From 9148a5d5e9f832d72e93951d13c0eabc33440fd6 Mon Sep 17 00:00:00 2001 From: Juan Escalada Date: Fri, 27 Mar 2026 13:08:23 +0900 Subject: [PATCH 01/23] docs: move repo docs to website, fix broken links --- {docs => website/docs}/Upgrading to v2.md | 8 ++--- .../docs/architecture}/Architecture.md | 18 +++++----- .../docs/architecture}/Processors.md | 34 +++++++++---------- 3 files changed, 30 insertions(+), 30 deletions(-) rename {docs => website/docs}/Upgrading to v2.md (97%) rename {docs => website/docs/architecture}/Architecture.md (94%) rename {docs => website/docs/architecture}/Processors.md (85%) diff --git a/docs/Upgrading to v2.md b/website/docs/Upgrading to v2.md similarity index 97% rename from docs/Upgrading to v2.md rename to website/docs/Upgrading to v2.md index 1443eae10..793565556 100644 --- a/docs/Upgrading to v2.md +++ b/website/docs/Upgrading to v2.md @@ -10,7 +10,7 @@ Two important breaking changes were made: ### Associate commits by email -Commits are no longer associated by Git's `user.name`. Now, they're associated by email (to match the handling of commits by GitHub, GitLab and other SCM providers), which allows Git Proxy to handle multiple SCM providers. [#973](github.com/finos/git-proxy/pull/973) +Commits are no longer associated by Git's `user.name`. Now, they're associated by email (to match the handling of commits by GitHub, GitLab and other SCM providers), which allows Git Proxy to handle multiple SCM providers. [#973](https://github.com/finos/git-proxy/pull/973) In practice, pushes that were working in v1 (made with an improperly configured git client) may be blocked in v2 due to the change in requirements. The user's GitProxy email must match the commit's email (Git's `user.email`). This is often already required by a firm's contribution policy or to pass a CLA (Contributor License Agreement) check on a project. @@ -30,7 +30,7 @@ If you encounter any errors not on this guide, feel free to [open a discussion]( ### Errors when pushing to a repo that was working in v1: -#### fatal: /info/refs not valid: is this git repository? +#### fatal: ``/info/refs not valid: is this git repository? `git push` returns: @@ -52,7 +52,7 @@ In v2, URLs are automatically formatted when adding a repo. **Repos added in v1 "url": "https://github.com/my-org/my-repo.git" ``` -#### Your push has been blocked ( is not allowed to push on repo ) +#### Your push has been blocked (`` is not allowed to push on repo ``) `git push` returns: @@ -93,7 +93,7 @@ Changing the email address associated with commits can be accomplished via a num - `checkEmptyBranch` simply checks whether the branch has had any new commits (if not, the push will be rejected) - Added a settings page for configuring the JWT token to authenticate UI requests to API when `apiAuthentication` is enabled in [#1096](https://github.com/finos/git-proxy/pull/1096) - Previously, requests from the UI were bypassing the JWT check if the user was logged in, and failing otherwise when `apiAuthentication` was set - - For more details on setting JWT, check the [architecture documentation](./Architecture.md#setting-up-jwt-authentication): + - For more details on setting JWT, check the [architecture documentation](./architecture/Architecture.md#setting-up-jwt-authentication): - Added the ability to create new users via the GitProxy CLI in [#981](https://github.com/finos/git-proxy/pull/981) - Added `/healthcheck` endpoint for AWS Load Balancer support [#1197](https://github.com/finos/git-proxy/pull/1197) - Improved login page flexibility, error handling and visibility of available auth methods in [#1227](https://github.com/finos/git-proxy/pull/1227) diff --git a/docs/Architecture.md b/website/docs/architecture/Architecture.md similarity index 94% rename from docs/Architecture.md rename to website/docs/architecture/Architecture.md index 7f49ebe62..d1c80ee91 100644 --- a/docs/Architecture.md +++ b/website/docs/architecture/Architecture.md @@ -2,7 +2,7 @@ This guide explains GitProxy's various components, and how they communicate with each other when performing a `git push`. -As mentioned in [the README](/README.md), GitProxy is an application that intercepts pushes and applies rules/policies to ensure they're compliant. Although a number of policies are available by default, these can be extended by using plugins. +As mentioned in [the README](https://github.com/finos/git-proxy/blob/main/README.md), GitProxy is an application that intercepts pushes and applies rules/policies to ensure they're compliant. Although a number of policies are available by default, these can be extended by using plugins. ## Overview @@ -24,11 +24,11 @@ These are all the core components in the project, along with some basic user int -![GitProxy Architecture Diagram](./img/GitProxy_Architecture.png) +![GitProxy Architecture Diagram](../../static/img/GitProxy_Architecture.png) ### Pushing to GitProxy @@ -175,7 +175,7 @@ For example: logging in with myusername@mymail.com will create a new user with u New methods can be added by: 1. Extending `/src/service/passport` with the relevant [passport.js strategy](https://www.passportjs.org/packages/). - - The strategy file must have a `configure` method and a `type` string to match with the config method. See the pre-existing methods in [`/src/service/passport`](/src/service/passport) for more details. + - The strategy file must have a `configure` method and a `type` string to match with the config method. See the pre-existing methods in [`/src/service/passport`](https://github.com/finos/git-proxy/blob/main/src/service/passport) for more details. 2. Creating a `proxy.config.json` entry with the required configuration parameters 3. Importing the new strategy and adding it to the `authStrategies` array in `/src/service/passport/index.ts` @@ -310,13 +310,13 @@ Has a list of `questions`, each of which can be configured with a `label` and a Given the previous configuration, the attestation prompt would look like this: -![Attestation Prompt](./img/attestation_example.png) +![Attestation Prompt](../../static/img/attestation_example.png) #### `domains` Allows setting custom URLs for GitProxy interfaces in case these cannot be determined. -This parameter is used in [`/src/service/urls.ts`](/src/service/urls.ts) to override URLs for the proxy (default: http://localhost:8000) and service (default: http://localhost:8080). +This parameter is used in [`/src/service/urls.ts`](https://github.com/finos/git-proxy/blob/main/src/service/urls.ts) to override URLs for the proxy (default: http://localhost:8000) and service (default: http://localhost:8080). Sample configuration: @@ -356,7 +356,7 @@ Currently unused. Sets the contact email for the Open Source Program Office (or equivalent organisational contact) in the attestation form: -![Attestation Form](./img/attestation_example.png) +![Attestation Form](../../static/img/attestation_example.png) #### `csrfProtection` @@ -416,7 +416,7 @@ List of database sources. The first source with `enabled` set to `true` will be Each entry has its own unique configuration parameters. -Extending GitProxy to support other databases requires adding the relevant handlers and setup to the [`/src/db`](/src/db/) directory. Feel free to [open an issue](https://github.com/finos/git-proxy/issues) requesting support for any specific databases - or [open a PR](https://github.com/finos/git-proxy/pulls) with the desired changes! +Extending GitProxy to support other databases requires adding the relevant handlers and setup to the [`/src/db`](https://github.com/finos/git-proxy/blob/main/src/db/) directory. Feel free to [open an issue](https://github.com/finos/git-proxy/issues) requesting support for any specific databases - or [open a PR](https://github.com/finos/git-proxy/pulls) with the desired changes! #### `authentication` @@ -432,7 +432,7 @@ Allows defining ways to authenticate to the API. This is useful for securing cus If `apiAuthentication` is left empty, API endpoints will be publicly accesible. -Currently, only JWT auth is supported. This is implemented via the [`jwtAuthHandler` middleware](/src/service/passport/jwtAuthHandler.ts). Aside of validating incoming access tokens, it can also assign roles based on the token payload. +Currently, only JWT auth is supported. This is implemented via the [`jwtAuthHandler` middleware](https://github.com/finos/git-proxy/blob/main/src/service/passport/jwtAuthHandler.ts). Aside of validating incoming access tokens, it can also assign roles based on the token payload. ##### Setting up JWT Authentication diff --git a/docs/Processors.md b/website/docs/architecture/Processors.md similarity index 85% rename from docs/Processors.md rename to website/docs/architecture/Processors.md index de5bcb696..8f4edc590 100644 --- a/docs/Processors.md +++ b/website/docs/architecture/Processors.md @@ -14,7 +14,7 @@ This action also handles fallbacks for v1 legacy proxy URLs. Checks if the URL of the repo being pushed to is present in the GitProxy repo database. If no repo URL in the database matches, the push is blocked. -Source: [/src/proxy/processors/push-action/checkRepoInAuthorisedList.ts](/src/proxy/processors/push-action/checkRepoInAuthorisedList.ts) +Source: [/src/proxy/processors/push-action/checkRepoInAuthorisedList.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/checkRepoInAuthorisedList.ts) ## `parsePush` @@ -22,13 +22,13 @@ Parses the push request data which comes from the Git client as a buffer that co Also handles extraction of push contents, such as the details of the individual commits contained in the push and the details of `committer` (the user attempting to push the commits through the proxy). -Source: [/src/proxy/processors/push-action/parsePush.ts](/src/proxy/processors/push-action/parsePush.ts) +Source: [/src/proxy/processors/push-action/parsePush.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/parsePush.ts) ## `checkEmptyBranch` Checks if the push contains any commit data, or is just an empty branch push (pushing a new branch without any additional commits). Empty branch pushes are blocked because subsequent processors require commit data to work correctly. -Source: [/src/proxy/processors/push-action/checkEmptyBranch.ts](/src/proxy/processors/push-action/checkEmptyBranch.ts) +Source: [/src/proxy/processors/push-action/checkEmptyBranch.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/checkEmptyBranch.ts) ## `checkCommitMessages` @@ -66,7 +66,7 @@ If the arrays are empty, the checks will pass and chain execution will continue. Note that invalid regex patterns will throw an error during proxy startup. These must be fixed in order to initialize GitProxy. -Source: [/src/proxy/processors/push-action/checkCommitMessages.ts](/src/proxy/processors/push-action/checkCommitMessages.ts) +Source: [/src/proxy/processors/push-action/checkCommitMessages.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/checkCommitMessages.ts) ## `checkAuthorEmails` @@ -76,7 +76,7 @@ If neither of these are configured (set to empty strings), then the checks will Note that invalid regex patterns will throw an error during proxy startup. These must be fixed in order to initialize GitProxy. -Source: [/src/proxy/processors/push-action/checkAuthorEmails.ts](/src/proxy/processors/push-action/checkAuthorEmails.ts) +Source: [/src/proxy/processors/push-action/checkAuthorEmails.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/checkAuthorEmails.ts) #### `checkUserPushPermission` @@ -90,7 +90,7 @@ This step will fail on various scenarios such as: Note: The _pusher_ can potentially be a different user from the _commit author(s)_. In order to filter the commit authors, you must use the `commitConfig.author` config entry. See [`checkAuthorEmails`](#checkauthoremails) for more details. -Source: [/src/proxy/processors/push-action/checkUserPushPermission.ts](/src/proxy/processors/push-action/checkUserPushPermission.ts) +Source: [/src/proxy/processors/push-action/checkUserPushPermission.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/checkUserPushPermission.ts) ## `pullRemote` @@ -102,7 +102,7 @@ In the event that the clone fails, pullRemote will automatically delete the _.re If the clone succeeds then the chain will schedule deletion of the clone by [`clearBareClone`](#clearbareclone) after processing of the chain completes. This ensures that disk space used is recovered, subsequent pushes of the same SHA don't conflict and that user credentials cached in the `git clone` are removed. -Source: [/src/proxy/processors/push-action/pullRemote.ts](/src/proxy/processors/push-action/pullRemote.ts) +Source: [/src/proxy/processors/push-action/pullRemote.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/pullRemote.ts) ## `writePack` @@ -110,7 +110,7 @@ Executes `git receive-pack` with the incoming pack data from the request body in Note that `writePack` sets Git's `receive.unpackLimit` to `0`, which forces Git to always create pack files instead of unpacking objects individually. -Source: [/src/proxy/processors/push-action/writePack.ts](/src/proxy/processors/push-action/writePack.ts) +Source: [/src/proxy/processors/push-action/writePack.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/writePack.ts) ## `checkHiddenCommits` @@ -118,13 +118,13 @@ Detects "hidden" commits in a push, which is possible if the pack file in the pu It calls `git verify-pack` on each of the new `.idx` files found in [`writePack`](#writepack). If any unreferenced commits are present, the push is blocked. -Source: [/src/proxy/processors/push-action/checkHiddenCommits.ts](/src/proxy/processors/push-action/checkHiddenCommits.ts) +Source: [/src/proxy/processors/push-action/checkHiddenCommits.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/checkHiddenCommits.ts) ## `checkIfWaitingAuth` Checks if the action has been authorised (approved by a reviewer). If so, allows the push to continue to the remote. It simply continues chain execution if the push hasn't been approved. -Source: [/src/proxy/processors/push-action/checkIfWaitingAuth.ts](/src/proxy/processors/push-action/checkIfWaitingAuth.ts) +Source: [/src/proxy/processors/push-action/checkIfWaitingAuth.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/checkIfWaitingAuth.ts) ## `preReceive` @@ -142,7 +142,7 @@ This processor will block the push depending on the exit status of the pre-recei For detailed setup instructions and examples, see the [Pre-Receive Hook configuration guide](https://git-proxy.finos.org/docs/configuration/pre-receive/). -Source: [/src/proxy/processors/push-action/preReceive.ts](/src/proxy/processors/push-action/preReceive.ts) +Source: [/src/proxy/processors/push-action/preReceive.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/preReceive.ts) ## `getDiff` @@ -150,7 +150,7 @@ Executes `git diff` to obtain the diff for the given revision range. If there ar The data extracted in this step is later used in [`scanDiff`](#scandiff). -Source: [/src/proxy/processors/push-action/getDiff.ts](/src/proxy/processors/push-action/getDiff.ts) +Source: [/src/proxy/processors/push-action/getDiff.