TenantSync

Unidirectional tenant sync between Kestra and Git.

Synchronizes ALL namespaces, flows, files, and dashboards between Kestra and Git.

yaml
type: "io.kestra.plugin.git.TenantSync"

Examples

Sync all objects (flows, files, dashboards, namespaces) under the same tenant than this flow using Git as source of truth

yaml
id: tenant_sync_git
namespace: system
tasks:
  - id: sync
    type: io.kestra.plugin.git.TenantSync
    sourceOfTruth: GIT
    whenMissingInSource: DELETE
    protectedNamespaces:
      - system
    url: https://github.com/fdelbrayelle/plugin-git-qa
    username: fdelbrayelle
    password: "{{ secret('GITHUB_ACCESS_TOKEN') }}"
    branch: main
    gitDirectory: kestra
    kestraUrl: "http://localhost:8080"
    auth:
      username: "{{ secret('KESTRA_USERNAME') }}"
      password: "{{ secret('KESTRA_PASSWORD') }}"

Sync all objects (flows, files, dashboards, namespaces) under the same tenant as this flow using Kestra as the source of truth

yaml
id: tenant_sync_kestra
namespace: system
tasks:
  - id: sync
    type: io.kestra.plugin.git.TenantSync
    sourceOfTruth: KESTRA
    whenMissingInSource: KEEP
    url: https://github.com/fdelbrayelle/plugin-git-qa
    username: fdelbrayelle
    password: "{{ secret('GITHUB_ACCESS_TOKEN') }}"
    branch: dev
    kestraUrl: "http://localhost:8080"
    auth:
      username: "{{ secret('KESTRA_USERNAME') }}"
      password: "{{ secret('KESTRA_PASSWORD') }}"

Properties

auth *AbstractKestraTask-Auth

Authentication information.

branch *string

The branch to read from / write to (required).

authorEmail string

The commit author email.

authorName string

The commit author name (defaults to username if null).

cloneSubmodules booleanstring

Whether to clone submodules

dryRun booleanstring

Default false

If true, only compute the plan and output a diff without applying changes.

gitConfig object

Git configuration to apply to the repository

Map of Git config keys and values, applied after clone few examples: - 'core.fileMode': false -> ignore file permission changes - 'core.autocrlf': false -> prevent line ending conversion

gitDirectory string

Subdirectory inside the repo used to store Kestra code and files; if empty, repo root is used.

text

This is the base folder in your Git repository where Kestra will look for code and files.
If you don't set it, the repo root will be used. Inside that folder, Kestra always expects
a structure like <namespace>/flows, <namespace>/files, etc.

| gitDirectory | namespace       | Expected Git path                        |
| ------------ | --------------- | -----------------------------------------|
| (not set)    | company         | company/flows/my-flow.yaml               |
| monorepo     | system          | monorepo/system/flows/my-flow.yaml       |
| projectA     | company.team    | projectA/company.team/flows/my-flow.yaml |

kestraUrl string

Kestra API URL. If null, uses 'kestra.url' from configuration. If that is also null, defaults to 'http://localhost: 8080'.

onInvalidSyntax string

Default FAIL

Possible Values

SKIPWARNFAIL

Behavior when encountering invalid syntax while syncing.

passphrase string

The passphrase for the privateKey

password string

The password or Personal Access Token (PAT) -- when you authenticate the task with a PAT, any flows or files pushed to Git from Kestra will be pushed from the user associated with that PAT. This way, you don't need to configure the commit author (the authorName and authorEmail properties).

privateKey string

PEM-format private key content that is paired with a public key registered on Git

To generate an ECDSA PEM format key from OpenSSH, use the following command: ssh-keygen -t ecdsa -b 256 -m PEM. You can then set this property with your private key content and put your public key on Git.

protectedNamespaces array

SubType string

Default ["system"]

Namespaces protected from deletion regardless of policies.

sourceOfTruth string

Default KESTRA

Possible Values

GITKESTRA

Select the source of truth.

tenantId string

The tenant ID to use for the request, defaults to the current tenant.

trustedCaPemPath string

Optional path to a PEM-encoded CA certificate to trust (in addition to the JVM default truststore)

Equivalent to git config http.sslCAInfo <path>. Use this for self-signed/internal CAs.

url string

The URI to clone from

username string

The username or organization

whenMissingInSource string

Default DELETE

Possible Values

DELETEKEEPFAIL

Behavior when an object is missing from the selected source of truth.

Outputs

commitId string

ID of the commit pushed (if any).

commitURL string

URL to the commit (if any).

diff string

Format uri

A file containing all changes applied (or not in case of dry run) to/from Git.

Definitions

io.kestra.plugin.git.AbstractKestraTask-Auth

password string

Password for HTTP Basic authentication.

username string

Username for HTTP Basic authentication.

​Tenant​Sync

TenantSync