docs: document double-wildcard pattern for domain-level repository matching #26196
+58
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Preview Environment deployed on Bunnyshell
See: Environment Details | Pipeline Logs Available commands (reply to this comment):
|
…tching Add comprehensive documentation and test coverage for the double-wildcard pattern (`**`) in AppProject sourceRepos, which enables domain-level repository matching. This addresses the issue where users expected `https://github.com/*` to match all GitHub repositories, but the single wildcard only matches within a path segment. The gobwas/glob library already supports `**` for recursive matching across path segments, but this capability was not well documented. Changes: - Add test cases demonstrating `**` pattern for domain-level matching - Add test cases for negation patterns with `**` - Document wildcard pattern behavior in user guide - Add code comments explaining glob pattern matching Examples of new patterns: - `https://github.com/**` - matches all GitHub repositories - `!https://github.com/**` - denies all GitHub repositories - `https://github.com/my-org/*` - matches repos in specific org This allows platform teams to create policies like "allow all GitHub repos" or "deny all GitHub repos except specific orgs" without maintaining large lists of organizations. Fixes argoproj#26194 Signed-off-by: Muhammad Arsalan <[email protected]>
ArsalanAnwer0
force-pushed
the
fix/domain-level-wildcard-sourceRepos
branch
from
67eca7d to
28304fd
Compare
…tching Add comprehensive documentation and test coverage for the double-wildcard pattern (**) in AppProject sourceRepos, which enables domain-level repository matching. This addresses the issue where users expected https://github.com/* to match all GitHub repositories, but the single wildcard only matches within a path segment. The gobwas/glob library already supports ** for recursive matching across path segments, but this capability was not well documented. Changes: - Add test cases demonstrating ** pattern for domain-level matching - Add test cases for negation patterns with ** - Document wildcard pattern behavior in user guide with examples Examples of new patterns: - https://github.com/** - matches all GitHub repositories - !https://github.com/** - denies all GitHub repositories - https://github.com/my-org/* - matches repos in specific org This allows platform teams to create policies like "allow all GitHub repos" or "deny all GitHub repos except specific orgs" without maintaining large lists of organizations. Fixes argoproj#26194 Signed-off-by: Muhammad Arsalan <[email protected]>
choejwoo
approved these changes
Feb 2, 2026
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR addresses issue #26194 by documenting the existing support for double-wildcard (
**) patterns in AppProject sourceRepos, enabling domain-level repository matching.Problem
Users expected
https://github.com/*to match all GitHub repositories, but the single wildcard (*) only matches within a single path segment due to the glob library using/as a separator. This created confusion and forced users to either:*pattern (matches all Git servers)Solution
The gobwas/glob library already supports
**for recursive matching across path segments. This PR adds comprehensive documentation and test coverage to make this feature discoverable and well-understood.Changes
Test Coverage: Added test cases demonstrating:
https://github.com/**matches all GitHub repositorieshttps://github.com/**does not match GitLab repositorieshttps://github.com/*does not match multi-level paths (clarifies expected behavior)!https://github.com/**Documentation: Enhanced user guide with:
*vs**wildcard behaviorCode Documentation: Added godoc comments to
IsSourcePermitted()explaining:Examples
Now users can create policies like:
Impact
**,**,org/*, etc.)Testing
All existing tests pass, confirming backward compatibility. New tests verify:
****Closes #26194