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/getDiff.ts) ## `gitleaks` @@ -165,7 +165,7 @@ The following parameters can be configured: This processor runs the Gitleaks check starting from the root commit to the `commitFrom` value present in the push. If the Gitleaks check fails (nonzero exit code), or otherwise cannot spawn, the push will be blocked. -Source: [/src/proxy/processors/push-action/gitleaks.ts](/src/proxy/processors/push-action/gitleaks.ts) +Source: [/src/proxy/processors/push-action/gitleaks.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/gitleaks.ts) ## `scanDiff` @@ -203,7 +203,7 @@ This will scan every file changed and try to match the configured literals, patt Note that invalid regex patterns will throw an error during proxy startup. These must be fixed in order to initialize GitProxy. -Source: [/src/proxy/processors/push-action/scanDiff.ts](/src/proxy/processors/push-action/scanDiff.ts) +Source: [/src/proxy/processors/push-action/scanDiff.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/scanDiff.ts) ## `blockForAuth` @@ -211,9 +211,9 @@ This action appends a message to be displayed after all the processors have fini Note that this message will show again even if the push had been previously rejected by a reviewer or cancelled and resubmitted by the committer. After a manual rejection, pushing again creates a new `action` object so that the push can be re-reviewed and approved. -![blockForAuth output](./img/blockForAuth_output.png) +![blockForAuth output](../../static/img/blockForAuth_output.png) -Source: [/src/proxy/processors/push-action/blockForAuth.ts](/src/proxy/processors/push-action/blockForAuth.ts) +Source: [/src/proxy/processors/push-action/blockForAuth.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/blockForAuth.ts) ## `audit` @@ -284,4 +284,4 @@ Recursively removes the contents of the (modified) repository clone stored in `. `clearBareClone` runs only if `pullRemote` was successful. -Source: [/src/proxy/processors/post-processor/clearBareClone.ts](/src/proxy/processors/post-processor/clearBareClone.ts) +Source: [/src/proxy/processors/post-processor/clearBareClone.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/post-processor/clearBareClone.ts) From 3b549978b776b6331cdbe298192ffc4bc185f780 Mon Sep 17 00:00:00 2001 From: Juan Escalada Date: Fri, 27 Mar 2026 13:11:42 +0900 Subject: [PATCH 02/23] docs: move docs images into website, fix logo.png links --- README.md | 2 +- docs/img/logo.png | Bin 20505 -> 0 bytes experimental/license-inventory/README.md | 2 +- {docs => website/static}/Releases.md | 0 .../static}/img/GitProxy_Architecture.drawio | 0 .../static}/img/GitProxy_Architecture.png | Bin .../static}/img/attestation_example.png | Bin .../static}/img/blockForAuth_output.png | Bin {docs => website/static}/img/demo.png | Bin 9 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 docs/img/logo.png rename {docs => website/static}/Releases.md (100%) rename {docs => website/static}/img/GitProxy_Architecture.drawio (100%) rename {docs => website/static}/img/GitProxy_Architecture.png (100%) rename {docs => website/static}/img/attestation_example.png (100%) rename {docs => website/static}/img/blockForAuth_output.png (100%) rename {docs => website/static}/img/demo.png (100%) diff --git a/README.md b/README.md index dfd10b6c2..7bc2064c9 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@
- Logo + Logo
diff --git a/docs/img/logo.png b/docs/img/logo.png deleted file mode 100644 index d340cde5e0ee34df4f56f0532dc4d32a0dc86160..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20505 zcmdp6V{>I)w>`0)j@5BGwr$(&*fvkPW81cqj*SjaY}>ZeNp7Bh@P59vs#fg}d#~Cx z=UfwGjBq6dNhEkYcmM!^BrPST0sw%Ke?3>hLVxYEb~6_M0DQfbsHl>(s3?h&vxB*n ztr-B|nU$Ohqok^h4ZQL>`JPW9CL~jq4?7D-LUBJ`{5vm*oIHOZ4Ha`Bgsx^=M+vR3 zzMv8uzD6d#$+)kX`mtLW3(QQPE-Yg76Zrl7QtnhvhlKW`0?PhVngXX+g?2-Qt$KPbo#vg(MS3{TOv5sVhUReIB(WsF8RUFc00*UTr3G`Xs z2PxV%68~KVY)ccwr~v>V%s+E?t>EOyAmX3A%!=d^I9|{O+}sFWuw-6=P`hNpo_qqV z?~G260g>r7QJ@{zB)+y3xW2bY(*#?EkIy#3PhIEw16A(vcwuyz--T%MqL1goi+`0U zBIn3ROSJ|vuXBy^`MB&O+E{w_X%3zKi6*-=ko_&;62%Yh>-0)HBI|)K^~yV9^FhN;BNzmJzXppEK@Ivnf(kVo zi1?j#1kV|m7Ke=q2o|1ELQjH*BVi^Fh0kA5!c{|77xu~1Ikq^4bVY6lcN0d*x3>g% zBlv|VGr^VoeXZl>!#Dp+$AuXatojqI6P5uOx%1#ip$9?yD|5%?n*Euf3TW8ZPYqQ0 zI$44m9~0vsG(wD`kVQ#l-dT;N0$lyKwNO(&k5Y>={5;7i23}-I-ialCBMc7?Vd!B2 zc7AH%Qhwz$%*@0w!tvU%{XOa{en`|zzm~~5v#lJd1W-GQrccf2(IkTjo7sc8D-A`9 zE+xdwNdHgYGPy0KJB>S`J5@8957t`nMIZ8>BNt&7`y>W-_};d&6GiJqt7t20t8S~o zx@0H(Ch8RsWq@jL@R`&Xsv9`~F92aHl$fFnV;uG}ND4eQPH|aiS<;eho#Y-}A{`F~dElPb|?XV(DO`}4sfgYPR||yhys9^d(+J%6Zm% z7Hn2~R&pU9wLYUh);WGwc2EUZje|W=M}lAOq6pc_%9`71(1w1dVv(n~ zI4|Gwkd1>rvpLW`$vyVbE93)l5%D9ci51U$J%hP`Uv*6~vsS-iqs&k9tpQn|N{C9< zB2gi7QdPgPCizltW3au$mGKmLvS{)?4V10Tb9X#0>0OtTY|yx=($(d?^bqoZbpQLF z;&ts|>I?;M8qpV#1*sV)ivx$L2*(>Y0NPGtN4YM3-7;3W zbf%2CpKG#pq;=-G9BwAaD&c4SV9|!@$ow?hdgFBC=6yVFUz8Ok+nV{}PY&ZrCPgMg zlTG8zscG{%T&O7TAq<52;FdwsNW4hi6fM~jvy=mcu}qD+KKQts_bWljw~WB)vW&PC9W3U05>PM_;$8d z#MX@VlD137uBjrH!nCur)D0&4ZhP8wg?2w@52q8wo;tS^lV;3U)uKcwtU~y%Bw9yM+!gYE?zy| zz6do98)f5w0%R1pErJj7zjPu5Gw5)nEAg3Rxf09;SmN(2*u0$9_7CgW zGmkUDGla}ZX;92=%*4iiCY%ETF%4mf!%f4LgQWvYL$Tz~R7q6S=oVBAvYjbKndCCo z@yUF~*&W1OJ{08rK>~@f@`CktHbt6ti-A4HbmKrq}2_4f{p(0286H_nXOz%tY zV3n*VZ9q1SHls4-JluAfbyf&tAJpDOKtRG`&|aqalaeHb8M%&ar_V-?lzf>gT(72W z!|=^2re=(Oe+$%c*LhoUC%_P6=xZB3gnpB7_M-7(bN2=hj^M8oVKAz{YGA3>T2beN zYqOGbFnxP}a6v1lfmwU3kK1^={bRSHO1%eb}BnZR>Pam{Zqje?-EbVM)#vGP3^sPy1usfN~+tsn`S`WXZ~&Ip9kDCUd~qAsy?o}Ji^@%NaiwwE?NF5IzsTUvr3Xg|je11K$Eu}4~oey44ti2f<{_Bp( zO%q(WT-q>f{yYP_0UPW){*7&|Z)0}K6>wR^HVXJP?AiI|(5MaW0RwKUhA_kQy-aOc4=-ZkyTe7}1j8<;xjQO7f> z_t@!s8}XKmp_#6!Thpdz(|zgNb)tD>n8~Bhlj+d9Y1wt+-cW6$uymrk*)qBD*yDGC z{5ILtf#%V1Ik@5DD0tAl3w9;^*?%7DKy<*5=ht})cPM?L`cV39>ON=TpZSY!;a_p5 zinX4%*SoZ%Sf5t@TL0AdkK&eRs26eZ+@FSaJ))nWz}~=2#-pxtKMF5)9x73XDaSf9zB>c;xlLhA_+qy`hw#9;E%>d95=P*N>Slg5QGrG}a;)XwJU>NE4{VvmCmw=%}B~9Cpa;7OnF{_>~$P?JtdXDe_ZT zZ)(^_d}xZbOIbmw0g{Wv3QPN-TFB^r+i%aEU^#Jyx+tR7C?9mOogiezB4j1y6_3SM zP}TT%T`BY*AZ>Q73mq31)xD(iT37q!x}u8k=zWnA45%DO5T&<3IdQVboN3rsf5~cB z-CD|)VsxW<9Gz_s@IB2>YpVvfMfz07FhcTTx^t&Fa0K^QR-tyhs9(`2k`K zi8_0-1Cv%u57Eui+X8`MNn?)DV5kdy8@O-qqTzXpj&mW<$arV2Q)1O-n#U$B%il0I z1gXYNqa~Y_7#yND#z;PK?#|7B@%2TKzIk#<2&9A$K!Vc>ij0yRE-57G;FkV7pS!4< zQIl*9(faQN{OT$;lx6~tBnTC5e=ai+Uf@i2ODs1cQ$;Oy)VWZ(oSh5;zQ@%M%%e5; z#eGfXnz}rv*qrq|{glEB>otP7(P0;AO+8any>e(K9{n5M01#(O>I$N@;(7sek5Ii8tIvb|X|Lli!u(j;bQf$q8<1eMZ8rZ>)= zO|_-{=+s^Ra^qckrd78rv!ClmvKhsjaz@#T!PxE7;qz8alNf3pa=x6GPBn%fG7FKd zTm5WzFwG#TXxJCix`94y#0Zx}8MDTR!%@sKlhiBFIV#JDonrr+@L<7B8VHfV@aLp9 zNjnXH(*9j--4G-1{w(5P%7Zrpz9SNZJ(n~(J5BE>?p>DhnB?Hk5B>ILgLdN=puMDmdHSX~?rIVjZ2AY=1lb4} zh)Jm9eI8VJV+e4Fvpq)t=>OkFCOMxv7J1(qfO@- zqee6I6w>f)d`PrO0rb>am(3Mo=giN2|HTA7#k2y7DL9ncciH^q5d<|>7I_2FSCWj5 za|(h(q|L^Ho5}h2aJ-$;=WF3*LtvJ?cW0_`O}dby_Agf7hFW*wW=;xET|He~f4>dm z{nS6a*AnC!Ak}NL{kE$se*VmVa*;B5T%(n9E0tQq`r+ZSVe}`gVO!^h^IM0DoNB>s zX^bgCzeIC3i@RQKYSg`K`Q@*BeLrtPExyo#kKu(AChL89kDgk!Vf`Le=wGRi^dH`K zn}Zyfid5TB>}5LrS3~TlEOhIfOmq4dDHiQ|qRw}7$`6ZV6QCD)BMFc23#@)l#0%t= z-)Ly$N~=xug@f{Fo*W0y>G#gRQx(DJM1*SkmNC6CqEq8jOpRUU!z{p zzi$BdVWV(d_B|k#to@HJuC6|9`q!Ld(n92|Kn}Dm{P#jfR%7-x_$4-QREG7SwK$;@ zak{N4`}riqKvW?453)}gq!V1UH)n6#!Jj?1ai7`UKKxy8M^m++i2+D3Bc3D|2Is?* z>M5$B#upicSRIo-1nJ{D`uuBb-*ufi5TAR?75MpooywpSm9u zB9;r4pG%_^a;oU-kTM~FlS{&_S}3FSeHI^JhC-r*se`KNLmt!=&)bvBvqLcidAF%5 zt0!U#uFh4ABJ^VG13uWcDxR#kJJ~|zOAyu` zhNq72AJn{Qc}7_N7TOs=nF98~;sRAygnp!r6p^?8TqZvc0D56d)12V6{oL8Q);^zE z@Ud*=-U2uSpG?Qpl$&Cckz$*qhx8KVPR3E)%sMfW17r1q7349#&~{oYwcRHI_?A=con7kK=2gSY!d zP^n(trZ+tBKJs<@2Z2%;B+^D=G-9VKy(8}Ngu}@xVrJw@?a6xJixfRB4LSx+uOt3I z6;n)+WGN0c<$Ld*G|69taafv7@%#VV}Sf5;}z>Fvm{kYse5G?6Y zA?7b!1u<$4Dj z;L3YHTQl;&MWUWnDw!A>n6R4=-5aJ729Ps8$cSIOoK1+l{a!6A;4|0W6yUL_(qs6k zP_hgpSMtWnNLa}$qL!q8U(j(k)@$jL3Yc|LIoBtHkr;RfPN9`w7)JM9W=I@p+l(Ew zbe?h=yj+MB??izm7>80!SQ6VxuxACvXHej?iw#+25|(N8US^DC3;7KF`sM5LcAr!K zgW_bKUnK00M=oNL->@KCSk{AWv0TTWy_r?^j11KHof~a?J z=pFp~1J;Z)`7>D4<9*^&Mvf+g$Wr#0HK3vuWPJHi-+`uu-Xc=qZOzkUI`CK5qD}8e zgv$sW1G1!=&AhoR$IX8H$;t%;uZFY&!c;UGd~N!_7~>XOAyl<C$XCybR|(`k0ICTS8Hg;j^UkfI^w9LKrB;oJW3w81Uau2al_tq>G-W<4f;1bd^jRZTZtd1;2i7=nN50F6f zX!5(ey2B32_``0C3q5x1++=6qe5_@Tqmo+m)gcW6iY3XFNL^hb`0#{5;7UKBsUHB; z6CR1ST(E7@bz;r45a@)8LHiacR9_4P?vu5ro@G>fV#cA0|cCs3^MH>w; zD^goYW%>@a7{qliKrte4_BV9D96^)KK)H&n;19DEnT|2&z5SsR>__tDqe5xE#(SIn z3Xp_%nAgEiv9H>JVx-nj6jfFCN6Xa`wE!!hlsF;cgO^2RC4oVo0S@*KVcak^Dcw== z?S@yw&bKg_%)5?;-k{~t^62khb=i)_&QBT?AIFVvKlsWY1MpF0L--Sorq&1S987;F8bh8E@ zpo*2Z%~tQq)wu@6c1p!_#-KMyJ^z}CfhGW1Cf;$7f|ePlRs20n|M%A z4`aC<=$ilBo(;kU?gmO;Ynr#DhOUvZyV}Lq=F@4#+0i=&CcO7IpS>(|Jt=b143pkn zk~&C}yt8H9d_xJ|T^{p)ouhV-9TGKGB>~w^udi~W6gK$Q545e87az986H|M`@QN>- zY1N27y|45~c)CxGs~XHQr~u)n+r2Sr=WZ(30*xi73RzS`1gLQ2Balkekk6`uTHZ1o zeeXe?zCT2Py#fb6iEfopGVe@)J#BleQ$ZF#2sH=5K>Q7bDhw<2k+;Y6XRj=d?V;#a zD_3%R#=P>TBlPJ1{31^M6XW5StanGv)k0)B@Rg>$oG1z?Mcnaky(#m)0}Hmq=_OwU zA8KI%CI|r_$&tv5`X!-b2RgB#U(VySYX~eeBpOuW5JlM_U*>tSt=UMzQ!AJ9?ML!G z#REKeNKy7k!os(>pH zZ7!zsv8ZIYb}P$27tzuFuZO!_ORKL9fwteLezn7gJUCRdt8;T7DFa+-jU4W&x@G>2 z4ie`@NX0^qR7jCq!XCy(@RZ zVQdR8Ci+`=c=2l8D!rhj_l)Lf#a!f3l~?^R#@0W85NVxrJBH4e6$2G&CqU`@P_gGW zjgVPOk6KeTg5#0pJB;>gd+mqC9AN~<)3r=RBUdeuQQ38S`W=i@=v^K&wsl1MLOXfk0Q%$L_4cm5u74P)O-A^{d8Vp%7{q419aabU7Y4h zQ`UYgjD@4t=yf~h=QS@rdU;Jr2|b++v7WcpCR={isVT+w#^|PIubfPj7kBiZ)k?&e zlur6y?j7okeyEFR5#Y$%m+GkCGOXbA(*=i-%`7wiKK{JT=9J&Pr~e2w?Mvy*I4xjm zu!6%Cag=&E^~Vf5dPIn6R=ri0~l)dG-Lzx%TB=0T88mk?lsW-q$0ErH2nCdXgrRmAM* zD^&WasG}@@T*Zxs>E4QqNB7Qr8ha}x&k(!$$=j^yjP{o|Yo>0v*fMhQIA_}Habez4 ziGlHz25Xqn>7KBYccBoTdcwNvoSST&dn}%V#+slt6EplXyNq3At_-_3wj^X*!!|!G zt0bFAw&ts%+RIY0ZuTNsljXLhQ1!+o_hQ@y#RSeWt(!|r0tD^ol}|?kJ=t^KFKctW~wm5&bL&@ zM&ctG?`Ewh{py-c2Y^ukC?Ruqrb%)1^_TyT2dlvY0Q{Yb@lC)7FE5 z+)@cmJc_W0jd6mrpxQ|eS4bHd4swgWCY{^w;iti#3~TI~-wDY4c5u98gwSPI_8GvY z_MwG{!WxSefcml((qIjy_+(79Sk5jd9$pIeKDp!^9O0Cpuovn_LLM3;poOBwUxI=9_WQ&DP0VsPTuPI&a-f}IR*>Croi84qwW-Qy5N zk~1n%UTC35Mrp=`-{gXOj7nB;#dm-3E1@lPrFmH;j-YEMz@$I>>9Yxt-bLnY5Kom#Mbryqc zOx#SPsgAc-$k`O-4mJq&=vgu-;TL#NOWPlc3?bMsm@GHKIVE90^ziTpKaq`0 zZ}_#hzg;L2#pCH)q3-v5?mLzhcU)*C?fuYyvJ&0h_=gn5ZNeZD;1uZ^s1><|8{sa- zv-mqZN`*n{zc_rD651^hDypxJrd2b;^I<7j*m?c%&>NL~jGa067m+(lWqVh-?_QPu z2E-cZ>O49SW%F@=6CT#QkS^G>%de|^$V<8Ti%)b=TEJdnHC#~Ob}6x+Dr7Ycbidm{ z2Qpu+s_LHTaj@SyCFIH9Ly0KZNirLaD~6?T<#_M>IYe=S5Pq74Q+4!hL(G=T8)zL zI$Lnh!5fKkS;=A=EO^UaQ7OZ-l39&GQl<~Ifln|O8?gn$fr5zg&v;y5ojN8nQ>b>_ z>J1RGigHCTwam0cKEcm{Uy8dIH1<(6eNXxdU26WEXSqA^;VGpA@h5$ES&o_M7?ZfX z_b^&kNq=5vr0{|>Z3FU#baIl>zw*Kj8bD>CI|j5$fP~+;ec0Sx))(G+lG=nv#q&O| zK0k0}U?CREB77VSc0kRFH;h;Az*D5`24*jmibvZu$9?pXyO zyL#3@qtW%~^qI4>!?$%OZx0LGmYv>w?ffubV+6=FCQH=QK%uw{&@;@4Eq%e@IK7s* zY=t?LGl!<5O5k4rvC^|SI}+d+N=e86UsT%9nfXZim8wDUL8;XMughOM*$ZsfUx+>9 zlVA6N%8r)sH}ZcdeHX#H*KMdIoA-oNkzp-Q+*w67PoNKp(ixssznd1Nb#;J*O{s!U z#%=E18FUn7GRh{=?=U>a?7%Q^CFLOe(+(yM$#?PMh@`R7cEL!anP@7v<>=OUS zLb3US^%_wn?omCnU=eLK5iZ5FO;HI&o0}}+agC9%nJ&(0l1TT9?*J2kKg3gkX7Moi& zIqiHw!IrP?(Uy&<{^n;BxIeNYX#YcSub-Da4tyJCN*7}>`xUYb5q+})Q@VyZCrJ;;EL2hw>PsK6k@Ai8=^hl%1q6a2y8SwsG*5@C8OnD%*13hXpjo5vTZ{Css*;Q&^;~ zx~y1&LiE{Xr8jmH8ao3{12@gC#{u!oiWd!zsMabaE8$M|&E%g$jI;_2KUcsAtVEoN zqM9T^`KDRx`HB5tz;X8SR2C0`rjsU`U8b~l$VO~Tq?ehKXh^9tiRtuSUnMXLDrHnS zP~LN`oT3&%T$%#k@Wpty*&-`20gusYS6#2(%LjqU(&xKMR}UoJxh?D4!GxRhv;Vb`7@j-u7Jfnq0DFofcP{yZKej4jqyFWJo7+ zVENN%lxVEN)bf-btX#`Pd6IB3?a)_VCtE@makpbfC~rb3r^Y(5=rfz>cFeiY1uk7!kB*J;z0`sX^|W0pf|W$?l*p>ZyUiw-2fIpFO0^V-tNWJ*vI&`oU{C^Qs>kIAvo_Z2?EA(itOF6^Ddr*Au^`8Q|!mk zNqgogUwTe)PU!zNJ7<<`&=EiwxXl!p(4#I%gn!67$fjL<-j}=jgu)<*b8Cw{Z6Ym_ zC^e^3^@i;S?fcArw||9!tu5F8x_^yh*ApL7@Z$oF5BfmC|QHB9Fy6p!Xi5 z0B88y!_!n}3K`K{v})4SzA~AweZBw~rYMEMjsV!FC5bBK?@TrdZtC&{mHj`qoJ&Yp z1_Yg+q(W9{l^^Ih8!PUkCC6IB9lq9$tZ-5OFgP2v!p-Jb2QK|`Rux5q!8IyMx5iwD zC2v_@P7PoCyG)c5-|nU)E+s!IbYf{8Q=um|Z}E0d1}QV`OWA03b7=*bJNp8AV-hbZ zr6v~(6|ZP|n3EdSR-Bys`>KlYt!Zp`Z81Isu?~%&s&Q$?IXHR>8p$T%Gx*o3Z{F_ zOs5FIWBR{K8KlN=lTM7N8*^&fC1WtvTl|r0)S;i+m!KJACr465*HOBkHVM#!BGX7^ zqgao<)GcyD=#hiwSxFk1md{9-Jy079q!s$T%!KB<-@-2CwKu(zP@NU1oX&?|eB@O4 zISD4+kCBtze!;EzojBBaav?OuwGtfU{N2U;SOc7b3YUys>f*H^CdHNo!d;tT4)GyU zlY=49nVCDvqn{Ns=D?s+ySzAS7d(}!()``$lBBi4{WHcKkxlO#*?@Smpx=i z_Y95M;SVIbG=uw$gUpB5gA@bZI2{SNsO|gKf+}aDj&0R1YQZ41;)03sNaZVl*%0G4 zoAxYB)<8~3110Q;RsQ4Y%0Andxfb%gJsn%@FtXrD3H6F@e;o|1jQZ~j(5e0W*^-ej zS|6Q<6QY|)APQ?rJVv>M1vsO|lvtq{T#-oo)6cCCcD)6@WA1R7N6cGb`@ytU+27n} z$BfKeu6^bG94F6lmdVo$|BtJ{AGV5kTnh%6dH17vU=xP~{PG~ejezf&kT)n+Ox!k(9d^`{h9OfUCEn4XMA z#oe4-Ie3aU^_&hFZ3%YEO44N(9SnsB-3n|}oV+tbiq!#nlzGl3kEiKr30eV1B=%4o zMx|ij)k=Q}LKa4+0yx17KNB@mub~`Yr*DKPQuyldNee5!tGry4)m=5rva&6>zf5j4 z;nNZ==U`aqIL`x(NDg^vV-}dU*HRSf!RO@&M&%aG1FH#tkOtyKD~f@XAPsyR_B1_M z&G!?m?AM6u{(?mPln{M*Gq%!4rK!N?1dhzvri=s*_!!w#4<=GU)=(p{jT<=3|2VuQ zL~cjC$*=4Hf+&Otxx9d=gFO!t%tRoxmyEZwLc2!?$woQ1LS|UQ9)< zu%%RaoM*KJ*wCV&+0sG_BXXt(fT0LSDVR{K#LO1*xsx4YD~vA(lyKKt9Gq~AXxiWu z=Oyxdo(H~(M#P`CIDLvKPj{PkV=ZmqD@oLK8fWV85?ofAHu{RG4yamoxf4_4pvK&wZGABOcC&r{1uL@c5$s|UKlkYrLn+Pr#VcAYa`(q~Fd-_~a9Kj}+g6EU2Ae3|;D zFJBtmp@-XJ_s!(PJDH8b0#D^M96WQP44iI`z%9ppO+cXe@Pbg2p>gmkB}U!YpBT$$ zc=^9RlMOBsdy(#on$8d(qGeJlxF>r|g_IDS0fW#}(F6Z)5ykiJa@*usqw=CVQU0zD z{OfpAqkf=HTQ7zD1Pjp_kFNr*C))mXc0c4Jvb(n&5J!h&|{reF7e z7k~V(B9Z?O@09`3N9e|p%7M09N_4v8m+}%r$<`h2B@{)r{2R<>V=EmAoLP1O6qQ;d zlMHAgqFq6+NWU33XRCB%I)ciI7VWI7ZC2^rZIt31YH)qWb6f6kr*Hn+B_At)Y7xs4 zc|WHRPiy>XXim@|JoViXQ7BT|inm?f$^u00NX# zJeMa>T`}Yh+B|(Qm52wFPPOXL?pm>TIcDLIo#XXvl|N$ttlb%;kngtWUWMLJr~K;l<_XE0ERv2QB&TDa5FF$EJd$#d?ha~&N4OkIqAD%l&gft7kQrDah`Km2?XW8)Pu8@<+SuL{it79`+eG&iOj@RnI2OmGAwUs zZ%lw0Gm+r|#W7|e4UyMWm$!wvV2SMjC*AKnzTyqO1Pq&!cz{lHfP z;45`s2wnki1t%(V!~>vVao!7JTYRip{H+5)&`g8Qt^}}?5Vz0B`Z0>}E^i<2iEa9l z$}c_Kpefp~T3SWC(mkR1nd<*T5OJGSZ1D!0n9SZgF+x=7l|0ZBBJUWadvo$lV=&Y_ zbE%$U_|>1;DPYUzGRw*FK23pfbLOT*9Zw52^6(H#t(x$H7D#D@VXVtS6w&2J*G;`A zL-9nx1Rr~C_Ae8B(fyrdQ;K6g4BZa_;#+=En5p!`K3;AYhxuE8bUyZJevSNjp(uc8)F}58P{|geqG-%28{K_;9blyJQKr1~GffU8W7qLY2)O3V0o{jNcp#B? z=WM>;c~A%Rpk-9mKyneo3j~4(Ue&hnrJyn*(oi7TF%mL%+I#NM=d++(W`E-QSJ_Lf zO%_ZLS__ea=nl_UM@!iFxG5344}x@zos69X&Nzx0HAH1w}6#bD(LFkZ}+uwn)Re``{vIAXu>Y{@AF??q?-<8&6KA5c`+>hIgh zcS!#!D45^>ZB4-&bc^Wxw3nBQ`1T*z$5U-Jh3$5|Uq9MfSScxt;1#=y-d9$ngoCy6 z8aZq;IAu?u;=-5`vx4yr4=RuSw>i7fZu&*-EQ0ZuhzAldHx$?r@bTI|q%R2^67+r< zLfG~CdGQ>mCP;HO;0Fko1WfiE7Z0EQy#1tm#GSIyx=1ku`^T{|C&nua7G{`d$XJ|= zDV`^|rReZ@JSVZ{t`;!Avn4nr`=`3hDr9kmt8tUiB&(?qA+Ck*>zLnj1;%-!1yS-gftPL8kbjE}NAWw^QW()EN_g z4F?v74hsqwQRuk&{OLNy*X1U(`$w>+Wa~>J7GVDx@;(*s8*M2|yX(z|sAM4Hd|V%J z^GT9v4QP|=at3acDb~IttVOP(J+RlTkytcduZ4ml5tA8o7B^o)$w(yies zt>X|IBGXfTR=v3mLmy95C~~NA3CtN8N@E?$?)%UlO^s}VR1#^nM4_ul_G~{&-nC{t z&kjt&x43Pna3>Zx7?M>@>NLd@8Y5_jQ=b2`hhWQO@U{|F z)#j)hs@{rNrLqS+e4Z4GPc<&>d~+E9#abZMoz;lhxJ8z(MR2gspSU@Kp5hFnR0x}T ze&=2XZMZDe7w^>^`swP@VWsX#%?ZJ9Mdk9pyOO3@K$46r>{*jG5aL?oLW(%+sKp$| zM-PS~ZZ`C6yun8u7W_PdZd+!^orO#tTVT>c2Si17`6O{YGhO>!X7FwS`H=2J?Gg#i z6wd=&`w z8^!v&s!05(bi|fOn+n;=ll?XOhuO^}HeH|IzIyy`>dqkZ{DTR59>D<^dd2HQTLuMK zAbJWt!^Zb4w~Wo97Q0XP9$0$-e1_?~;e?2aHkfSY%QB6%;po#P_m~w;RsAdbAS@H} zPrHtQxW2+SEUOf-6bVAgl2SyhHWyw4+cT-OWe(j!;Txx%ov-aeP?{6}k@5%VHft+p_yeEwLLH z2>x(YNl~-=t4cxbSnFc3_OA-}VKstHzaKeh`AAgR$rrJpPic4ag6+&kW&}&iamiJ1 z)lI}9x@HSZr~W25^Z8_ota(b&5_U#wmK<1wh8bZl-O*&2>R4IQD>fJIAHLgL$P&>7 zw_q??7mFS+|Ln2G(b9LF08oqlH8_}m+za!cg7|z3rjIt~@b#?I;Kk(l_R5Y3D@bJz zEGmsFd9BOwS0V(LT)vV(tET>(ro$Nn2`ViVTh50Rnmlma7}k=Tuu`*3gi%Hog8g9V z0f-3n@I?G?