Ga naar inhoud

Configuration reference

Billbird is configured entirely through environment variables. No configuration files are required at runtime.

Required variables

These must be set for the application to start. If any are missing, the application exits immediately with an error naming the missing variable.

Variable Description Example
DATABASE_URL PostgreSQL connection string postgres://user:pass@host:5432/billbird?sslmode=disable
GITHUB_APP_ID Numeric ID of your GitHub App 123456
GITHUB_PRIVATE_KEY PEM-encoded private key for the GitHub App -----BEGIN RSA PRIVATE KEY-----\n...
GITHUB_WEBHOOK_SECRET Secret used to verify webhook signatures whsec_abc123...
ALLOWED_ORGS Comma-separated list of GitHub org names whose members can use slash commands my-org or org-a,org-b

Optional variables

Variable Description Default
PORT HTTP server port 8080
BASE_URL Public URL Billbird is reachable on. Used to build the OAuth callback (BASE_URL/auth/callback); must match the "Callback URL" configured in the GitHub App. http://localhost:PORT
GITHUB_CLIENT_ID OAuth client ID (for admin panel login) (none)
GITHUB_CLIENT_SECRET OAuth client secret (for admin panel login) (none)
SESSION_SECRET Secret for signing session cookies (none)

Development-only flags

Variable What it does Why
BILLBIRD_DEV_MEMBERSHIP_BYPASS When set to true, every bearer token is treated as belonging to an allowed-org member. The startup log prints a banner so the override is visible. Local smoke testing without a registered GitHub App. Must not be set in production. The setting widens API access from "ALLOWED_ORGS members" to "anyone with any valid token".

Notes

Private key format

The GITHUB_PRIVATE_KEY value should contain the full PEM-encoded key, including the -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- markers. In Docker Compose or shell environments, wrap the value in quotes and use literal newlines.

Database URL

The DATABASE_URL must be a valid PostgreSQL connection string. For local development with Docker Compose, the default is:

postgres://billbird:billbird@db:5432/billbird?sslmode=disable

For production, use TLS:

postgres://user:pass@host:5432/billbird?sslmode=require

Allowed orgs

ALLOWED_ORGS controls who can use Billbird slash commands. Only members of the listed GitHub organizations can /log, /correct, or /delete. Non-members get an error comment. Multiple orgs are comma-separated: org-a,org-b.

Billbird checks org membership via the GitHub API on every command. No user registration in Billbird itself is needed --- membership is managed entirely through GitHub.

Admin panel variables

The admin panel requires GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, and SESSION_SECRET to be set. Admin access is granted to members of any org listed in ALLOWED_ORGS. Without the panel variables, the webhook endpoint and health check still function, but the admin panel is unavailable.

Public URL (BASE_URL)

When admin panel users log in, Billbird sends them through GitHub OAuth. GitHub redirects back to BASE_URL/auth/callback, and that URL must match the Callback URL configured in the GitHub App's settings exactly — including scheme (https) and port.

If BASE_URL is unset Billbird falls back to http://localhost:PORT, which works for local development but produces a redirect_uri mismatch error from GitHub for any other deployment. Set BASE_URL to your real public URL — for example https://billbird.example.com — and configure the matching Callback URL in the GitHub App.

The webhook receiver (POST /webhook) does not use BASE_URL; GitHub's servers reach it directly via the Webhook URL field in the GitHub App. Both URLs share the same public host in a typical deployment.

Kubernetes

In Kubernetes deployments, sensitive variables (GITHUB_PRIVATE_KEY, GITHUB_WEBHOOK_SECRET, GITHUB_CLIENT_SECRET, SESSION_SECRET, DATABASE_URL) should be stored in Kubernetes Secrets and referenced in the pod spec. See self-hosting.md for Helm chart configuration.