing to a container's total CPU usage, in CPU
# nanoseconds. Templated with `ContainerID`.
cpu_usage_path_template: /sys/fs/cgroup/cpuacct/libpod_parent/libpod-{{.ContainerID}}/cpuacct.usage
# executor.podman.enable_stats (bool): Whether to enable cgroup-based
# podman stats.
enable_stats: false
image_streaming:
# executor.podman.image_streaming.enabled (bool): Whether
# container image streaming is enabled by default
enabled: false
# executor.podman.image_streaming.registry_grpc_target (string):
# gRPC endpoint of BuildBuddy registry
registry_grpc_target: ""
# executor.podman.image_streaming.registry_http_target (string):
# HTTP endpoint of the BuildBuddy registry
registry_http_target: ""
# executor.podman.memory_usage_path_template (string): Go template
# specifying a path pointing to a container's current memory usage, in
# bytes. Templated with `ContainerID`.
memory_usage_path_template: /sys/fs/cgroup/memory/libpod_parent/libpod-{{.ContainerID}}/memory.usage_in_bytes
# executor.pool (string): Executor pool name. Only one of this config
# option or the MY_POOL environment variable should be specified.
pool: ""
# executor.root_directory (string): The root directory to use for build
# files.
root_directory: /tmp/buildbuddy/remote_build
# executor.route_prefix (string): The prefix in the ip route to locate a
# device: either 'default' or the ip range of the subnet e.g.
# 172.24.0.0/18
route_prefix: default
runner_pool:
# executor.runner_pool.max_runner_count (int): Maximum number of
# recycled RBE runners that can be pooled at once. Defaults to a value
# derived from estimated CPU usage, max RAM, allocated CPU, and
# allocated memory.
max_runner_count: 0
# executor.runner_pool.max_runner_disk_size_bytes (int64): Maximum
# disk size for a recycled runner; runners exceeding this threshold
# are not recycled. Defaults to 16GB.
max_runner_disk_size_bytes: 16000000000
# executor.runner_pool.max_runner_memory_usage_bytes (int64): Maximum
# memory usage for a recycled runner; runners exceeding this threshold
# are not recycled. Defaults to 1/10 of total RAM allocated to the
# executor. (Only supported for Docker-based executors).
max_runner_memory_usage_bytes: 8000000000
# executor.shutdown_cleanup_duration (time.Duration): The minimum duration
# during the shutdown window to allocate for cleaning up containers. This
# is capped to the value of `max_shutdown_duration`.
shutdown_cleanup_duration: 15s
# executor.startup_warmup_max_wait_secs (int64): Maximum time to block
# startup while waiting for default image to be pulled. Default is no
# wait.
startup_warmup_max_wait_secs: 0
# executor.warmup_timeout_secs (int64): The default time (in seconds) to
# wait for an executor to warm up i.e. download the default docker image.
# Default is 120s
warmup_timeout_secs: 120
remote_execution:
# remote_execution.enable_remote_exec (bool): If true, enable remote-exec.
# ** Enterprise only **
enable_remote_exec: true
# remote_execution.redis_target (string): A Redis target for storing
# remote execution state. Falls back to app.default_redis_target if
# unspecified. Required for remote execution. To ease migration, the redis
# target from the cache config will be used if neither this value nor
# app.default_redis_target are specified.
redis_target: ""
sharded_redis:
# remote_execution.sharded_redis.password (string): Redis password
password: ""
# remote_execution.sharded_redis.shards ([]string): Ordered list of
# Redis shard addresses.
shards: []
# remote_execution.sharded_redis.username (string): Redis username
username: ""
# remote_execution.use_measured_task_sizes (bool): Whether to use measured
# usage stats to determine task sizes.
use_measured_task_sizes: false
ssl:
# ssl.upgrade_insecure (bool): True if http requests should be redirected
# to https
upgrade_insecure: false