&gHrJxPlm?3UoK*zYnm#t(|mKTo%UQ zz8M)U2ef!u1I6#TdAcj`nzoqhh9rP%snDxi47kgwMlK|HtC^Hr)ZqKq`%{bI45ZV~ z&5eG4tQyA;gu)pI13&r#5(QGim_*qE(|l!faf`)EC4uovaZ4Go(kl-ly~7y9mngCO z$!X_4a8Y5%e&CiLzCRs9ohm=@rcHNliJpRkU$VvZcZ=ixrEjx6vz@-@4|J9Wz>Msd z*(RpsN-(xqN)4#hW=tF|N7Z+W%np)eN3mE-_|==aB9=XJ&SbdXCyWMT8U>>6toNUyXaJ+o*8=HS z?4(n!w`{&r&?4FDP@V7Zx8Bdj*wgMj z<0rtTF^5IiFIH2*P`khX;`79HQo@zWY69aS6L;*Z&uHESvv29xg+We^)cX86KwRCQ zy@z*edKM_`OZkq*k;hR7)m5lLG(B%1nf<6n#8JL7t;XJQ-U?Y%+q262t25Wk$kfo_ z{t65SE?!w!lGEO=ySedRc@5?d0lmZF_|@Et>rf;+K;lxZWrG8B!E+AV$qowI|50hg zvjw|_`X2Xa$X$vRw+=4ioIen%hh)f={H91q5jexac}`d$0fb``onVMTm+$JCn}zO3 zyHb8{;AG@CWlhOA0X!76LTuO zM#sL`pK6&+Ytpsv(3pd}(9(FmrNhXm0A{6n>(pk~r_Fs8)e!u*G*@uC@E0(Amt=`n zigSrI`>LRTPcWLVLtj(`QJY{7Zgaad=~>tD@k)$_;3wfqUeajCo5!s(9u68+27cW- z3uego%a90bKx0y3!29s#&zZ?1O9ml152JRnHlek3WS?0CmLB%f47_uR9tb{qHLNcN zQ|ChB_AwiLww?keXW$b1j?np;PMWvPNS#s+soB zRee#!LL^k%zLw&2v^rM2*y7VjjwdAITW)V@2i}^~z8p5BA@3RFpyHj2WqIF~ZoZ4_ z9ZqGkzx7_o=MsXrJA*VNcCy^ELu`^@^;P_gvoQvEv+h-B(Du{q<`4{u>+{R;*_$%^DCKl(tfN8F4-0bW z>}GPtrT-Fy?_Z6u-u*p1{U*u{)@K@GW2?O+_u+)#=tY?o(OF>F8svQ$;f3>scAcH# z%^{wkZmlq4_D$KCM(2w{Pz0#D`SRG2x&OTKE++~E?U_QZqyjWD^W(>vS3^|%a8`In zvIJGjI!!rOd);l&FqVXA6y(bZUpKy!WDBO^O5+k0kL{3SrP^c{(!|2|{D^~;!a#Gm zo}QF5Y8o@AAYdg0pIwfF?jKSWTJRk(q5(%=|CXVed2PR#C^HD#5#hG?%O(QY_&Tc1 zOjZ;h*_+aQ2ZtJ0EsW!3{SJHRa_`q5>4TeJ-OON?B-R`h!0Ll8BHJArJC8WC6~?!R z?_R=InN_TtXI%nDLW74{>U+NcJ3g# zM|z180&#K^oruIoq~$H|0DFMZ0|us`dP;qsZH&BXN$oeU-b^fizQP+0gTmla=#QVF z35{ykLfWQzd<-0WJPjq33OSXV`z}F?h}d9oLIBh>b~OyByMfbfdx(6Lm6zl}@{G~DmqW|0aTl6}S2wS#wxTQRwjZB0o%1G9(=HE1Rm_VwoKoy=wjEc4S8ytKwc9GoNALHt6+Ls zAcqn|WPUmswdp({SJ&D#sao>s5Gj_NjFD9u*ycP@O(HLUg|8IlS0%2bbHiB11$#zC zS>_cN2AwasQX4_D_b$#j)Ezmc?-qebO8Sp<869*QvMp?ag|8cbUPyXZF)&-sAl~q{ zlTg^H9@wr&lKqRboAv2Vp2=FJ&XTUdPGg(=<>5e-_&FTFvy0p>bhT)&Imf3@PUDTxk#}=%eDaAV!WC?0n&1I zZOaaWi$DatwB@Mjs_(1=EIAt;W8sj#M1<@{l^c}csf*O2vxGHcW`)zFR=OnrqSA>^ zZ&qj_ltGY^c9}AGEnb?yNMxCvSc0$cGg>kry3GUt(Q3UafBk^)gW`60Q6T{}<)L<) zFOHJP?SF^XCWhnO6H+_L2q3}vvo>;|Pi3h*u&dS`n(YY+c!l@&ds4a+$_QY{D_mp$ z+!|x)aI#adD^C7chh+Qr$<9@~j&BOQo&VF0=kUXLm7TIjR01X%+)ALMq)Dl4zCsn# z_x6!|d1U8_t;Km_BQW_lsY==BN<`ABBM1+87RBhOu$$tZ}R73|}Gg`RJhy$f&> z2DbHm1Fc^*?b+R^&kCF&HfF20VMZ zSl)gl{tY%Z?5e#@U_}3gt!*@xy<#9QWdy)d_$RnZEb-9jc1xZv#=BD>z{#?!SO1wt zfaDYmC@smP3EM^^5O)$lOpPJjT3jT~Gcjj2Zgz&6D=o=GaxSOM00a;pwX9i4EipQu zhNlDuOv_}6?JT(^ML~gHKKXRU7)~VJ6B`(Qgrd;(Y9Wp!0zk>Z4$n-j(h`rtN!|Q9 zf<-OgrXuV?5TM~>w zi@jsa==5!`(|ZUukuR{!`T@%<#my6E{E30AyMO)>{xDC1?yD#_Oh;c#uQKW6`u~W_ zWoUzNY81Vi^<2m;zNFMQt685%66~@rQuX+CUF#T*h2fUjOLh?48 z+5#xcWBWV950XbVE~gWj01GFP^v79kiaCJkMA}^8b&LE?xV`oor8e|D&>O6dQXX$l zc2^f5iCf0??=1}$MYQ_6Mwtds{~&53Skf3dt;8rFtUh_1BOb3Q{eN6^yU}{-LYuVZ z7soxQX8bqKPI-k*a3~9~rMysjPb<;Orz>30OVg!s^2L|ie0U{W+!!NNWJ`nV+M?sL zUr1at6$d*$sgn^;Xh%9(V)AdYrD_tf#0yX%H{hI;JxJF%^deZ~svk+YS6pJ&{b6SZR{Wg<^ zOF%;Q#u?r|7Wt7r&bFKdN_^k9_wPU8?6z^RDJgk+%lp8B=9~hanH}b|bW4B%k$SII z2TjemxpOZu8=@_x2H8FgT?l^}N?H;HoMMaI6H69{{8Aom7?}IekAtc=`9W_^Ab`pr z?4U=0O<$!nEOelOm=VBsgi$1R;NCVQP;He>H-RW_-+nW@Yj-5xr*clgi1mR$Y5JGD z--xUKMGls5FVhJl&iY3ucx>5x_>L3Dvsgql3mMTSlB=an7mi*=OsePB?NuE-GJX`t zj4Rr7cwxt&T6;+YKpve|MvmK|cA#}lg_dL$PwF_le2P)6ONU%oiCjx}G;KJg{*|m^fx<{6 zqqd`g&e|{wY|NtL>1U^VndAmW4fBGNF`kBV-!_`S1CFeu6Lhs`)Yo+h=~mm|_@ETh zx^VI;zb{|jd`V4?3LprL+kv-|UiB7;29)W`wvkGb~TXHNBn$rl} zui^VM>1jFj>37(ktN?El$jojd!*eh9DO7@CUy#o-2{zohMvA)`8uDS9)iBSr8TriI%rZ% z#R9{6Ysl2ppjSP8(o;tjAi)zm^QWJ?--)BG2{f1s0DY3(hi<1}BE_u<1VD7N|4YnL zJ>tQoQ5)F@$fH~7GCWa~8mQ#IGx?fvqKfct!~2JcJ7l&)5vRcoKvST${j-3d4jmJ| zfM{YVm;g{RHOI80XOC_7*)Yz(KtO_1Ixeni)nC_1BjV{HSvaM{mJccueYq~FznZa! zgC@JM|@l__R-T0ksP$t zKAG#wnF>f`^u?iwAF>o36HlyrLqBV_nn<_$SZT`F%W1bqC4ZJdDNc;iwXctf9)*DA z6j3v>fzhQstp_&H<9$v?If+ND z?QP^~qLVcY8)K7NC$@&B^fTFWkYTYJ9Ziji`5{ewGafJu&m$2Ul8QqTS`ocYAyJzF zMmOn=5rq9|0`oaS3YM>prsJgpE1_jw5f7TYu&1vZ{Ig7Z{*Io9CP0!jr9JC5JsXRY zW|Oe{Mn~x|O^Fy~+LHWl&c*@TwUcl6(|2+L#J;dlgk!mVU}w7A-;jVl{zQ$Da|Z7dXq)o%GU0I;1NBR2J)lH|ixAd!LcsGILItR)g%oYB@< zbgjU07#`ot)Sd#YaxBRK$@KZ88IXu+itfirv-jfI>qLN(FMxx9iP?eV#!qHrk^>Y2 zB4&ePu~~HVb`dl$AJ7W~U7z>Ib$A)4;npM@mI`615sq8Yo%mP5r=B8e`lg4jmO5_X z0rrxy?C5CNQSQVfZL5VTXJyHzw5!#?)=0R&OWYF2F4)i$Yd(rh{`4H|OPc{sZxA3j znymO+D3*H7C>a^-M01g4A(LDR((vE?9vZV`U-M~2JN z0i}|rvtp#hQ6HIq7F({001ugXA=ucsCLu+$OMNlOvf=9D^TRSI!Z0N}0xRNrP$212 z>FDUy_&LaoHl(Aqo6}LyI7xOWw2{XsJ3!LqwA;iZsOcgZC%r44Hp>#mA>WfNcau1Z zr1vc4Zwjn_@q@Z|yh{E-T?Avw43?3fV3{h?huv$v*{6pftYp~q;r11Q@g9hKzh0(gmk zZq~BO;a06{ZFs0#;~(RjM{R;O^v@jfOwo8XyEQTyZU#940X|t$Rc6}~{~I151mAUc z9m5A&zBDXu+V3k*Jc@P*_*myeZ}z;rqJTbqV^^91M&c&e##J6ca8aouBRtF@>( z$&<#3=~X00blL&Lq=P-?^5a$O&rghM^92RVnsv;Fm>*k==aS3n< za0ze;a0ze;a0ze;a0ze;a0ze;a0ze;a0ze;a0ze;a0ze;a0!$v3H(2ox0!%a5T)<{ O0000
- Logo + Logo
diff --git a/docs/Releases.md b/website/static/Releases.md similarity index 100% rename from docs/Releases.md rename to website/static/Releases.md diff --git a/docs/img/GitProxy_Architecture.drawio b/website/static/img/GitProxy_Architecture.drawio similarity index 100% rename from docs/img/GitProxy_Architecture.drawio rename to website/static/img/GitProxy_Architecture.drawio diff --git a/docs/img/GitProxy_Architecture.png b/website/static/img/GitProxy_Architecture.png similarity index 100% rename from docs/img/GitProxy_Architecture.png rename to website/static/img/GitProxy_Architecture.png diff --git a/docs/img/attestation_example.png b/website/static/img/attestation_example.png similarity index 100% rename from docs/img/attestation_example.png rename to website/static/img/attestation_example.png diff --git a/docs/img/blockForAuth_output.png b/website/static/img/blockForAuth_output.png similarity index 100% rename from docs/img/blockForAuth_output.png rename to website/static/img/blockForAuth_output.png diff --git a/docs/img/demo.png b/website/static/img/demo.png similarity index 100% rename from docs/img/demo.png rename to website/static/img/demo.png From ff4699bf9659499fe9ea6981bc1c3c29dbe1ddfc Mon Sep 17 00:00:00 2001 From: Juan Escalada Date: Fri, 27 Mar 2026 13:13:03 +0900 Subject: [PATCH 03/23] docs: add new doc links to sidebar, improve ordering --- website/sidebars.js | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/website/sidebars.js b/website/sidebars.js index df341fe77..947e5beee 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -36,6 +36,8 @@ module.exports = { 'quickstart/approve', ], }, + 'deployment', + 'Upgrading to v2', { type: 'category', label: 'Configuration', @@ -50,7 +52,20 @@ module.exports = { collapsed: false, items: ['configuration/overview', 'configuration/reference', 'configuration/pre-receive'], }, - 'deployment', + { + type: 'category', + label: 'Architecture', + link: { + type: 'generated-index', + title: 'Architecture', + slug: '/category/architecture', + keywords: ['architecture'], + image: '/img/github-mark.png', + }, + collapsible: true, + collapsed: false, + items: ['architecture/Architecture', 'architecture/Processors'], + }, { type: 'category', label: 'Development', From c6e7f7093e2eaf13f10a9520cc7726605c444880 Mon Sep 17 00:00:00 2001 From: Juan Escalada Date: Fri, 27 Mar 2026 13:22:33 +0900 Subject: [PATCH 04/23] chore: bump vulnerable website deps --- website/package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/package.json b/website/package.json index 7ad579179..237ee88b4 100644 --- a/website/package.json +++ b/website/package.json @@ -17,8 +17,8 @@ "axios": "^1.13.4", "classnames": "^2.5.1", "clsx": "^2.1.1", - "eslint": "^9.39.2", - "eslint-plugin-react": "^7.37.5", + "eslint": "^10.1.0", + "eslint-plugin-react": "^7.22.0", "react": "^19.2.4", "react-dom": "^19.2.4", "react-player": "^3.4.0", From 11102b5dfbca4d341f33339471ce903dee2a0e98 Mon Sep 17 00:00:00 2001 From: Juan Escalada Date: Tue, 31 Mar 2026 12:58:35 +0900 Subject: [PATCH 05/23] chore: run `npm audit fix` on main package --- .github/workflows/sample-publish.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/sample-publish.yml b/.github/workflows/sample-publish.yml index 5e27cdbd6..ae446749f 100644 --- a/.github/workflows/sample-publish.yml +++ b/.github/workflows/sample-publish.yml @@ -31,10 +31,8 @@ jobs: working-directory: plugins/git-proxy-plugin-samples run: npm run build - - name: Install peers and publish + - name: Publish git-proxy-plugin-samples working-directory: plugins/git-proxy-plugin-samples - run: | - npm install --include=peer - npm publish --provenance --access=public + run: npm publish --provenance --access=public env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} From 2c2e546a1e953c09ccf9a36ddcf9298b619f98a3 Mon Sep 17 00:00:00 2001 From: Juan Escalada Date: Fri, 3 Apr 2026 12:10:26 +0900 Subject: [PATCH 06/23] docs: standardize doc filenames, fix broken links, add architecture link to README --- README.md | 2 + website/docs/architecture/Architecture.md | 50 +++++++++---------- website/docs/deployment.mdx | 2 +- ...{Upgrading to v2.md => upgrading-to-v2.md} | 2 +- website/sidebars.js | 2 +- 5 files changed, 30 insertions(+), 28 deletions(-) rename website/docs/{Upgrading to v2.md => upgrading-to-v2.md} (99%) diff --git a/README.md b/README.md index 7bc2064c9..54ad5a367 100644 --- a/README.md +++ b/README.md @@ -93,6 +93,8 @@ customize for your environment, see the [project's documentation](https://git-pr - [Configuration](https://git-proxy.finos.org/docs/category/configuration) - [Contributing](https://git-proxy.finos.org/docs/development/contributing) - [Testing](https://git-proxy.finos.org/docs/development/testing) +- [Architecture](https://git-proxy.finos.org/docs/category/architecture/) +- [Upgrading to v2](https://git-proxy.finos.org/docs/upgrading-to-v2) ## Contributing diff --git a/website/docs/architecture/Architecture.md b/website/docs/architecture/Architecture.md index d1c80ee91..d45655906 100644 --- a/website/docs/architecture/Architecture.md +++ b/website/docs/architecture/Architecture.md @@ -10,7 +10,7 @@ GitProxy has several main components: - HTTP Proxy Express app (`/src/proxy`): The actual proxy server for Git. Git operations performed by users are intercepted here, processed by various Express middleware (such as URL rewriting) and applies the relevant **chain** of actions to the payload. Customized functionality in the form of **plugins** are inserted and added to this chain as well. - Chain: A set of **processors** that are applied to an action (i.e. a `git push` operation) before requesting review from a user with permission to approve pushes - - Processor: AKA `Step`. A specific step in the chain where certain rules are applied. See the [list of default processors](./Processors.md) for more details.` + - Processor: AKA `Step`. A specific step in the chain where certain rules are applied. See the [list of default processors](./processors.md) for more details.` - Plugin: A custom processor that can be added externally to extend GitProxy's default policies. See the [plugin guide](https://git-proxy.finos.org/docs/development/plugins) for more details. - Backend-for-frontend (BFF) Service API, Express app (`/src/service`): Handles UI requests, user authentication to GitProxy (not to Git), database operations and some of the logic for rejection/approval. Runs by default on port `8080`, and can be configured with the `GIT_PROXY_UI_HOST` and `GIT_PROXY_UI_PORT` environment variables. - Passport: The [library](https://www.passportjs.org/) used to authenticate to the GitProxy API (not the proxy itself - this depends on the Git `user.email`). Supports multiple authentication methods by default ([Local](#local), [AD](#activedirectory), [OIDC](#openid-connect)). @@ -53,9 +53,9 @@ Don't forget to save and update the attached .drawio (XML)! --> Three types of policies can be applied to incoming pushes: - Default policies: These are already present in the GitProxy pull/push chain and require modifying source code to change their behaviour. - - For example, [`checkUserPushPermission`](./Processors.md#checkuserpushpermission) which simply checks if the pusher's email exists in the GitProxy database, and if their user is marked in the "Contributors" list (`canPush`) for the repository they're trying to push to. + - For example, [`checkUserPushPermission`](./processors.md#checkuserpushpermission) which simply checks if the pusher's email exists in the GitProxy database, and if their user is marked in the "Contributors" list (`canPush`) for the repository they're trying to push to. - Configurable policies: These are policies that can be easily configured through the GitProxy config (`proxy.config.json` or a custom file). - - For example, [`checkCommitMessages`](./Processors.md#checkcommitmessages) which reads the configuration and matches the string patterns provided with the commit messages in the push in order to block it. + - For example, [`checkCommitMessages`](./processors.md#checkcommitmessages) which reads the configuration and matches the string patterns provided with the commit messages in the push in order to block it. - Custom policies: - Plugins: Push/pull plugins provide more flexibility for implementing an organization's rules. For more information, see the [guide on writing your own plugins](https://git-proxy.finos.org/docs/development/plugins). - Processors: Custom logic may require specific data within a push that isn't available at the end of the chain (where plugins are executed). In this case, the appropriate solution is to write a processor and add it to the correct place in the chain. @@ -64,7 +64,7 @@ Three types of policies can be applied to incoming pushes: ### Pre-processors -Pre-processors run before executing the chain. Currently, only executes [`parseAction`](./Processors.md#parseaction), which is in charge of classifying requests as push/pull/default and creating the `Action` object used by the chain. +Pre-processors run before executing the chain. Currently, only executes [`parseAction`](./processors.md#parseaction), which is in charge of classifying requests as push/pull/default and creating the `Action` object used by the chain. ### Action Chains @@ -74,27 +74,27 @@ Action chains are a list of processors that a Git operation goes through before Executed when a user makes a `git push` to GitProxy. These are the actions in `pushActionChain`, by order of execution: -- [`parsePush`](./Processors.md#parsepush) -- [`checkEmptyBranch`](./Processors.md#checkemptybranch) -- [`checkRepoInAuthorisedList`](./Processors.md#checkrepoinauthorisedlist) -- [`checkCommitMessages`](./Processors.md#checkcommitmessages) -- [`checkAuthorEmails`](./Processors.md#checkauthoremails) -- [`checkUserPushPermission`](./Processors.md#checkuserpushpermission) -- [`pullRemote`](./Processors.md#pullremote) -- [`writePack`](./Processors.md#writepack) -- [`checkHiddenCommits`](./Processors.md#checkhiddencommits) -- [`checkIfWaitingAuth`](./Processors.md#checkifwaitingauth) -- [`preReceive`](./Processors.md#prereceive) -- [`getDiff`](./Processors.md#getdiff) -- [`gitleaks`](./Processors.md#gitleaks) -- [`scanDiff`](./Processors.md#scandiff) -- [`blockForAuth`](./Processors.md#blockforauth) +- [`parsePush`](./processors.md#parsepush) +- [`checkEmptyBranch`](./processors.md#checkemptybranch) +- [`checkRepoInAuthorisedList`](./processors.md#checkrepoinauthorisedlist) +- [`checkCommitMessages`](./processors.md#checkcommitmessages) +- [`checkAuthorEmails`](./processors.md#checkauthoremails) +- [`checkUserPushPermission`](./processors.md#checkuserpushpermission) +- [`pullRemote`](./processors.md#pullremote) +- [`writePack`](./processors.md#writepack) +- [`checkHiddenCommits`](./processors.md#checkhiddencommits) +- [`checkIfWaitingAuth`](./processors.md#checkifwaitingauth) +- [`preReceive`](./processors.md#prereceive) +- [`getDiff`](./processors.md#getdiff) +- [`gitleaks`](./processors.md#gitleaks) +- [`scanDiff`](./processors.md#scandiff) +- [`blockForAuth`](./processors.md#blockforauth) #### Pull action chain Executed when a user makes a `git clone` or `git pull` to GitProxy: -- [`checkRepoInAuthorisedList`](./Processors.md#checkrepoinauthorisedlist) +- [`checkRepoInAuthorisedList`](./processors.md#checkrepoinauthorisedlist) At present, the pull action chain is only checking that the repository is configured in GitProxy. This ensures it will block pull requests for unknown repositories. @@ -102,17 +102,17 @@ At present, the pull action chain is only checking that the repository is config This chain is executed when making any operation other than a `git push` or `git pull`. -- [`checkRepoInAuthorisedList`](./Processors.md#checkrepoinauthorisedlist) +- [`checkRepoInAuthorisedList`](./processors.md#checkrepoinauthorisedlist) The default action chain, much like the pull chain, is only checking that the repository is configured in GitProxy. This ensures it will block all git client requests for unknown repositories. ### Post-processors -After processors in the chain are done executing, [`audit`](./Processors.md#audit) is called to store the action along with all of its execution steps in the database for auditing purposes. +After processors in the chain are done executing, [`audit`](./processors.md#audit) is called to store the action along with all of its execution steps in the database for auditing purposes. -If [`pullRemote`](./Processors.md#pullremote) ran successfully and cloned the repository, then [`clearBareClone`](./Processors.md#clearbareclone) is run to clear up that clone, freeing disk space and ensuring that the _.remote/\*_ folder created does not conflict with any future pushes involving the same SHA. +If [`pullRemote`](./processors.md#pullremote) ran successfully and cloned the repository, then [`clearBareClone`](./processors.md#clearbareclone) is run to clear up that clone, freeing disk space and ensuring that the _.remote/\*_ folder created does not conflict with any future pushes involving the same SHA. -Finally, if the action was auto-approved or auto-rejected as a result of running [`preReceive`](./Processors.md#prereceive), it will attempt to auto-approve or auto-reject it. +Finally, if the action was auto-approved or auto-rejected as a result of running [`preReceive`](./processors.md#prereceive), it will attempt to auto-approve or auto-reject it. ### Authentication @@ -224,7 +224,7 @@ Currently supports the following out-of-the-box: #### `commitConfig` -Used in [`checkCommitMessages`](./Processors.md#checkcommitmessages), [`checkAuthorEmails`](./Processors.md#checkauthoremails) and [`scanDiff`](./Processors.md#scandiff) processors to block pushes depending on the given rules. +Used in [`checkCommitMessages`](./processors.md#checkcommitmessages), [`checkAuthorEmails`](./processors.md#checkauthoremails) and [`scanDiff`](./processors.md#scandiff) processors to block pushes depending on the given rules. By default, no rules are applied. diff --git a/website/docs/deployment.mdx b/website/docs/deployment.mdx index 5f45de0c1..9460b66f9 100644 --- a/website/docs/deployment.mdx +++ b/website/docs/deployment.mdx @@ -126,7 +126,7 @@ remote: http://localhost:8080/dashboard/push/000000__b12557 - Username: `admin` - Password: `admin` - See the [Authentication](https://github.com/finos/git-proxy/blob/main/docs/Architecture.md#authentication) section of the architecture guide for more details. + See the [Authentication](https://github.com/finos/git-proxy/blob/main/website/architecture/architecture.md#authentication) section of the architecture guide for more details. 3. Review the push and approve it 4. Push again to forward to upstream: ```bash diff --git a/website/docs/Upgrading to v2.md b/website/docs/upgrading-to-v2.md similarity index 99% rename from website/docs/Upgrading to v2.md rename to website/docs/upgrading-to-v2.md index 793565556..c3b418119 100644 --- a/website/docs/Upgrading to v2.md +++ b/website/docs/upgrading-to-v2.md @@ -93,7 +93,7 @@ Changing the email address associated with commits can be accomplished via a num - `checkEmptyBranch` simply checks whether the branch has had any new commits (if not, the push will be rejected) - Added a settings page for configuring the JWT token to authenticate UI requests to API when `apiAuthentication` is enabled in [#1096](https://github.com/finos/git-proxy/pull/1096) - Previously, requests from the UI were bypassing the JWT check if the user was logged in, and failing otherwise when `apiAuthentication` was set - - For more details on setting JWT, check the [architecture documentation](./architecture/Architecture.md#setting-up-jwt-authentication): + - For more details on setting JWT, check the [architecture documentation](./architecture/architecture.md#setting-up-jwt-authentication): - Added the ability to create new users via the GitProxy CLI in [#981](https://github.com/finos/git-proxy/pull/981) - Added `/healthcheck` endpoint for AWS Load Balancer support [#1197](https://github.com/finos/git-proxy/pull/1197) - Improved login page flexibility, error handling and visibility of available auth methods in [#1227](https://github.com/finos/git-proxy/pull/1227) diff --git a/website/sidebars.js b/website/sidebars.js index 947e5beee..b675c1646 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -37,7 +37,7 @@ module.exports = { ], }, 'deployment', - 'Upgrading to v2', + 'upgrading-to-v2', { type: 'category', label: 'Configuration', From 926a06d0f1de3a1604997daae54c38752d9dc59b Mon Sep 17 00:00:00 2001 From: Juan Escalada Date: Fri, 3 Apr 2026 12:24:11 +0900 Subject: [PATCH 07/23] docs: update broken links and sidebar --- website/docs/architecture/Architecture.md | 50 +++++++++++------------ website/docs/upgrading-to-v2.md | 2 +- website/sidebars.js | 2 +- 3 files changed, 27 insertions(+), 27 deletions(-) diff --git a/website/docs/architecture/Architecture.md b/website/docs/architecture/Architecture.md index d45655906..1994d413d 100644 --- a/website/docs/architecture/Architecture.md +++ b/website/docs/architecture/Architecture.md @@ -10,7 +10,7 @@ GitProxy has several main components: - HTTP Proxy Express app (`/src/proxy`): The actual proxy server for Git. Git operations performed by users are intercepted here, processed by various Express middleware (such as URL rewriting) and applies the relevant **chain** of actions to the payload. Customized functionality in the form of **plugins** are inserted and added to this chain as well. - Chain: A set of **processors** that are applied to an action (i.e. a `git push` operation) before requesting review from a user with permission to approve pushes - - Processor: AKA `Step`. A specific step in the chain where certain rules are applied. See the [list of default processors](./processors.md) for more details.` + - Processor: AKA `Step`. A specific step in the chain where certain rules are applied. See the [list of default processors](/docs/architecture/processors.md) for more details.` - Plugin: A custom processor that can be added externally to extend GitProxy's default policies. See the [plugin guide](https://git-proxy.finos.org/docs/development/plugins) for more details. - Backend-for-frontend (BFF) Service API, Express app (`/src/service`): Handles UI requests, user authentication to GitProxy (not to Git), database operations and some of the logic for rejection/approval. Runs by default on port `8080`, and can be configured with the `GIT_PROXY_UI_HOST` and `GIT_PROXY_UI_PORT` environment variables. - Passport: The [library](https://www.passportjs.org/) used to authenticate to the GitProxy API (not the proxy itself - this depends on the Git `user.email`). Supports multiple authentication methods by default ([Local](#local), [AD](#activedirectory), [OIDC](#openid-connect)). @@ -53,9 +53,9 @@ Don't forget to save and update the attached .drawio (XML)! --> Three types of policies can be applied to incoming pushes: - Default policies: These are already present in the GitProxy pull/push chain and require modifying source code to change their behaviour. - - For example, [`checkUserPushPermission`](./processors.md#checkuserpushpermission) which simply checks if the pusher's email exists in the GitProxy database, and if their user is marked in the "Contributors" list (`canPush`) for the repository they're trying to push to. + - For example, [`checkUserPushPermission`](/docs/architecture/processors.md#checkuserpushpermission) which simply checks if the pusher's email exists in the GitProxy database, and if their user is marked in the "Contributors" list (`canPush`) for the repository they're trying to push to. - Configurable policies: These are policies that can be easily configured through the GitProxy config (`proxy.config.json` or a custom file). - - For example, [`checkCommitMessages`](./processors.md#checkcommitmessages) which reads the configuration and matches the string patterns provided with the commit messages in the push in order to block it. + - For example, [`checkCommitMessages`](/docs/architecture/processors.md#checkcommitmessages) which reads the configuration and matches the string patterns provided with the commit messages in the push in order to block it. - Custom policies: - Plugins: Push/pull plugins provide more flexibility for implementing an organization's rules. For more information, see the [guide on writing your own plugins](https://git-proxy.finos.org/docs/development/plugins). - Processors: Custom logic may require specific data within a push that isn't available at the end of the chain (where plugins are executed). In this case, the appropriate solution is to write a processor and add it to the correct place in the chain. @@ -64,7 +64,7 @@ Three types of policies can be applied to incoming pushes: ### Pre-processors -Pre-processors run before executing the chain. Currently, only executes [`parseAction`](./processors.md#parseaction), which is in charge of classifying requests as push/pull/default and creating the `Action` object used by the chain. +Pre-processors run before executing the chain. Currently, only executes [`parseAction`](/docs/architecture/processors.md#parseaction), which is in charge of classifying requests as push/pull/default and creating the `Action` object used by the chain. ### Action Chains @@ -74,27 +74,27 @@ Action chains are a list of processors that a Git operation goes through before Executed when a user makes a `git push` to GitProxy. These are the actions in `pushActionChain`, by order of execution: -- [`parsePush`](./processors.md#parsepush) -- [`checkEmptyBranch`](./processors.md#checkemptybranch) -- [`checkRepoInAuthorisedList`](./processors.md#checkrepoinauthorisedlist) -- [`checkCommitMessages`](./processors.md#checkcommitmessages) -- [`checkAuthorEmails`](./processors.md#checkauthoremails) -- [`checkUserPushPermission`](./processors.md#checkuserpushpermission) -- [`pullRemote`](./processors.md#pullremote) -- [`writePack`](./processors.md#writepack) -- [`checkHiddenCommits`](./processors.md#checkhiddencommits) -- [`checkIfWaitingAuth`](./processors.md#checkifwaitingauth) -- [`preReceive`](./processors.md#prereceive) -- [`getDiff`](./processors.md#getdiff) -- [`gitleaks`](./processors.md#gitleaks) -- [`scanDiff`](./processors.md#scandiff) -- [`blockForAuth`](./processors.md#blockforauth) +- [`parsePush`](/docs/architecture/processors.md#parsepush) +- [`checkEmptyBranch`](/docs/architecture/processors.md#checkemptybranch) +- [`checkRepoInAuthorisedList`](/docs/architecture/processors.md#checkrepoinauthorisedlist) +- [`checkCommitMessages`](/docs/architecture/processors.md#checkcommitmessages) +- [`checkAuthorEmails`](/docs/architecture/processors.md#checkauthoremails) +- [`checkUserPushPermission`](/docs/architecture/processors.md#checkuserpushpermission) +- [`pullRemote`](/docs/architecture/processors.md#pullremote) +- [`writePack`](/docs/architecture/processors.md#writepack) +- [`checkHiddenCommits`](/docs/architecture/processors.md#checkhiddencommits) +- [`checkIfWaitingAuth`](/docs/architecture/processors.md#checkifwaitingauth) +- [`preReceive`](/docs/architecture/processors.md#prereceive) +- [`getDiff`](/docs/architecture/processors.md#getdiff) +- [`gitleaks`](/docs/architecture/processors.md#gitleaks) +- [`scanDiff`](/docs/architecture/processors.md#scandiff) +- [`blockForAuth`](/docs/architecture/processors.md#blockforauth) #### Pull action chain Executed when a user makes a `git clone` or `git pull` to GitProxy: -- [`checkRepoInAuthorisedList`](./processors.md#checkrepoinauthorisedlist) +- [`checkRepoInAuthorisedList`](/docs/architecture/processors.md#checkrepoinauthorisedlist) At present, the pull action chain is only checking that the repository is configured in GitProxy. This ensures it will block pull requests for unknown repositories. @@ -102,17 +102,17 @@ At present, the pull action chain is only checking that the repository is config This chain is executed when making any operation other than a `git push` or `git pull`. -- [`checkRepoInAuthorisedList`](./processors.md#checkrepoinauthorisedlist) +- [`checkRepoInAuthorisedList`](/docs/architecture/processors.md#checkrepoinauthorisedlist) The default action chain, much like the pull chain, is only checking that the repository is configured in GitProxy. This ensures it will block all git client requests for unknown repositories. ### Post-processors -After processors in the chain are done executing, [`audit`](./processors.md#audit) is called to store the action along with all of its execution steps in the database for auditing purposes. +After processors in the chain are done executing, [`audit`](/docs/architecture/processors.md#audit) is called to store the action along with all of its execution steps in the database for auditing purposes. -If [`pullRemote`](./processors.md#pullremote) ran successfully and cloned the repository, then [`clearBareClone`](./processors.md#clearbareclone) is run to clear up that clone, freeing disk space and ensuring that the _.remote/\*_ folder created does not conflict with any future pushes involving the same SHA. +If [`pullRemote`](/docs/architecture/processors.md#pullremote) ran successfully and cloned the repository, then [`clearBareClone`](/docs/architecture/processors.md#clearbareclone) is