chore: adding several doc updates for v27 (#65)

Co-authored-by: David May <49894298+wass3rw3rk@users.noreply.github.com>

Author: ecrupper

docs/reference/cli/secret/add.md

@@ -26,21 +26,22 @@ Certain characters may require you to encapsulate your secret with `"` or `'`.
 
 The following parameters are used to configure the command:
 
-| Name            | Description                                       | Environment Variables                      |
-| --------------- | ------------------------------------------------  | ----------------------------------------- |
-| `org`           | name of organization for the secret               | `VELA_ORG`, `SECRET_ORG`                   |
-| `repo`          | name of repository for the secret                 | `VELA_REPO`, `SECRET_REPO`                 |
-| `secret.engine` | name of engine that stores the secret             | `VELA_ENGINE`. `SECRET_ENGINE`             |
-| `secret.type`   | name of type of secret being stored               | `VELA_TYPE`, `SECRET_TYPE`                 |
-| `team`          | name of team for the secret                       | `VELA_TEAM`, `SECRET_TEAM`                 |
-| `name`          | name of the secret                                | `VELA_NAME`, `SECRET_NAME`                 |
-| `value`         | value of the secret                               | `VELA_VALUE`, `SECRET_VALUE`               |
-| `image`         | build image(s) that can access the secret         | `VELA_IMAGES`, `SECRET_IMAGES`             |
-| `event`         | build event(s) that can access the secret         | `VELA_EVENTS`, `SECRET_EVENTS`             |
-| `commands`      | allows a step with commands to access the secret  | `VELA_COMMANDS`, `SECRET_COMMANDS`         |
-| `substitution`  | allows substitution of secret using $\{KEY\} format | `VELA_SUBSTITUTION`, `SECRET_SUBSTITUTION` |
-| `file`          | name of file used to add the secret(s)            | `VELA_FILE`, `SECRET_FILE`                 |
-| `output`        | format the output for the secret                  | `VELA_OUTPUT`, `SECRET_OUTPUT`             |
+| Name             | Description                                         | Environment Variables                      |
+| ---------------  | ------------------------------------------------    | ----------------------------------------- |
+| `org`            | name of organization for the secret                 | `VELA_ORG`, `SECRET_ORG`                   |
+| `repo`           | name of repository for the secret                   | `VELA_REPO`, `SECRET_REPO`                 |
+| `secret.engine`  | name of engine that stores the secret               | `VELA_ENGINE`. `SECRET_ENGINE`             |
+| `secret.type`    | name of type of secret being stored                 | `VELA_TYPE`, `SECRET_TYPE`                 |
+| `team`           | name of team for the secret                         | `VELA_TEAM`, `SECRET_TEAM`                 |
+| `name`           | name of the secret                                  | `VELA_NAME`, `SECRET_NAME`                 |
+| `value`          | value of the secret                                 | `VELA_VALUE`, `SECRET_VALUE`               |
+| `image`          | build image(s) that can access the secret           | `VELA_IMAGES`, `SECRET_IMAGES`             |
+| `event`          | build event(s) that can access the secret           | `VELA_EVENTS`, `SECRET_EVENTS`             |
+| `commands`       | allows a step with commands to access the secret    | `VELA_COMMANDS`, `SECRET_COMMANDS`         |
+| `substitution`   | allows substitution of secret using $\{KEY\} format | `VELA_SUBSTITUTION`, `SECRET_SUBSTITUTION` |
+| `repo-allowlist` | add repositories to secret scope                    | `VELA_REPO_ALLOWLIST`, `SECRET_REPO_ALLOWLIST` |
+| `file`           | name of file used to add the secret(s)              | `VELA_FILE`, `SECRET_FILE`                 |
+| `output`         | format the output for the secret                    | `VELA_OUTPUT`, `SECRET_OUTPUT`             |
 
 :::tip
 This command also supports setting the following parameters via a configuration file:

docs/reference/cli/secret/update.md

@@ -19,21 +19,22 @@ For more information, you can run `vela update secret --help`.
 
