Skip to main content

Apply a profile to a subset of entities

Profiles allow you to apply a consistent set of rules to a group of entities within your project. By default, these profiles are applied universally across all entities in a project. However, you may need to target a specific subset, such as repositories belonging to a specific organization. Minder simplifies this process with profile selectors, enabling you to easily customize which entities a profile applies to.

Prerequisites

  • The minder CLI application
  • A Minder account with at least editor permission
  • An enrolled Provider (e.g., GitHub) and registered repositories

Add a selector to a profile

Selectors are written using CEL (Common Expression Language). To add a selector to your profile, you need to define the entity and the condition you want to apply. Below is an example showing how to configure a selector to filter repositories and artifacts:

name: profile-with-selectors
selection:
- entity: repository
selector: repository.is_fork != true && repository.name.startsWith('stacklok/')
- entity: artifact
selector: artifact.provider.name == 'github-app-stacklok'
- entity: repository
selector: repository.properties['github/license'].contains('GPL') == true
comment: "Be extra careful with GPL licenses"
- entity: repository
selector: repository.properties['github/primary_language'] == 'Go'
comment: "Only Go repositories"
- entity: repository
selector: repository.provider.class.contains('github')
comment: "Only github repositories"

Let's break down the example above:

  • entity: Defines the type of entity you want to filter (repository, artifact, or pull_request). In the case that the entity type is omitted, the selector will be applied to all entities.
  • selector: The CEL expression that specifies the filtering criteria. In the example:
    • The first selector filters repositories to include only those that are not forks and whose name starts with stacklok. In other words, those that are part of the stacklok organization.
    • The second selector filters artifacts to include only those provided by github-app-stacklok.
    • The third selector filters repositories to include only those with a GPL license and the fourth selector filters repositories to include only those written in Go. These two selectors use the properties map which is provider-specific.
    • The fourth selector filters repositories to include only that use Go as the primary language.
    • The fifth selector filters repositories to include only those provided by the GitHub provider. We use the contains function to check if the provider class contains the string github to cover for both github and github-app providers.

Below you can find the full list of selectors available for each entity type.

Repository selectors

Selectors for repositories allow you to filter and manage repositories based on specific attributes and properties. The attributes are common to all providers, while the properties are provider-specific and prefixed with the provider name.

FieldDescriptionType
nameThe full name of the repository, e.g. stacklok/minderstring
is_forktrue if the repository is a fork, nil if unknown or not applicable to this providerbool
is_privatetrue if the repository is private, nil if unknown or not applicable to this providerbool
providerThe provider of the repository, for more details see Provider SelectorsProviderSelector

Repository properties set by the GitHub provider

FieldDescriptionType
github/licenseThe license of the repository, e.g. MIT, GPL, Apache-2.0, etc.string
github/primary_languageThe primary language of the repository, e.g. Go, Python, Java, etc.string
github/default_branchThe default branch of the repository, e.g. main, master, etc.string
github/repo_idThe github repo IDinteger
github/repo_nameThe github repo name (e.g. stacklok)string
github/repo_ownerThe github repo owner (e.g. minder)string

Artifact selectors

FieldDescriptionType
nameThe full name of the artifact, e.g. stacklok/minder-serverstring
typeThe type of the artifact, e.g. "container"string
providerThe provider of the artifact, for more details see Provider SelectorsProviderSelector

Artifact properties set by the GitHub provider

FieldDescriptionType
github/created_atThe time the artifact was created formatted as RFC3339 stringstring
github/nameThe full name of the artifact.string
github/typeThe type of the artifact, e.g. "container"string
github/visibilityThe visibility of the artifact, e.g. "public"string
github/ownerThe full name of the artifact owner. Can be a repo or an org.string
github/repoThe github repo full name (e.g. stacklok/minder). Empty for org packages.string
github/repo_nameThe github repo name (e.g. stacklok). Empty for org packages.string
github/repo_ownerThe github repo owner (e.g. minder). Empty for org packages.string

Pull request selectors

FieldDescriptionType
nameThe full name of the pull request, e.g. stacklok/minder/123string

Pull request properties set by the GitHub provider

FieldDescriptionType
github/pull_urlThe URL of the pull requeststring
github/pull_numberThe number of the pull requeststring
github/pull_author_idThe numerical ID of the author of the pull requestint
github/pull_author_loginThe github login of the author of the pull requeststring
github/repo_nameThe github repo name (e.g. stacklok).string
github/repo_ownerThe github repo owner (e.g. minder).string

Entity provider selectors

Each entity can be filtered based on its provider.

FieldDescriptionType
nameThe name of the provider, e.g. github-app-stacklokstring
classThe class of the provider, e.g. github-appstring