{"id":41714101,"url":"https://github.com/bitsbeats/drone-tree-config","last_synced_at":"2026-04-04T14:51:44.623Z","repository":{"id":51288683,"uuid":"174523180","full_name":"bitsbeats/drone-tree-config","owner":"bitsbeats","description":"Drone helper for mono repositories.","archived":false,"fork":false,"pushed_at":"2024-01-09T15:21:29.000Z","size":2696,"stargazers_count":104,"open_issues_count":8,"forks_count":25,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-06-18T21:48:49.628Z","etag":null,"topics":["ci","drone","droneci","github","monorepo","monorepository"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bitsbeats.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-08T11:09:51.000Z","updated_at":"2024-01-04T13:53:59.000Z","dependencies_parsed_at":"2024-06-18T21:36:02.852Z","dependency_job_id":"fc067d2d-54b9-4de0-ae4f-ccd2a2bd5d75","html_url":"https://github.com/bitsbeats/drone-tree-config","commit_stats":null,"previous_names":[],"tags_count":28,"template":false,"template_full_name":null,"purl":"pkg:github/bitsbeats/drone-tree-config","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitsbeats%2Fdrone-tree-config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitsbeats%2Fdrone-tree-config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitsbeats%2Fdrone-tree-config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitsbeats%2Fdrone-tree-config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bitsbeats","download_url":"https://codeload.github.com/bitsbeats/drone-tree-config/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitsbeats%2Fdrone-tree-config/sbom","scorecard":{"id":240839,"data":{"date":"2025-08-11","repo":{"name":"github.com/bitsbeats/drone-tree-config","commit":"3d7f78dc7866934217a7b258fba01a96d21ef344"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2,"checks":[{"name":"Code-Review","score":3,"reason":"Found 9/24 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:19: pin your Docker image by updating alpine to alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 15 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"20 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-2947 / GHSA-v6v8-xj6m-xwqh","Warn: Project is vulnerable to: GO-2022-0236 / GHSA-h86h-8ppg-mxmh","Warn: Project is vulnerable to: GO-2021-0238 / GHSA-83g2-8m93-v3w7","Warn: Project is vulnerable to: GO-2022-0288","Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2022-0603 / GHSA-hp87-p4gw-j4gq","Warn: Project is vulnerable to: GO-2022-0197 / GHSA-4r78-hx75-jjj2 / GHSA-mv93-wvcp-7m7r","Warn: Project is vulnerable to: GO-2020-0014 / GHSA-vfw5-hrgq-h5wf","Warn: Project is vulnerable to: GO-2022-0536 / GHSA-39qc-96h7-956f / GHSA-hgr8-6h9x-f7q9"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T06:39:23.658Z","repository_id":51288683,"created_at":"2025-08-17T06:39:23.658Z","updated_at":"2025-08-17T06:39:23.658Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31403769,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T10:20:44.708Z","status":"ssl_error","status_checked_at":"2026-04-04T10:20:06.846Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci","drone","droneci","github","monorepo","monorepository"],"created_at":"2026-01-24T22:00:33.659Z","updated_at":"2026-04-04T14:51:44.614Z","avatar_url":"https://github.com/bitsbeats.png","language":"Go","readme":"# Drone Tree Config\n\nThis is a Drone extension to support mono repositories with multiple `.drone.yml`.\n\nThe extension checks each changed file and looks for a `.drone.yml` in the directory of the file or any parent directory. Drone will either use the first `.drone.yml` that matches or optionally run all of them in a multi-machine build.\n\nThere is an official Docker image: https://hub.docker.com/r/bitsbeats/drone-tree-config\n\n## Limitations\n\nCurrently supports\n\n* Github\n* Gitlab\n* Bitbucket [#4](https://github.com/bitsbeats/drone-tree-config/pull/4)\n\n## Usage\n\n#### Environment variables\n\n* `PLUGIN_CONCAT`: Concats all found configs to a multi-machine build. Defaults to `false`.\n* `PLUGIN_FALLBACK`: Rebuild all .drone.yml if no changes where made. Defaults to `false`.\n* `PLUGIN_ALWAYS_RUN_ALL`: Always rebuild all .drone.yml. Useful when repository has a global dependency, like executing tests on all projects in repo before building individual artefacts. Defaults to `false`.\n* `PLUGIN_MAXDEPTH`: Max depth to search for `.drone.yml`, only active in fallback and always fallback modes or when pipeline was triggered by cron. Defaults to `2` (would still find `/a/b/.drone.yml`).\n* `PLUGIN_DEBUG`: Set this to `true` to enable debug messages.\n* `PLUGIN_ADDRESS`: Listen address for the plugins webserver. Defaults to `:3000`.\n* `PLUGIN_SECRET`: Shared secret with drone. You can generate the token using `openssl rand -hex 16`.\n* `PLUGIN_ALLOW_LIST_FILE`: (Optional) Path to regex pattern file. Matches the repo slug(s) against a list of regex patterns. Defaults to `\"\"`, match everything.\n* `PLUGIN_CACHE_TTL`: (Optional) Cache entry time to live value. When defined and greater than `0s`, enables in memory caching for request/response pairs.\n* `PLUGIN_CONSIDER_FILE`: (Optional) Consider file name. Only consider the `.drone.yml` files listed in this file. When defined, all enabled repos must contain a consider file.