# Runners ## CheckAuthenticationForHost **post** `/gitpod.v1.RunnerService/CheckAuthenticationForHost` Checks if a user is authenticated for a specific host. Use this method to: - Verify authentication status - Get authentication URLs - Check PAT support ### Examples - Check authentication: Verifies authentication for a host. ```yaml host: "github.com" ``` ### Body Parameters - `host: optional string` - `runnerId: optional string` ### Returns - `authenticated: optional boolean` - `authenticationUrl: optional string` - `patSupported: optional boolean` - `scmId: optional string` scm_id is the unique identifier of the SCM provider - `scmName: optional string` scm_name is the human-readable name of the SCM provider (e.g., "GitHub", "GitLab") - `supportsOauth2: optional object { authUrl, docsUrl }` supports_oauth2 indicates that the host supports OAuth2 authentication - `authUrl: optional string` auth_url is the URL where users can authenticate - `docsUrl: optional string` docs_url is the URL to the documentation explaining this authentication method - `supportsPat: optional object { createUrl, docsUrl, example, requiredScopes }` supports_pat indicates that the host supports Personal Access Token authentication - `createUrl: optional string` create_url is the URL where users can create a new Personal Access Token - `docsUrl: optional string` docs_url is the URL to the documentation explaining PAT usage for this host - `example: optional string` example is an example of a Personal Access Token - `requiredScopes: optional array of string` required_scopes is the list of permissions required for the Personal Access Token ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/CheckAuthenticationForHost \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "authenticated": true, "authenticationUrl": "authenticationUrl", "patSupported": true, "scmId": "scmId", "scmName": "scmName", "supportsOauth2": { "authUrl": "authUrl", "docsUrl": "docsUrl" }, "supportsPat": { "createUrl": "createUrl", "docsUrl": "docsUrl", "example": "example", "requiredScopes": [ "string" ] } } ``` ## CheckRepositoryAccess **post** `/gitpod.v1.RunnerService/CheckRepositoryAccess` Checks if a principal has read access to a repository. Use this method to: - Validate repository access before workflow execution - Verify executor credentials for automation bindings Returns: - has_access: true if the principal can read the repository - FAILED_PRECONDITION if authentication is required - INVALID_ARGUMENT if the repository URL is invalid ### Examples - Check access: Verifies read access to a repository. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" repositoryUrl: "https://github.com/org/repo" ``` ### Body Parameters - `repositoryUrl: optional string` repository_url is the URL of the repository to check access for. Can be a clone URL (https://github.com/org/repo.git) or web URL (https://github.com/org/repo). - `runnerId: optional string` ### Returns - `errorMessage: optional string` error_message provides details when access check fails. Empty when has_access is true. - `hasAccess: optional boolean` has_access indicates whether the principal has read access to the repository. ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/CheckRepositoryAccess \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "errorMessage": "errorMessage", "hasAccess": true } ``` ## CreateRunner **post** `/gitpod.v1.RunnerService/CreateRunner` Creates a new runner registration with the server. Registrations are very short-lived and must be renewed every 30 seconds. Use this method to: - Register organization runners - Set up runner configurations - Initialize runner credentials - Configure auto-updates ### Examples - Create cloud runner: Creates a new runner in AWS EC2. ```yaml name: "Production Runner" provider: RUNNER_PROVIDER_AWS_EC2 spec: desiredPhase: RUNNER_PHASE_ACTIVE configuration: region: "us-west" releaseChannel: RUNNER_RELEASE_CHANNEL_STABLE autoUpdate: true ``` - Create local runner: Creates a new local runner on Linux. ```yaml name: "Local Development Runner" provider: RUNNER_PROVIDER_LINUX_HOST spec: desiredPhase: RUNNER_PHASE_ACTIVE configuration: releaseChannel: RUNNER_RELEASE_CHANNEL_LATEST autoUpdate: true ``` ### Body Parameters - `kind: optional RunnerKind` The runner's kind This field is optional and here for backwards-compatibility. Use the provider field instead. If provider is set, the runner's kind will be deduced from the provider. Only one of kind and provider must be set. - `"RUNNER_KIND_UNSPECIFIED"` - `"RUNNER_KIND_LOCAL"` - `"RUNNER_KIND_REMOTE"` - `"RUNNER_KIND_LOCAL_CONFIGURATION"` - `name: optional string` The runner name for humans - `provider: optional RunnerProvider` The specific implementation type of the runner This field is optional for backwards compatibility but will be required in the future. When specified, kind must not be specified (will be deduced from provider) - `"RUNNER_PROVIDER_UNSPECIFIED"` - `"RUNNER_PROVIDER_AWS_EC2"` - `"RUNNER_PROVIDER_LINUX_HOST"` - `"RUNNER_PROVIDER_DESKTOP_MAC"` - `"RUNNER_PROVIDER_MANAGED"` - `"RUNNER_PROVIDER_GCP"` - `"RUNNER_PROVIDER_DEV_AGENT"` - `runnerManagerId: optional string` The runner manager id specifies the runner manager for the managed runner. This field is mandatory for managed runners, otheriwse should not be set. - `spec: optional RunnerSpec` - `configuration: optional RunnerConfiguration` The runner's configuration - `autoUpdate: optional boolean` auto_update indicates whether the runner should automatically update itself. - `devcontainerImageCacheEnabled: optional boolean` devcontainer_image_cache_enabled controls whether the devcontainer build cache is enabled for this runner. Only takes effect on supported runners, currently only AWS EC2 and Gitpod-managed runners. - `logLevel: optional LogLevel` log_level is the log level for the runner - `"LOG_LEVEL_UNSPECIFIED"` - `"LOG_LEVEL_DEBUG"` - `"LOG_LEVEL_INFO"` - `"LOG_LEVEL_WARN"` - `"LOG_LEVEL_ERROR"` - `metrics: optional MetricsConfiguration` metrics contains configuration for the runner's metrics collection - `enabled: optional boolean` enabled indicates whether the runner should collect metrics - `managedMetricsEnabled: optional boolean` When true, the runner pushes metrics to the management plane via ReportRunnerMetrics instead of directly to the remote_write endpoint. - `password: optional string` password is the password to use for the metrics collector - `url: optional string` url is the URL of the metrics collector - `username: optional string` username is the username to use for the metrics collector - `region: optional string` Region to deploy the runner in, if applicable. This is mainly used for remote runners, and is only a hint. The runner may be deployed in a different region. See the runner's status for the actual region. - `releaseChannel: optional RunnerReleaseChannel` The release channel the runner is on - `"RUNNER_RELEASE_CHANNEL_UNSPECIFIED"` - `"RUNNER_RELEASE_CHANNEL_STABLE"` - `"RUNNER_RELEASE_CHANNEL_LATEST"` - `updateWindow: optional UpdateWindow` update_window defines the daily time window (UTC) during which auto-updates are allowed. If not set, updates are allowed at any time. - `endHour: optional number` end_hour is the end of the update window as a UTC hour (0-23). If not set, defaults to start_hour + 2. - `startHour: optional number` start_hour is the beginning of the update window as a UTC hour (0-23). +required - `desiredPhase: optional RunnerPhase` RunnerPhase represents the phase a runner is in - `"RUNNER_PHASE_UNSPECIFIED"` - `"RUNNER_PHASE_CREATED"` - `"RUNNER_PHASE_INACTIVE"` - `"RUNNER_PHASE_ACTIVE"` - `"RUNNER_PHASE_DELETING"` - `"RUNNER_PHASE_DELETED"` - `"RUNNER_PHASE_DEGRADED"` - `variant: optional RunnerVariant` The runner's variant - `"RUNNER_VARIANT_UNSPECIFIED"` - `"RUNNER_VARIANT_STANDARD"` - `"RUNNER_VARIANT_ENTERPRISE"` ### Returns - `runner: Runner` - `createdAt: optional string` Time when the Runner was created. - `creator: optional Subject` creator is the identity of the creator of the environment - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `kind: optional RunnerKind` The runner's kind - `"RUNNER_KIND_UNSPECIFIED"` - `"RUNNER_KIND_LOCAL"` - `"RUNNER_KIND_REMOTE"` - `"RUNNER_KIND_LOCAL_CONFIGURATION"` - `name: optional string` The runner's name which is shown to users - `provider: optional RunnerProvider` The runner's provider - `"RUNNER_PROVIDER_UNSPECIFIED"` - `"RUNNER_PROVIDER_AWS_EC2"` - `"RUNNER_PROVIDER_LINUX_HOST"` - `"RUNNER_PROVIDER_DESKTOP_MAC"` - `"RUNNER_PROVIDER_MANAGED"` - `"RUNNER_PROVIDER_GCP"` - `"RUNNER_PROVIDER_DEV_AGENT"` - `runnerId: optional string` - `runnerManagerId: optional string` The runner manager id specifies the runner manager for the managed runner. This field is only set for managed runners. - `spec: optional RunnerSpec` The runner's specification - `configuration: optional RunnerConfiguration` The runner's configuration - `autoUpdate: optional boolean` auto_update indicates whether the runner should automatically update itself. - `devcontainerImageCacheEnabled: optional boolean` devcontainer_image_cache_enabled controls whether the devcontainer build cache is enabled for this runner. Only takes effect on supported runners, currently only AWS EC2 and Gitpod-managed runners. - `logLevel: optional LogLevel` log_level is the log level for the runner - `"LOG_LEVEL_UNSPECIFIED"` - `"LOG_LEVEL_DEBUG"` - `"LOG_LEVEL_INFO"` - `"LOG_LEVEL_WARN"` - `"LOG_LEVEL_ERROR"` - `metrics: optional MetricsConfiguration` metrics contains configuration for the runner's metrics collection - `enabled: optional boolean` enabled indicates whether the runner should collect metrics - `managedMetricsEnabled: optional boolean` When true, the runner pushes metrics to the management plane via ReportRunnerMetrics instead of directly to the remote_write endpoint. - `password: optional string` password is the password to use for the metrics collector - `url: optional string` url is the URL of the metrics collector - `username: optional string` username is the username to use for the metrics collector - `region: optional string` Region to deploy the runner in, if applicable. This is mainly used for remote runners, and is only a hint. The runner may be deployed in a different region. See the runner's status for the actual region. - `releaseChannel: optional RunnerReleaseChannel` The release channel the runner is on - `"RUNNER_RELEASE_CHANNEL_UNSPECIFIED"` - `"RUNNER_RELEASE_CHANNEL_STABLE"` - `"RUNNER_RELEASE_CHANNEL_LATEST"` - `updateWindow: optional UpdateWindow` update_window defines the daily time window (UTC) during which auto-updates are allowed. If not set, updates are allowed at any time. - `endHour: optional number` end_hour is the end of the update window as a UTC hour (0-23). If not set, defaults to start_hour + 2. - `startHour: optional number` start_hour is the beginning of the update window as a UTC hour (0-23). +required - `desiredPhase: optional RunnerPhase` RunnerPhase represents the phase a runner is in - `"RUNNER_PHASE_UNSPECIFIED"` - `"RUNNER_PHASE_CREATED"` - `"RUNNER_PHASE_INACTIVE"` - `"RUNNER_PHASE_ACTIVE"` - `"RUNNER_PHASE_DELETING"` - `"RUNNER_PHASE_DELETED"` - `"RUNNER_PHASE_DEGRADED"` - `variant: optional RunnerVariant` The runner's variant - `"RUNNER_VARIANT_UNSPECIFIED"` - `"RUNNER_VARIANT_STANDARD"` - `"RUNNER_VARIANT_ENTERPRISE"` - `status: optional RunnerStatus` The runner's status - `additionalInfo: optional array of FieldValue` additional_info contains additional information about the runner, e.g. a CloudFormation stack URL. - `key: optional string` - `value: optional string` - `capabilities: optional array of RunnerCapability` capabilities is a list of capabilities the runner supports. - `"RUNNER_CAPABILITY_UNSPECIFIED"` - `"RUNNER_CAPABILITY_FETCH_LOCAL_SCM_INTEGRATIONS"` - `"RUNNER_CAPABILITY_SECRET_CONTAINER_REGISTRY"` - `"RUNNER_CAPABILITY_AGENT_EXECUTION"` - `"RUNNER_CAPABILITY_ALLOW_ENV_TOKEN_POPULATION"` - `"RUNNER_CAPABILITY_DEFAULT_DEV_CONTAINER_IMAGE"` - `"RUNNER_CAPABILITY_ENVIRONMENT_SNAPSHOT"` - `"RUNNER_CAPABILITY_PREBUILDS_BEFORE_SNAPSHOT_TRIGGER"` - `"RUNNER_CAPABILITY_LIST_SCM_ORGANIZATIONS"` - `"RUNNER_CAPABILITY_CHECK_REPOSITORY_ACCESS"` - `"RUNNER_CAPABILITY_RUNNER_SIDE_AGENT"` - `"RUNNER_CAPABILITY_WARM_POOL"` - `"RUNNER_CAPABILITY_ASG_WARM_POOL"` - `"RUNNER_CAPABILITY_PORT_AUTHENTICATION"` - `gatewayInfo: optional GatewayInfo` gateway_info is information about the gateway to which the runner is connected. - `gateway: optional Gateway` Gateway represents a system gateway that provides access to services - `name: string` name is the human-readable name of the gateway. name is unique across all gateways. - `url: string` url of the gateway - `region: optional string` region is the geographical region where the gateway is located - `latency: optional string` latency is the round-trip time of the runner to the gateway in milliseconds. - `llmUrl: optional string` llm_url is the URL of the LLM service to which the runner is connected. - `logUrl: optional string` - `message: optional string` The runner's reported message which is shown to users. This message adds more context to the runner's phase. - `phase: optional RunnerPhase` The runner's reported phase - `publicKey: optional string` public_key is the runner's public key used for encryption (32 bytes) - `region: optional string` region is the region the runner is running in, if applicable. - `supportBundleUrl: optional string` support_bundle_url is the URL at which the runner support bundle can be accessed. This URL provides access to pprof profiles and other debug information. Only available for standalone runners. - `systemDetails: optional string` - `updatedAt: optional string` Time when the status was last updated. - `version: optional string` - `updatedAt: optional string` Time when the Runner was last udpated. - `accessToken: optional string` deprecated, will be removed. Use exchange_token instead. - `exchangeToken: optional string` exchange_token is a one-time use token that should be exchanged by the runner for an access token, using the IdentityService.ExchangeToken rpc. The token expires after 24 hours. ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/CreateRunner \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "runner": { "createdAt": "2019-12-27T18:11:19.117Z", "creator": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" }, "kind": "RUNNER_KIND_UNSPECIFIED", "name": "name", "provider": "RUNNER_PROVIDER_UNSPECIFIED", "runnerId": "runnerId", "runnerManagerId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "spec": { "configuration": { "autoUpdate": true, "continuousProfiling": true, "devcontainerImageCacheEnabled": true, "encryptedHoneycombApiKey": "U3RhaW5sZXNzIHJvY2tz", "logLevel": "LOG_LEVEL_UNSPECIFIED", "metrics": { "enabled": true, "includeVerboseMetrics": true, "managedMetricsEnabled": true, "password": "password", "url": "url", "username": "username" }, "region": "region", "releaseChannel": "RUNNER_RELEASE_CHANNEL_UNSPECIFIED", "updateWindow": { "endHour": 0, "startHour": 0 } }, "desiredPhase": "RUNNER_PHASE_UNSPECIFIED", "variant": "RUNNER_VARIANT_UNSPECIFIED" }, "status": { "additionalInfo": [ { "key": "key", "value": "value" } ], "capabilities": [ "RUNNER_CAPABILITY_UNSPECIFIED" ], "gatewayInfo": { "gateway": { "name": "name", "url": "url", "region": "region" }, "latency": "+9125115.360s" }, "llmUrl": "llmUrl", "logUrl": "logUrl", "message": "message", "phase": "RUNNER_PHASE_UNSPECIFIED", "publicKey": "U3RhaW5sZXNzIHJvY2tz", "region": "region", "supportBundleUrl": "supportBundleUrl", "systemDetails": "systemDetails", "updatedAt": "2019-12-27T18:11:19.117Z", "version": "version" }, "updatedAt": "2019-12-27T18:11:19.117Z" }, "accessToken": "accessToken", "exchangeToken": "exchangeToken" } ``` ## CreateRunnerLogsToken **post** `/gitpod.v1.RunnerService/CreateRunnerLogsToken` Creates an access token for runner logs and debug information. Generated tokens are valid for one hour and provide runner-specific access permissions. The token is scoped to a specific runner and can be used to access support bundles. ### Examples - Generate runner logs token: ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` ### Body Parameters - `runnerId: optional string` runner_id specifies the runner for which the logs token should be created. +required ### Returns - `accessToken: string` access_token is the token that can be used to access the logs and support bundle of the runner ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/CreateRunnerLogsToken \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "accessToken": "accessToken" } ``` ## CreateRunnerToken **post** `/gitpod.v1.RunnerService/CreateRunnerToken` Creates a new authentication token for a runner. Use this method to: - Generate runner credentials - Renew expired tokens - Set up runner authentication Note: This does not expire previously issued tokens. ### Examples - Create token: Creates a new token for runner authentication. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` ### Body Parameters - `runnerId: optional string` ### Returns - `accessToken: optional string` deprecated, will be removed. Use exchange_token instead. - `exchangeToken: optional string` exchange_token is a one-time use token that should be exchanged by the runner for an access token, using the IdentityService.ExchangeToken rpc. The token expires after 24 hours. ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/CreateRunnerToken \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "accessToken": "accessToken", "exchangeToken": "exchangeToken" } ``` ## DeleteRunner **post** `/gitpod.v1.RunnerService/DeleteRunner` Deletes a runner permanently. Use this method to: - Remove unused runners - Clean up runner registrations - Delete obsolete runners ### Examples - Delete runner: Permanently removes a runner. