Git Sync Configuration
Configuring the Git-synced Query Library
The saved-query Library can mirror to a Git repository. Postgres is always the
source of truth; when a repo is configured the UI exports the table into
queries/ and pushes it, and imports remote changes back (last-write-wins). For
how sync works at runtime, see the Git Sync section on
the Query Library page.
The Git remote is configured at runtime in the admin UI, not via Helm or
environment variables. It is stored in the database (the ui_config table) and
can be viewed and changed by a cluster admin at any time.
Configure the repository
- Create a repository to hold the library (any host reachable over HTTPS — GitHub, GitLab, Gitea, a self-hosted server, …).
- For a private repo, mint an HTTPS access token with read and write access (e.g. a GitHub fine-grained PAT scoped to that repo). A public repo needs no token (read-only mirrors won't be able to push).
- In the admin UI, open Cluster Settings → Library Repository and set:
- Repository URL — an
https://git remote. SSH URLs are not supported; the form will suggest thehttps://equivalent if you paste one. - Branch — defaults to
main. - Token — the HTTPS token (write-only; the UI only ever shows whether a token is set, never its value).
- Sync interval — how often the UI reconciles with the remote.
- Repository URL — an
On save, the UI validates that the repo is reachable, the token authenticates, and the branch exists before storing the config, then performs the first sync.
The target branch must already exist. A brand-new empty repository (or a branch that doesn't exist yet) is not yet supported — create the branch first (e.g. an empty initial commit).
Single replica
Library Git sync runs in one process and must have a single UI replica
(replicaCount: 1, the chart default). Multiple replicas would each try to drive
the same remote.
Storage
The library is persisted in Postgres, so the Git working tree is disposable:
emptyDir (the chart default) is sufficient — the repo is re-cloned on pod
startup and the table re-exported. The working clone shares the library
volume with the AI source-clone cache.
ui:
library:
storage: "emptyDir" # the worktree is a disposable mirror of PostgresUpgrading from the env/SSH configuration
Earlier releases configured the remote via ui.library.gitRepo / UI_GIT_*
environment variables and an SSH deploy key. That mechanism has been removed:
- The
ui.library.gitRepo/gitBranch/syncIntervalSecs/ssh.*Helm values and theUI_GIT_REPO/UI_GIT_BRANCH/UI_GIT_SYNC_INTERVAL_SECSenv vars no longer do anything — remove them from your values files. - SSH is no longer supported; switch the remote to an
https://URL with a token. - After upgrading, the library is DB-only until a cluster admin reconfigures the repo in Cluster Settings → Library Repository. Existing queries are unaffected (they live in Postgres); only the Git mirror pauses until reconfigured.