 The following parameters are used to configure the command:
 
-| Name            | Description                                       | Environment Variables                      |
-| --------------- | ------------------------------------------------  | ----------------------------------------- |
-| `org`           | name of organization for the secret               | `VELA_ORG`, `SECRET_ORG`                   |
-| `repo`          | name of repository for the secret                 | `VELA_REPO`, `SECRET_REPO`                 |
-| `secret.engine` | name of engine that stores the secret             | `VELA_ENGINE`. `SECRET_ENGINE`             |
-| `secret.type`   | name of type of secret being stored               | `VELA_TYPE`, `SECRET_TYPE`                 |
-| `team`          | name of team for the secret                       | `VELA_TEAM`, `SECRET_TEAM`                 |
-| `name`          | name of the secret                                | `VELA_NAME`, `SECRET_NAME`                 |
-| `value`         | value of the secret                               | `VELA_VALUE`, `SECRET_VALUE`               |
-| `image`         | build image(s) that can access the secret         | `VELA_IMAGES`, `SECRET_IMAGES`             |
-| `event`         | build event(s) that can access the secret         | `VELA_EVENTS`, `SECRET_EVENTS`             |
-| `commands`      | allows a step with commands to access the secret  | `VELA_COMMANDS`, `SECRET_COMMANDS`         |
-| `substitution`  | allows substitution of secret using $\{KEY\} format | `VELA_SUBSTITUTION`, `SECRET_SUBSTITUTION` |
-| `file`          | name of file used to add the secret(s)            | `VELA_FILE`, `SECRET_FILE`                 |
-| `output`        | format the output for the secret                  | `VELA_OUTPUT`, `SECRET_OUTPUT`             |
+| Name             | Description                                         | Environment Variables                      |
+| ---------------  | ------------------------------------------------    | ----------------------------------------- |
+| `org`            | name of organization for the secret                 | `VELA_ORG`, `SECRET_ORG`                   |
+| `repo`           | name of repository for the secret                   | `VELA_REPO`, `SECRET_REPO`                 |
+| `secret.engine`  | name of engine that stores the secret               | `VELA_ENGINE`. `SECRET_ENGINE`             |
+| `secret.type`    | name of type of secret being stored                 | `VELA_TYPE`, `SECRET_TYPE`                 |
+| `team`           | name of team for the secret                         | `VELA_TEAM`, `SECRET_TEAM`                 |
+| `name`           | name of the secret                                  | `VELA_NAME`, `SECRET_NAME`                 |
+| `value`          | value of the secret                                 | `VELA_VALUE`, `SECRET_VALUE`               |
+| `image`          | build image(s) that can access the secret           | `VELA_IMAGES`, `SECRET_IMAGES`             |
+| `event`          | build event(s) that can access the secret           | `VELA_EVENTS`, `SECRET_EVENTS`             |
+| `commands`       | allows a step with commands to access the secret    | `VELA_COMMANDS`, `SECRET_COMMANDS`         |
+| `substitution`   | allows substitution of secret using $\{KEY\} format | `VELA_SUBSTITUTION`, `SECRET_SUBSTITUTION` |
+| `repo-allowlist` | add repositories to secret scope                    | `VELA_REPO_ALLOWLIST`, `SECRET_REPO_ALLOWLIST` |
+| `file`           | name of file used to add the secret(s)              | `VELA_FILE`, `SECRET_FILE`                 |
+| `output`         | format the output for the secret                    | `VELA_OUTPUT`, `SECRET_OUTPUT`             |
 
 :::tip
 This command also supports setting the following parameters via a configuration file:

docs/reference/environment/variables.md

@@ -143,6 +143,8 @@ The following table includes variables only available when the step `id_request`
 | `VELA_REPO_TOPICS`        | `cloud,security`                             | comma-separated list of repository topics     |
 | `VELA_REPO_TRUSTED`       | `false`                                      | trusted setting for the repository            |
 | `VELA_REPO_VISIBILITY`    | `public`                                     | visibility setting for the repository         |
+| `VELA_REPO_INSTALL_ID`    | `100`                                        | scm app install id (if installed)             |
+| `VELA_REPO_CUSTOM_PROPS`  | `{"foo":"bar","foob":"baz"}`                 | custom properties assigned to repository      |
 