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` ### Body Parameters - `force: optional boolean` force indicates whether the runner should be deleted forcefully. When force deleting a Runner, all Environments on the runner are also force deleted and regular Runner lifecycle is not respected. Force deleting can result in data loss. - `runnerId: optional string` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/DeleteRunner \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json {} ``` ## ListRunners **post** `/gitpod.v1.RunnerService/ListRunners` Lists all registered runners with optional filtering. Use this method to: - View all available runners - Filter by runner type - Monitor runner status - Check runner availability ### Examples - List all runners: Shows all runners with pagination. ```yaml pagination: pageSize: 20 ``` - Filter by provider: Lists only AWS EC2 runners. ```yaml filter: providers: ["RUNNER_PROVIDER_AWS_EC2"] pagination: pageSize: 20 ``` ### Query Parameters - `token: optional string` - `pageSize: optional number` ### Body Parameters - `filter: optional object { creatorIds, kinds, providers }` - `creatorIds: optional array of string` creator_ids filters the response to only runner created by specified users - `kinds: optional array of RunnerKind` kinds filters the response to only runners of the specified kinds - `"RUNNER_KIND_UNSPECIFIED"` - `"RUNNER_KIND_LOCAL"` - `"RUNNER_KIND_REMOTE"` - `"RUNNER_KIND_LOCAL_CONFIGURATION"` - `providers: optional array of RunnerProvider` providers filters the response to only runners of the specified providers - `"RUNNER_PROVIDER_UNSPECIFIED"` - `"RUNNER_PROVIDER_AWS_EC2"` - `"RUNNER_PROVIDER_LINUX_HOST"` - `"RUNNER_PROVIDER_DESKTOP_MAC"` - `"RUNNER_PROVIDER_MANAGED"` - `"RUNNER_PROVIDER_GCP"` - `"RUNNER_PROVIDER_DEV_AGENT"` - `pagination: optional object { token, pageSize }` pagination contains the pagination options for listing runners - `token: optional string` Token for the next set of results that was returned as next_token of a PaginationResponse - `pageSize: optional number` Page size is the maximum number of results to retrieve per page. Defaults to 25. Maximum 100. ### Returns - `pagination: optional object { nextToken }` pagination contains the pagination options for listing runners - `nextToken: optional string` Token passed for retrieving the next set of results. Empty if there are no more results - `runners: optional array of Runner` The runners registered in the scope - `createdAt: optional string` Time when the Runner was created. - `creator: optional Subject` creator is the identity of the creator of the environment - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `kind: optional RunnerKind` The runner's kind - `"RUNNER_KIND_UNSPECIFIED"` - `"RUNNER_KIND_LOCAL"` - `"RUNNER_KIND_REMOTE"` - `"RUNNER_KIND_LOCAL_CONFIGURATION"` - `name: optional string` The runner's name which is shown to users - `provider: optional RunnerProvider` The runner's provider - `"RUNNER_PROVIDER_UNSPECIFIED"` - `"RUNNER_PROVIDER_AWS_EC2"` - `"RUNNER_PROVIDER_LINUX_HOST"` - `"RUNNER_PROVIDER_DESKTOP_MAC"` - `"RUNNER_PROVIDER_MANAGED"` - `"RUNNER_PROVIDER_GCP"` - `"RUNNER_PROVIDER_DEV_AGENT"` - `runnerId: optional string` - `runnerManagerId: optional string` The runner manager id specifies the runner manager for the managed runner. This field is only set for managed runners. - `spec: optional RunnerSpec` The runner's specification - `configuration: optional RunnerConfiguration` The runner's configuration - `autoUpdate: optional boolean` auto_update indicates whether the runner should automatically update itself. - `devcontainerImageCacheEnabled: optional boolean` devcontainer_image_cache_enabled controls whether the devcontainer build cache is enabled for this runner. Only takes effect on supported runners, currently only AWS EC2 and Gitpod-managed runners. - `logLevel: optional LogLevel` log_level is the log level for the runner - `"LOG_LEVEL_UNSPECIFIED"` - `"LOG_LEVEL_DEBUG"` - `"LOG_LEVEL_INFO"` - `"LOG_LEVEL_WARN"` - `"LOG_LEVEL_ERROR"` - `metrics: optional MetricsConfiguration` metrics contains configuration for the runner's metrics collection - `enabled: optional boolean` enabled indicates whether the runner should collect metrics - `managedMetricsEnabled: optional boolean` When true, the runner pushes metrics to the management plane via ReportRunnerMetrics instead of directly to the remote_write endpoint. - `password: optional string` password is the password to use for the metrics collector - `url: optional string` url is the URL of the metrics collector - `username: optional string` username is the username to use for the metrics collector - `region: optional string` Region to deploy the runner in, if applicable. This is mainly used for remote runners, and is only a hint. The runner may be deployed in a different region. See the runner's status for the actual region. - `releaseChannel: optional RunnerReleaseChannel` The release channel the runner is on - `"RUNNER_RELEASE_CHANNEL_UNSPECIFIED"` - `"RUNNER_RELEASE_CHANNEL_STABLE"` - `"RUNNER_RELEASE_CHANNEL_LATEST"` - `updateWindow: optional UpdateWindow` update_window defines the daily time window (UTC) during which auto-updates are allowed. If not set, updates are allowed at any time. - `endHour: optional number` end_hour is the end of the update window as a UTC hour (0-23). If not set, defaults to start_hour + 2. - `startHour: optional number` start_hour is the beginning of the update window as a UTC hour (0-23). +required - `desiredPhase: optional RunnerPhase` RunnerPhase represents the phase a runner is in - `"RUNNER_PHASE_UNSPECIFIED"` - `"RUNNER_PHASE_CREATED"` - `"RUNNER_PHASE_INACTIVE"` - `"RUNNER_PHASE_ACTIVE"` - `"RUNNER_PHASE_DELETING"` - `"RUNNER_PHASE_DELETED"` - `"RUNNER_PHASE_DEGRADED"` - `variant: optional RunnerVariant` The runner's variant - `"RUNNER_VARIANT_UNSPECIFIED"` - `"RUNNER_VARIANT_STANDARD"` - `"RUNNER_VARIANT_ENTERPRISE"` - `status: optional RunnerStatus` The runner's status - `additionalInfo: optional array of FieldValue` additional_info contains additional information about the runner, e.g. a CloudFormation stack URL. - `key: optional string` - `value: optional string` - `capabilities: optional array of RunnerCapability` capabilities is a list of capabilities the runner supports. - `"RUNNER_CAPABILITY_UNSPECIFIED"` - `"RUNNER_CAPABILITY_FETCH_LOCAL_SCM_INTEGRATIONS"` - `"RUNNER_CAPABILITY_SECRET_CONTAINER_REGISTRY"` - `"RUNNER_CAPABILITY_AGENT_EXECUTION"` - `"RUNNER_CAPABILITY_ALLOW_ENV_TOKEN_POPULATION"` - `"RUNNER_CAPABILITY_DEFAULT_DEV_CONTAINER_IMAGE"` - `"RUNNER_CAPABILITY_ENVIRONMENT_SNAPSHOT"` - `"RUNNER_CAPABILITY_PREBUILDS_BEFORE_SNAPSHOT_TRIGGER"` - `"RUNNER_CAPABILITY_LIST_SCM_ORGANIZATIONS"` - `"RUNNER_CAPABILITY_CHECK_REPOSITORY_ACCESS"` - `"RUNNER_CAPABILITY_RUNNER_SIDE_AGENT"` - `"RUNNER_CAPABILITY_WARM_POOL"` - `"RUNNER_CAPABILITY_ASG_WARM_POOL"` - `"RUNNER_CAPABILITY_PORT_AUTHENTICATION"` - `gatewayInfo: optional GatewayInfo` gateway_info is information about the gateway to which the runner is connected. - `gateway: optional Gateway` Gateway represents a system gateway that provides access to services - `name: string` name is the human-readable name of the gateway. name is unique across all gateways. - `url: string` url of the gateway - `region: optional string` region is the geographical region where the gateway is located - `latency: optional string` latency is the round-trip time of the runner to the gateway in milliseconds. - `llmUrl: optional string` llm_url is the URL of the LLM service to which the runner is connected. - `logUrl: optional string` - `message: optional string` The runner's reported message which is shown to users. This message adds more context to the runner's phase. - `phase: optional RunnerPhase` The runner's reported phase - `publicKey: optional string` public_key is the runner's public key used for encryption (32 bytes) - `region: optional string` region is the region the runner is running in, if applicable. - `supportBundleUrl: optional string` support_bundle_url is the URL at which the runner support bundle can be accessed. This URL provides access to pprof profiles and other debug information. Only available for standalone runners. - `systemDetails: optional string` - `updatedAt: optional string` Time when the status was last updated. - `version: optional string` - `updatedAt: optional string` Time when the Runner was last udpated. ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/ListRunners \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "pagination": { "nextToken": "nextToken" }, "runners": [ { "createdAt": "2019-12-27T18:11:19.117Z", "creator": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" }, "kind": "RUNNER_KIND_UNSPECIFIED", "name": "name", "provider": "RUNNER_PROVIDER_UNSPECIFIED", "runnerId": "runnerId", "runnerManagerId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "spec": { "configuration": { "autoUpdate": true, "continuousProfiling": true, "devcontainerImageCacheEnabled": true, "encryptedHoneycombApiKey": "U3RhaW5sZXNzIHJvY2tz", "logLevel": "LOG_LEVEL_UNSPECIFIED", "metrics": { "enabled": true, "includeVerboseMetrics": true, "managedMetricsEnabled": true, "password": "password", "url": "url", "username": "username" }, "region": "region", "releaseChannel": "RUNNER_RELEASE_CHANNEL_UNSPECIFIED", "updateWindow": { "endHour": 0, "startHour": 0 } }, "desiredPhase": "RUNNER_PHASE_UNSPECIFIED", "variant": "RUNNER_VARIANT_UNSPECIFIED" }, "status": { "additionalInfo": [ { "key": "key", "value": "value" } ], "capabilities": [ "RUNNER_CAPABILITY_UNSPECIFIED" ], "gatewayInfo": { "gateway": { "name": "name", "url": "url", "region": "region" }, "latency": "+9125115.360s" }, "llmUrl": "llmUrl", "logUrl": "logUrl", "message": "message", "phase": "RUNNER_PHASE_UNSPECIFIED", "publicKey": "U3RhaW5sZXNzIHJvY2tz", "region": "region", "supportBundleUrl": "supportBundleUrl", "systemDetails": "systemDetails", "updatedAt": "2019-12-27T18:11:19.117Z", "version": "version" }, "updatedAt": "2019-12-27T18:11:19.117Z" } ] } ``` ## ListSCMOrganizations **post** `/gitpod.v1.RunnerService/ListSCMOrganizations` Lists SCM organizations the user belongs to. Use this method to: - Get all organizations for a user on a specific SCM host - Check organization admin permissions for webhook creation ### Examples - List GitHub organizations: Lists all organizations the user belongs to on GitHub. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" scmHost: "github.com" ``` ### Query Parameters - `token: optional string` - `pageSize: optional number` ### Body Parameters - `runnerId: optional string` - `scmHost: optional string` The SCM host to list organizations from (e.g., "github.com", "gitlab.com") ### Returns - `organizations: optional array of object { isAdmin, name, url }` List of organizations the user belongs to - `isAdmin: optional boolean` Whether the user has admin permissions in this organization. Admin permissions typically allow creating organization-level webhooks. - `name: optional string` Organization name/slug (e.g., "gitpod-io") - `url: optional string` Organization URL (e.g., "https://github.com/gitpod-io") ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/ListSCMOrganizations \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "organizations": [ { "isAdmin": true, "name": "name", "url": "url" } ] } ``` ## ParseContextURL **post** `/gitpod.v1.RunnerService/ParseContextURL` Parses a context URL and returns the parsed result. Use this method to: - Validate context URLs - Check repository access - Verify branch existence Returns: - FAILED_PRECONDITION if authentication is required - PERMISSION_DENIED if access is not allowed - INVALID_ARGUMENT if URL is invalid - NOT_FOUND if repository/branch doesn't exist ### Examples - Parse URL: Parses and validates a context URL. ```yaml contextUrl: "https://github.com/org/repo/tree/main" ``` ### Body Parameters - `contextUrl: optional string` - `runnerId: optional string` ### Returns - `git: optional object { branch, cloneUrl, commit, 5 more }` - `branch: optional string` - `cloneUrl: optional string` - `commit: optional string` - `host: optional string` - `owner: optional string` - `repo: optional string` - `tag: optional string` - `upstreamRemoteUrl: optional string` - `issue: optional object { id, title }` - `id: optional string` id is the source system's ID of this issue, e.g. BNFRD-6100 - `title: optional string` - `originalContextUrl: optional string` - `pr: optional object { id, fromBranch, title, toBranch }` Deprecated: Use top-level PullRequest message instead - `id: optional string` - `fromBranch: optional string` - `title: optional string` - `toBranch: optional string` - `projectIds: optional array of string` project_ids is a list of projects to which the context URL belongs to. - `pullRequest: optional object { id, author, draft, 6 more }` PullRequest represents pull request metadata from source control systems. This message is used across workflow triggers, executions, and agent contexts to maintain consistent PR information throughout the system. - `id: optional string` Unique identifier from the source system (e.g., "123" for GitHub PR #123) - `author: optional string` Author name as provided by the SCM system - `draft: optional boolean` Whether this is a draft pull request - `fromBranch: optional string` Source branch name (the branch being merged from) - `repository: optional object { cloneUrl, host, name, owner }` Repository information - `cloneUrl: optional string` - `host: optional string` - `name: optional string` - `owner: optional string` - `state: optional State` Current state of the pull request - `"STATE_UNSPECIFIED"` - `"STATE_OPEN"` - `"STATE_CLOSED"` - `"STATE_MERGED"` - `title: optional string` Pull request title - `toBranch: optional string` Target branch name (the branch being merged into) - `url: optional string` Pull request URL (e.g., "https://github.com/owner/repo/pull/123") - `scmId: optional string` scm_id is the unique identifier of the SCM provider (e.g., "github", "gitlab", "bitbucket") ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/ParseContextURL \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "git": { "branch": "branch", "cloneUrl": "cloneUrl", "commit": "commit", "host": "host", "owner": "owner", "repo": "repo", "tag": "tag", "upstreamRemoteUrl": "upstreamRemoteUrl" }, "issue": { "id": "id", "title": "title" }, "originalContextUrl": "originalContextUrl", "pr": { "id": "id", "fromBranch": "fromBranch", "title": "title", "toBranch": "toBranch" }, "projectIds": [ "string" ], "pullRequest": { "id": "id", "author": "author", "draft": true, "fromBranch": "fromBranch", "repository": { "cloneUrl": "cloneUrl", "host": "host", "name": "name", "owner": "owner" }, "state": "STATE_UNSPECIFIED", "title": "title", "toBranch": "toBranch", "url": "url" }, "scmId": "scmId" } ``` ## GetRunner **post** `/gitpod.v1.RunnerService/GetRunner` Gets details about a specific runner. Use this method to: - Check runner status - View runner configuration - Monitor runner health - Verify runner capabilities ### Examples - Get runner details: Retrieves information about a specific runner. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` ### Body Parameters - `runnerId: optional string` ### Returns - `runner: Runner` - `createdAt: optional string` Time when the Runner was created. - `creator: optional Subject` creator is the identity of the creator of the environment - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `kind: optional RunnerKind` The runner's kind - `"RUNNER_KIND_UNSPECIFIED"` - `"RUNNER_KIND_LOCAL"` - `"RUNNER_KIND_REMOTE"` - `"RUNNER_KIND_LOCAL_CONFIGURATION"` - `name: optional string` The runner's name which is shown to users - `provider: optional RunnerProvider` The runner's provider - `"RUNNER_PROVIDER_UNSPECIFIED"` - `"RUNNER_PROVIDER_AWS_EC2"` - `"RUNNER_PROVIDER_LINUX_HOST"` - `"RUNNER_PROVIDER_DESKTOP_MAC"` - `"RUNNER_PROVIDER_MANAGED"` - `"RUNNER_PROVIDER_GCP"` - `"RUNNER_PROVIDER_DEV_AGENT"` - `runnerId: optional string` - `runnerManagerId: optional string` The runner manager id specifies the runner manager for the managed runner. This field is only set for managed runners. - `spec: optional RunnerSpec` The runner's specification - `configuration: optional RunnerConfiguration` The runner's configuration - `autoUpdate: optional boolean` auto_update indicates whether the runner should automatically update itself. - `devcontainerImageCacheEnabled: optional boolean` devcontainer_image_cache_enabled controls whether the devcontainer build cache is enabled for this runner. Only takes effect on supported runners, currently only AWS EC2 and Gitpod-managed runners. - `logLevel: optional LogLevel` log_level is the log level for the runner - `"LOG_LEVEL_UNSPECIFIED"` - `"LOG_LEVEL_DEBUG"` - `"LOG_LEVEL_INFO"` - `"LOG_LEVEL_WARN"` - `"LOG_LEVEL_ERROR"` - `metrics: optional MetricsConfiguration` metrics contains configuration for the runner's metrics collection - `enabled: optional boolean` enabled indicates whether the runner should collect metrics - `managedMetricsEnabled: optional boolean` When true, the runner pushes metrics to the management plane via ReportRunnerMetrics instead of directly to the remote_write endpoint. - `password: optional string` password is the password to use for the metrics collector - `url: optional string` url is the URL of the metrics collector - `username: optional string` username is the username to use for the metrics collector - `region: optional string` Region to deploy the runner in, if applicable. This is mainly used for remote runners, and is only a hint. The runner may be deployed in a different region. See the runner's status for the actual region. - `releaseChannel: optional RunnerReleaseChannel` The release channel the runner is on - `"RUNNER_RELEASE_CHANNEL_UNSPECIFIED"` - `"RUNNER_RELEASE_CHANNEL_STABLE"` - `"RUNNER_RELEASE_CHANNEL_LATEST"` - `updateWindow: optional UpdateWindow` update_window defines the daily time window (UTC) during which auto-updates are allowed. If not set, updates are allowed at any time. - `endHour: optional number` end_hour is the end of the update window as a UTC hour (0-23). If not set, defaults to start_hour + 2. - `startHour: optional number` start_hour is the beginning of the update window as a UTC hour (0-23). +required - `desiredPhase: optional RunnerPhase` RunnerPhase represents the phase a runner is in - `"RUNNER_PHASE_UNSPECIFIED"` - `"RUNNER_PHASE_CREATED"` - `"RUNNER_PHASE_INACTIVE"` - `"RUNNER_PHASE_ACTIVE"` - `"RUNNER_PHASE_DELETING"` - `"RUNNER_PHASE_DELETED"` - `"RUNNER_PHASE_DEGRADED"` - `variant: optional RunnerVariant` The runner's variant - `"RUNNER_VARIANT_UNSPECIFIED"` - `"RUNNER_VARIANT_STANDARD"` - `"RUNNER_VARIANT_ENTERPRISE"` - `status: optional RunnerStatus` The runner's status - `additionalInfo: optional array of FieldValue` additional_info contains additional information about the runner, e.g. a CloudFormation stack URL. - `key: optional string` - `value: optional string` - `capabilities: optional array of RunnerCapability` capabilities is a list of capabilities the runner supports. - `"RUNNER_CAPABILITY_UNSPECIFIED"` - `"RUNNER_CAPABILITY_FETCH_LOCAL_SCM_INTEGRATIONS"` - `"RUNNER_CAPABILITY_SECRET_CONTAINER_REGISTRY"` - `"RUNNER_CAPABILITY_AGENT_EXECUTION"` - `"RUNNER_CAPABILITY_ALLOW_ENV_TOKEN_POPULATION"` - `"RUNNER_CAPABILITY_DEFAULT_DEV_CONTAINER_IMAGE"` - `"RUNNER_CAPABILITY_ENVIRONMENT_SNAPSHOT"` - `"RUNNER_CAPABILITY_PREBUILDS_BEFORE_SNAPSHOT_TRIGGER"` - `"RUNNER_CAPABILITY_LIST_SCM_ORGANIZATIONS"` - `"RUNNER_CAPABILITY_CHECK_REPOSITORY_ACCESS"` - `"RUNNER_CAPABILITY_RUNNER_SIDE_AGENT"` - `"RUNNER_CAPABILITY_WARM_POOL"` - `"RUNNER_CAPABILITY_ASG_WARM_POOL"` - `"RUNNER_CAPABILITY_PORT_AUTHENTICATION"` - `gatewayInfo: optional GatewayInfo` gateway_info is information about the gateway to which the runner is connected. - `gateway: optional Gateway` Gateway represents a system gateway that provides access to services - `name: string` name is the human-readable name of the gateway. name is unique across all gateways. - `url: string` url of the gateway - `region: optional string` region is the geographical region where the gateway is located - `latency: optional string` latency is the round-trip time of the runner to the gateway in milliseconds. - `llmUrl: optional string` llm_url is the URL of the LLM service to which the runner is connected. - `logUrl: optional string` - `message: optional string` The runner's reported message which is shown to users. This message adds more context to the runner's phase. - `phase: optional RunnerPhase` The runner's reported phase - `publicKey: optional string` public_key is the runner's public key used for encryption (32 bytes) - `region: optional string` region is the region the runner is running in, if applicable. - `supportBundleUrl: optional string` support_bundle_url is the URL at which the runner support bundle can be accessed. This URL provides access to pprof profiles and other debug information. Only available for standalone runners. - `systemDetails: optional string` - `updatedAt: optional string` Time when the status was last updated. - `version: optional string` - `updatedAt: optional string` Time when the Runner was last udpated. ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/GetRunner \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "runner": { "createdAt": "2019-12-27T18:11:19.117Z", "creator": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" }, "kind": "RUNNER_KIND_UNSPECIFIED", "name": "name", "provider": "RUNNER_PROVIDER_UNSPECIFIED", "runnerId": "runnerId", "runnerManagerId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "spec": { "configuration": { "autoUpdate": true, "continuousProfiling": true, "devcontainerImageCacheEnabled": true, "encryptedHoneycombApiKey": "U3RhaW5sZXNzIHJvY2tz", "logLevel": "LOG_LEVEL_UNSPECIFIED", "metrics": { "enabled": true, "includeVerboseMetrics": true, "managedMetricsEnabled": true, "password": "password", "url": "url", "username": "username" }, "region": "region", "releaseChannel": "RUNNER_RELEASE_CHANNEL_UNSPECIFIED", "updateWindow": { "endHour": 0, "startHour": 0 } }, "desiredPhase": "RUNNER_PHASE_UNSPECIFIED", "variant": "RUNNER_VARIANT_UNSPECIFIED" }, "status": { "additionalInfo": [ { "key": "key", "value": "value" } ], "capabilities": [ "RUNNER_CAPABILITY_UNSPECIFIED" ], "gatewayInfo": { "gateway": { "name": "name", "url": "url", "region": "region" }, "latency": "+9125115.360s" }, "llmUrl": "llmUrl", "logUrl": "logUrl", "message": "message", "phase": "RUNNER_PHASE_UNSPECIFIED", "publicKey": "U3RhaW5sZXNzIHJvY2tz", "region": "region", "supportBundleUrl": "supportBundleUrl", "systemDetails": "systemDetails", "updatedAt": "2019-12-27T18:11:19.117Z", "version": "version" }, "updatedAt": "2019-12-27T18:11:19.117Z" } } ``` ## SearchRepositories **post** `/gitpod.v1.RunnerService/SearchRepositories` Searches for repositories across all authenticated SCM hosts. Use this method to: - List available repositories - Search repositories by name or content - Discover repositories for environment creation Returns repositories from all authenticated SCM hosts in natural sort order. If no repositories are found, returns an empty list. ### Examples - List all repositories: Returns up to 25 repositories from all authenticated hosts. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` - Search repositories: Searches for repositories matching the query across all hosts. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" searchString: "my-project" limit: 10 ``` ### Body Parameters - `limit: optional number` Maximum number of repositories to return. Default: 25, Maximum: 100 Deprecated: Use pagination.page_size instead - `pagination: optional object { token, pageSize }` Pagination parameters for repository search - `token: optional string` Token for the next set of results that was returned as next_token of a PaginationResponse - `pageSize: optional number` Page size is the maximum number of results to retrieve per page. Defaults to 25. Maximum 100. - `runnerId: optional string` - `scmHost: optional string` The SCM's host to retrieve repositories from - `searchMode: optional SearchMode` Search mode determines how search_string is interpreted - `"SEARCH_MODE_UNSPECIFIED"` - `"SEARCH_MODE_KEYWORD"` - `"SEARCH_MODE_NATIVE"` - `searchString: optional string` Search query - interpretation depends on search_mode ### Returns - `lastPage: optional number` Deprecated: Use pagination token instead. Total pages can be extracted from token. - `pagination: optional object { nextToken }` Pagination information for the response. Token format: "NEXT_PAGE/TOTAL_PAGES/TOTAL_COUNT" (e.g., "2/40/1000"). Use -1 for unknown values (e.g., "2/-1/-1" when totals unavailable). Empty token means no more pages. - `nextToken: optional string` Token passed for retrieving the next set of results. Empty if there are no more results - `repositories: optional array of object { name, url }` List of repositories matching the search criteria - `name: optional string` Repository name (e.g., "my-project") - `url: optional string` Repository URL (e.g., "https://github.com/owner/my-project") ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/SearchRepositories \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "lastPage": 0, "pagination": { "nextToken": "nextToken" }, "repositories": [ { "name": "name", "url": "url" } ] } ``` ## UpdateRunner **post** `/gitpod.v1.RunnerService/UpdateRunner` Updates a runner's configuration. Use this method to: - Modify runner settings - Update release channels - Change runner status - Configure auto-update settings ### Examples - Update configuration: Changes runner settings. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" name: "Updated Runner Name" spec: configuration: releaseChannel: RUNNER_RELEASE_CHANNEL_LATEST autoUpdate: true ``` ### Body Parameters - `name: optional string` The runner's name which is shown to users - `runnerId: optional string` runner_id specifies which runner to be updated. +required - `spec: optional object { configuration, desiredPhase }` - `configuration: optional object { autoUpdate, devcontainerImageCacheEnabled, logLevel, 3 more }` - `autoUpdate: optional boolean` auto_update indicates whether the runner should automatically update itself. - `devcontainerImageCacheEnabled: optional boolean` devcontainer_image_cache_enabled controls whether the shared devcontainer build cache is enabled for this runner. - `logLevel: optional LogLevel` log_level is the log level for the runner - `"LOG_LEVEL_UNSPECIFIED"` - `"LOG_LEVEL_DEBUG"` - `"LOG_LEVEL_INFO"` - `"LOG_LEVEL_WARN"` - `"LOG_LEVEL_ERROR"` - `metrics: optional object { enabled, managedMetricsEnabled, password, 2 more }` metrics contains configuration for the runner's metrics collection - `enabled: optional boolean` enabled indicates whether the runner should collect metrics - `managedMetricsEnabled: optional boolean` When true, the runner pushes metrics to the management plane via ReportRunnerMetrics instead of directly to the remote_write endpoint. - `password: optional string` password is the password to use for the metrics collector - `url: optional string` url is the URL of the metrics collector - `username: optional string` username is the username to use for the metrics collector - `releaseChannel: optional RunnerReleaseChannel` The release channel the runner is on - `"RUNNER_RELEASE_CHANNEL_UNSPECIFIED"` - `"RUNNER_RELEASE_CHANNEL_STABLE"` - `"RUNNER_RELEASE_CHANNEL_LATEST"` - `updateWindow: optional UpdateWindow` update_window defines the daily time window (UTC) during which auto-updates are allowed. start_hour is required. If end_hour is omitted, it defaults to start_hour + 2. Send an empty UpdateWindow (no start_hour or end_hour) to clear a custom window and allow updates at any time. - `endHour: optional number` end_hour is the end of the update window as a UTC hour (0-23). If not set, defaults to start_hour + 2. - `startHour: optional number` start_hour is the beginning of the update window as a UTC hour (0-23). +required - `desiredPhase: optional RunnerPhase` desired_phase can currently only be updated on local-configuration runners, to toggle whether local runners are allowed for running environments in the organization. Set to: - ACTIVE to enable local runners. - INACTIVE to disable all local runners. Existing local runners and their environments will stop, and cannot be started again until the desired_phase is set to ACTIVE. Use this carefully, as it will affect all users in the organization who use local runners. - `"RUNNER_PHASE_UNSPECIFIED"` - `"RUNNER_PHASE_CREATED"` - `"RUNNER_PHASE_INACTIVE"` - `"RUNNER_PHASE_ACTIVE"` - `"RUNNER_PHASE_DELETING"` - `"RUNNER_PHASE_DELETED"` - `"RUNNER_PHASE_DEGRADED"` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/UpdateRunner \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json {} ``` ## Domain Types ### Gateway Info - `GatewayInfo object { gateway, latency }` - `gateway: optional Gateway` Gateway represents a system gateway that provides access to services - `name: string` name is the human-readable name of the gateway. name is unique across all gateways. - `url: string` url of the gateway - `region: optional string` region is the geographical region where the gateway is located - `latency: optional string` latency is the round-trip time of the runner to the gateway in milliseconds. ### Log Level - `LogLevel = "LOG_LEVEL_UNSPECIFIED" or "LOG_LEVEL_DEBUG" or "LOG_LEVEL_INFO" or 2 more` - `"LOG_LEVEL_UNSPECIFIED"` - `"LOG_LEVEL_DEBUG"` - `"LOG_LEVEL_INFO"` - `"LOG_LEVEL_WARN"` - `"LOG_LEVEL_ERROR"` ### Metrics Configuration - `MetricsConfiguration object { enabled, managedMetricsEnabled, password, 2 more }` - `enabled: optional boolean` enabled indicates whether the runner should collect metrics - `managedMetricsEnabled: optional boolean` When true, the runner pushes metrics to the management plane via ReportRunnerMetrics instead of directly to the remote_write endpoint. - `password: optional string` password is the password to use for the metrics collector - `url: optional string` url is the URL of the metrics collector - `username: optional string` username is the username to use for the metrics collector ### Runner - `Runner object { createdAt, creator, kind, 7 more }` - `createdAt: optional string` Time when the Runner was created. - `creator: optional Subject` creator is the identity of the creator of the environment - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `kind: optional RunnerKind` The runner's kind - `"RUNNER_KIND_UNSPECIFIED"` - `"RUNNER_KIND_LOCAL"` - `"RUNNER_KIND_REMOTE"` - `"RUNNER_KIND_LOCAL_CONFIGURATION"` - `name: optional string` The runner's name which is shown to users - `provider: optional RunnerProvider` The runner's provider - `"RUNNER_PROVIDER_UNSPECIFIED"` - `"RUNNER_PROVIDER_AWS_EC2"` - `"RUNNER_PROVIDER_LINUX_HOST"` - `"RUNNER_PROVIDER_DESKTOP_MAC"` - `"RUNNER_PROVIDER_MANAGED"` - `"RUNNER_PROVIDER_GCP"` - `"RUNNER_PROVIDER_DEV_AGENT"` - `runnerId: optional string` - `runnerManagerId: optional string` The runner manager id specifies the runner manager for the managed runner. This field is only set for managed runners. - `spec: optional RunnerSpec` The runner's specification - `configuration: optional RunnerConfiguration` The runner's configuration - `autoUpdate: optional boolean` auto_update indicates whether the runner should automatically update itself. - `devcontainerImageCacheEnabled: optional boolean` devcontainer_image_cache_enabled controls whether the devcontainer build cache is enabled for this runner. Only takes effect on supported runners, currently only AWS EC2 and Gitpod-managed runners. - `logLevel: optional LogLevel` log_level is the log level for the runner - `"LOG_LEVEL_UNSPECIFIED"` - `"LOG_LEVEL_DEBUG"` - `"LOG_LEVEL_INFO"` - `"LOG_LEVEL_WARN"` - `"LOG_LEVEL_ERROR"` - `metrics: optional MetricsConfiguration` metrics contains configuration for the runner's metrics collection - `enabled: optional boolean` enabled indicates whether the runner should collect metrics - `managedMetricsEnabled: optional boolean` When true, the runner pushes metrics to the management plane via ReportRunnerMetrics instead of directly to the remote_write endpoint. - `password: optional string` password is the password to use for the metrics collector - `url: optional string` url is the URL of the metrics collector - `username: optional string` username is the username to use for the metrics collector - `region: optional string` Region to deploy the runner in, if applicable. This is mainly used for remote runners, and is only a hint. The runner may be deployed in a different region. See the runner's status for the actual region. - `releaseChannel: optional RunnerReleaseChannel` The release channel the runner is on - `"RUNNER_RELEASE_CHANNEL_UNSPECIFIED"` - `"RUNNER_RELEASE_CHANNEL_STABLE"` - `"RUNNER_RELEASE_CHANNEL_LATEST"` - `updateWindow: optional UpdateWindow` update_window defines the daily time window (UTC) during which auto-updates are allowed. If not set, updates are allowed at any time. - `endHour: optional number` end_hour is the end of the update window as a UTC hour (0-23). If not set, defaults to start_hour + 2. - `startHour: optional number` start_hour is the beginning of the update window as a UTC hour (0-23). +required - `desiredPhase: optional RunnerPhase` RunnerPhase represents the phase a runner is in - `"RUNNER_PHASE_UNSPECIFIED"` - `"RUNNER_PHASE_CREATED"` - `"RUNNER_PHASE_INACTIVE"` - `"RUNNER_PHASE_ACTIVE"` - `"RUNNER_PHASE_DELETING"` - `"RUNNER_PHASE_DELETED"` - `"RUNNER_PHASE_DEGRADED"` - `variant: optional RunnerVariant` The runner's variant - `"RUNNER_VARIANT_UNSPECIFIED"` - `"RUNNER_VARIANT_STANDARD"` - `"RUNNER_VARIANT_ENTERPRISE"` - `status: optional RunnerStatus` The runner's status - `additionalInfo: optional array of FieldValue` additional_info contains additional information about the runner, e.g. a CloudFormation stack URL. - `key: optional string` - `value: optional string` - `capabilities: optional array of RunnerCapability` capabilities is a list of capabilities the runner supports. - `"RUNNER_CAPABILITY_UNSPECIFIED"` - `"RUNNER_CAPABILITY_FETCH_LOCAL_SCM_INTEGRATIONS"` - `"RUNNER_CAPABILITY_SECRET_CONTAINER_REGISTRY"` - `"RUNNER_CAPABILITY_AGENT_EXECUTION"` - `"RUNNER_CAPABILITY_ALLOW_ENV_TOKEN_POPULATION"` - `"RUNNER_CAPABILITY_DEFAULT_DEV_CONTAINER_IMAGE"` - `"RUNNER_CAPABILITY_ENVIRONMENT_SNAPSHOT"` - `"RUNNER_CAPABILITY_PREBUILDS_BEFORE_SNAPSHOT_TRIGGER"` - `"RUNNER_CAPABILITY_LIST_SCM_ORGANIZATIONS"` - `"RUNNER_CAPABILITY_CHECK_REPOSITORY_ACCESS"` - `"RUNNER_CAPABILITY_RUNNER_SIDE_AGENT"` - `"RUNNER_CAPABILITY_WARM_POOL"` - `"RUNNER_CAPABILITY_ASG_WARM_POOL"` - `"RUNNER_CAPABILITY_PORT_AUTHENTICATION"` - `gatewayInfo: optional GatewayInfo` gateway_info is information about the gateway to which the runner is connected. - `gateway: optional Gateway` Gateway represents a system gateway that provides access to services - `name: string` name is the human-readable name of the gateway. name is unique across all gateways. - `url: string` url of the gateway - `region: optional string` region is the geographical region where the gateway is located - `latency: optional string` latency is the round-trip time of the runner to the gateway in milliseconds. - `llmUrl: optional string` llm_url is the URL of the LLM service to which the runner is connected. - `logUrl: optional string` - `message: optional string` The runner's reported message which is shown to users. This message adds more context to the runner's phase. - `phase: optional RunnerPhase` The runner's reported phase - `publicKey: optional string` public_key is the runner's public key used for encryption (32 bytes) - `region: optional string` region is the region the runner is running in, if applicable. - `supportBundleUrl: optional string` support_bundle_url is the URL at which the runner support bundle can be accessed. This URL provides access to pprof profiles and other debug information. Only available for standalone runners. - `systemDetails: optional string` - `updatedAt: optional string` Time when the status was last updated. - `version: optional string` - `updatedAt: optional string` Time when the Runner was last udpated. ### Runner Capability - `RunnerCapability = "RUNNER_CAPABILITY_UNSPECIFIED" or "RUNNER_CAPABILITY_FETCH_LOCAL_SCM_INTEGRATIONS" or "RUNNER_CAPABILITY_SECRET_CONTAINER_REGISTRY" or 11 more` - `"RUNNER_CAPABILITY_UNSPECIFIED"` - `"RUNNER_CAPABILITY_FETCH_LOCAL_SCM_INTEGRATIONS"` - `"RUNNER_CAPABILITY_SECRET_CONTAINER_REGISTRY"` - `"RUNNER_CAPABILITY_AGENT_EXECUTION"` - `"RUNNER_CAPABILITY_ALLOW_ENV_TOKEN_POPULATION"` - `"RUNNER_CAPABILITY_DEFAULT_DEV_CONTAINER_IMAGE"` - `"RUNNER_CAPABILITY_ENVIRONMENT_SNAPSHOT"` - `"RUNNER_CAPABILITY_PREBUILDS_BEFORE_SNAPSHOT_TRIGGER"` - `"RUNNER_CAPABILITY_LIST_SCM_ORGANIZATIONS"` - `"RUNNER_CAPABILITY_CHECK_REPOSITORY_ACCESS"` - `"RUNNER_CAPABILITY_RUNNER_SIDE_AGENT"` - `"RUNNER_CAPABILITY_WARM_POOL"` - `"RUNNER_CAPABILITY_ASG_WARM_POOL"` - `"RUNNER_CAPABILITY_PORT_AUTHENTICATION"` ### Runner Configuration - `RunnerConfiguration object { autoUpdate, devcontainerImageCacheEnabled, logLevel, 4 more }` - `autoUpdate: optional boolean` auto_update indicates whether the runner should automatically update itself. - `devcontainerImageCacheEnabled: optional boolean` devcontainer_image_cache_enabled controls whether the devcontainer build cache is enabled for this runner. Only takes effect on supported runners, currently only AWS EC2 and Gitpod-managed runners. - `logLevel: optional LogLevel` log_level is the log level for the runner - `"LOG_LEVEL_UNSPECIFIED"` - `"LOG_LEVEL_DEBUG"` - `"LOG_LEVEL_INFO"` - `"LOG_LEVEL_WARN"` - `"LOG_LEVEL_ERROR"` - `metrics: optional MetricsConfiguration` metrics contains configuration for the runner's metrics collection - `enabled: optional boolean` enabled indicates whether the runner should collect metrics - `managedMetricsEnabled: optional boolean` When true, the runner pushes metrics to the management plane via ReportRunnerMetrics instead of directly to the remote_write endpoint. - `password: optional string` password is the password to use for the metrics collector - `url: optional string` url is the URL of the metrics collector - `username: optional string` username is the username to use for the metrics collector - `region: optional string` Region to deploy the runner in, if