Environment variables
Some application features are configured using environment variables.
Configuration variables
| Variable Name | Description | Default | Example value |
|---|---|---|---|
| AEID_CLIENTID | Azure Entra ID client ID. See Azure Authentication | 2222-2222-222-2222 |
|
| AEID_TENANTID | Azure Entra ID tenant ID. See Azure Authentication | 111-1111-1111-1111 |
|
| AEID_SCOPE | Azure Entra ID scope. See Azure Authentication | https://graph.microsoft.com/.default |
|
| API_RETRY_LIMIT | Number of API retries on error | 5 |
10 |
| ACCESS_TOKEN_SECRET | Access token secret. See Authentication | changeme |
|
| ACCESS_TOKEN_TTL | Access token time to live. Use syntax 1h (1 hour), 1m (1 min) etc. |
10m |
5m |
| AUTHENTICATOR_IMPL | Authentication implementation. See Authentication | file |
cognito |
| AWS_REGION | AWS region containing DynamoDB or Secrets Manager or CodePipeline | eu-west-1 |
|
| CACHE_PIPELINE_BUILDS | Whether to cache the pipeline builds from the pipelines provider | true |
|
| CACHE_REPO_LIST | Whether to cache the repository list from the VCS provider | true |
|
| CLIENT_SESSION_STORE | The mechanism for storing the client-side session. Can be cookie or sessionStorage |
cookie |
sessionStorage |
| COGNITO_USER_POOL_ID | Cognito authenticator settings | ||
| COGNITO_CLIENT_ID | Cognito authenticator settings | ||
| CONFIG_DIR | Path to directory containing configuration files. See Configuration. Note, this can be comma-delimited, to read from multiple directories. | Current directory | /path/to/config/dir |
| CONFIG_AUTO_RELOAD | Whether to auto-reload config from file - useful for development | false |
true |
| CONFIG_REFRESH_MS | Requires CONFIG_AUTO_RELOAD - reload frequency in ms |
5000 |
30000 |
| CORS_ORIGIN | The CORS origin of the web UI | https://code-metrics.localhost:3001 |
|
| COVERAGE_THRESHOLD_DANGER | Lower coverage threshold | 30 |
40 |
| COVERAGE_THRESHOLD_WARNING | Upper coverage threshold | 80 |
90 |
| DATABASE_NAME | Prefix for DynamoDB tables or name of MongoDB database | CodeMetrics |
|
| DATASTORE_IMPL | Datastore implementation (one of: inmem, dynamodb, mongodb). See Datastores | inmem |
dynamodb |
| DATASTORE_PATH | Path to use to store code-metrics.db for DATASTORE_IMPL=nedb if left unset will use inmem version of database |
`` | /some/writable/path/on/filesystem |
| DATABASE_URI | MongoDB database URI | mongodb://code-metrics:changeme@localhost:27017 |
|
| DEBUG | Whether to enable the debugger in the desktop app | false |
true |
| EXPIRY_SECONDS | Time to cache data if it is for the current day. | 3600 |
7200 |
| JIRA_CLIENT | The Jira client to use. Defaults to Jira Search JQL on V3 REST API. | rest-api-v3-search-jql |
rest-api-v2-search |
| KEYCLOAK_AUTH_METHOD | Keycloak auth method - currently always directgrant. See Keycloak Authentication |
||
| KEYCLOAK_URI | Keycloak URI. See Keycloak Authentication | ||
| KEYCLOAK_REALM | Keycloak realm. See Keycloak Authentication | ||
| KEYCLOAK_CLIENT_ID | Keycloak client ID. See Keycloak Authentication | ||
| LDAP_ADMIN_AUTH | LDAP authentication configuration. See LDAP Authentication | ||
| LDAP_URI | LDAP authentication configuration. See LDAP Authentication | ||
| LDAP_BIND_DN | LDAP authentication configuration. See LDAP Authentication | ||
| LDAP_BIND_PASSWORD | LDAP authentication configuration. See LDAP Authentication | ||