run to clear up that clone, freeing disk space and ensuring that the _.remote/\*_ folder created does not conflict with any future pushes involving the same SHA. -Finally, if the action was auto-approved or auto-rejected as a result of running [`preReceive`](./processors.md#prereceive), it will attempt to auto-approve or auto-reject it. +Finally, if the action was auto-approved or auto-rejected as a result of running [`preReceive`](/docs/architecture/processors.md#prereceive), it will attempt to auto-approve or auto-reject it. ### Authentication @@ -224,7 +224,7 @@ Currently supports the following out-of-the-box: #### `commitConfig` -Used in [`checkCommitMessages`](./processors.md#checkcommitmessages), [`checkAuthorEmails`](./processors.md#checkauthoremails) and [`scanDiff`](./processors.md#scandiff) processors to block pushes depending on the given rules. +Used in [`checkCommitMessages`](/docs/architecture/processors.md#checkcommitmessages), [`checkAuthorEmails`](/docs/architecture/processors.md#checkauthoremails) and [`scanDiff`](/docs/architecture/processors.md#scandiff) processors to block pushes depending on the given rules. By default, no rules are applied. diff --git a/website/docs/upgrading-to-v2.md b/website/docs/upgrading-to-v2.md index c3b418119..fc94dcee5 100644 --- a/website/docs/upgrading-to-v2.md +++ b/website/docs/upgrading-to-v2.md @@ -93,7 +93,7 @@ Changing the email address associated with commits can be accomplished via a num - `checkEmptyBranch` simply checks whether the branch has had any new commits (if not, the push will be rejected) - Added a settings page for configuring the JWT token to authenticate UI requests to API when `apiAuthentication` is enabled in [#1096](https://github.com/finos/git-proxy/pull/1096) - Previously, requests from the UI were bypassing the JWT check if the user was logged in, and failing otherwise when `apiAuthentication` was set - - For more details on setting JWT, check the [architecture documentation](./architecture/architecture.md#setting-up-jwt-authentication): + - For more details on setting JWT, check the [architecture documentation](/docs/architecture/architecture.md#setting-up-jwt-authentication): - Added the ability to create new users via the GitProxy CLI in [#981](https://github.com/finos/git-proxy/pull/981) - Added `/healthcheck` endpoint for AWS Load Balancer support [#1197](https://github.com/finos/git-proxy/pull/1197) - Improved login page flexibility, error handling and visibility of available auth methods in [#1227](https://github.com/finos/git-proxy/pull/1227) diff --git a/website/sidebars.js b/website/sidebars.js index b675c1646..c762c5079 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -64,7 +64,7 @@ module.exports = { }, collapsible: true, collapsed: false, - items: ['architecture/Architecture', 'architecture/Processors'], + items: ['architecture/architecture', 'architecture/processors'], }, { type: 'category', From ab8ba735999211f5d67fde27f7fcc7625ef4828d Mon Sep 17 00:00:00 2001 From: Juan Escalada Date: Fri, 3 Apr 2026 12:38:08 +0900 Subject: [PATCH 08/23] chore: fix architecture/processors filename casing --- website/docs/architecture/{Architecture.md => architecture.md} | 0 website/docs/architecture/{Processors.md => processors.md} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename website/docs/architecture/{Architecture.md => architecture.md} (100%) rename website/docs/architecture/{Processors.md => processors.md} (100%) diff --git a/website/docs/architecture/Architecture.md b/website/docs/architecture/architecture.md similarity index 100% rename from website/docs/architecture/Architecture.md rename to website/docs/architecture/architecture.md diff --git a/website/docs/architecture/Processors.md b/website/docs/architecture/processors.md similarity index 100% rename from website/docs/architecture/Processors.md rename to website/docs/architecture/processors.md From 022755cb3ddf33b382a519f70e0c61c98de81f59 Mon Sep 17 00:00:00 2001 From: Juan Escalada Date: Fri, 3 Apr 2026 12:51:34 +0900 Subject: [PATCH 09/23] chore: pin lodash version to fix CI vulnerability error --- website/package.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/website/package.json b/website/package.json index 237ee88b4..b983f4324 100644 --- a/website/package.json +++ b/website/package.json @@ -42,6 +42,7 @@ "overrides": { "serialize-javascript": "^7.0.5", "uuid": "^14.0.0", - "webpack": "~5.105.0" + "webpack": "~5.105.0", + "lodash": "^4.18.0" } } From 5607097310b1761b1b1ea3fbf338156add50e836 Mon Sep 17 00:00:00 2001 From: Juan Escalada Date: Fri, 3 Apr 2026 13:38:58 +0900 Subject: [PATCH 10/23] docs: fix broken Testing link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 54ad5a367..810a58ce6 100644 --- a/README.md +++ b/README.md @@ -92,7 +92,7 @@ customize for your environment, see the [project's documentation](https://git-pr - [Installation](https://git-proxy.finos.org/docs/quickstart/installation) - [Configuration](https://git-proxy.finos.org/docs/category/configuration) - [Contributing](https://git-proxy.finos.org/docs/development/contributing) -- [Testing](https://git-proxy.finos.org/docs/development/testing) +- [Testing](https://github.com/finos/git-proxy/blob/main/CONTRIBUTING.md#testing) - [Architecture](https://git-proxy.finos.org/docs/category/architecture/) - [Upgrading to v2](https://git-proxy.finos.org/docs/upgrading-to-v2) From 53613ff57b07f86dee57daac140ad05a3b0f030b Mon Sep 17 00:00:00 2001 From: Juan Escalada <97265671+jescalada@users.noreply.github.com> Date: Wed, 13 May 2026 06:33:51 +0000 Subject: [PATCH 11/23] Update website/docs/architecture/architecture.md Co-authored-by: Kris West Signed-off-by: Juan Escalada <97265671+jescalada@users.noreply.github.com> --- website/docs/architecture/architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/architecture/architecture.md b/website/docs/architecture/architecture.md index 1994d413d..64e745d32 100644 --- a/website/docs/architecture/architecture.md +++ b/website/docs/architecture/architecture.md @@ -11,7 +11,7 @@ GitProxy has several main components: - HTTP Proxy Express app (`/src/proxy`): The actual proxy server for Git. Git operations performed by users are intercepted here, processed by various Express middleware (such as URL rewriting) and applies the relevant **chain** of actions to the payload. Customized functionality in the form of **plugins** are inserted and added to this chain as well. - Chain: A set of **processors** that are applied to an action (i.e. a `git push` operation) before requesting review from a user with permission to approve pushes - Processor: AKA `Step`. A specific step in the chain where certain rules are applied. See the [list of default processors](/docs/architecture/processors.md) for more details.` - - Plugin: A custom processor that can be added externally to extend GitProxy's default policies. See the [plugin guide](https://git-proxy.finos.org/docs/development/plugins) for more details. + - Plugin: A custom processor that can be added externally to extend GitProxy's default policies. See the [plugin guide](/docs/development/plugins) for more details. - Backend-for-frontend (BFF) Service API, Express app (`/src/service`): Handles UI requests, user authentication to GitProxy (not to Git), database operations and some of the logic for rejection/approval. Runs by default on port `8080`, and can be configured with the `GIT_PROXY_UI_HOST` and `GIT_PROXY_UI_PORT` environment variables. - Passport: The [library](https://www.passportjs.org/) used to authenticate to the GitProxy API (not the proxy itself - this depends on the Git `user.email`). Supports multiple authentication methods by default ([Local](#local), [AD](#activedirectory), [OIDC](#openid-connect)). - Routes: All the API endpoints used by the UI and proxy to perform operations and fetch or modify GitProxy's state. Except for custom plugin and processor development, there is no need for users or GitProxy administrators to interact with the API directly. From 3c7375fabe28b7634adb1f01d631929b2e34eb6e Mon Sep 17 00:00:00 2001 From: Juan Escalada <97265671+jescalada@users.noreply.github.com> Date: Wed, 13 May 2026 06:34:02 +0000 Subject: [PATCH 12/23] Update website/docs/architecture/architecture.md Co-authored-by: Kris West Signed-off-by: Juan Escalada <97265671+jescalada@users.noreply.github.com> --- website/docs/architecture/architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/architecture/architecture.md b/website/docs/architecture/architecture.md index 64e745d32..616d9136e 100644 --- a/website/docs/architecture/architecture.md +++ b/website/docs/architecture/architecture.md @@ -15,7 +15,7 @@ GitProxy has several main components: - Backend-for-frontend (BFF) Service API, Express app (`/src/service`): Handles UI requests, user authentication to GitProxy (not to Git), database operations and some of the logic for rejection/approval. Runs by default on port `8080`, and can be configured with the `GIT_PROXY_UI_HOST` and `GIT_PROXY_UI_PORT` environment variables. - Passport: The [library](https://www.passportjs.org/) used to authenticate to the GitProxy API (not the proxy itself - this depends on the Git `user.email`). Supports multiple authentication methods by default ([Local](#local), [AD](#activedirectory), [OIDC](#openid-connect)). - Routes: All the API endpoints used by the UI and proxy to perform operations and fetch or modify GitProxy's state. Except for custom plugin and processor development, there is no need for users or GitProxy administrators to interact with the API directly. -- Configuration (`/src/config`): Loads and validates the configuration from `proxy.config.json`, or any provided config file. Allows customising several aspects of GitProxy, including databases, authentication methods, predefined allowed repositories, commit blocking rules and more. For a full list of configurable parameters, check the [config file schema reference](https://git-proxy.finos.org/docs/configuration/reference/). +- Configuration (`/src/config`): Loads and validates the configuration from `proxy.config.json`, or any provided config file. Allows customising several aspects of GitProxy, including databases, authentication methods, predefined allowed repositories, commit blocking rules and more. For a full list of configurable parameters, check the [config file schema reference](/docs/configuration/reference/). - Web UI, React (`/src/ui`): Allows user-friendly interactions with the application. Shows the list of pushes requiring approval, the list of repositories that users can contribute to, and more. Also allows users to easily review the changes in a push, and approve or reject it manually according to company policy. ## Diagram From f36d3a8bfe81aae1860cf9a8135c8f75c35e58b4 Mon Sep 17 00:00:00 2001 From: Juan Escalada <97265671+jescalada@users.noreply.github.com> Date: Wed, 13 May 2026 06:34:14 +0000 Subject: [PATCH 13/23] Update website/docs/architecture/architecture.md Co-authored-by: Kris West Signed-off-by: Juan Escalada <97265671+jescalada@users.noreply.github.com> --- website/docs/architecture/architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/architecture/architecture.md b/website/docs/architecture/architecture.md index 616d9136e..e0d27df72 100644 --- a/website/docs/architecture/architecture.md +++ b/website/docs/architecture/architecture.md @@ -57,7 +57,7 @@ Three types of policies can be applied to incoming pushes: - Configurable policies: These are policies that can be easily configured through the GitProxy config (`proxy.config.json` or a custom file). - For example, [`checkCommitMessages`](/docs/architecture/processors.md#checkcommitmessages) which reads the configuration and matches the string patterns provided with the commit messages in the push in order to block it. - Custom policies: - - Plugins: Push/pull plugins provide more flexibility for implementing an organization's rules. For more information, see the [guide on writing your own plugins](https://git-proxy.finos.org/docs/development/plugins). + - Plugins: Push/pull plugins provide more flexibility for implementing an organization's rules. For more information, see the [guide on writing your own plugins](/docs/development/plugins). - Processors: Custom logic may require specific data within a push that isn't available at the end of the chain (where plugins are executed). In this case, the appropriate solution is to write a processor and add it to the correct place in the chain. ## The nitty gritty From 17df663f6916ca573fbef5a35c2765f69bd5d25e Mon Sep 17 00:00:00 2001 From: Juan Escalada <97265671+jescalada@users.noreply.github.com> Date: Wed, 13 May 2026 06:35:04 +0000 Subject: [PATCH 14/23] Update website/docs/deployment.mdx Co-authored-by: Kris West Signed-off-by: Juan Escalada <97265671+jescalada@users.noreply.github.com> --- website/docs/deployment.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/deployment.mdx b/website/docs/deployment.mdx index 9460b66f9..6fe34e7dd 100644 --- a/website/docs/deployment.mdx +++ b/website/docs/deployment.mdx @@ -126,7 +126,7 @@ remote: http://localhost:8080/dashboard/push/000000__b12557 - Username: `admin` - Password: `admin` - See the [Authentication](https://github.com/finos/git-proxy/blob/main/website/architecture/architecture.md#authentication) section of the architecture guide for more details. + See the [Authentication](/docs/architecture/architecture.md#authentication) section of the architecture guide for more details. 