applicable. This is mainly used for remote runners, and is only a hint. The runner may be deployed in a different region. See the runner's status for the actual region. - `releaseChannel: optional RunnerReleaseChannel` The release channel the runner is on - `"RUNNER_RELEASE_CHANNEL_UNSPECIFIED"` - `"RUNNER_RELEASE_CHANNEL_STABLE"` - `"RUNNER_RELEASE_CHANNEL_LATEST"` - `updateWindow: optional UpdateWindow` update_window defines the daily time window (UTC) during which auto-updates are allowed. If not set, updates are allowed at any time. - `endHour: optional number` end_hour is the end of the update window as a UTC hour (0-23). If not set, defaults to start_hour + 2. - `startHour: optional number` start_hour is the beginning of the update window as a UTC hour (0-23). +required ### Runner Kind - `RunnerKind = "RUNNER_KIND_UNSPECIFIED" or "RUNNER_KIND_LOCAL" or "RUNNER_KIND_REMOTE" or "RUNNER_KIND_LOCAL_CONFIGURATION"` RunnerKind represents the kind of a runner - `"RUNNER_KIND_UNSPECIFIED"` - `"RUNNER_KIND_LOCAL"` - `"RUNNER_KIND_REMOTE"` - `"RUNNER_KIND_LOCAL_CONFIGURATION"` ### Runner Phase - `RunnerPhase = "RUNNER_PHASE_UNSPECIFIED" or "RUNNER_PHASE_CREATED" or "RUNNER_PHASE_INACTIVE" or 4 more` RunnerPhase represents the phase a runner is in - `"RUNNER_PHASE_UNSPECIFIED"` - `"RUNNER_PHASE_CREATED"` - `"RUNNER_PHASE_INACTIVE"` - `"RUNNER_PHASE_ACTIVE"` - `"RUNNER_PHASE_DELETING"` - `"RUNNER_PHASE_DELETED"` - `"RUNNER_PHASE_DEGRADED"` ### Runner Provider - `RunnerProvider = "RUNNER_PROVIDER_UNSPECIFIED" or "RUNNER_PROVIDER_AWS_EC2" or "RUNNER_PROVIDER_LINUX_HOST" or 4 more` RunnerProvider identifies the specific implementation type of a runner. Each provider maps to a specific kind of runner (local or remote), as specified below for each provider. - `"RUNNER_PROVIDER_UNSPECIFIED"` - `"RUNNER_PROVIDER_AWS_EC2"` - `"RUNNER_PROVIDER_LINUX_HOST"` - `"RUNNER_PROVIDER_DESKTOP_MAC"` - `"RUNNER_PROVIDER_MANAGED"` - `"RUNNER_PROVIDER_GCP"` - `"RUNNER_PROVIDER_DEV_AGENT"` ### Runner Release Channel - `RunnerReleaseChannel = "RUNNER_RELEASE_CHANNEL_UNSPECIFIED" or "RUNNER_RELEASE_CHANNEL_STABLE" or "RUNNER_RELEASE_CHANNEL_LATEST"` - `"RUNNER_RELEASE_CHANNEL_UNSPECIFIED"` - `"RUNNER_RELEASE_CHANNEL_STABLE"` - `"RUNNER_RELEASE_CHANNEL_LATEST"` ### Runner Spec - `RunnerSpec object { configuration, desiredPhase, variant }` - `configuration: optional RunnerConfiguration` The runner's configuration - `autoUpdate: optional boolean` auto_update indicates whether the runner should automatically update itself. - `devcontainerImageCacheEnabled: optional boolean` devcontainer_image_cache_enabled controls whether the devcontainer build cache is enabled for this runner. Only takes effect on supported runners, currently only AWS EC2 and Gitpod-managed runners. - `logLevel: optional LogLevel` log_level is the log level for the runner - `"LOG_LEVEL_UNSPECIFIED"` - `"LOG_LEVEL_DEBUG"` - `"LOG_LEVEL_INFO"` - `"LOG_LEVEL_WARN"` - `"LOG_LEVEL_ERROR"` - `metrics: optional MetricsConfiguration` metrics contains configuration for the runner's metrics collection - `enabled: optional boolean` enabled indicates whether the runner should collect metrics - `managedMetricsEnabled: optional boolean` When true, the runner pushes metrics to the management plane via ReportRunnerMetrics instead of directly to the remote_write endpoint. - `password: optional string` password is the password to use for the metrics collector - `url: optional string` url is the URL of the metrics collector - `username: optional string` username is the username to use for the metrics collector - `region: optional string` Region to deploy the runner in, if applicable. This is mainly used for remote runners, and is only a hint. The runner may be deployed in a different region. See the runner's status for the actual region. - `releaseChannel: optional RunnerReleaseChannel` The release channel the runner is on - `"RUNNER_RELEASE_CHANNEL_UNSPECIFIED"` - `"RUNNER_RELEASE_CHANNEL_STABLE"` - `"RUNNER_RELEASE_CHANNEL_LATEST"` - `updateWindow: optional UpdateWindow` update_window defines the daily time window (UTC) during which auto-updates are allowed. If not set, updates are allowed at any time. - `endHour: optional number` end_hour is the end of the update window as a UTC hour (0-23). If not set, defaults to start_hour + 2. - `startHour: optional number` start_hour is the beginning of the update window as a UTC hour (0-23). +required - `desiredPhase: optional RunnerPhase` RunnerPhase represents the phase a runner is in - `"RUNNER_PHASE_UNSPECIFIED"` - `"RUNNER_PHASE_CREATED"` - `"RUNNER_PHASE_INACTIVE"` - `"RUNNER_PHASE_ACTIVE"` - `"RUNNER_PHASE_DELETING"` - `"RUNNER_PHASE_DELETED"` - `"RUNNER_PHASE_DEGRADED"` - `variant: optional RunnerVariant` The runner's variant - `"RUNNER_VARIANT_UNSPECIFIED"` - `"RUNNER_VARIANT_STANDARD"` - `"RUNNER_VARIANT_ENTERPRISE"` ### Runner Status - `RunnerStatus object { additionalInfo, capabilities, gatewayInfo, 10 more }` RunnerStatus represents the status of a runner - `additionalInfo: optional array of FieldValue` additional_info contains additional information about the runner, e.g. a CloudFormation stack URL. - `key: optional string` - `value: optional string` - `capabilities: optional array of RunnerCapability` capabilities is a list of capabilities the runner supports. - `"RUNNER_CAPABILITY_UNSPECIFIED"` - `"RUNNER_CAPABILITY_FETCH_LOCAL_SCM_INTEGRATIONS"` - `"RUNNER_CAPABILITY_SECRET_CONTAINER_REGISTRY"` - `"RUNNER_CAPABILITY_AGENT_EXECUTION"` - `"RUNNER_CAPABILITY_ALLOW_ENV_TOKEN_POPULATION"` - `"RUNNER_CAPABILITY_DEFAULT_DEV_CONTAINER_IMAGE"` - `"RUNNER_CAPABILITY_ENVIRONMENT_SNAPSHOT"` - `"RUNNER_CAPABILITY_PREBUILDS_BEFORE_SNAPSHOT_TRIGGER"` - `"RUNNER_CAPABILITY_LIST_SCM_ORGANIZATIONS"` - `"RUNNER_CAPABILITY_CHECK_REPOSITORY_ACCESS"` - `"RUNNER_CAPABILITY_RUNNER_SIDE_AGENT"` - `"RUNNER_CAPABILITY_WARM_POOL"` - `"RUNNER_CAPABILITY_ASG_WARM_POOL"` - `"RUNNER_CAPABILITY_PORT_AUTHENTICATION"` - `gatewayInfo: optional GatewayInfo` gateway_info is information about the gateway to which the runner is connected. - `gateway: optional Gateway` Gateway represents a system gateway that provides access to services - `name: string` name is the human-readable name of the gateway. name is unique across all gateways. - `url: string` url of the gateway - `region: optional string` region is the geographical region where the gateway is located - `latency: optional string` latency is the round-trip time of the runner to the gateway in milliseconds. - `llmUrl: optional string` llm_url is the URL of the LLM service to which the runner is connected. - `logUrl: optional string` - `message: optional string` The runner's reported message which is shown to users. This message adds more context to the runner's phase. - `phase: optional RunnerPhase` The runner's reported phase - `"RUNNER_PHASE_UNSPECIFIED"` - `"RUNNER_PHASE_CREATED"` - `"RUNNER_PHASE_INACTIVE"` - `"RUNNER_PHASE_ACTIVE"` - `"RUNNER_PHASE_DELETING"` - `"RUNNER_PHASE_DELETED"` - `"RUNNER_PHASE_DEGRADED"` - `publicKey: optional string` public_key is the runner's public key used for encryption (32 bytes) - `region: optional string` region is the region the runner is running in, if applicable. - `supportBundleUrl: optional string` support_bundle_url is the URL at which the runner support bundle can be accessed. This URL provides access to pprof profiles and other debug information. Only available for standalone runners. - `systemDetails: optional string` - `updatedAt: optional string` Time when the status was last updated. - `version: optional string` ### Runner Variant - `RunnerVariant = "RUNNER_VARIANT_UNSPECIFIED" or "RUNNER_VARIANT_STANDARD" or "RUNNER_VARIANT_ENTERPRISE"` - `"RUNNER_VARIANT_UNSPECIFIED"` - `"RUNNER_VARIANT_STANDARD"` - `"RUNNER_VARIANT_ENTERPRISE"` ### Search Mode - `SearchMode = "SEARCH_MODE_UNSPECIFIED" or "SEARCH_MODE_KEYWORD" or "SEARCH_MODE_NATIVE"` - `"SEARCH_MODE_UNSPECIFIED"` - `"SEARCH_MODE_KEYWORD"` - `"SEARCH_MODE_NATIVE"` ### Update Window - `UpdateWindow object { endHour, startHour }` UpdateWindow defines a daily time window (UTC) during which auto-updates are allowed. The window must be at least 2 hours long. Overnight windows are supported (e.g., start_hour=22, end_hour=4). - `endHour: optional number` end_hour is the end of the update window as a UTC hour (0-23). If not set, defaults to start_hour + 2. - `startHour: optional number` start_hour is the beginning of the update window as a UTC hour (0-23). +required ### Runner Check Authentication For Host Response - `RunnerCheckAuthenticationForHostResponse object { authenticated, authenticationUrl, patSupported, 4 more }` - `authenticated: optional boolean` - `authenticationUrl: optional string` - `patSupported: optional boolean` - `scmId: optional string` scm_id is the unique identifier of the SCM provider - `scmName: optional string` scm_name is the human-readable name of the SCM provider (e.g., "GitHub", "GitLab") - `supportsOauth2: optional object { authUrl, docsUrl }` supports_oauth2 indicates that the host supports OAuth2 authentication - `authUrl: optional string` auth_url is the URL where users can authenticate - `docsUrl: optional string` docs_url is the URL to the documentation explaining this authentication method - `supportsPat: optional object { createUrl, docsUrl, example, requiredScopes }` supports_pat indicates that the host supports Personal Access Token authentication - `createUrl: optional string` create_url is the URL where users can create a new Personal Access Token - `docsUrl: optional string` docs_url is the URL to the documentation explaining PAT usage for this host - `example: optional string` example is an example of a Personal Access Token - `requiredScopes: optional array of string` required_scopes is the list of permissions required for the Personal Access Token ### Runner Check Repository Access Response - `RunnerCheckRepositoryAccessResponse object { errorMessage, hasAccess }` - `errorMessage: optional string` error_message provides details when access check fails. Empty when has_access is true. - `hasAccess: optional boolean` has_access indicates whether the principal has read access to the repository. ### Runner Create Response - `RunnerCreateResponse object { runner, accessToken, exchangeToken }` - `runner: Runner` - `createdAt: optional string` Time when the Runner was created. - `creator: optional Subject` creator is the identity of the creator of the environment - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `kind: optional RunnerKind` The runner's kind - `"RUNNER_KIND_UNSPECIFIED"` - `"RUNNER_KIND_LOCAL"` - `"RUNNER_KIND_REMOTE"` - `"RUNNER_KIND_LOCAL_CONFIGURATION"` - `name: optional string` The runner's name which is shown to users - `provider: optional RunnerProvider` The runner's provider - `"RUNNER_PROVIDER_UNSPECIFIED"` - `"RUNNER_PROVIDER_AWS_EC2"` - `"RUNNER_PROVIDER_LINUX_HOST"` - `"RUNNER_PROVIDER_DESKTOP_MAC"` - `"RUNNER_PROVIDER_MANAGED"` - `"RUNNER_PROVIDER_GCP"` - `"RUNNER_PROVIDER_DEV_AGENT"` - `runnerId: optional string` - `runnerManagerId: optional string` The runner manager id specifies the runner manager for the managed runner. This field is only set for managed runners. - `spec: optional RunnerSpec` The runner's specification - `configuration: optional RunnerConfiguration` The runner's configuration - `autoUpdate: optional boolean` auto_update indicates whether the runner should automatically update itself. - `devcontainerImageCacheEnabled: optional boolean` devcontainer_image_cache_enabled controls whether the devcontainer build cache is enabled for this runner. Only takes effect on supported runners, currently only AWS EC2 and Gitpod-managed runners. - `logLevel: optional LogLevel` log_level is the log level for the runner - `"LOG_LEVEL_UNSPECIFIED"` - `"LOG_LEVEL_DEBUG"` - `"LOG_LEVEL_INFO"` - `"LOG_LEVEL_WARN"` - `"LOG_LEVEL_ERROR"` - `metrics: optional MetricsConfiguration` metrics contains configuration for the runner's metrics collection - `enabled: optional boolean` enabled indicates whether the runner should collect metrics - `managedMetricsEnabled: optional boolean` When true, the runner pushes metrics to the management plane via ReportRunnerMetrics instead of directly to the remote_write endpoint. - `password: optional string` password is the password to use for the metrics collector - `url: optional string` url is the URL of the metrics collector - `username: optional string` username is the username to use for the metrics collector - `region: optional string` Region to deploy the runner in, if applicable. This is mainly used for remote runners, and is only a hint. The runner may be deployed in a different region. See the runner's status for the actual region. - `releaseChannel: optional RunnerReleaseChannel` The release channel the runner is on - `"RUNNER_RELEASE_CHANNEL_UNSPECIFIED"` - `"RUNNER_RELEASE_CHANNEL_STABLE"` - `"RUNNER_RELEASE_CHANNEL_LATEST"` - `updateWindow: optional UpdateWindow` update_window defines the daily time window (UTC) during which auto-updates are allowed. If not set, updates are allowed at any time. - `endHour: optional number` end_hour is the end of the update window as a UTC hour (0-23). If not set, defaults to start_hour + 2. - `startHour: optional number` start_hour is the beginning of the update window as a UTC hour (0-23). +required - `desiredPhase: optional RunnerPhase` RunnerPhase represents the phase a runner is in - `"RUNNER_PHASE_UNSPECIFIED"` - `"RUNNER_PHASE_CREATED"` - `"RUNNER_PHASE_INACTIVE"` - `"RUNNER_PHASE_ACTIVE"` - `"RUNNER_PHASE_DELETING"` - `"RUNNER_PHASE_DELETED"` - `"RUNNER_PHASE_DEGRADED"` - `variant: optional RunnerVariant` The runner's variant - `"RUNNER_VARIANT_UNSPECIFIED"` - `"RUNNER_VARIANT_STANDARD"` - `"RUNNER_VARIANT_ENTERPRISE"` - `status: optional RunnerStatus` The runner's status - `additionalInfo: optional array of FieldValue` additional_info contains additional information about the runner, e.g. a CloudFormation stack URL. - `key: optional string` - `value: optional string` - `capabilities: optional array of RunnerCapability` capabilities is a list of capabilities the runner supports. - `"RUNNER_CAPABILITY_UNSPECIFIED"` - `"RUNNER_CAPABILITY_FETCH_LOCAL_SCM_INTEGRATIONS"` - `"RUNNER_CAPABILITY_SECRET_CONTAINER_REGISTRY"` - `"RUNNER_CAPABILITY_AGENT_EXECUTION"` - `"RUNNER_CAPABILITY_ALLOW_ENV_TOKEN_POPULATION"` - `"RUNNER_CAPABILITY_DEFAULT_DEV_CONTAINER_IMAGE"` - `"RUNNER_CAPABILITY_ENVIRONMENT_SNAPSHOT"` - `"RUNNER_CAPABILITY_PREBUILDS_BEFORE_SNAPSHOT_TRIGGER"` - `"RUNNER_CAPABILITY_LIST_SCM_ORGANIZATIONS"` - `"RUNNER_CAPABILITY_CHECK_REPOSITORY_ACCESS"` - `"RUNNER_CAPABILITY_RUNNER_SIDE_AGENT"` - `"RUNNER_CAPABILITY_WARM_POOL"` - `"RUNNER_CAPABILITY_ASG_WARM_POOL"` - `"RUNNER_CAPABILITY_PORT_AUTHENTICATION"` - `gatewayInfo: optional GatewayInfo` gateway_info is information about the gateway to which the runner is connected. - `gateway: optional Gateway` Gateway represents a system gateway that provides access to services - `name: string` name is the human-readable name of the gateway. name is unique across all gateways. - `url: string` url of the gateway - `region: optional string` region is the geographical region where the gateway is located - `latency: optional string` latency is the round-trip time of the runner to the gateway in milliseconds. - `llmUrl: optional string` llm_url is the URL of the LLM service to which the runner is connected. - `logUrl: optional string` - `message: optional string` The runner's reported message which is shown to users. This message adds more context to the runner's phase. - `phase: optional RunnerPhase` The runner's reported phase - `publicKey: optional string` public_key is the runner's public key used for encryption (32 bytes) - `region: optional string` region is the region the runner is running in, if applicable. - `supportBundleUrl: optional string` support_bundle_url is the URL at which the runner support bundle can be accessed. This URL provides access to pprof profiles and other debug information. Only available for standalone runners. - `systemDetails: optional string` - `updatedAt: optional string` Time when the status was last updated. - `version: optional string` - `updatedAt: optional string` Time when the Runner was last udpated. - `accessToken: optional string` deprecated, will be removed. Use exchange_token instead. - `exchangeToken: optional string` exchange_token is a one-time use token that should be exchanged by the runner for an access token, using the IdentityService.ExchangeToken rpc. The token expires after 24 hours. ### Runner Create Logs Token Response - `RunnerCreateLogsTokenResponse object { accessToken }` - `accessToken: string` access_token is the token that can be used to access the logs and support bundle of the runner ### Runner Create Runner Token Response - `RunnerCreateRunnerTokenResponse object { accessToken, exchangeToken }` - `accessToken: optional string` deprecated, will be removed. Use exchange_token instead. - `exchangeToken: optional string` exchange_token is a one-time use token that should be exchanged by the runner for an access token, using the IdentityService.ExchangeToken rpc. The token expires after 24 hours. ### Runner Delete Response - `RunnerDeleteResponse = unknown` ### Runner List Scm Organizations Response - `RunnerListScmOrganizationsResponse object { organizations }` - `organizations: optional array of object { isAdmin, name, url }` List of organizations the user belongs to - `isAdmin: optional boolean` Whether the user has admin permissions in this organization. Admin permissions typically allow creating organization-level webhooks. - `name: optional string` Organization name/slug (e.g., "gitpod-io") - `url: optional string` Organization URL (e.g., "https://github.com/gitpod-io") ### Runner Parse Context URL Response - `RunnerParseContextURLResponse object { git, issue, originalContextUrl, 4 more }` - `git: optional object { branch, cloneUrl, commit, 5 more }` - `branch: optional string` - `cloneUrl: optional string` - `commit: optional string` - `host: optional string` - `owner: optional string` - `repo: optional string` - `tag: optional string` - `upstreamRemoteUrl: optional string` - `issue: optional object { id, title }` - `id: optional string` id is the source system's ID of this issue, e.g. BNFRD-6100 - `title: optional string` - `originalContextUrl: optional string` - `pr: optional object { id, fromBranch, title, toBranch }` Deprecated: Use top-level PullRequest message instead - `id: optional string` - `fromBranch: optional string` - `title: optional string` - `toBranch: optional string` - `projectIds: optional array of string` project_ids is a list of projects to which the context URL belongs to. - `pullRequest: optional object { id, author, draft, 6 more }` PullRequest