| LDAP_USER_SEARCH_BASE | LDAP authentication configuration. See LDAP Authentication | ||
| LDAP_ROOT_DN | LDAP authentication configuration. See LDAP Authentication | ||
| LDAP_USERNAME_ATTRIBUTE | LDAP authentication configuration. See LDAP Authentication | ||
| LDAP_TLS | LDAP authentication configuration. See LDAP Authentication | ||
| LOG_FILE_PATH | Path to file where logs should be written. If specified, logs will be written to this file in addition to the console. | /var/log/code-metrics/app.log |
|
| LOG_LEVEL | Logging level. Set to 0 (OFF), 1 (DEBUG) or 2 (VERBOSE) | 1 |
2 |
| LOG_RESPONSE_BODY | Whether to log response bodies from external API calls | false |
true |
| LOOKUP_CACHE_ENABLED | Whether the cache is enabled (requires datastore) | false |
true |
| OIDC_ISSUER_BASE_URL | The base URL for the OIDC server. See OIDC Authentication | https://accounts.google.com |
|
| OIDC_CLIENT_ID | The client ID. See OIDC Authentication | 000000000000-a1b2c3d4e5f6g7h8i9j10k11l12m13n14.apps.googleusercontent.com |
|
| OIDC_CLIENT_SECRET | The client secret. See OIDC Authentication | ABCDEF-ab12cd_aBcDeF12gH34-aB |
|
| OIDC_USER_CLAIM | The name of ID token claim containing the user email address. See OIDC Authentication | sub |
sub or email |
| OIDC_SCOPES | The required scopes. See OIDC Authentication | openid email |
openid email |
| OIDC_AUDIENCE | The desired value of the audience claim. See OIDC Authentication | 000000000000-a1b2c3d4e5f6g7h8i9j10k11l12m13n14.apps.googleusercontent.com |
|
| OIDC_USE_PKCE | Whether to use PKCE. See OIDC Authentication | false |
true |
| OIDC_REDIRECT_URI | Override the OIDC redirect URI. See OIDC Authentication | Derived from the UI base URL. | https://example.com/login/callback |
| PRECACHE_REPO_LIST | Whether to pre-cache the repository list from the VCS provider | true |
false |
| PORT | The port the backend listens on | 3001 |
3030 |
| REPO_LIST_EXPIRY_SECONDS | If CACHE_REPO_LIST is enabled - for how long the list is cached |
21600 |
10800 |
| REFRESH_TOKEN_TTL | Refresh token time to live. Controls the maximum authenticated session length. Use syntax 1h (1 hour), 1m (1 min) etc. |
1h |
30m |
| SERVICE_TOKEN_TTL | Service Token time to live. Use syntax 1h (1 hour), 1d (1 day), 1y (1 year), etc. See API Authentication |
1y |
6m |
| SECRET_RESOLVER_IMPL | Secret resolver implementation. See Secret management | file |
file |
| SHOW_CONSOLE | Whether to show the console window in the desktop app | false |
true |
| STORED_QUERY_DIR | Directory path for file-based stored queries. | Uses CONFIG_DIR (last if multiple specified). |
/path/to/query/dir |
| STORED_QUERY_SERVICE | The implementation for stored queries. See Custom queries | union |
datastore, file |
| STRICT_CONFIG_LOAD | In strict mode the backend will exit the process if the license or config are invalid or missing. Outside strict mode the backend will start without a license or config, but all authenticated routes will be unavailable. In this mode, the frontend will show a more helpful error message. | boolean |
false |
| UI_BASE_URL | The base URL for the UI | Uses value of CORS_ORIGIN |
http://localhost:3000 |
The .env file
As well as setting environment variables in the typical fashion, Code Metrics allows you to use an .env file in the working directory for the backend component.
To get started, copy the .env.template file and name the copy .env.