3. Review the push and approve it 4. Push again to forward to upstream: ```bash From 02e1f13b9488c2c24177be8e05c72c5328e58f3f Mon Sep 17 00:00:00 2001 From: Juan Escalada Date: Thu, 14 May 2026 15:05:15 +0900 Subject: [PATCH 15/23] chore: update package-lock.json on root and website --- package-lock.json | 166 ++++++++++++++++------- website/package-lock.json | 273 +++++++++++++++++++------------------- 2 files changed, 259 insertions(+), 180 deletions(-) diff --git a/package-lock.json b/package-lock.json index b99ef2897..394673bd2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -983,13 +983,14 @@ } }, "node_modules/@aws-sdk/xml-builder": { - "version": "3.972.17", - "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.972.17.tgz", - "integrity": "sha512-Ra7hjqAZf1OXRRMueB13qex7mFJRDK/pgCvdSFemXBT8KCGnQDPoKzHY1SjN+TjJVmnpSF14W5tJ1vDamFu+Gg==", + "version": "3.972.23", + "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.972.23.tgz", + "integrity": "sha512-A0YmgYFv+hTI9c17Ntvd2hSehm9bmJfkb+ggADBwVKA8H/3+Jx94SzR2qOB9bAA9WFeDqnfz9PKKQ+D+YAKomA==", "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.14.0", - "fast-xml-parser": "5.5.8", + "@nodable/entities": "2.1.0", + "@smithy/types": "^4.14.1", + "fast-xml-parser": "5.7.2", "tslib": "^2.6.2" }, "engines": { @@ -3026,6 +3027,18 @@ "url": "https://paulmillr.com/funding/" } }, + "node_modules/@nodable/entities": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/@nodable/entities/-/entities-2.1.0.tgz", + "integrity": "sha512-nyT7T3nbMyBI/lvr6L5TyWbFJAI9FTgVRakNoBqCD+PmID8DzFrrNdLLtHMwMszOtqZa8PAOV24ZqDnQrhQINA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/nodable" + } + ], + "license": "MIT" + }, "node_modules/@npmcli/config": { "version": "8.0.3", "license": "ISC", @@ -3554,6 +3567,21 @@ "util": "^0.12.5" } }, + "node_modules/@simple-git/args-pathspec": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@simple-git/args-pathspec/-/args-pathspec-1.0.3.tgz", + "integrity": "sha512-ngJMaHlsWDTfjyq9F3VIQ8b7NXbBLq5j9i5bJ6XLYtD6qlDXT7fdKY2KscWWUF8t18xx052Y/PUO1K1TRc9yKA==", + "license": "MIT" + }, + "node_modules/@simple-git/argv-parser": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/@simple-git/argv-parser/-/argv-parser-1.1.1.tgz", + "integrity": "sha512-Q9lBcfQ+VQCpQqGJFHe5yooOS5hGdLFFbJ5R+R5aDsnkPCahtn1hSkMcORX65J2Z5lxSkD0lQorMsncuBQxYUw==", + "license": "MIT", + "dependencies": { + "@simple-git/args-pathspec": "^1.0.3" + } + }, "node_modules/@smithy/abort-controller": { "version": "4.2.8", "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-4.2.8.tgz", @@ -3904,9 +3932,9 @@ } }, "node_modules/@smithy/types": { - "version": "4.14.0", - "resolved": "https://registry.npmjs.org/@smithy/types/-/types-4.14.0.tgz", - "integrity": "sha512-OWgntFLW88kx2qvf/c/67Vno1yuXm/f9M7QFAtVkkO29IJXGBIg0ycEaBTH0kvCtwmvZxRujrgP5a86RvsXJAQ==", + "version": "4.14.1", + "resolved": "https://registry.npmjs.org/@smithy/types/-/types-4.14.1.tgz", + "integrity": "sha512-59b5HtSVrVR/eYNei3BUj3DCPKD/G7EtDDe7OEJE7i7FtQFugYo6MxbotS8mVJkLNVf8gYaAlEBwwtJ9HzhWSg==", "license": "Apache-2.0", "dependencies": { "tslib": "^2.6.2" @@ -5257,6 +5285,18 @@ "node": ">=4.0" } }, + "node_modules/agent-base": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", + "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", + "license": "MIT", + "dependencies": { + "debug": "4" + }, + "engines": { + "node": ">= 6.0.0" + } + }, "node_modules/aggregate-error": { "version": "3.1.0", "dev": true, @@ -5632,13 +5672,14 @@ "license": "MIT" }, "node_modules/axios": { - "version": "1.15.0", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.15.0.tgz", - "integrity": "sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==", + "version": "1.16.1", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.16.1.tgz", + "integrity": "sha512-caYkukvroVPO8KrzuJEb50Hm07KwfBZPEC3VeFHTsqWHvKTsy54hjJz9BS/cdaypROE2rH6xvm9mHX4fgWkr3A==", "license": "MIT", "dependencies": { - "follow-redirects": "^1.15.11", + "follow-redirects": "^1.16.0", "form-data": "^4.0.5", + "https-proxy-agent": "^5.0.1", "proxy-from-env": "^2.1.0" } }, @@ -7856,12 +7897,12 @@ } }, "node_modules/express-rate-limit": { - "version": "8.3.1", - "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.3.1.tgz", - "integrity": "sha512-D1dKN+cmyPWuvB+G2SREQDzPY1agpBIcTa9sJxOPMCNeH3gwzhqJRDWCXW3gg0y//+LQ/8j52JbMROWyrKdMdw==", + "version": "8.5.1", + "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.5.1.tgz", + "integrity": "sha512-5O6KYmyJEpuPJV5hNTXKbAHWRqrzyu+OI3vUnSd2kXFubIVpG7ezpgxQy76Zo5GQZtrQBg86hF+CM/NX+cioiQ==", "license": "MIT", "dependencies": { - "ip-address": "10.1.0" + "ip-address": "^10.2.0" }, "engines": { "node": ">= 16" @@ -8017,7 +8058,9 @@ "license": "MIT" }, "node_modules/fast-uri": { - "version": "3.0.6", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz", + "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==", "dev": true, "funding": [ { @@ -8032,9 +8075,9 @@ "license": "BSD-3-Clause" }, "node_modules/fast-xml-builder": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.4.tgz", - "integrity": "sha512-f2jhpN4Eccy0/Uz9csxh3Nu6q4ErKxf0XIsasomfOihuSUa3/xw6w8dnOtCDgEItQFJG8KyXPzQXzcODDrrbOg==", + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.2.0.tgz", + "integrity": "sha512-00aAWieqff+ZJhsXA4g1g7M8k+7AYoMUUHF+/zFb5U6Uv/P0Vl4QZo84/IcufzYalLuEj9928bXN9PbbFzMF0Q==", "funding": [ { "type": "github", @@ -8043,13 +8086,14 @@ ], "license": "MIT", "dependencies": { - "path-expression-matcher": "^1.1.3" + "path-expression-matcher": "^1.5.0", + "xml-naming": "^0.1.0" } }, "node_modules/fast-xml-parser": { - "version": "5.5.8", - "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.5.8.tgz", - "integrity": "sha512-Z7Fh2nVQSb2d+poDViM063ix2ZGt9jmY1nWhPfHBOK2Hgnb/OW3P4Et3P/81SEej0J7QbWtJqxO05h8QYfK7LQ==", + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.7.2.tgz", + "integrity": "sha512-P7oW7tLbYnhOLQk/Gv7cZgzgMPP/XN03K02/Jy6Y/NHzyIAIpxuZIM/YqAkfiXFPxA2CTm7NtCijK9EDu09u2w==", "funding": [ { "type": "github", @@ -8058,9 +8102,10 @@ ], "license": "MIT", "dependencies": { - "fast-xml-builder": "^1.1.4", - "path-expression-matcher": "^1.2.0", - "strnum": "^2.2.0" + "@nodable/entities": "^2.1.0", + "fast-xml-builder": "^1.1.5", + "path-expression-matcher": "^1.5.0", + "strnum": "^2.2.3" }, "bin": { "fxparser": "src/cli/cli.js" @@ -8861,6 +8906,19 @@ "node": ">=0.10" } }, + "node_modules/https-proxy-agent": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", + "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", + "license": "MIT", + "dependencies": { + "agent-base": "6", + "debug": "4" + }, + "engines": { + "node": ">= 6" + } + }, "node_modules/human-signals": { "version": "1.1.1", "dev": true, @@ -9007,9 +9065,10 @@ } }, "node_modules/ip-address": { - "version": "10.1.0", - "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.1.0.tgz", - "integrity": "sha512-XXADHxXmvT9+CRxhXg56LJovE+bmWnEWB78LB83VZTprKTmaC5QfruXocxzTZ2Kl0DNwKuBdlIhjL8LeY8Sf8Q==", + "version": "10.2.0", + "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.2.0.tgz", + "integrity": "sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==", + "license": "MIT", "engines": { "node": ">= 12" } @@ -11916,9 +11975,9 @@ } }, "node_modules/postcss": { - "version": "8.5.6", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz", - "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==", + "version": "8.5.14", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.14.tgz", + "integrity": "sha512-SoSL4+OSEtR99LHFZQiJLkT59C5B1amGO1NzTwj7TT1qCUgUO6hxOvzkOYxD+vMrXBM3XJIKzokoERdqQq/Zmg==", "dev": true, "funding": [ { @@ -13036,13 +13095,15 @@ } }, "node_modules/simple-git": { - "version": "3.33.0", - "resolved": "https://registry.npmjs.org/simple-git/-/simple-git-3.33.0.tgz", - "integrity": "sha512-D4V/tGC2sjsoNhoMybKyGoE+v8A60hRawKQ1iFRA1zwuDgGZCBJ4ByOzZ5J8joBbi4Oam0qiPH+GhzmSBwbJng==", + "version": "3.36.0", + "resolved": "https://registry.npmjs.org/simple-git/-/simple-git-3.36.0.tgz", + "integrity": "sha512-cGQjLjK8bxJw4QuYT7gxHw3/IouVESbhahSsHrX97MzCL1gu2u7oy38W6L2ZIGECEfIBG4BabsWDPjBxJENv9Q==", "license": "MIT", "dependencies": { "@kwsites/file-exists": "^1.1.1", "@kwsites/promise-deferred": "^1.1.1", + "@simple-git/args-pathspec": "^1.0.3", + "@simple-git/argv-parser": "^1.1.0", "debug": "^4.4.0" }, "funding": { @@ -13460,9 +13521,9 @@ "license": "MIT" }, "node_modules/strnum": { - "version": "2.2.3", - "resolved": "https://registry.npmjs.org/strnum/-/strnum-2.2.3.tgz", - "integrity": "sha512-oKx6RUCuHfT3oyVjtnrmn19H1SiCqgJSg+54XqURKp5aCMbrXrhLjRN9TjuwMjiYstZ0MzDrHqkGZ5dFTKd+zg==", + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/strnum/-/strnum-2.3.0.tgz", + "integrity": "sha512-ums3KNd42PGyx5xaoVTO1mjU1bH3NpY4vsrVlnv9PNGqQj8wd7rJ6nEypLrJ7z5vxK5RP0yMLo6J/Gsm62DI5Q==", "funding": [ { "type": "github", @@ -13532,9 +13593,9 @@ } }, "node_modules/systeminformation": { - "version": "5.31.4", - "resolved": "https://registry.npmjs.org/systeminformation/-/systeminformation-5.31.4.tgz", - "integrity": "sha512-lZppDyQx91VdS5zJvAyGkmwe+Mq6xY978BDUG2wRkWE+jkmUF5ti8cvOovFQoN5bvSFKCXVkyKEaU5ec3SJiRg==", + "version": "5.31.6", + "resolved": "https://registry.npmjs.org/systeminformation/-/systeminformation-5.31.6.tgz", + "integrity": "sha512-Uv2b2uGGM6ns+26czgW2cYRabYdnswM0ddSOOlryHOaelzsmDSet1iM/NT7VOYxW8x/BW+HkY+b1Ve2pLTSGSA==", "dev": true, "license": "MIT", "os": [ @@ -14271,9 +14332,9 @@ } }, "node_modules/uuid": { - "version": "13.0.0", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-13.0.0.tgz", - "integrity": "sha512-XQegIaBTVUjSHliKqcnFqYypAd4S+WCYt5NIeRs6w/UAry7z8Y9j5ZwRRL4kzq9U3sD6v+85er9FvkEaBpji2w==", + "version": "13.0.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-13.0.2.tgz", + "integrity": "sha512-vzi9uRZ926x4XV73S/4qQaTwPXM2JBj6/6lI/byHH1jOpCzb0zDbfytgA9LcN/hzb2l7WQSQnxITOVx5un/wGw==", "funding": [ "https://github.com/sponsors/broofa", "https://github.com/sponsors/ctavan" @@ -14953,6 +15014,21 @@ "typedarray-to-buffer": "^3.1.5" } }, + "node_modules/xml-naming": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/xml-naming/-/xml-naming-0.1.0.tgz", + "integrity": "sha512-k8KO9hrMyNk6tUWqUfkTEZbezRRpONVOzUTnc97VnCvyj6Tf9lyUR9EDAIeiVLv56jsMcoXEwjW8Kv5yPY52lw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/NaturalIntelligence" + } + ], + "license": "MIT", + "engines": { + "node": ">=16.0.0" + } + }, "node_modules/y18n": { "version": "5.0.8", "license": "ISC", diff --git a/website/package-lock.json b/website/package-lock.json index bf8b2b468..9dc6214ca 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -4,6 +4,7 @@ "requires": true, "packages": { "": { + "name": "website", "devDependencies": { "@docusaurus/core": "^3.10.0", "@docusaurus/plugin-google-gtag": "^3.10.0", @@ -12,8 +13,8 @@ "axios": "^1.13.4", "classnames": "^2.5.1", "clsx": "^2.1.1", - "eslint": "^9.39.2", - "eslint-plugin-react": "^7.37.5", + "eslint": "^10.1.0", + "eslint-plugin-react": "^7.22.0", "react": "^19.2.4", "react-dom": "^19.2.4", "react-player": "^3.4.0", @@ -1308,9 +1309,9 @@ } }, "node_modules/@babel/plugin-transform-modules-systemjs": { - "version": "7.29.0", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.29.0.tgz", - "integrity": "sha512-PrujnVFbOdUpw4UHiVwKvKRLMMic8+eC0CuNlxjsyZUiBjhFdPsewdXCkveh2KqBA9/waD0W1b4hXSOBQJezpQ==", + "version": "7.29.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.29.4.tgz", + "integrity": "sha512-N7QmZ0xRZfjHOfZeQLJjwgX2zS9pdGHSVl/cjSGlo4dXMqvurfxXDMKY4RqEKzPozV78VMcd0lxyG13mlbKc4w==", "dev": true, "license": "MIT", "dependencies": { @@ -4357,129 +4358,107 @@ } }, "node_modules/@eslint/config-array": { - "version": "0.21.2", - "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.2.tgz", - "integrity": "sha512-nJl2KGTlrf9GjLimgIru+V/mzgSK0ABCDQRvxw5BjURL7WfH5uoWmizbH7QB6MmnMBd8cIC9uceWnezL1VZWWw==", + "version": "0.23.5", + "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.23.5.tgz", + "integrity": "sha512-Y3kKLvC1dvTOT+oGlqNQ1XLqK6D1HU2YXPc52NmAlJZbMMWDzGYXMiPRJ8TYD39muD/OTjlZmNJ4ib7dvSrMBA==", "dev": true, "license": "Apache-2.0", "dependencies": { - "@eslint/object-schema": "^2.1.7", + "@eslint/object-schema": "^3.0.5", "debug": "^4.3.1", - "minimatch": "^3.1.5" + "minimatch": "^10.2.4" }, "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + "node": "^20.19.0 || ^22.13.0 || >=24" } }, - "node_modules/@eslint/config-helpers": { - "version": "0.4.2", - "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.4.2.tgz", - "integrity": "sha512-gBrxN88gOIf3R7ja5K9slwNayVcZgK6SOUORm2uBzTeIEfeVaIhOpCtTox3P6R7o2jLFwLFTLnC7kU/RGcYEgw==", + "node_modules/@eslint/config-array/node_modules/balanced-match": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", + "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", "dev": true, - "license": "Apache-2.0", - "dependencies": { - "@eslint/core": "^0.17.0" - }, + "license": "MIT", "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + "node": "18 || 20 || >=22" } }, - "node_modules/@eslint/core": { - "version": "0.17.0", - "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.17.0.tgz", - "integrity": "sha512-yL/sLrpmtDaFEiUj1osRP4TI2MDz1AddJL+jZ7KSqvBuliN4xqYY54IfdN8qD8Toa6g1iloph1fxQNkjOxrrpQ==", + "node_modules/@eslint/config-array/node_modules/brace-expansion": { + "version": "5.0.6", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz", + "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==", "dev": true, - "license": "Apache-2.0", + "license": "MIT", "dependencies": { - "@types/json-schema": "^7.0.15" + "balanced-match": "^4.0.2" }, "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + "node": "18 || 20 || >=22" } }, - "node_modules/@eslint/eslintrc": { - "version": "3.3.5", - "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.5.tgz", - "integrity": "sha512-4IlJx0X0qftVsN5E+/vGujTRIFtwuLbNsVUe7TO6zYPDR1O6nFwvwhIKEKSrl6dZchmYBITazxKoUYOjdtjlRg==", + "node_modules/@eslint/config-array/node_modules/minimatch": { + "version": "10.2.5", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz", + "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==", "dev": true, - "license": "MIT", + "license": "BlueOak-1.0.0", "dependencies": { - "ajv": "^6.14.0", - "debug": "^4.3.2", - "espree": "^10.0.1", - "globals": "^14.0.0", - "ignore": "^5.2.0", - "import-fresh": "^3.2.1", - "js-yaml": "^4.1.1", - "minimatch": "^3.1.5", - "strip-json-comments": "^3.1.1" + "brace-expansion": "^5.0.5" }, "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + "node": "18 || 20 || >=22" }, "funding": { - "url": "https://opencollective.com/eslint" + "url": "https://github.com/sponsors/isaacs" } }, - "node_modules/@eslint/eslintrc/node_modules/ajv": { - "version": "6.15.0", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz", - "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==", + "node_modules/@eslint/config-helpers": { + "version": "0.5.5", + "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.5.5.tgz", + "integrity": "sha512-eIJYKTCECbP/nsKaaruF6LW967mtbQbsw4JTtSVkUQc9MneSkbrgPJAbKl9nWr0ZeowV8BfsarBmPpBzGelA2w==", "dev": true, - "license": "MIT", + "license": "Apache-2.0", "dependencies": { - "fast-deep-equal": "^3.1.1", - "fast-json-stable-stringify": "^2.0.0", - "json-schema-traverse": "^0.4.1", - "uri-js": "^4.2.2" + "@eslint/core": "^1.2.1" }, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/epoberezkin" + "engines": { + "node": "^20.19.0 || ^22.13.0 || >=24" } }, - "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", - "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", - "dev": true, - "license": "MIT" - }, - "node_modules/@eslint/js": { - "version": "9.39.4", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.39.4.tgz", - "integrity": "sha512-nE7DEIchvtiFTwBw4Lfbu59PG+kCofhjsKaCWzxTpt4lfRjRMqG6uMBzKXuEcyXhOHoUp9riAm7/aWYGhXZ9cw==", + "node_modules/@eslint/core": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/@eslint/core/-/core-1.2.1.tgz", + "integrity": "sha512-MwcE1P+AZ4C6DWlpin/OmOA54mmIZ/+xZuJiQd4SyB29oAJjN30UW9wkKNptW2ctp4cEsvhlLY/CsQ1uoHDloQ==", "dev": true, - "license": "MIT", - "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + "license": "Apache-2.0", + "dependencies": { + "@types/json-schema": "^7.0.15" }, - "funding": { - "url": "https://eslint.org/donate" + "engines": { + "node": "^20.19.0 || ^22.13.0 || >=24" } }, "node_modules/@eslint/object-schema": { - "version": "2.1.7", - "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.7.tgz", - "integrity": "sha512-VtAOaymWVfZcmZbp6E2mympDIHvyjXs/12LqWYjVw6qjrfF+VK+fyG33kChz3nnK+SU5/NeHOqrTEHS8sXO3OA==", + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-3.0.5.tgz", + "integrity": "sha512-vqTaUEgxzm+YDSdElad6PiRoX4t8VGDjCtt05zn4nU810UIx/uNEV7/lZJ6KwFThKZOzOxzXy48da+No7HZaMw==", "dev": true, "license": "Apache-2.0", "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + "node": "^20.19.0 || ^22.13.0 || >=24" } }, "node_modules/@eslint/plugin-kit": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.4.1.tgz", - "integrity": "sha512-43/qtrDUokr7LJqoF2c3+RInu/t4zfrpYdoSDfYyhg52rwLV6TnOvdG4fXm7IkSB3wErkcmJS9iEhjVtOSEjjA==", + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.7.1.tgz", + "integrity": "sha512-rZAP3aVgB9ds9KOeUSL+zZ21hPmo8dh6fnIFwRQj5EAZl9gzR7wxYbYXYysAM8CTqGmUGyp2S4kUdV17MnGuWQ==", "dev": true, "license": "Apache-2.0", "dependencies": { - "@eslint/core": "^0.17.0", + "@eslint/core": "^1.2.1", "levn": "^0.4.1" }, "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + "node": "^20.19.0 || ^22.13.0 || >=24" } }, "node_modules/@hapi/hoek": { @@ -6002,6 +5981,13 @@ "@types/estree": "*" } }, + "node_modules/@types/esrecurse": { + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/@types/esrecurse/-/esrecurse-4.3.1.tgz", + "integrity": "sha512-xJBAbDifo5hpffDBuHl0Y8ywswbiAp/Wi7Y/GtAgSlZyIABppyurxVueOPE8LUQOxdlgi6Zqce7uoEpqNTeiUw==", + "dev": true, + "license": "MIT" + }, "node_modules/@types/estree": { "version": "1.0.8", "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz", @@ -9723,33 +9709,30 @@ } }, "node_modules/eslint": { - "version": "9.39.4", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.39.4.tgz", - "integrity": "sha512-XoMjdBOwe/esVgEvLmNsD3IRHkm7fbKIUGvrleloJXUZgDHig2IPWNniv+GwjyJXzuNqVjlr5+4yVUZjycJwfQ==", + "version": "10.3.