\n* `PLUGIN_FINALIZE`: Adds dependencies to all other pipelines to a user provider pipelined named `finalize`.\n\nBackend specific options\n\n* `SERVER`: Custom SCM server (also used by Gitlab / Bitbucket)\n* GitHub:\n  * `GITHUB_TOKEN`: Github personal access token. Only needs repo rights. See [here][1].\n* GitLab:\n  * `GITLAB_TOKEN`: Gitlab personal access token. Only needs `read_repository` rights. See [here][2]\n* Bitbucket\n  * `BITBUCKET_AUTH_SERVER`: Custom auth server (uses SERVER if empty)\n  * `BITBUCKET_CLIENT`: Credentials for Bitbucket access\n  * `BITBUCKET_SECRET`: Credentials for Bitbucket access\n\nIf `PLUGIN_CONCAT` is not set, the first found `.drone.yml` will be used.\n\n#### Example docker-compose\n\n```yaml\nversion: '2'\nservices:\n  drone-server:\n    image: drone/drone\n    ports:\n      - 8000:80\n    volumes:\n      - /var/lib/drone:/data\n      - /var/run/docker.sock:/var/run/docker.sock\n    links:\n      - drone-tree-config\n    restart: always\n    environment:\n      - DRONE_OPEN=true\n      - DRONE_SERVER_PROTO=https\n      - DRONE_SERVER_HOST=***\n      - DRONE_GITHUB=true\n      - DRONE_GITHUB_SERVER=https://github.com\n      - DRONE_GITHUB_CLIENT_ID=***\n      - DRONE_GITHUB_CLIENT_SECRET=***\n      - DRONE_GIT_ALWAYS_AUTH=true\n      - DRONE_SECRET=***\n      - DRONE_RUNNER_CAPACITY=2\n\n      - DRONE_YAML_ENDPOINT=http://drone-tree-config:3000\n      - DRONE_YAML_SECRET=\u003cSECRET\u003e\n\n  drone-tree-config:\n    image: bitsbeats/drone-tree-config\n    environment:\n      - PLUGIN_DEBUG=true\n      - PLUGIN_CONCAT=true\n      - PLUGIN_FALLBACK=true\n      - PLUGIN_SECRET=\u003cSECRET\u003e\n      - GITHUB_TOKEN=\u003cGITHUB_TOKEN\u003e\n    restart: always\n```\n\nEdit the Secrets (`***`), `\u003cSECRET\u003e` and `\u003cGITHUB_TOKEN\u003e` to your needs. `\u003cSECRET\u003e` is used between Drone and drone-tree-config.\n\n#### Enable repos via regex matching\n\nBy default, this plugin matches against ALL repo slugs. If you want to enable the plugin for specific repos only, turn on\nregex matching by specifying a `PLUGIN_ALLOW_LIST_FILE`.\n\n* Regex match rules must comply with [re2][3] syntax.\n* Each line is a single rule.\n* Empty lines are ignored.\n* Lines which start with `#` are treated as comments (ignored).\n\nUpdated docker-compose:\n\n```yaml\n  drone-tree-config:\n    image: bitsbeats/drone-tree-config\n    environment:\n      - PLUGIN_DEBUG=true\n      - PLUGIN_CONCAT=true\n      - PLUGIN_FALLBACK=true\n      - PLUGIN_SECRET=\u003cSECRET\u003e\n      - GITHUB_TOKEN=\u003cGITHUB_TOKEN\u003e\n      - PLUGIN_ALLOW_LIST_FILE=/drone-tree-config-matchfile\n    restart: always\n    volumes:\n      - /var/lib/drone/drone-tree-config-matchfile:/drone-tree-config-matchfile\n```\n\nFile: drone-tree-config-matchfile:\n\n```text\n^bitbeats/.*$\n^myorg/myrepo$\n```\n\n* Matches against all repos in the `bitbeats` org\n* Matches against `myorg/myrepo`\n\n[1]: https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line\n[2]: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html\n[3]: https://github.com/google/re2/wiki/Syntax\n\n#### Consider file\n\n If a `PLUGIN_CONSIDER_FILE` is defined, drone-tree-config will first read the content of the target file and will only consider\n the `.drone.yml` files specified, when matching.\n\nDepending on the size and the complexity of the repository, using a \"consider file\" can significantly reduce the number\nof API calls made to the provider (github, bitbucket, other). The reduction in API calls reduces the risk of being rate\nlimited and can result in less processing time for drone-tree-config.\n\nGiven the config;\n\n```yaml\n   - PLUGIN_CONSIDER_FILE=.drone-consider\n```\n\nA local git repo clone;\n\n```shell\n$ tree -a my-repo-clone/\n my-repo-clone/\n ├── .drone-consier\n ├── foo\n │   └── .drone.yml\n ├── bar\n │   └── .drone.yml\n └── baz\n\n```\n\nContent of the .drone-consider to check in;\n\n```shell\n$ cat my-repo-clone/.drone-consider\nfoo/.drone.yml\nbar/.drone.yml\n```\n\nThe downside of a \"consider file\" is that it has to be kept in sync. As a suggestion, to help with this, a step can be\nadded to each `.drone.yml` which verifies the \"consider file\" is in sync with the actual content of the repo. For\nexample, this can be accomplished by comparing the output of `find ./ -name .drone.yml` with the content of the \"consider file\".\n\n#### Caching\n\nIf a `PLUGIN_CACHE_TTL` is defined, drone-tree-config will leverage an in memory cache to match the inbound requests\nagainst ones that exist in the cache. When a match is found, the cached response is returned. Cached entries are\nexpired and removed when their per-entry TTL is reached.\n\nExample (expire after 30 minutes);\n```yaml\n - PLUGIN_CACHE_TTL=30m\n```\n\nDepending on the size and the complexity of the repository, using a cache can significantly reduce the number of API\ncalls made to the provider (github, bitbucket, other). The reduction in API calls reduces the risk of being rate\nlimited and can result in less processing time for drone-tree-config.\n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbitsbeats%2Fdrone-tree-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbitsbeats%2Fdrone-tree-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbitsbeats%2Fdrone-tree-config/lists"}