 #### User Environment Variables
 

docs/reference/yaml/git.md

@@ -0,0 +1,44 @@
+---
+title: "Git"
+linkTitle: "Git"
+weight: 3
+description: >
+  YAML keys for git block
+---
+
+The `git` key is intended to be used to add additional scope to app installation tokens.
+
+## Keys
+
+| Key             | Required | Type        | Description                                                       |
+| --------------- | -------- | ----------- | ----------------------------------------------------------------- |
+| `token`         | N        | (see below) | Token scope settings for `VELA_GIT_TOKEN` variable                |
+
+### Usage
+
+#### The `token` key
+
+| Key             | Required | Type        | Description                                                       |
+| --------------- | -------- | ----------- | ----------------------------------------------------------------- |
+| `repositories`  | N        | slice       | Add repositories to receive permissions set for token             |
+| `permissions`   | N        | map         | Define permissions for the token (checks, contents)               |
+
+The `token` key can be used to generate an installation token so long as the repo has the Vela GitHub App installed.
+
+```yaml
+---
+# This setting will generate an installation token with write contents and write checks permissions for 
+# the repositories listed below as well as the repository running the build: VELA_GIT_TOKEN
+git:
+  token:
+    repositories:
+      - alpha/beta
+      - gamma/delta
+    permissions:
+      checks: write
+      contents: write
+```
+
+:::note
+This token will only be generated if the repository owner also has access to the repositories listed.
+:::

docs/usage/open_id_connect.md

@@ -74,25 +74,33 @@ The `id_request` key being set to _anything_ will result in the injection of the
 
 ```json
 {
-   "build_number": 42,
-   "build_id": 100,
-   "actor": "Octocat",
-   "actor_scm_id": "1",
-   "repo": "Octocat/vela-testing",
-   "token_type": "ID",
-   "image": "golang:1.22.4",
-   "request": "yes",
-   "commands": true,
-   "event": "pull_request:opened",
-   "ref": "refs/heads/main",
-   "sha": "15b17a5751dd2fd04a7b4ca056063dc876984073",
-   "iss": "https://vela-server.com/_services/token",
-   "sub": "repo:Octocat/vela-testing:ref:refs/heads/main:event:pull_request",
-   "aud": [
+  "sub": "repo:Octocat/vela-testing:ref:refs/heads/main:event:pull_request",
+  "exp": 1717699924,
+  "iat": 1717699624,
+  "iss": "https://vela-server.com/_services/token",
+  "aud": [
       "artifactory"
-   ],
-   "exp": 1717699924,
-   "iat": 1717699624
+  ],
+  "branch": "main",
+  "build_number": 42,
+  "build_id": 100,
+  "repo": "Octocat/vela-testing",
+  "pull_fork": "false",
+  "token_type": "ID",
+  "actor": "Octocat",
+  "actor_scm_id": "1",
+  "commands": "true",
+  "image": "golang:1.22.4",
+  "image_name": "golang",
+  "image_tag": "1.22.4",
+  "request": "yes",
+  "event": "pull_request:opened",
+  "sha": "15b17a5751dd2fd04a7b4ca056063dc876984073",
+  "ref": "refs/heads/main",
+  "custom_properties": {
+    "prop1": "foo",
+    "prop2": "bar"
+  }
 }
 ```
 

docs/usage/outputs.md

@@ -81,6 +81,12 @@ steps:
 
 After the first step is complete, the logs will mask any mention of the `$API_KEY`. 
 
+### Base64 Option
+
+If the output value contains special characters or newlines, it may be a good option to `base64` encode the value. Rather than encoding, writing to `$VELA_OUTPUTS`, and decoding manually in another step, Vela has a `$VELA_BASE64_OUTPUTS` (and `$VELA_MASKED_BASE64_OUTPUTS`) which will automatically decode the values for future steps. 
+
+Note: the user will still need to encode the value when writing to this file.
+
 ### Limitations
 
 - Outputs can only be used as environment variables (`$VAR`) or substitution variables (`${VAR}`). Inline Go templating (`{{ .VAR }}`) is done at compile time and will not dynamically be evaluated.

docs/usage/secrets.md

@@ -93,6 +93,10 @@ secrets:
     type: shared
 ```
 
+#### Allowlists
+
+Both shared and org secrets can have repository allowlists. These can be configured in the UI and CLI. These allowlists will scope access to specific repositories.
+
 ### Protecting Secrets
 
 Learn the best practices for keeping your Vela secrets safe.

docs/usage/troubleshooting.md

@@ -119,6 +119,12 @@ This behavior indicates the number of `running` builds for the system is greater
 
 Unfortunately, the only way to resolve the issue is to wait until a worker becomes available to run your build.
 
+### Queue length exceeds configured limit, please wait for the queue to decrease in size before retrying
+
+This error is given in response to a build restart request of a `pending` build whenever the queue is larger than the configured limit by the platform admins.
+
+This is a measure to prevent queue bloat from builds that are already in the queue.
+
 ### Context Deadline Exceeded
 
 ![Context Deadline Exceeded](/img/troubleshooting/context_deadline_exceeded.png)