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-10.3.0.tgz", + "integrity": "sha512-XbEXaRva5cF0ZQB8w6MluHA0kZZfV2DuCMJ3ozyEOHLwDpZX2Lmm/7Pp0xdJmI0GL1W05VH5VwIFHEm1Vcw2gw==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.8.0", - "@eslint-community/regexpp": "^4.12.1", - "@eslint/config-array": "^0.21.2", - "@eslint/config-helpers": "^0.4.2", - "@eslint/core": "^0.17.0", - "@eslint/eslintrc": "^3.3.5", - "@eslint/js": "9.39.4", - "@eslint/plugin-kit": "^0.4.1", + "@eslint-community/regexpp": "^4.12.2", + "@eslint/config-array": "^0.23.5", + "@eslint/config-helpers": "^0.5.5", + "@eslint/core": "^1.2.1", + "@eslint/plugin-kit": "^0.7.1", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.4.2", "@types/estree": "^1.0.6", "ajv": "^6.14.0", - "chalk": "^4.0.0", "cross-spawn": "^7.0.6", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", - "eslint-scope": "^8.4.0", - "eslint-visitor-keys": "^4.2.1", - "espree": "^10.4.0", - "esquery": "^1.5.0", + "eslint-scope": "^9.1.2", + "eslint-visitor-keys": "^5.0.1", + "espree": "^11.2.0", + "esquery": "^1.7.0", "esutils": "^2.0.2", "fast-deep-equal": "^3.1.3", "file-entry-cache": "^8.0.0", @@ -9759,8 +9742,7 @@ "imurmurhash": "^0.1.4", "is-glob": "^4.0.0", "json-stable-stringify-without-jsonify": "^1.0.1", - "lodash.merge": "^4.6.2", - "minimatch": "^3.1.5", + "minimatch": "^10.2.4", "natural-compare": "^1.4.0", "optionator": "^0.9.3" }, @@ -9768,7 +9750,7 @@ "eslint": "bin/eslint.js" }, "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + "node": "^20.19.0 || ^22.13.0 || >=24" }, "funding": { "url": "https://eslint.org/donate" @@ -9850,30 +9832,32 @@ } }, "node_modules/eslint-scope": { - "version": "8.4.0", - "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-8.4.0.tgz", - "integrity": "sha512-sNXOfKCn74rt8RICKMvJS7XKV/Xk9kA7DyJr8mJik3S7Cwgy3qlkkmyS2uQB3jiJg6VNdZd/pDBJu0nvG2NlTg==", + "version": "9.1.2", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-9.1.2.tgz", + "integrity": "sha512-xS90H51cKw0jltxmvmHy2Iai1LIqrfbw57b79w/J7MfvDfkIkFZ+kj6zC3BjtUwh150HsSSdxXZcsuv72miDFQ==", "dev": true, "license": "BSD-2-Clause", "dependencies": { + "@types/esrecurse": "^4.3.1", + "@types/estree": "^1.0.8", "esrecurse": "^4.3.0", "estraverse": "^5.2.0" }, "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + "node": "^20.19.0 || ^22.13.0 || >=24" }, "funding": { "url": "https://opencollective.com/eslint" } }, "node_modules/eslint-visitor-keys": { - "version": "4.2.1", - "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.2.1.tgz", - "integrity": "sha512-Uhdk5sfqcee/9H/rCOJikYz67o0a2Tw2hGRPOG2Y1R2dg7brRe1uG0yaNQDHu+TO/uQPF/5eCapvYSmHUjt7JQ==", + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz", + "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==", "dev": true, "license": "Apache-2.0", "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + "node": "^20.19.0 || ^22.13.0 || >=24" }, "funding": { "url": "https://opencollective.com/eslint" @@ -9896,6 +9880,29 @@ "url": "https://github.com/sponsors/epoberezkin" } }, + "node_modules/eslint/node_modules/balanced-match": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", + "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", + "dev": true, + "license": "MIT", + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/eslint/node_modules/brace-expansion": { + "version": "5.0.6", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz", + "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^4.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + } + }, "node_modules/eslint/node_modules/glob-parent": { "version": "6.0.2", "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", @@ -9916,19 +9923,35 @@ "dev": true, "license": "MIT" }, + "node_modules/eslint/node_modules/minimatch": { + "version": "10.2.5", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz", + "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==", + "dev": true, + "license": "BlueOak-1.0.0", + "dependencies": { + "brace-expansion": "^5.0.5" + }, + "engines": { + "node": "18 || 20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, "node_modules/espree": { - "version": "10.4.0", - "resolved": "https://registry.npmjs.org/espree/-/espree-10.4.0.tgz", - "integrity": "sha512-j6PAQ2uUr79PZhBjP5C5fhl8e39FmRnOjsD5lGnWrFU8i2G776tBK7+nP8KuQUTTyAZUwfQqXAgrVH5MbH9CYQ==", + "version": "11.2.0", + "resolved": "https://registry.npmjs.org/espree/-/espree-11.2.0.tgz", + "integrity": "sha512-7p3DrVEIopW1B1avAGLuCSh1jubc01H2JHc8B4qqGblmg5gI9yumBgACjWo4JlIc04ufug4xJ3SQI8HkS/Rgzw==", "dev": true, "license": "BSD-2-Clause", "dependencies": { - "acorn": "^8.15.0", + "acorn": "^8.16.0", "acorn-jsx": "^5.3.2", - "eslint-visitor-keys": "^4.2.1" + "eslint-visitor-keys": "^5.0.1" }, "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + "node": "^20.19.0 || ^22.13.0 || >=24" }, "funding": { "url": "https://opencollective.com/eslint" @@ -10335,9 +10358,9 @@ "license": "MIT" }, "node_modules/fast-uri": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz", - "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz", + "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==", "dev": true, "funding": [ { @@ -10937,19 +10960,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/globals": { - "version": "14.0.0", - "resolved": "https://registry.npmjs.org/globals/-/globals-14.0.0.tgz", - "integrity": "sha512-oahGvuMGQlPw/ivIYBjVSrWAfWLBeku5tpPE2fOPLi+WHffIWbuh2tCjhyQhTBPMf5E9jDEH4FOmTYgYwbKwtQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=18" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, "node_modules/globalthis": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/globalthis/-/globalthis-1.0.4.tgz", @@ -13079,13 +13089,6 @@ "dev": true, "license": "MIT" }, - "node_modules/lodash.merge": { - "version": "4.6.2", - "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", - "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==", - "dev": true, - "license": "MIT" - }, "node_modules/lodash.uniq": { "version": "4.5.0", "resolved": "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz", From eb26f93dbfe592321283af21f4b4fbc1ed539eb3 Mon Sep 17 00:00:00 2001 From: Juan Escalada Date: Thu, 14 May 2026 15:06:56 +0900 Subject: [PATCH 16/23] chore: revert sample-publish.yml to previous state Accidentally brought these changes in while rebasing - they're being added in #1511 instead --- .github/workflows/sample-publish.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sample-publish.yml b/.github/workflows/sample-publish.yml index ae446749f..5e27cdbd6 100644 --- a/.github/workflows/sample-publish.yml +++ b/.github/workflows/sample-publish.yml @@ -31,8 +31,10 @@ jobs: working-directory: plugins/git-proxy-plugin-samples run: npm run build - - name: Publish git-proxy-plugin-samples + - name: Install peers and publish working-directory: plugins/git-proxy-plugin-samples - run: npm publish --provenance --access=public + run: | + npm install --include=peer + npm publish --provenance --access=public env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} From 572a0a5142c5dff6216057c0eddad177e55883e1 Mon Sep 17 00:00:00 2001 From: Juan Escalada Date: Thu, 14 May 2026 15:15:56 +0900 Subject: [PATCH 17/23] docs: move releases.md into website and update sidebar --- website/{static/Releases.md => docs/development/releases.md} | 2 +- website/sidebars.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename website/{static/Releases.md => docs/development/releases.md} (99%) diff --git a/website/static/Releases.md b/website/docs/development/releases.md similarity index 99% rename from website/static/Releases.md rename to website/docs/development/releases.md index 1206d2ed7..23f12ab11 100644 --- a/website/static/Releases.md +++ b/website/docs/development/releases.md @@ -1,4 +1,4 @@ -# GitProxy Releases +# Releases GitProxy has a standardized release process to ensure they are done in a timely manner, and to prevent extensive merge conflicts. We encourage contributors to read this before opening a PR. diff --git a/website/sidebars.js b/website/sidebars.js index c762c5079..261e21e16 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -78,7 +78,7 @@ module.exports = { }, collapsible: true, collapsed: false, - items: ['development/contributing', 'development/plugins'], + items: ['development/contributing', 'development/plugins', 'development/releases'], }, ], }; From 7823d6fb4bcbbd7f8ecf5711e874011a655c2b9b Mon Sep 17 00:00:00 2001 From: Juan Escalada Date: Thu, 14 May 2026 15:17:55 +0900 Subject: [PATCH 18/23] chore: update README link to release guide --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1ae77a7cc..6d09f1be5 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -151,7 +151,7 @@ test: add fuzz tests for repo name validation ### Release and Branching Process -To understand when your contribution will get merged upstream and published to NPM, see our [Releases guide](./docs/Releases.md). +To understand when your contribution will get merged upstream and published to NPM, see our [Releases guide](https://git-proxy.finos.org/docs/development/releases). ## Testing From 7e79386d70c624796d1d5b137a5599f30346dcfc Mon Sep 17 00:00:00 2001 From: Juan Escalada <97265671+jescalada@users.noreply.github.com> Date: Fri, 15 May 2026 14:04:26 +0000 Subject: [PATCH 19/23] Update website/docs/architecture/architecture.md Co-authored-by: Kris West Signed-off-by: Juan Escalada <97265671+jescalada@users.noreply.github.com> --- website/docs/architecture/architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/architecture/architecture.md b/website/docs/architecture/architecture.md index e0d27df72..4e5b34770 100644 --- a/website/docs/architecture/architecture.md +++ b/website/docs/architecture/architecture.md @@ -392,7 +392,7 @@ Cypress.Commands.add('getCSRFToken', () => { Defines a list of plugins to integrate on GitProxy's push or pull actions. Accepted values are either a file path or a module name. -See the [plugin guide](https://git-proxy.finos.org/docs/development/plugins) for more setup details. +See the [plugin guide](docs/development/plugins) for more setup details. #### `authorisedList` From af872623433ab2b9e475b082e7a2c16cab0276a5 Mon Sep 17 00:00:00 2001 From: Juan Escalada <97265671+jescalada@users.noreply.github.com> Date: Fri, 15 May 2026 14:04:55 +0000 Subject: [PATCH 20/23] Update website/docs/architecture/processors.md Co-authored-by: Kris West Signed-off-by: Juan Escalada <97265671+jescalada@users.noreply.github.com> --- website/docs/architecture/processors.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/architecture/processors.md b/website/docs/architecture/processors.md index 8f4edc590..99d34051c 100644 --- a/website/docs/architecture/processors.md +++ b/website/docs/architecture/processors.md @@ -140,7 +140,7 @@ This processor will block the push depending on the exit status of the pre-recei - Exit status `1`: Sets the push to `autoRejected`, automatically rejecting the push after the chain completes, regardless of whether the other processors would have allowed it. - Exit status `2`: Requires subsequent manual approval as any regular push, even if all processors succeed. -For detailed setup instructions and examples, see the [Pre-Receive Hook configuration guide](https://git-proxy.finos.org/docs/configuration/pre-receive/). +For detailed setup instructions and examples, see the [Pre-Receive Hook configuration guide](docs/configuration/pre-receive/). Source: [/src/proxy/processors/push-action/preReceive.