represents pull request metadata from source control systems. This message is used across workflow triggers, executions, and agent contexts to maintain consistent PR information throughout the system. - `id: optional string` Unique identifier from the source system (e.g., "123" for GitHub PR #123) - `author: optional string` Author name as provided by the SCM system - `draft: optional boolean` Whether this is a draft pull request - `fromBranch: optional string` Source branch name (the branch being merged from) - `repository: optional object { cloneUrl, host, name, owner }` Repository information - `cloneUrl: optional string` - `host: optional string` - `name: optional string` - `owner: optional string` - `state: optional State` Current state of the pull request - `"STATE_UNSPECIFIED"` - `"STATE_OPEN"` - `"STATE_CLOSED"` - `"STATE_MERGED"` - `title: optional string` Pull request title - `toBranch: optional string` Target branch name (the branch being merged into) - `url: optional string` Pull request URL (e.g., "https://github.com/owner/repo/pull/123") - `scmId: optional string` scm_id is the unique identifier of the SCM provider (e.g., "github", "gitlab", "bitbucket") ### Runner Retrieve Response - `RunnerRetrieveResponse object { runner }` - `runner: Runner` - `createdAt: optional string` Time when the Runner was created. - `creator: optional Subject` creator is the identity of the creator of the environment - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `kind: optional RunnerKind` The runner's kind - `"RUNNER_KIND_UNSPECIFIED"` - `"RUNNER_KIND_LOCAL"` - `"RUNNER_KIND_REMOTE"` - `"RUNNER_KIND_LOCAL_CONFIGURATION"` - `name: optional string` The runner's name which is shown to users - `provider: optional RunnerProvider` The runner's provider - `"RUNNER_PROVIDER_UNSPECIFIED"` - `"RUNNER_PROVIDER_AWS_EC2"` - `"RUNNER_PROVIDER_LINUX_HOST"` - `"RUNNER_PROVIDER_DESKTOP_MAC"` - `"RUNNER_PROVIDER_MANAGED"` - `"RUNNER_PROVIDER_GCP"` - `"RUNNER_PROVIDER_DEV_AGENT"` - `runnerId: optional string` - `runnerManagerId: optional string` The runner manager id specifies the runner manager for the managed runner. This field is only set for managed runners. - `spec: optional RunnerSpec` The runner's specification - `configuration: optional RunnerConfiguration` The runner's configuration - `autoUpdate: optional boolean` auto_update indicates whether the runner should automatically update itself. - `devcontainerImageCacheEnabled: optional boolean` devcontainer_image_cache_enabled controls whether the devcontainer build cache is enabled for this runner. Only takes effect on supported runners, currently only AWS EC2 and Gitpod-managed runners. - `logLevel: optional LogLevel` log_level is the log level for the runner - `"LOG_LEVEL_UNSPECIFIED"` - `"LOG_LEVEL_DEBUG"` - `"LOG_LEVEL_INFO"` - `"LOG_LEVEL_WARN"` - `"LOG_LEVEL_ERROR"` - `metrics: optional MetricsConfiguration` metrics contains configuration for the runner's metrics collection - `enabled: optional boolean` enabled indicates whether the runner should collect metrics - `managedMetricsEnabled: optional boolean` When true, the runner pushes metrics to the management plane via ReportRunnerMetrics instead of directly to the remote_write endpoint. - `password: optional string` password is the password to use for the metrics collector - `url: optional string` url is the URL of the metrics collector - `username: optional string` username is the username to use for the metrics collector - `region: optional string` Region to deploy the runner in, if applicable. This is mainly used for remote runners, and is only a hint. The runner may be deployed in a different region. See the runner's status for the actual region. - `releaseChannel: optional RunnerReleaseChannel` The release channel the runner is on - `"RUNNER_RELEASE_CHANNEL_UNSPECIFIED"` - `"RUNNER_RELEASE_CHANNEL_STABLE"` - `"RUNNER_RELEASE_CHANNEL_LATEST"` - `updateWindow: optional UpdateWindow` update_window defines the daily time window (UTC) during which auto-updates are allowed. If not set, updates are allowed at any time. - `endHour: optional number` end_hour is the end of the update window as a UTC hour (0-23). If not set, defaults to start_hour + 2. - `startHour: optional number` start_hour is the beginning of the update window as a UTC hour (0-23). +required - `desiredPhase: optional RunnerPhase` RunnerPhase represents the phase a runner is in - `"RUNNER_PHASE_UNSPECIFIED"` - `"RUNNER_PHASE_CREATED"` - `"RUNNER_PHASE_INACTIVE"` - `"RUNNER_PHASE_ACTIVE"` - `"RUNNER_PHASE_DELETING"` - `"RUNNER_PHASE_DELETED"` - `"RUNNER_PHASE_DEGRADED"` - `variant: optional RunnerVariant` The runner's variant - `"RUNNER_VARIANT_UNSPECIFIED"` - `"RUNNER_VARIANT_STANDARD"` - `"RUNNER_VARIANT_ENTERPRISE"` - `status: optional RunnerStatus` The runner's status - `additionalInfo: optional array of FieldValue` additional_info contains additional information about the runner, e.g. a CloudFormation stack URL. - `key: optional string` - `value: optional string` - `capabilities: optional array of RunnerCapability` capabilities is a list of capabilities the runner supports. - `"RUNNER_CAPABILITY_UNSPECIFIED"` - `"RUNNER_CAPABILITY_FETCH_LOCAL_SCM_INTEGRATIONS"` - `"RUNNER_CAPABILITY_SECRET_CONTAINER_REGISTRY"` - `"RUNNER_CAPABILITY_AGENT_EXECUTION"` - `"RUNNER_CAPABILITY_ALLOW_ENV_TOKEN_POPULATION"` - `"RUNNER_CAPABILITY_DEFAULT_DEV_CONTAINER_IMAGE"` - `"RUNNER_CAPABILITY_ENVIRONMENT_SNAPSHOT"` - `"RUNNER_CAPABILITY_PREBUILDS_BEFORE_SNAPSHOT_TRIGGER"` - `"RUNNER_CAPABILITY_LIST_SCM_ORGANIZATIONS"` - `"RUNNER_CAPABILITY_CHECK_REPOSITORY_ACCESS"` - `"RUNNER_CAPABILITY_RUNNER_SIDE_AGENT"` - `"RUNNER_CAPABILITY_WARM_POOL"` - `"RUNNER_CAPABILITY_ASG_WARM_POOL"` - `"RUNNER_CAPABILITY_PORT_AUTHENTICATION"` - `gatewayInfo: optional GatewayInfo` gateway_info is information about the gateway to which the runner is connected. - `gateway: optional Gateway` Gateway represents a system gateway that provides access to services - `name: string` name is the human-readable name of the gateway. name is unique across all gateways. - `url: string` url of the gateway - `region: optional string` region is the geographical region where the gateway is located - `latency: optional string` latency is the round-trip time of the runner to the gateway in milliseconds. - `llmUrl: optional string` llm_url is the URL of the LLM service to which the runner is connected. - `logUrl: optional string` - `message: optional string` The runner's reported message which is shown to users. This message adds more context to the runner's phase. - `phase: optional RunnerPhase` The runner's reported phase - `publicKey: optional string` public_key is the runner's public key used for encryption (32 bytes) - `region: optional string` region is the region the runner is running in, if applicable. - `supportBundleUrl: optional string` support_bundle_url is the URL at which the runner support bundle can be accessed. This URL provides access to pprof profiles and other debug information. Only available for standalone runners. - `systemDetails: optional string` - `updatedAt: optional string` Time when the status was last updated. - `version: optional string` - `updatedAt: optional string` Time when the Runner was last udpated. ### Runner Search Repositories Response - `RunnerSearchRepositoriesResponse object { lastPage, pagination, repositories }` - `lastPage: optional number` Deprecated: Use pagination token instead. Total pages can be extracted from token. - `pagination: optional object { nextToken }` Pagination information for the response. Token format: "NEXT_PAGE/TOTAL_PAGES/TOTAL_COUNT" (e.g., "2/40/1000"). Use -1 for unknown values (e.g., "2/-1/-1" when totals unavailable). Empty token means no more pages. - `nextToken: optional string` Token passed for retrieving the next set of results. Empty if there are no more results - `repositories: optional array of object { name, url }` List of repositories matching the search criteria - `name: optional string` Repository name (e.g., "my-project") - `url: optional string` Repository URL (e.g., "https://github.com/owner/my-project") ### Runner Update Response - `RunnerUpdateResponse = unknown` # Configurations ## ValidateRunnerConfiguration **post** `/gitpod.v1.RunnerConfigurationService/ValidateRunnerConfiguration` Validates a runner configuration. Use this method to: - Check configuration validity - Verify integration settings - Validate environment classes ### Examples - Validate SCM integration: Checks if an SCM integration is valid. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" scmIntegration: id: "integration-id" scmId: "github" host: "github.com" oauthClientId: "client_id" oauthPlaintextClientSecret: "client_secret" ``` ### Body Parameters - `environmentClass: optional EnvironmentClass` - `id: string` id is the unique identifier of the environment class - `runnerId: string` runner_id is the unique identifier of the runner the environment class belongs to - `configuration: optional array of FieldValue` configuration describes the configuration of the environment class - `key: optional string` - `value: optional string` - `description: optional string` description is a human readable description of the environment class - `displayName: optional string` display_name is the human readable name of the environment class - `enabled: optional boolean` enabled indicates whether the environment class can be used to create new environments. - `runnerId: optional string` - `scmIntegration: optional object { id, host, issuerUrl, 6 more }` - `id: optional string` id is the unique identifier of the SCM integration - `host: optional string` - `issuerUrl: optional string` issuer_url can be set to override the authentication provider URL, if it doesn't match the SCM host. - `oauthClientId: optional string` oauth_client_id is the OAuth app's client ID, if OAuth is configured. If configured, oauth_client_secret must also be set. - `oauthEncryptedClientSecret: optional string` oauth_encrypted_client_secret is the OAuth app's client secret encrypted with the runner's public key, if OAuth is configured. This can be used to e.g. validate an already encrypted client secret of an existing SCM integration. - `oauthPlaintextClientSecret: optional string` oauth_plaintext_client_secret is the OAuth app's client secret in clear text, if OAuth is configured. This can be set to validate any new client secret before it is encrypted and stored. This value will not be stored and get encrypted with the runner's public key before passing it to the runner. - `pat: optional boolean` - `scmId: optional string` scm_id references the scm_id in the runner's configuration schema that this integration is for - `virtualDirectory: optional string` virtual_directory is the virtual directory path for Azure DevOps Server (e.g., "/tfs"). This field is only used for Azure DevOps Server SCM integrations and should be empty for other SCM types. Azure DevOps Server APIs work without collection when PAT scope is 'All accessible organizations'. ### Returns - `environmentClass: optional EnvironmentClassValidationResult` - `configurationErrors: optional array of FieldValidationError` - `error: optional string` - `key: optional string` - `descriptionError: optional string` - `displayNameError: optional string` - `valid: optional boolean` - `scmIntegration: optional ScmIntegrationValidationResult` - `hostError: optional string` - `oauthError: optional string` - `patError: optional string` - `scmIdError: optional string` - `valid: optional boolean` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/ValidateRunnerConfiguration \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "environmentClass": { "configurationErrors": [ { "error": "error", "key": "key" } ], "descriptionError": "descriptionError", "displayNameError": "displayNameError", "valid": true }, "scmIntegration": { "hostError": "hostError", "oauthError": "oauthError", "patError": "patError", "scmIdError": "scmIdError", "valid": true } } ``` ## Domain Types ### Environment Class Validation Result - `EnvironmentClassValidationResult object { configurationErrors, descriptionError, displayNameError, valid }` - `configurationErrors: optional array of FieldValidationError` - `error: optional string` - `key: optional string` - `descriptionError: optional string` - `displayNameError: optional string` - `valid: optional boolean` ### Field Validation Error - `FieldValidationError object { error, key }` - `error: optional string` - `key: optional string` ### Scm Integration Validation Result - `ScmIntegrationValidationResult object { hostError, oauthError, patError, 2 more }` - `hostError: optional string` - `oauthError: optional string` - `patError: optional string` - `scmIdError: optional string` - `valid: optional boolean` ### Configuration Validate Response - `ConfigurationValidateResponse object { environmentClass, scmIntegration }` - `environmentClass: optional EnvironmentClassValidationResult` - `configurationErrors: optional array of FieldValidationError` - `error: optional string` - `key: optional string` - `descriptionError: optional string` - `displayNameError: optional string` - `valid: optional boolean` - `scmIntegration: optional ScmIntegrationValidationResult` - `hostError: optional string` - `oauthError: optional string` - `patError: optional string` - `scmIdError: optional string` - `valid: optional boolean` # Environment Classes ## CreateEnvironmentClass **post** `/gitpod.v1.RunnerConfigurationService/CreateEnvironmentClass` Creates a new environment class for a runner. Use this method to: - Define compute resources - Configure environment settings - Set up runtime options ### Examples - Create environment class: Creates a new environment configuration. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" displayName: "Large Instance" description: "8 CPU, 16GB RAM" configuration: - key: "cpu" value: "8" - key: "memory" value: "16384" ``` ### Body Parameters - `configuration: optional array of FieldValue` - `key: optional string` - `value: optional string` - `description: optional string` - `displayName: optional string` - `runnerId: optional string` ### Returns - `id: optional string` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/CreateEnvironmentClass \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "id": "id" } ``` ## ListEnvironmentClasses **post** `/gitpod.v1.RunnerConfigurationService/ListEnvironmentClasses` Lists environment classes with optional filtering. Use this method to: - View available classes - Filter by capability - Check enabled status ### Examples - List all classes: Shows all environment classes. ```yaml pagination: pageSize: 20 ``` - Filter enabled classes: Lists only enabled environment classes. ```yaml filter: enabled: true pagination: pageSize: 20 ``` buf:lint:ignore RPC_REQUEST_RESPONSE_UNIQUE ### Query Parameters - `token: optional string` - `pageSize: optional number` ### Body Parameters - `filter: optional object { canCreateEnvironments, enabled, runnerIds, 2 more }` - `canCreateEnvironments: optional boolean` can_create_environments filters the response to only environment classes that can be used to create new environments by the caller. Unlike enabled, which indicates general availability, this ensures the caller only sees environment classes they are allowed to use. - `enabled: optional boolean` enabled filters the response to only enabled or disabled environment classes. If not set, all environment classes are returned. - `runnerIds: optional array of string` runner_ids filters the response to only EnvironmentClasses of these Runner IDs - `runnerKinds: optional array of RunnerKind` runner_kind filters the response to only environment classes from runners of these kinds. - `"RUNNER_KIND_UNSPECIFIED"` - `"RUNNER_KIND_LOCAL"` - `"RUNNER_KIND_REMOTE"` - `"RUNNER_KIND_LOCAL_CONFIGURATION"` - `runnerProviders: optional array of RunnerProvider` runner_providers filters the response to only environment classes from runners of these providers. - `"RUNNER_PROVIDER_UNSPECIFIED"` - `"RUNNER_PROVIDER_AWS_EC2"` - `"RUNNER_PROVIDER_LINUX_HOST"` - `"RUNNER_PROVIDER_DESKTOP_MAC"` - `"RUNNER_PROVIDER_MANAGED"` - `"RUNNER_PROVIDER_GCP"` - `"RUNNER_PROVIDER_DEV_AGENT"` - `pagination: optional object { token, pageSize }` pagination contains the pagination options for listing environment classes - `token: optional string` Token for the next set of results that was returned as next_token of a PaginationResponse - `pageSize: optional number` Page size is the maximum number of results to retrieve per page. Defaults to 25. Maximum 100. ### Returns - `environmentClasses: optional array of EnvironmentClass` - `id: string` id is the unique identifier of the environment class - `runnerId: string` runner_id is the unique identifier of the runner the environment class belongs to - `configuration: optional array of FieldValue` configuration describes the configuration of the environment class - `key: optional string` - `value: optional string` - `description: optional string` description is a human readable description of the environment class - `displayName: optional string` display_name is the human readable name of the environment class - `enabled: optional boolean` enabled indicates whether the environment class can be used to create new environments. - `pagination: optional object { nextToken }` pagination contains the pagination options for listing environment classes - `nextToken: optional string` Token passed for retrieving the next set of results. Empty if there are no more results ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/ListEnvironmentClasses \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "environmentClasses": [ { "id": "id", "runnerId": "runnerId", "configuration": [ { "key": "key", "value": "value" } ], "description": "xxx", "displayName": "xxx", "enabled": true } ], "pagination": { "nextToken": "nextToken" } } ``` ## GetEnvironmentClass **post** `/gitpod.v1.RunnerConfigurationService/GetEnvironmentClass` Gets details about a specific environment class. Use this method to: - View class configuration - Check resource settings - Verify availability ### Examples - Get class details: Retrieves information about a specific class. ```yaml environmentClassId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` ### Body Parameters - `environmentClassId: optional string` ### Returns - `environmentClass: optional EnvironmentClass` - `id: string` id is the unique identifier of the environment class - `runnerId: string` runner_id is the unique identifier of the runner the environment class belongs to - `configuration: optional array of FieldValue` configuration describes the configuration of the environment class - `key: optional string` - `value: optional string` - `description: optional string` description is a human readable description of the environment class - `displayName: optional string` display_name is the human readable name of the environment class - `enabled: optional boolean` enabled indicates whether the environment class can be used to create new environments. ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/GetEnvironmentClass \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "environmentClass": { "id": "id", "runnerId": "runnerId", "configuration": [ { "key": "key", "value": "value" } ], "description": "xxx", "displayName": "xxx", "enabled": true } } ``` ## UpdateEnvironmentClass **post** `/gitpod.v1.RunnerConfigurationService/UpdateEnvironmentClass` Updates an environment class. Use this method to: - Modify class settings - Update resource limits - Change availability ### Examples - Update class: Changes class configuration. ```yaml environmentClassId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" displayName: "Updated Large Instance" description: "16 CPU, 32GB RAM" enabled: true ``` ### Body Parameters - `description: optional string` - `displayName: optional string` - `enabled: optional boolean` - `environmentClassId: optional string` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/UpdateEnvironmentClass \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json {} ``` ## Domain Types ### Environment Class Create Response - `EnvironmentClassCreateResponse object { id }` - `id: optional string` ### Environment Class Retrieve Response - `EnvironmentClassRetrieveResponse object { environmentClass }` - `environmentClass: optional EnvironmentClass` - `id: string` id is the unique identifier of the environment class - `runnerId: string` runner_id is the unique identifier of the runner the environment class belongs to - `configuration: optional array of FieldValue` configuration describes the configuration of the environment class - `key: optional string` - `value: optional string` - `description: optional string` description is a human readable description of the environment class - `displayName: optional string` display_name is the human readable name of the environment class - `enabled: optional boolean` enabled indicates whether the environment class can be used to create new environments. ### Environment Class Update Response - `EnvironmentClassUpdateResponse = unknown` # Host Authentication Tokens ## CreateHostAuthenticationToken **post** `/gitpod.v1.RunnerConfigurationService/CreateHostAuthenticationToken` Creates a new authentication token for accessing remote hosts. Use this method to: - Set up SCM authentication - Configure OAuth credentials - Manage PAT tokens ### Examples - Create OAuth token: Creates a new OAuth-based authentication token. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" userId: "f53d2330-3795-4c5d-a1f3-453121af9c60" host: "github.com" token: "gho_xxxxxxxxxxxx" source: HOST_AUTHENTICATION_TOKEN_SOURCE_OAUTH expiresAt: "2024-12-31T23:59:59Z" refreshToken: "ghr_xxxxxxxxxxxx" ``` ### Body Parameters - `token: optional string` stored encrypted, retrieved via GetHostAuthenticationTokenValue - `expiresAt: optional string` A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one. All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap second table is needed for interpretation, using a [24-hour linear smear](https://developers.google.com/time/smear). The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. # Examples Example 1: Compute Timestamp from POSIX `time()`. Timestamp timestamp; timestamp.set_seconds(time(NULL)); timestamp.set_nanos(0); Example 2: Compute Timestamp from POSIX `gettimeofday()`. struct timeval tv; gettimeofday(&tv, NULL); Timestamp timestamp; timestamp.set_seconds(tv.tv_sec); timestamp.set_nanos(tv.tv_usec * 1000); Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. FILETIME ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp; timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. long millis = System.currentTimeMillis(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int) ((millis % 1000) * 1000000)).build(); Example 5: Compute Timestamp from Java `Instant.now()`. Instant now = Instant.now(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(now.getEpochSecond()) .setNanos(now.getNano()).build(); Example 6: Compute Timestamp from current time in Python. timestamp = Timestamp() timestamp.GetCurrentTime() # JSON Mapping In JSON format, the Timestamp type is encoded as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by "Z") when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset). For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past 01:30 UTC on January 15, 2017. In JavaScript, one can convert a Date object to this format using the standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) method. In Python, a standard `datetime.datetime` object can be converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime\(\)) to obtain a formatter capable of generating timestamps in this format. - `host: optional string` - `integrationId: optional string` - `refreshToken: optional string` stored encrypted, retrieved via GetHostAuthenticationTokenValue - `runnerId: optional string` - `scopes: optional array of string` Maximum 100 scopes allowed (101 for validation purposes) - `source: optional HostAuthenticationTokenSource` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_UNSPECIFIED"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_OAUTH"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_PAT"` - `subject: optional Subject` Subject identifies the principal (user or service account) for the token - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `userId: optional string` Deprecated: Use principal_id and principal_type instead ### Returns - `token: HostAuthenticationToken` - `id: string` - `expiresAt: optional string` A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one. All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap second table is needed for interpretation, using a [24-hour linear smear](https://developers.google.com/time/smear). The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. # Examples Example 1: Compute Timestamp from POSIX `time()`. Timestamp timestamp; timestamp.set_seconds(time(NULL)); timestamp.set_nanos(0); Example 2: Compute Timestamp from POSIX `gettimeofday()`. struct timeval tv; gettimeofday(&tv, NULL); Timestamp timestamp; timestamp.set_seconds(tv.tv_sec); timestamp.set_nanos(tv.tv_usec * 1000); Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. FILETIME ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp; timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. long millis = System.currentTimeMillis(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int) ((millis % 1000) * 1000000)).build(); Example 5: Compute Timestamp from Java `Instant.now()`. Instant now = Instant.now(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(now.getEpochSecond()) .setNanos(now.getNano()).build(); Example 6: Compute Timestamp from current time in Python. timestamp = Timestamp() timestamp.GetCurrentTime() # JSON Mapping In JSON format, the Timestamp type is encoded as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by "Z") when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset). For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past 01:30 UTC on January 15, 2017. In JavaScript, one can convert a Date object to this format using the standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) method. In Python, a standard `datetime.datetime` object can be converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime\(\)) to obtain a formatter capable of generating timestamps in this format. - `host: optional string` - `integrationId: optional string` links to integration instance - `runnerId: optional string` - `scopes: optional array of string` token permissions - `source: optional HostAuthenticationTokenSource` auth_type - `"HOST_AUTHENTICATION_TOKEN_SOURCE_UNSPECIFIED"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_OAUTH"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_PAT"` - `subject: optional Subject` Subject identifies the principal (user or service account) for the token Note: actual token and refresh_token values are retrieved via GetHostAuthenticationTokenValue API - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `userId: optional string` Deprecated: Use principal_id and principal_type instead principal (user) ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/CreateHostAuthenticationToken \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "token": { "id": "id", "expiresAt": "2019-12-27T18:11:19.117Z", "host": "host", "integrationId": "integrationId", "runnerId": "runnerId", "scopes": [ "string" ], "source": "HOST_AUTHENTICATION_TOKEN_SOURCE_UNSPECIFIED", "subject": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" }, "userId": "userId" } } ``` ## DeleteHostAuthenticationToken **post** `/gitpod.v1.RunnerConfigurationService/DeleteHostAuthenticationToken` Deletes a host authentication token. Use this method to: - Remove unused tokens - Revoke access - Clean up expired tokens ### Examples - Delete token: Permanently removes a token. ```yaml id: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` ### Body Parameters - `id: optional string` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/DeleteHostAuthenticationToken \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json {} ``` ## ListHostAuthenticationTokens **post** `/gitpod.v1.RunnerConfigurationService/ListHostAuthenticationTokens` Lists host authentication tokens with optional filtering. Use this method to: - View all tokens - Filter by runner or user - Monitor token status ### Examples - List all tokens: Shows all tokens with pagination. ```yaml pagination: pageSize: 20 ``` - Filter by runner: Lists tokens for a specific runner. ```yaml filter: runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" pagination: pageSize: 20 ``` ### Query Parameters - `token: optional string` - `pageSize: optional number` ### Body Parameters - `filter: optional object { runnerId, subjectId, userId }` - `runnerId: optional string` - `subjectId: optional string` Filter by subject (user or service account) - `userId: optional string` Deprecated: Use principal_id instead - `pagination: optional object { token, pageSize }` - `token: optional string` Token for the next set of results that was returned as next_token of a PaginationResponse - `pageSize: optional number` Page size is the maximum number of results to retrieve per page. Defaults to 25. Maximum 100. ### Returns - `pagination: optional object { nextToken }` - `nextToken: optional string` Token passed for retrieving the next set of results. Empty if there are no more results - `tokens: optional array of HostAuthenticationToken` - `id: string` - `expiresAt: optional string` A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one. All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap second table is needed for interpretation, using a [24-hour linear smear](https://developers.google.com/time/smear). The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. # Examples Example 1: Compute Timestamp from POSIX `time()`. Timestamp timestamp; timestamp.set_seconds(time(NULL)); timestamp.set_nanos(0); Example 2: Compute Timestamp from POSIX `gettimeofday()`. struct timeval tv; gettimeofday(&tv, NULL); Timestamp timestamp; timestamp.set_seconds(tv.tv_sec); timestamp.set_nanos(tv.tv_usec * 1000); Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. FILETIME ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp; timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. long millis = System.currentTimeMillis(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int) ((millis % 1000) * 1000000)).build(); Example 5: Compute Timestamp from Java `Instant.now()`. Instant now = Instant.now(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(now.getEpochSecond()) .setNanos(now.getNano()).build(); Example 6: Compute Timestamp from current time in Python. timestamp = Timestamp() timestamp.GetCurrentTime() # JSON Mapping In JSON format, the Timestamp type is encoded as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by "Z") when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset). For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past 01:30 UTC on January 15, 2017. In JavaScript, one can convert a Date object to this format using the standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) method. In Python, a standard `datetime.datetime` object can be converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime\(\)) to obtain a formatter capable of generating timestamps in this format. - `host: optional string` - `integrationId: optional string` links to integration instance - `runnerId: optional string` - `scopes: optional array of string` token permissions - `source: optional HostAuthenticationTokenSource` auth_type - `"HOST_AUTHENTICATION_TOKEN_SOURCE_UNSPECIFIED"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_OAUTH"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_PAT"` - `subject: optional Subject` Subject identifies the principal (user or service account) for the token Note: actual token and refresh_token values are retrieved via GetHostAuthenticationTokenValue API - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `userId: optional string` Deprecated: Use principal_id and principal_type instead principal (user) ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/ListHostAuthenticationTokens \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "pagination": { "nextToken": "nextToken" }, "tokens": [ { "id": "id", "expiresAt": "2019-12-27T18:11:19.117Z", "host": "host", "integrationId": "integrationId", "runnerId": "runnerId", "scopes": [ "string" ], "source": "HOST_AUTHENTICATION_TOKEN_SOURCE_UNSPECIFIED", "subject": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" }, "userId": "userId" } ] } ``` ## GetHostAuthenticationToken **post** `/gitpod.v1.RunnerConfigurationService/GetHostAuthenticationToken` Gets details about a specific host authentication token. Use this method to: - View token information - Check token expiration - Verify token validity ### Examples - Get token details: Retrieves information about a specific token. ```yaml id: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` ### Body Parameters - `id: optional string` ### Returns - `token: HostAuthenticationToken` - `id: string` - `expiresAt: optional string` A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one. All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap second table is needed for interpretation, using a [24-hour linear smear](https://developers.google.com/time/smear). The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. # Examples Example 1: Compute Timestamp from POSIX `time()`. Timestamp timestamp; timestamp.set_seconds(time(NULL)); timestamp.set_nanos(0); Example 2: Compute Timestamp from POSIX `gettimeofday()`. struct timeval tv; gettimeofday(&tv, NULL); Timestamp timestamp; timestamp.set_seconds(tv.tv_sec); timestamp.set_nanos(tv.tv_usec * 1000); Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. FILETIME ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp; timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. long millis = System.currentTimeMillis(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int) ((millis % 1000) * 1000000)).build(); Example 5: Compute Timestamp from Java `Instant.now()`. Instant now = Instant.now(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(now.getEpochSecond()) .setNanos(now.getNano()).build(); Example 6: Compute Timestamp from current time in Python. timestamp = Timestamp() timestamp.GetCurrentTime() # JSON Mapping In JSON format, the Timestamp type is encoded as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by "Z") when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset). For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past 01:30 UTC on January 15, 2017. In JavaScript, one can convert a Date object to this format using the standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) method. In Python, a standard `datetime.datetime` object can be converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime\(\)) to obtain a formatter capable of generating timestamps in this format. - `host: optional string` - `integrationId: optional string` links to integration instance - `runnerId: optional string` - `scopes: optional array of string` token permissions - `source: optional HostAuthenticationTokenSource` auth_type - `"HOST_AUTHENTICATION_TOKEN_SOURCE_UNSPECIFIED"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_OAUTH"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_PAT"` - `subject: optional Subject` Subject identifies the principal (user or service account) for the token Note: actual token and refresh_token values are retrieved via GetHostAuthenticationTokenValue API - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `userId: optional string` Deprecated: Use principal_id and principal_type instead principal (user) ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/GetHostAuthenticationToken \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "token": { "id": "id", "expiresAt": "2019-12-27T18:11:19.117Z", "host": "host", "integrationId": "integrationId", "runnerId": "runnerId", "scopes": [ "string" ], "source": "HOST_AUTHENTICATION_TOKEN_SOURCE_UNSPECIFIED", "subject": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" }, "userId": "userId" } } ``` ## UpdateHostAuthenticationToken **post** `/gitpod.v1.RunnerConfigurationService/UpdateHostAuthenticationToken` Updates an existing host authentication token. Use this method to: - Refresh token values - Update expiration - Modify token settings ### Examples - Update token: Updates token value and expiration. ```yaml id: "d2c94c27-3b76-4a42-b88c-95a85e392c68" token: "gho_xxxxxxxxxxxx" expiresAt: "2024-12-31T23:59:59Z" refreshToken: "ghr_xxxxxxxxxxxx" ``` ### Body Parameters - `id: optional string` - `token: optional string` - `expiresAt: optional string` A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one. All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap second table is needed for interpretation, using a [24-hour linear smear](https://developers.google.com/time/smear). The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. # Examples Example 1: Compute Timestamp from POSIX `time()`. Timestamp timestamp; timestamp.set_seconds(time(NULL)); timestamp.set_nanos(0); Example 2: Compute Timestamp from POSIX `gettimeofday()`. struct timeval tv; gettimeofday(&tv, NULL); Timestamp timestamp; timestamp.set_seconds(tv.tv_sec); timestamp.set_nanos(tv.tv_usec * 1000); Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. FILETIME ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp; timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. long millis = System.currentTimeMillis(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int) ((millis % 1000) * 1000000)).build(); Example 5: Compute Timestamp from Java `Instant.now()`. Instant now = Instant.now(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(now.getEpochSecond()) .setNanos(now.getNano()).build(); Example 6: Compute Timestamp from current time in Python. timestamp = Timestamp() timestamp.GetCurrentTime() # JSON Mapping In JSON format, the Timestamp type is encoded as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by "Z") when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset). For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past 01:30 UTC on January 15, 2017. In JavaScript, one can convert a Date object to this format using the standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) method. In Python, a standard `datetime.datetime` object can be converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime\(\)) to obtain a formatter capable of generating timestamps in this format. - `refreshToken: optional string` - `scopes: optional array of string` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/UpdateHostAuthenticationToken \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json {} ``` ## Domain Types ### Host Authentication Token - `HostAuthenticationToken object { id, expiresAt, host, 6 more }` - `id: string` - `expiresAt: optional string` A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one. All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap second table is needed for interpretation, using a [24-hour linear smear](https://developers.google.com/time/smear). The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. # Examples Example 1: Compute Timestamp from POSIX `time()`. Timestamp timestamp; timestamp.set_seconds(time(NULL)); timestamp.set_nanos(0); Example 2: Compute Timestamp from POSIX `gettimeofday()`. struct timeval tv; gettimeofday(&tv, NULL); Timestamp timestamp; timestamp.set_seconds(tv.tv_sec); timestamp.set_nanos(tv.tv_usec * 1000); Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. FILETIME ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp; timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. long millis = System.currentTimeMillis(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int) ((millis % 1000) * 1000000)).build(); Example 5: Compute Timestamp from Java `Instant.now()`. Instant now = Instant.now(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(now.getEpochSecond()) .setNanos(now.getNano()).build(); Example 6: Compute Timestamp from current time in Python. timestamp = Timestamp() timestamp.GetCurrentTime() # JSON Mapping In JSON format, the Timestamp type is encoded as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by "Z") when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset). For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past 01:30 UTC on January 15, 2017. In JavaScript, one can convert a Date object to this format using the standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) method. In Python, a standard `datetime.datetime` object can be converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime\(\)) to obtain a formatter capable of generating timestamps in this format. - `host: optional string` - `integrationId: optional string` links to integration instance - `runnerId: optional string` - `scopes: optional array of string` token permissions - `source: optional HostAuthenticationTokenSource` auth_type - `"HOST_AUTHENTICATION_TOKEN_SOURCE_UNSPECIFIED"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_OAUTH"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_PAT"` - `subject: optional Subject` Subject identifies the principal (user or service account) for the token Note: actual token and refresh_token values are retrieved via GetHostAuthenticationTokenValue API - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `userId: optional string` Deprecated: Use principal_id and principal_type instead principal (user) ### Host Authentication Token Source - `HostAuthenticationTokenSource = "HOST_AUTHENTICATION_TOKEN_SOURCE_UNSPECIFIED" or "HOST_AUTHENTICATION_TOKEN_SOURCE_OAUTH" or "HOST_AUTHENTICATION_TOKEN_SOURCE_PAT"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_UNSPECIFIED"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_OAUTH"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_PAT"` ### Host Authentication Token Create Response - `HostAuthenticationTokenCreateResponse object { token }` - `token: HostAuthenticationToken` - `id: string` - `expiresAt: optional string` A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one. All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap second table is needed for interpretation, using a [24-hour linear smear](https://developers.google.com/time/smear). The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. # Examples Example 1: Compute Timestamp from POSIX `time()`. Timestamp timestamp; timestamp.set_seconds(time(NULL)); timestamp.set_nanos(0); Example 2: Compute Timestamp from POSIX `gettimeofday()`. struct timeval tv; gettimeofday(&tv, NULL); Timestamp timestamp; timestamp.set_seconds(tv.tv_sec); timestamp.set_nanos(tv.tv_usec * 1000); Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. FILETIME ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp; timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. long millis = System.currentTimeMillis(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int) ((millis % 1000) * 1000000)).build(); Example 5: Compute Timestamp from Java `Instant.now()`. Instant now = Instant.now(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(now.getEpochSecond()) .setNanos(now.getNano()).build(); Example 6: Compute Timestamp from current time in Python. timestamp = Timestamp() timestamp.GetCurrentTime() # JSON Mapping In JSON format, the Timestamp type is encoded as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by "Z") when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset). For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past 01:30 UTC on January 15, 2017. In JavaScript, one can convert a Date object to this format using the standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) method. In Python, a standard `datetime.datetime` object can be converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime\(\)) to obtain a formatter capable of generating timestamps in this format. - `host: optional string` - `integrationId: optional string` links to integration instance - `runnerId: optional string` - `scopes: optional array of string` token permissions - `source: optional HostAuthenticationTokenSource` auth_type - `"HOST_AUTHENTICATION_TOKEN_SOURCE_UNSPECIFIED"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_OAUTH"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_PAT"` - `subject: optional Subject` Subject identifies the principal (user or service account) for the token Note: actual token and refresh_token values are retrieved via GetHostAuthenticationTokenValue API - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `userId: optional string` Deprecated: Use principal_id and principal_type instead principal (user) ### Host Authentication Token Delete Response - `HostAuthenticationTokenDeleteResponse = unknown` ### Host Authentication Token Retrieve Response - `HostAuthenticationTokenRetrieveResponse object { token }` - `token: HostAuthenticationToken` - `id: string` - `expiresAt: optional string` A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one. All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap second table is needed for interpretation, using a [24-hour linear smear](https://developers.google.com/time/smear). The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. # Examples Example 1: Compute Timestamp from POSIX `time()`. Timestamp timestamp; timestamp.set_seconds(time(NULL)); timestamp.set_nanos(0); Example 2: Compute Timestamp from POSIX `gettimeofday()`. struct timeval tv; gettimeofday(&tv, NULL); Timestamp timestamp; timestamp.set_seconds(tv.tv_sec); timestamp.set_nanos(tv.tv_usec * 1000); Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. FILETIME ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp; timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. long millis = System.currentTimeMillis(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int) ((millis % 1000) * 1000000)).build(); Example 5: Compute Timestamp from Java `Instant.now()`. Instant now = Instant.now(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(now.getEpochSecond()) .setNanos(now.getNano()).build(); Example 6: Compute Timestamp from current time in Python. timestamp = Timestamp() timestamp.GetCurrentTime() # JSON Mapping In JSON format, the Timestamp type is encoded as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by "Z") when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset). For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past 01:30 UTC on January 15, 2017. In JavaScript, one can convert a Date object to this format using the standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) method. In Python, a standard `datetime.datetime` object can be converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime\(\)) to obtain a formatter capable of generating timestamps in this format. - `host: optional string` - `integrationId: optional string` links to integration instance - `runnerId: optional string` - `scopes: optional array of string` token permissions - `source: optional HostAuthenticationTokenSource` auth_type - `"HOST_AUTHENTICATION_TOKEN_SOURCE_UNSPECIFIED"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_OAUTH"` - `"HOST_AUTHENTICATION_TOKEN_SOURCE_PAT"` - `subject: optional Subject` Subject identifies the principal (user or service account) for the token Note: actual token and refresh_token values are retrieved via GetHostAuthenticationTokenValue API - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `userId: optional string` Deprecated: Use principal_id and principal_type instead principal (user) ### Host Authentication Token Update Response - `HostAuthenticationTokenUpdateResponse = unknown` # Schema ## GetRunnerConfigurationSchema **post** `/gitpod.v1.RunnerConfigurationService/GetRunnerConfigurationSchema` Gets the latest runner configuration schema. Use this method to: - View available settings - Check configuration options - Validate configurations ### Examples - Get schema: Retrieves configuration schema for a runner. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` ### Body Parameters - `runnerId: optional string` ### Returns - `schema: optional RunnerConfigurationSchema` - `environmentClasses: optional array of object { id, bool, description, 7 more }` - `id: optional string` - `bool: optional object { default }` - `default: optional boolean` - `description: optional string` - `display: optional object { default }` - `default: optional string` - `enum: optional object { default, defaultValue, possibleValues, values }` - `default: optional string` deprecated, will be removed, use default_value instead - `defaultValue: optional object { detail, subtitle, title }` - `detail: optional string` - `subtitle: optional string` - `title: optional string` - `possibleValues: optional array of object { detail, subtitle, title }` - `detail: optional string` - `subtitle: optional string` - `title: optional string` - `values: optional array of string` deprecated, will be removed, use possible_values instead - `int: optional object { default, max, min }` - `default: optional number` - `max: optional number` - `min: optional number` - `name: optional string` - `required: optional boolean` - `secret: optional boolean` - `string: optional object { default, pattern }` - `default: optional string` - `pattern: optional string` - `runnerConfig: optional array of object { id, bool, description, 7 more }` - `id: optional string` - `bool: optional object { default }` - `default: optional boolean` - `description: optional string` - `display: optional object { default }` - `default: optional string` - `enum: optional object { default, defaultValue, possibleValues, values }` - `default: optional string` deprecated, will be removed, use default_value instead - `defaultValue: optional object { detail, subtitle, title }` - `detail: optional string` - `subtitle: optional string` - `title: optional string` - `possibleValues: optional array of object { detail, subtitle, title }` - `detail: optional string` - `subtitle: optional string` - `title: optional string` - `values: optional array of string` deprecated, will be removed, use possible_values instead - `int: optional object { default, max, min }` - `default: optional number` - `max: optional number` - `min: optional number` - `name: optional string` - `required: optional boolean` - `secret: optional boolean` - `string: optional object { default, pattern }` - `default: optional string` - `pattern: optional string` - `scm: optional array of object { defaultHosts, name, oauth, 2 more }` - `defaultHosts: optional array of string` - `name: optional string` - `oauth: optional object { callbackUrl }` - `callbackUrl: optional string` callback_url is the URL the OAuth app will redirect to after the user has authenticated. - `pat: optional object { description, docsLink }` - `description: optional string` description is a human-readable description of the PAT. - `docsLink: optional string` docs_link is a link to the documentation on how to create a PAT for this SCM system. - `scmId: optional string` - `version: optional string` The schema version ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/GetRunnerConfigurationSchema \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "schema": { "environmentClasses": [ { "id": "id", "bool": { "default": true }, "description": "description", "display": { "default": "default" }, "enum": { "default": "default", "defaultValue": { "detail": "detail", "subtitle": "subtitle", "title": "title" }, "possibleValues": [ { "detail": "detail", "subtitle": "subtitle", "title": "title" } ], "values": [ "string" ] }, "int": { "default": 0, "max": 0, "min": 0 }, "name": "name", "required": true, "secret": true, "string": { "default": "default", "pattern": "pattern" } } ], "runnerConfig": [ { "id": "id", "bool": { "default": true }, "description": "description", "display": { "default": "default" }, "enum": { "default": "default", "defaultValue": { "detail": "detail", "subtitle": "subtitle", "title": "title" }, "possibleValues": [ { "detail": "detail", "subtitle": "subtitle", "title": "title" } ], "values": [ "string" ] }, "int": { "default": 0, "max": 0, "min": 0 }, "name": "name", "required": true, "secret": true, "string": { "default": "default", "pattern": "pattern" } } ], "scm": [ { "defaultHosts": [ "string" ], "name": "name", "oauth": { "callbackUrl": "callbackUrl" }, "pat": { "description": "description", "docsLink": "docsLink" }, "scmId": "scmId" } ], "version": "version" } } ``` ## Domain Types ### Runner Configuration Schema - `RunnerConfigurationSchema object { environmentClasses, runnerConfig, scm, version }` - `environmentClasses: optional array of object { id, bool, description, 7 more }` - `id: optional string` - `bool: optional object { default }` - `default: optional boolean` - `description: optional string` - `display: optional object { default }` - `default: optional string` - `enum: optional object { default, defaultValue, possibleValues, values }` - `default: optional string` deprecated, will be removed, use default_value instead - `defaultValue: optional object { detail, subtitle, title }` - `detail: optional string` - `subtitle: optional string` - `title: optional string` - `possibleValues: optional array of object { detail, subtitle, title }` - `detail: optional string` - `subtitle: optional string` - `title: optional string` - `values: optional array of string` deprecated, will be removed, use possible_values instead - `int: optional object { default, max, min }` - `default: optional number` - `max: optional number` - `min: optional number` - `name: optional string` - `required: optional boolean` - `secret: optional boolean` - `string: optional object { default, pattern }` - `default: optional string` - `pattern: optional string` - `runnerConfig: optional array of object { id, bool, description, 7 more }` - `id: optional string` - `bool: optional object { default }` - `default: optional boolean` - `description: optional string` - `display: optional object { default }` - `default: optional string` - `enum: optional object { default, defaultValue, possibleValues, values }` - `default: optional string` deprecated, will be removed, use default_value instead - `defaultValue: optional object { detail, subtitle, title }` - `detail: optional string` - `subtitle: optional string` - `title: optional string` - `possibleValues: optional array of object { detail, subtitle, title }` - `detail: optional string` - `subtitle: optional string` - `title: optional string` - `values: optional array of string` deprecated, will be removed, use possible_values instead - `int: optional object { default, max, min }` - `default: optional number` - `max: optional number` - `min: optional number` - `name: optional string` - `required: optional boolean` - `secret: optional boolean` - `string: optional object { default, pattern }` - `default: optional string` - `pattern: optional string` - `scm: optional array of object { defaultHosts, name, oauth, 2 more }` - `defaultHosts: optional array of string` - `name: optional string` - `oauth: optional object { callbackUrl }` - `callbackUrl: optional string` callback_url is the URL the OAuth app will redirect to after the user has authenticated. - `pat: optional object { description, docsLink }` - `description: optional string` description is a human-readable description of the PAT. - `docsLink: optional string` docs_link is a link to the documentation on how to create a PAT for this SCM system. - `scmId: optional string` - `version: optional string` The schema version ### Schema Retrieve Response - `SchemaRetrieveResponse object { schema }` - `schema: optional RunnerConfigurationSchema` - `environmentClasses: optional array of object { id, bool, description, 7 more }` - `id: optional string` - `bool: optional object { default }` - `default: optional boolean` - `description: optional string` - `display: optional object { default }` - `default: optional string` - `enum: optional object { default, defaultValue, possibleValues, values }` - `default: optional string` deprecated, will be removed, use default_value instead - `defaultValue: optional object { detail, subtitle, title }` - `detail: optional string` - `subtitle: optional string` - `title: optional string` - `possibleValues: optional array of object { detail, subtitle, title }` - `detail: optional string` - `subtitle: optional string` - `title: optional string` - `values: optional array of string` deprecated, will be removed, use possible_values instead - `int: optional object { default, max, min }` - `default: optional number` - `max: optional number` - `min: optional number` - `name: optional string` - `required: optional boolean` - `secret: optional boolean` - `string: optional object { default, pattern }` - `default: optional string` - `pattern: optional string` - `runnerConfig: optional array of object { id, bool, description, 7 more }` - `id: optional string` - `bool: optional object { default }` - `default: optional boolean` - `description: optional string` - `display: optional object { default }` - `default: optional string` - `enum: optional object { default, defaultValue, possibleValues, values }` - `default: optional string` deprecated, will be removed, use default_value instead - `defaultValue: optional object { detail, subtitle, title }` - `detail: optional string` - `subtitle: optional string` - `title: optional string` - `possibleValues: optional array of object { detail, subtitle, title }` - `detail: optional string` - `subtitle: optional string` - `title: optional string` - `values: optional array of string` deprecated, will be removed, use possible_values instead - `int: optional object { default, max, min }` - `default: optional number` - `max: optional number` - `min: optional number` - `name: optional string` - `required: optional boolean` - `secret: optional boolean` - `string: optional object { default, pattern }` - `default: optional string` - `pattern: optional string` - `scm: optional array of object { defaultHosts, name, oauth, 2 more }` - `defaultHosts: optional array of string` - `name: optional string` - `oauth: optional object { callbackUrl }` - `callbackUrl: optional string` callback_url is the URL the OAuth app will redirect to after the user has authenticated. - `pat: optional object { description, docsLink }` - `description: optional string` description is a human-readable description of the PAT. - `docsLink: optional string` docs_link is a link to the documentation on how to create a PAT for this SCM system. - `scmId: optional string` - `version: optional string` The schema version # Scm Integrations ## CreateSCMIntegration **post** `/gitpod.v1.RunnerConfigurationService/CreateSCMIntegration` Creates a new SCM integration for a runner. Use this method to: - Configure source control access - Set up repository integrations - Enable code synchronization ### Examples - Create GitHub integration: Sets up GitHub SCM integration. