Environment Variables
Configure the trupu server via environment variables on the trupu service in your docker-compose.yml.
Server
Section titled “Server”| Variable | Default | Description |
|---|---|---|
PORT | 3000 | Port the trupu server listens on |
Authentication
Section titled “Authentication”| Variable | Default | Description |
|---|---|---|
ALLOWED_PUBLISHERS | (empty) | Comma-separated trusted publishers in owner/repo:workflow.yml format |
ALLOWED_REFS | (empty) | Comma-separated git refs to allow (e.g. refs/heads/main). Empty = allow all |
OIDC_AUDIENCE | https://registry.example.com | Expected aud claim in the OIDC token. Must match the audience parameter in your GitHub Actions token request |
Dev mode
Section titled “Dev mode”| Variable | Default | Description |
|---|---|---|
DEV_MODE | false | Set to true to skip OIDC verification and accept DEV_TOKEN |
DEV_TOKEN | trupu-dev-token | Static token accepted when DEV_MODE is true |
Example
Section titled “Example”trupu: environment: PORT: '3000' ALLOWED_PUBLISHERS: 'my-org/app:publish.yml,my-org/lib:release.yaml' ALLOWED_REFS: 'refs/heads/main,refs/tags/v*' OIDC_AUDIENCE: 'https://registry.example.com'