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/preReceive.ts) From 3cd8f8b83005a396e1e108dd6be4b3c9e9e8a4e4 Mon Sep 17 00:00:00 2001 From: Juan Escalada <97265671+jescalada@users.noreply.github.com> Date: Fri, 15 May 2026 14:05:18 +0000 Subject: [PATCH 21/23] Update website/docs/architecture/architecture.md Co-authored-by: Kris West Signed-off-by: Juan Escalada <97265671+jescalada@users.noreply.github.com> --- website/docs/architecture/architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/architecture/architecture.md b/website/docs/architecture/architecture.md index 4e5b34770..566441061 100644 --- a/website/docs/architecture/architecture.md +++ b/website/docs/architecture/architecture.md @@ -183,7 +183,7 @@ New methods can be added by: Many of the proxy, API and UI behaviours are configurable. The most important ones will be covered here. For a comprehensive list of parameters, see the [config file schema reference](https://git-proxy.finos.org/docs/configuration/reference/). -GitProxy ships with a default configuration which can be customised in various ways. See the [configuration guide](https://git-proxy.finos.org/docs/configuration/overview) for more details on providing custom config files and validating them. +GitProxy ships with a default configuration which can be customised in various ways. See the [configuration guide](docs/configuration/overview) for more details on providing custom config files and validating them. ### Config parameters From 4246d963705c1c6f733031e74b1799f65d11eaa7 Mon Sep 17 00:00:00 2001 From: Juan Escalada <97265671+jescalada@users.noreply.github.com> Date: Fri, 15 May 2026 14:05:36 +0000 Subject: [PATCH 22/23] Update website/docs/architecture/architecture.md Co-authored-by: Kris West Signed-off-by: Juan Escalada <97265671+jescalada@users.noreply.github.com> --- website/docs/architecture/architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/architecture/architecture.md b/website/docs/architecture/architecture.md index 566441061..2f140b054 100644 --- a/website/docs/architecture/architecture.md +++ b/website/docs/architecture/architecture.md @@ -181,7 +181,7 @@ New methods can be added by: ### GitProxy Configuration -Many of the proxy, API and UI behaviours are configurable. The most important ones will be covered here. For a comprehensive list of parameters, see the [config file schema reference](https://git-proxy.finos.org/docs/configuration/reference/). +Many of the proxy, API and UI behaviours are configurable. The most important ones will be covered here. For a comprehensive list of parameters, see the [config file schema reference](docs/configuration/reference/). GitProxy ships with a default configuration which can be customised in various ways. See the [configuration guide](docs/configuration/overview) for more details on providing custom config files and validating them. From e85acc49d86ca8f0c109ab6cd349be34e17719c7 Mon Sep 17 00:00:00 2001 From: Juan Escalada Date: Fri, 15 May 2026 23:17:38 +0900 Subject: [PATCH 23/23] docs: fix broken links in website/docs/architecture --- website/docs/architecture/architecture.md | 62 +++++++++++------------ website/docs/architecture/processors.md | 2 +- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/website/docs/architecture/architecture.md b/website/docs/architecture/architecture.md index 2f140b054..e91a3d457 100644 --- a/website/docs/architecture/architecture.md +++ b/website/docs/architecture/architecture.md @@ -10,12 +10,12 @@ GitProxy has several main components: - HTTP Proxy Express app (`/src/proxy`): The actual proxy server for Git. Git operations performed by users are intercepted here, processed by various Express middleware (such as URL rewriting) and applies the relevant **chain** of actions to the payload. Customized functionality in the form of **plugins** are inserted and added to this chain as well. - Chain: A set of **processors** that are applied to an action (i.e. a `git push` operation) before requesting review from a user with permission to approve pushes - - Processor: AKA `Step`. A specific step in the chain where certain rules are applied. See the [list of default processors](/docs/architecture/processors.md) for more details.` - - Plugin: A custom processor that can be added externally to extend GitProxy's default policies. See the [plugin guide](/docs/development/plugins) for more details. + - Processor: AKA `Step`. A specific step in the chain where certain rules are applied. See the [list of default processors](processors.md) for more details.` + - Plugin: A custom processor that can be added externally to extend GitProxy's default policies. See the [plugin guide](../development/plugins) for more details. - Backend-for-frontend (BFF) Service API, Express app (`/src/service`): Handles UI requests, user authentication to GitProxy (not to Git), database operations and some of the logic for rejection/approval. Runs by default on port `8080`, and can be configured with the `GIT_PROXY_UI_HOST` and `GIT_PROXY_UI_PORT` environment variables. - Passport: The [library](https://www.passportjs.org/) used to authenticate to the GitProxy API (not the proxy itself - this depends on the Git `user.email`). Supports multiple authentication methods by default ([Local](#local), [AD](#activedirectory), [OIDC](#openid-connect)). - Routes: All the API endpoints used by the UI and proxy to perform operations and fetch or modify GitProxy's state. Except for custom plugin and processor development, there is no need for users or GitProxy administrators to interact with the API directly. -- Configuration (`/src/config`): Loads and validates the configuration from `proxy.config.json`, or any provided config file. Allows customising several aspects of GitProxy, including databases, authentication methods, predefined allowed repositories, commit blocking rules and more. For a full list of configurable parameters, check the [config file schema reference](/docs/configuration/reference/). +- Configuration (`/src/config`): Loads and validates the configuration from `proxy.config.json`, or any provided config file. Allows customising several aspects of GitProxy, including databases, authentication methods, predefined allowed repositories, commit blocking rules and more. For a full list of configurable parameters, check the [config file schema reference](../configuration/reference). - Web UI, React (`/src/ui`): Allows user-friendly interactions with the application. Shows the list of pushes requiring approval, the list of repositories that users can contribute to, and more. Also allows users to easily review the changes in a push, and approve or reject it manually according to company policy. ## Diagram @@ -53,18 +53,18 @@ Don't forget to save and update the attached .drawio (XML)! --> Three types of policies can be applied to incoming pushes: - Default policies: These are already present in the GitProxy pull/push chain and require modifying source code to change their behaviour. - - For example, [`checkUserPushPermission`](/docs/architecture/processors.md#checkuserpushpermission) which simply checks if the pusher's email exists in the GitProxy database, and if their user is marked in the "Contributors" list (`canPush`) for the repository they're trying to push to. + - For example, [`checkUserPushPermission`](processors.md#checkuserpushpermission) which simply checks if the pusher's email exists in the GitProxy database, and if their user is marked in the "Contributors" list (`canPush`) for the repository they're trying to push to. - Configurable policies: These are policies that can be easily configured through the GitProxy config (`proxy.config.json` or a custom file). - - For example, [`checkCommitMessages`](/docs/architecture/processors.md#checkcommitmessages) which reads the configuration and matches the string patterns provided with the commit messages in the push in order to block it. + - For example, [`checkCommitMessages`](processors.md#checkcommitmessages) which reads the configuration and matches the string patterns provided with the commit messages in the push in order to block it. - Custom policies: - - Plugins: Push/pull plugins provide more flexibility for implementing an organization's rules. For more information, see the [guide on writing your own plugins](/docs/development/plugins). + - Plugins: Push/pull plugins provide more flexibility for implementing an organization's rules. For more information, see the [guide on writing your own plugins](../development/plugins). - Processors: Custom logic may require specific data within a push that isn't available at the end of the chain (where plugins are executed). In this case, the appropriate solution is to write a processor and add it to the correct place in the chain. ## The nitty gritty ### Pre-processors -Pre-processors run before executing the chain. Currently, only executes [`parseAction`](/docs/architecture/processors.md#parseaction), which is in charge of classifying requests as push/pull/default and creating the `Action` object used by the chain. +Pre-processors run before executing the chain. Currently, only executes [`parseAction`](processors.md#parseaction), which is in charge of classifying requests as push/pull/default and creating the `Action` object used by the chain. ### Action Chains @@ -74,27 +74,27 @@ Action chains are a list of processors that a Git operation goes through before Executed when a user makes a `git push` to GitProxy. These are the actions in `pushActionChain`, by order of execution: -- [`parsePush`](/docs/architecture/processors.md#parsepush) -- [`checkEmptyBranch`](/docs/architecture/processors.md#checkemptybranch) -- [`checkRepoInAuthorisedList`](/docs/architecture/processors.md#checkrepoinauthorisedlist) -- [`checkCommitMessages`](/docs/architecture/processors.md#checkcommitmessages) -- [`checkAuthorEmails`](/docs/architecture/processors.md#checkauthoremails) -- [`checkUserPushPermission`](/docs/architecture/processors.md#checkuserpushpermission) -- [`pullRemote`](/docs/architecture/processors.md#pullremote) -- [`writePack`](/docs/architecture/processors.md#writepack) -- [`checkHiddenCommits`](/docs/architecture/processors.md#checkhiddencommits) -- [`checkIfWaitingAuth`](/docs/architecture/processors.md#checkifwaitingauth) -- [`preReceive`](/docs/architecture/processors.md#prereceive) -- [`getDiff`](/docs/architecture/processors.md#getdiff) -- [`gitleaks`](/docs/architecture/processors.md#gitleaks) -- [`scanDiff`](/docs/architecture/processors.md#scandiff) -- [`blockForAuth`](/docs/architecture/processors.md#blockforauth) +- [`parsePush`](processors.md#parsepush) +- [`checkEmptyBranch`](processors.md#checkemptybranch) +- [`checkRepoInAuthorisedList`](processors.md#checkrepoinauthorisedlist) +- [`checkCommitMessages`](processors.md#checkcommitmessages) +- [`checkAuthorEmails`](processors.md#checkauthoremails) +- [`checkUserPushPermission`](processors.md#checkuserpushpermission) +- [`pullRemote`](processors.md#pullremote) +- [`writePack`](processors.md#writepack) +- [`checkHiddenCommits`](processors.md#checkhiddencommits) +- [`checkIfWaitingAuth`](processors.md#checkifwaitingauth) +- [`preReceive`](processors.md#prereceive) +- [`getDiff`](processors.md#getdiff) +- [`gitleaks`](processors.md#gitleaks) +- [`scanDiff`](processors.md#scandiff) +- [`blockForAuth`](processors.md#blockforauth) #### Pull action chain Executed when a user makes a `git clone` or `git pull` to GitProxy: -- [`checkRepoInAuthorisedList`](/docs/architecture/processors.md#checkrepoinauthorisedlist) +- [`checkRepoInAuthorisedList`](processors.md#checkrepoinauthorisedlist) At present, the pull action chain is only checking that the repository is configured in GitProxy. This ensures it will block pull requests for unknown repositories. @@ -102,17 +102,17 @@ At present, the pull action chain is only checking that the repository is config This chain is executed when making any operation other than a `git push` or `git pull`. -- [`checkRepoInAuthorisedList`](/docs/architecture/processors.md#checkrepoinauthorisedlist) +- [`checkRepoInAuthorisedList`](processors.md#checkrepoinauthorisedlist) The default action chain, much like the pull chain, is only checking that the repository is configured in GitProxy. This ensures it will block all git client requests for unknown repositories. ### Post-processors -After processors in the chain are done executing, [`audit`](/docs/architecture/processors.md#audit) is called to store the action along with all of its execution steps in the database for auditing purposes. +After processors in the chain are done executing, [`audit`](processors.md#audit) is called to store the action along with all of its execution steps in the database for auditing purposes. -If [`pullRemote`](/docs/architecture/processors.md#pullremote) ran successfully and cloned the repository, then [`clearBareClone`](/docs/architecture/processors.md#clearbareclone) is run to clear up that clone, freeing disk space and ensuring that the _.remote/\*_ folder created does not conflict with any future pushes involving the same SHA. +If [`pullRemote`](processors.md#pullremote) ran successfully and cloned the repository, then [`clearBareClone`](processors.md#clearbareclone) is run to clear up that clone, freeing disk space and ensuring that the _.remote/\*_ folder created does not conflict with any future pushes involving the same SHA. -Finally, if the action was auto-approved or auto-rejected as a result of running [`preReceive`](/docs/architecture/processors.md#prereceive), it will attempt to auto-approve or auto-reject it. +Finally, if the action was auto-approved or auto-rejected as a result of running [`preReceive`](processors.md#prereceive), it will attempt to auto-approve or auto-reject it. ### Authentication @@ -181,9 +181,9 @@ New methods can be added by: ### GitProxy Configuration -Many of the proxy, API and UI behaviours are configurable. The most important ones will be covered here. For a comprehensive list of parameters, see the [config file schema reference](docs/configuration/reference/). +Many of the proxy, API and UI behaviours are configurable. The most important ones will be covered here. For a comprehensive list of parameters, see the [config file schema reference](../configuration/reference/). -GitProxy ships with a default configuration which can be customised in various ways. See the [configuration guide](docs/configuration/overview) for more details on providing custom config files and validating them. +GitProxy ships with a default configuration which can be customised in various ways. See the [configuration guide](../configuration/overview) for more details on providing custom config files and validating them. ### Config parameters @@ -224,7 +224,7 @@ Currently supports the following out-of-the-box: #### `commitConfig` -Used in [`checkCommitMessages`](/docs/architecture/processors.md#checkcommitmessages), [`checkAuthorEmails`](/docs/architecture/processors.md#checkauthoremails) and [`scanDiff`](/docs/architecture/processors.md#scandiff) processors to block pushes depending on the given rules. +Used in [`checkCommitMessages`](processors.md#checkcommitmessages), [`checkAuthorEmails`](processors.md#checkauthoremails) and [`scanDiff`](processors.md#scandiff) processors to block pushes depending on the given rules. By default, no rules are applied. @@ -392,7 +392,7 @@ Cypress.Commands.add('getCSRFToken', () => { Defines a list of plugins to integrate on GitProxy's push or pull actions. Accepted values are either a file path or a module name. -See the [plugin guide](docs/development/plugins) for more setup details. +See the [plugin guide](../development/plugins) for more setup details. #### `authorisedList` diff --git a/website/docs/architecture/processors.md b/website/docs/architecture/processors.md index 99d34051c..f2c8222a0 100644 --- a/website/docs/architecture/processors.md +++ b/website/docs/architecture/processors.md @@ -140,7 +140,7 @@ This processor will block the push depending on the exit status of the pre-recei - Exit status `1`: Sets the push to `autoRejected`, automatically rejecting the push after the chain completes, regardless of whether the other processors would have allowed it. - Exit status `2`: Requires subsequent manual approval as any regular push, even if all processors succeed. -For detailed setup instructions and examples, see the [Pre-Receive Hook configuration guide](docs/configuration/pre-receive/). +For detailed setup instructions and examples, see the [Pre-Receive Hook configuration guide](../configuration/pre-receive/). Source: [/src/proxy/processors/push-action/preReceive.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/preReceive.ts)