Automated sync of Bidgely pilot configurations to a searchable repo. A GitHub Actions cron fetches pilot configs from the Bidgely API, commits changes as structured JSON + Markdown, and lets Glean index them so anyone can look up any pilot's current config.
Nothing in this repo is hand-edited. The pilots/ directory is machine-generated.
Manual edits to pilot files will be overwritten on the next sync run.
- GitHub Actions runs
scripts/sync.json an hourly schedule. - Phase 2.5 writes environment-scoped outputs under
pilots/{env}/and_meta/{env}/. uatuses the stable static bearer token flow.nonprodqamints a short-lived API token at runtime viaclient_credentialswith a Basic auth secret.prodruns as three region-specific minted-token steps that all write into the sharedpilots/prod/and_meta/prod/trees.- The
prodsteps merge into one_meta/prod/last_run.jsonsummary so the env-level metadata reflects all prod pilot subsets, not just the last region step. - For each pilot ID, it fetches
/entities/pilot/{id}/configsfrom the Bidgely API. - Configs are screened for sensitive patterns before writing. Any sensitive-pattern hit hard-fails the run; new field types are surfaced as workflow notices.
- Each pilot gets a
.json(raw data) and.md(Glean-friendly markdown) file. - Changes are committed only when data actually changed (diff-only commits).
- Glean indexes this repo via its GitHub connector. Ask Glean "what is pilot 20018's bill projection config?" and get the answer.
This repo has zero npm dependencies. It uses only Node.js built-in modules:
node:fs, node:crypto, node:child_process, node:test. This is a security
decision that eliminates the entire supply-chain-audit problem. Do not add npm
dependencies without explicit team review.
- Create GitHub Actions secrets:
BIDGELY_API_TOKEN_UAT— stable bearer token foruatBIDGELY_BASIC_AUTH_NONPRODQA— prebuilt Base64 payload forAuthorization: Basic <secret>when minting thenonprodqaaccess tokenBIDGELY_BASIC_AUTH_PROD_EU— Basic auth payload for prod EU token mintingBIDGELY_BASIC_AUTH_PROD_NA— Basic auth payload for prod NA token mintingBIDGELY_BASIC_AUTH_PROD_NA2— Basic auth payload for prod NA2 token minting
- Create GitHub Actions variables:
PILOT_CONFIGS_UAT— JSON mapping of pilot ID to API base URL foruatPILOT_CONFIGS_NONPRODQA— JSON mapping of pilot ID to API base URLPILOT_CONFIGS_PROD_EU— e.g.{"20018":"https://api.eu.bidgely.com"}PILOT_CONFIGS_PROD_NA— e.g.{"10136":"https://naapi.bidgely.com"}PILOT_CONFIGS_PROD_NA2— e.g.{"10129":"http://naapi2-external.bidgely.com","10128":"http://naapi2-external.bidgely.com"}BIDGELY_TOKEN_URL_NONPRODQA— token endpoint URLBIDGELY_TOKEN_URL_PROD_EU,BIDGELY_TOKEN_URL_PROD_NA,BIDGELY_TOKEN_URL_PROD_NA2BIDGELY_TOKEN_MODE_NONPRODQA=client_credentialsBIDGELY_TOKEN_MODE_PROD_EU=client_credentialsBIDGELY_TOKEN_MODE_PROD_NA=client_credentialsBIDGELY_TOKEN_MODE_PROD_NA2=client_credentialsBIDGELY_TOKEN_SCOPE_NONPRODQA=allBIDGELY_TOKEN_SCOPE_PROD_EU=allBIDGELY_TOKEN_SCOPE_PROD_NA=allBIDGELY_TOKEN_SCOPE_PROD_NA2=allLEVELS_OF_INTEREST— JSON array of entity levels to fetch- Optional token-minting knobs:
BIDGELY_ACCESS_TOKEN_FIELD_NONPRODQA,BIDGELY_TOKEN_EXTRA_BODY_NONPRODQA,BIDGELY_ACCESS_TOKEN_FIELD_PROD_EU,BIDGELY_ACCESS_TOKEN_FIELD_PROD_NA,BIDGELY_ACCESS_TOKEN_FIELD_PROD_NA2,BIDGELY_TOKEN_EXTRA_BODY_PROD_EU,BIDGELY_TOKEN_EXTRA_BODY_PROD_NA,BIDGELY_TOKEN_EXTRA_BODY_PROD_NA2
- Run the workflow manually first (Actions > Pilot Config Sync > Run workflow).
- Eyeball the
uat,nonprodqa, and all threeprodregion outputs. The final repo tree should containpilots/uat/,pilots/nonprodqa/, andpilots/prod/.
node --test scripts/*.test.jsSee OPERATIONS.md for the runbook: token rotation, adding pilots, handling unknown fields, sensitive-pattern hits, and recovery procedures.