fed8b2eed7
Backend release / release (push) Waiting to run
Bandit Security Scan / bandit_scan (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / build (linux/amd64, ubuntu-latest, amd64) (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / build (linux/arm64, ubuntu-24.04-arm, arm64) (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / manifest (push) Blocked by required conditions
Build and push DocsGPT FE Docker image for development / build (linux/amd64, ubuntu-latest, amd64) (push) Waiting to run
Build and push DocsGPT FE Docker image for development / build (linux/arm64, ubuntu-24.04-arm, arm64) (push) Waiting to run
Build and push DocsGPT FE Docker image for development / manifest (push) Blocked by required conditions
Python linting / ruff (push) Waiting to run
Run python tests with pytest / Run tests and count coverage (3.12) (push) Waiting to run
React Widget Build / build (push) Waiting to run
72 lines
3.3 KiB
Plaintext
72 lines
3.3 KiB
Plaintext
API_KEY=<LLM api key (for example, open ai key)>
|
|
LLM_NAME=docsgpt
|
|
VITE_API_STREAMING=true
|
|
INTERNAL_KEY=<internal key for worker-to-backend authentication>
|
|
|
|
# Provider-specific API keys (optional - use these to enable multiple providers)
|
|
# OPENAI_API_KEY=<your-openai-api-key>
|
|
# ANTHROPIC_API_KEY=<your-anthropic-api-key>
|
|
# GOOGLE_API_KEY=<your-google-api-key>
|
|
# GROQ_API_KEY=<your-groq-api-key>
|
|
# NOVITA_API_KEY=<your-novita-api-key>
|
|
# OPEN_ROUTER_API_KEY=<your-openrouter-api-key>
|
|
|
|
# Remote Embeddings (Optional - for using a remote embeddings API instead of local SentenceTransformer)
|
|
# When set, the app will use the remote API and won't load SentenceTransformer (saves RAM)
|
|
EMBEDDINGS_BASE_URL=
|
|
EMBEDDINGS_KEY=
|
|
|
|
#For Azure (you can delete it if you don't use Azure)
|
|
OPENAI_API_BASE=
|
|
OPENAI_API_VERSION=
|
|
AZURE_DEPLOYMENT_NAME=
|
|
AZURE_EMBEDDINGS_DEPLOYMENT_NAME=
|
|
|
|
#Azure AD Application (client) ID
|
|
MICROSOFT_CLIENT_ID=your-azure-ad-client-id
|
|
#Azure AD Application client secret
|
|
MICROSOFT_CLIENT_SECRET=your-azure-ad-client-secret
|
|
#Azure AD Tenant ID (or 'common' for multi-tenant)
|
|
MICROSOFT_TENANT_ID=your-azure-ad-tenant-id
|
|
#If you are using a Microsoft Entra ID tenant,
|
|
#configure the AUTHORITY variable as
|
|
#"https://login.microsoftonline.com/TENANT_GUID"
|
|
#or "https://login.microsoftonline.com/contoso.onmicrosoft.com".
|
|
#Alternatively, use "https://login.microsoftonline.com/common" for multi-tenant app.
|
|
MICROSOFT_AUTHORITY=https://{tenantId}.ciamlogin.com/{tenantId}
|
|
|
|
|
|
# POSTGRES_URI=postgresql://docsgpt:docsgpt@localhost:5432/docsgpt
|
|
|
|
# Authentication (optional - default is no auth; see docs: Deploying -> App Configuration)
|
|
# AUTH_TYPE=None|simple_jwt|session_jwt|oidc
|
|
# JWT_SECRET_KEY=<long random string; auto-generated into .jwt_secret_key if unset>
|
|
|
|
# OIDC SSO (only when AUTH_TYPE=oidc; works with Authentik, Keycloak, Okta, ...)
|
|
# OIDC_ISSUER=<issuer URL, e.g. https://auth.example.com/application/o/docsgpt/>
|
|
# OIDC_CLIENT_ID=<client id registered at the IdP>
|
|
# OIDC_CLIENT_SECRET=<only for confidential clients; PKCE is always used>
|
|
# OIDC_FRONTEND_URL=<browser-facing app URL, e.g. http://localhost:5173>
|
|
# OIDC_SCOPES=openid profile email
|
|
# OIDC_USER_ID_CLAIM=sub
|
|
# OIDC_REDIRECT_URI=<override callback URL when behind a reverse proxy>
|
|
# OIDC_SESSION_LIFETIME_SECONDS=28800
|
|
# OIDC_PROVIDER_NAME=<sign-in button label, e.g. Acme SSO; unset shows "SSO">
|
|
# OIDC_ALLOWED_GROUPS=<comma-separated IdP group allowlist; unset = any authenticated user>
|
|
# OIDC_GROUPS_CLAIM=groups
|
|
# OIDC_ADMIN_GROUPS=<comma-separated IdP groups granted the admin role; unset = no OIDC admin mapping>
|
|
# Add offline_access to OIDC_SCOPES for silent session renewal on IdPs that
|
|
# require it for refresh tokens (Authentik does; Keycloak does not).
|
|
|
|
# RBAC (admin/user roles). Persisted admin grants live in the user_roles table
|
|
# and apply only under AUTH_TYPE=oidc — manage them with scripts/grant_admin.py
|
|
# (bootstrap the first admin) or OIDC_ADMIN_GROUPS above. LOCAL_MODE_ADMIN is the
|
|
# ONLY non-DB admin path; it applies solely to AUTH_TYPE=None (no-auth self-host)
|
|
# and MUST stay false in any networked deployment.
|
|
# LOCAL_MODE_ADMIN=false
|
|
|
|
# SCIM 2.0 provisioning (IdP-driven user create/deactivate at /scim/v2;
|
|
# pair with OIDC_USER_ID_CLAIM=email so SCIM userName matches the OIDC user id)
|
|
# SCIM_ENABLED=false
|
|
# SCIM_TOKEN=<long random bearer token presented by the IdP's SCIM client>
|