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" scmId: "github" host: "github.com" oauthClientId: "client_id" oauthPlaintextClientSecret: "client_secret" ``` ### Body Parameters - `host: optional string` - `issuerUrl: optional string` issuer_url can be set to override the authentication provider URL, if it doesn't match the SCM host. - `oauthClientId: optional string` oauth_client_id is the OAuth app's client ID, if OAuth is configured. If configured, oauth_plaintext_client_secret must also be set. - `oauthPlaintextClientSecret: optional string` oauth_plaintext_client_secret is the OAuth app's client secret in clear text. This will first be encrypted with the runner's public key before being stored. - `pat: optional boolean` - `runnerId: optional string` - `scmId: optional string` scm_id references the scm_id in the runner's configuration schema that this integration is for - `virtualDirectory: optional string` virtual_directory is the virtual directory path for Azure DevOps Server (e.g., "/tfs"). This field is only used for Azure DevOps Server SCM integrations and should be empty for other SCM types. Azure DevOps Server APIs work without collection when PAT scope is 'All accessible organizations'. ### Returns - `id: optional string` id is a uniquely generated identifier for the SCM integration ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/CreateSCMIntegration \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e" } ``` ## DeleteSCMIntegration **post** `/gitpod.v1.RunnerConfigurationService/DeleteSCMIntegration` Deletes an SCM integration. Use this method to: - Remove unused integrations - Clean up configurations - Revoke SCM access ### Examples - Delete integration: Removes an SCM integration. ```yaml id: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` ### Body Parameters - `id: optional string` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/DeleteSCMIntegration \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json {} ``` ## ListSCMIntegrations **post** `/gitpod.v1.RunnerConfigurationService/ListSCMIntegrations` Lists SCM integrations for a runner. Use this method to: - View all integrations - Monitor integration status - Check available SCMs ### Examples - List integrations: Shows all SCM integrations. ```yaml filter: runnerIds: ["d2c94c27-3b76-4a42-b88c-95a85e392c68"] pagination: pageSize: 20 ``` ### Query Parameters - `token: optional string` - `pageSize: optional number` ### Body Parameters - `filter: optional object { runnerIds }` - `runnerIds: optional array of string` runner_ids filters the response to only SCM integrations of these Runner IDs - `pagination: optional object { token, pageSize }` pagination contains the pagination options for listing scm integrations - `token: optional string` Token for the next set of results that was returned as next_token of a PaginationResponse - `pageSize: optional number` Page size is the maximum number of results to retrieve per page. Defaults to 25. Maximum 100. ### Returns - `integrations: optional array of ScmIntegration` - `id: optional string` id is the unique identifier of the SCM integration - `host: optional string` - `oauth: optional ScmIntegrationOAuthConfig` - `clientId: optional string` client_id is the OAuth app's client ID in clear text. - `encryptedClientSecret: optional string` encrypted_client_secret is the OAuth app's secret encrypted with the runner's public key. - `issuerUrl: optional string` issuer_url is used to override the authentication provider URL, if it doesn't match the SCM host. +optional if not set, this account is owned by the installation. - `pat: optional boolean` - `runnerId: optional string` - `scmId: optional string` scm_id references the scm_id in the runner's configuration schema that this integration is for - `virtualDirectory: optional string` virtual_directory is the virtual directory path for Azure DevOps Server (e.g., "/tfs"). This field is only used for Azure DevOps Server SCM integrations and should be empty for other SCM types. Azure DevOps Server APIs work without collection when PAT scope is 'All accessible organizations'. - `pagination: optional object { nextToken }` pagination contains the pagination options for listing scm integrations - `nextToken: optional string` Token passed for retrieving the next set of results. Empty if there are no more results ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/ListSCMIntegrations \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "integrations": [ { "id": "id", "host": "host", "oauth": { "clientId": "clientId", "encryptedClientSecret": "U3RhaW5sZXNzIHJvY2tz", "issuerUrl": "issuerUrl" }, "pat": true, "runnerId": "runnerId", "scmId": "scmId", "virtualDirectory": "virtualDirectory" } ], "pagination": { "nextToken": "nextToken" } } ``` ## GetSCMIntegration **post** `/gitpod.v1.RunnerConfigurationService/GetSCMIntegration` Gets details about a specific SCM integration. Use this method to: - View integration settings - Check integration status - Verify configuration ### Examples - Get integration details: Retrieves information about a specific integration. ```yaml id: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` ### Body Parameters - `id: optional string` ### Returns - `integration: optional ScmIntegration` - `id: optional string` id is the unique identifier of the SCM integration - `host: optional string` - `oauth: optional ScmIntegrationOAuthConfig` - `clientId: optional string` client_id is the OAuth app's client ID in clear text. - `encryptedClientSecret: optional string` encrypted_client_secret is the OAuth app's secret encrypted with the runner's public key. - `issuerUrl: optional string` issuer_url is used to override the authentication provider URL, if it doesn't match the SCM host. +optional if not set, this account is owned by the installation. - `pat: optional boolean` - `runnerId: optional string` - `scmId: optional string` scm_id references the scm_id in the runner's configuration schema that this integration is for - `virtualDirectory: optional string` virtual_directory is the virtual directory path for Azure DevOps Server (e.g., "/tfs"). This field is only used for Azure DevOps Server SCM integrations and should be empty for other SCM types. Azure DevOps Server APIs work without collection when PAT scope is 'All accessible organizations'. ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/GetSCMIntegration \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "integration": { "id": "id", "host": "host", "oauth": { "clientId": "clientId", "encryptedClientSecret": "U3RhaW5sZXNzIHJvY2tz", "issuerUrl": "issuerUrl" }, "pat": true, "runnerId": "runnerId", "scmId": "scmId", "virtualDirectory": "virtualDirectory" } } ``` ## UpdateSCMIntegration **post** `/gitpod.v1.RunnerConfigurationService/UpdateSCMIntegration` Updates an existing SCM integration. Use this method to: - Modify integration settings - Update credentials - Change configuration ### Examples - Update integration: Updates OAuth credentials. ```yaml id: "d2c94c27-3b76-4a42-b88c-95a85e392c68" oauthClientId: "new_client_id" oauthPlaintextClientSecret: "new_client_secret" ``` ### Body Parameters - `id: optional string` - `issuerUrl: optional string` issuer_url can be set to override the authentication provider URL, if it doesn't match the SCM host. - `oauthClientId: optional string` oauth_client_id can be set to update the OAuth app's client ID. If an empty string is set, the OAuth configuration will be removed (regardless of whether a client secret is set), and any existing Host Authentication Tokens for the SCM integration's runner and host that were created using the OAuth app will be deleted. This might lead to users being unable to access their repositories until they re-authenticate. - `oauthPlaintextClientSecret: optional string` oauth_plaintext_client_secret can be set to update the OAuth app's client secret. The cleartext secret will be encrypted with the runner's public key before being stored. - `pat: optional boolean` pat can be set to enable or disable Personal Access Tokens support. When disabling PATs, any existing Host Authentication Tokens for the SCM integration's runner and host that were created using a PAT will be deleted. This might lead to users being unable to access their repositories until they re-authenticate. - `virtualDirectory: optional string` virtual_directory is the virtual directory path for Azure DevOps Server (e.g., "/tfs"). This field is only used for Azure DevOps Server SCM integrations and should be empty for other SCM types. Azure DevOps Server APIs work without collection when PAT scope is 'All accessible organizations'. ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerConfigurationService/UpdateSCMIntegration \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json {} ``` ## Domain Types ### Scm Integration - `ScmIntegration object { id, host, oauth, 4 more }` - `id: optional string` id is the unique identifier of the SCM integration - `host: optional string` - `oauth: optional ScmIntegrationOAuthConfig` - `clientId: optional string` client_id is the OAuth app's client ID in clear text. - `encryptedClientSecret: optional string` encrypted_client_secret is the OAuth app's secret encrypted with the runner's public key. - `issuerUrl: optional string` issuer_url is used to override the authentication provider URL, if it doesn't match the SCM host. +optional if not set, this account is owned by the installation. - `pat: optional boolean` - `runnerId: optional string` - `scmId: optional string` scm_id references the scm_id in the runner's configuration schema that this integration is for - `virtualDirectory: optional string` virtual_directory is the virtual directory path for Azure DevOps Server (e.g., "/tfs"). This field is only used for Azure DevOps Server SCM integrations and should be empty for other SCM types. Azure DevOps Server APIs work without collection when PAT scope is 'All accessible organizations'. ### Scm Integration OAuth Config - `ScmIntegrationOAuthConfig object { clientId, encryptedClientSecret, issuerUrl }` - `clientId: optional string` client_id is the OAuth app's client ID in clear text. - `encryptedClientSecret: optional string` encrypted_client_secret is the OAuth app's secret encrypted with the runner's public key. - `issuerUrl: optional string` issuer_url is used to override the authentication provider URL, if it doesn't match the SCM host. +optional if not set, this account is owned by the installation. ### Scm Integration Create Response - `ScmIntegrationCreateResponse object { id }` - `id: optional string` id is a uniquely generated identifier for the SCM integration ### Scm Integration Delete Response - `ScmIntegrationDeleteResponse = unknown` ### Scm Integration Retrieve Response - `ScmIntegrationRetrieveResponse object { integration }` - `integration: optional ScmIntegration` - `id: optional string` id is the unique identifier of the SCM integration - `host: optional string` - `oauth: optional ScmIntegrationOAuthConfig` - `clientId: optional string` client_id is the OAuth app's client ID in clear text. - `encryptedClientSecret: optional string` encrypted_client_secret is the OAuth app's secret encrypted with the runner's public key. - `issuerUrl: optional string` issuer_url is used to override the authentication provider URL, if it doesn't match the SCM host. +optional if not set, this account is owned by the installation. - `pat: optional boolean` - `runnerId: optional string` - `scmId: optional string` scm_id references the scm_id in the runner's configuration schema that this integration is for - `virtualDirectory: optional string` virtual_directory is the virtual directory path for Azure DevOps Server (e.g., "/tfs"). This field is only used for Azure DevOps Server SCM integrations and should be empty for other SCM types. Azure DevOps Server APIs work without collection when PAT scope is 'All accessible organizations'. ### Scm Integration Update Response - `ScmIntegrationUpdateResponse = unknown` # Policies ## CreateRunnerPolicy **post** `/gitpod.v1.RunnerService/CreateRunnerPolicy` Creates a new policy for a runner. Use this method to: - Set up access controls - Define group permissions - Configure role-based access ### Examples - Create admin policy: Grants admin access to a group. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" groupId: "f53d2330-3795-4c5d-a1f3-453121af9c60" role: RUNNER_ROLE_ADMIN ``` ### Body Parameters - `groupId: optional string` group_id specifies the group_id identifier - `role: optional RunnerRole` - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` - `runnerId: optional string` runner_id specifies the project identifier ### Returns - `policy: RunnerPolicy` - `groupId: optional string` - `role: optional RunnerRole` role is the role assigned to the group - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/CreateRunnerPolicy \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "policy": { "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "role": "RUNNER_ROLE_UNSPECIFIED" } } ``` ## DeleteRunnerPolicy **post** `/gitpod.v1.RunnerService/DeleteRunnerPolicy` Deletes a runner policy. Use this method to: - Remove access controls - Revoke permissions - Clean up policies ### Examples - Delete policy: Removes a group's access policy. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" groupId: "f53d2330-3795-4c5d-a1f3-453121af9c60" ``` ### Body Parameters - `groupId: optional string` group_id specifies the group_id identifier - `runnerId: optional string` runner_id specifies the project identifier ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/DeleteRunnerPolicy \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json {} ``` ## ListRunnerPolicies **post** `/gitpod.v1.RunnerService/ListRunnerPolicies` Lists policies for a runner. Use this method to: - View access controls - Check policy configurations - Audit permissions ### Examples - List policies: Shows all policies for a runner. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" pagination: pageSize: 20 ``` ### Query Parameters - `token: optional string` - `pageSize: optional number` ### Body Parameters - `pagination: optional object { token, pageSize }` pagination contains the pagination options for listing project policies - `token: optional string` Token for the next set of results that was returned as next_token of a PaginationResponse - `pageSize: optional number` Page size is the maximum number of results to retrieve per page. Defaults to 25. Maximum 100. - `runnerId: optional string` runner_id specifies the project identifier ### Returns - `pagination: optional object { nextToken }` - `nextToken: optional string` Token passed for retrieving the next set of results. Empty if there are no more results - `policies: optional array of RunnerPolicy` - `groupId: optional string` - `role: optional RunnerRole` role is the role assigned to the group - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/ListRunnerPolicies \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "pagination": { "nextToken": "nextToken" }, "policies": [ { "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "role": "RUNNER_ROLE_UNSPECIFIED" } ] } ``` ## UpdateRunnerPolicy **post** `/gitpod.v1.RunnerService/UpdateRunnerPolicy` Updates an existing runner policy. Use this method to: - Modify access levels - Change group roles - Update permissions ### Examples - Update policy role: Changes a group's access level. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" groupId: "f53d2330-3795-4c5d-a1f3-453121af9c60" role: RUNNER_ROLE_USER ``` ### Body Parameters - `groupId: optional string` group_id specifies the group_id identifier - `role: optional RunnerRole` - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` - `runnerId: optional string` runner_id specifies the project identifier ### Returns - `policy: RunnerPolicy` - `groupId: optional string` - `role: optional RunnerRole` role is the role assigned to the group - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/UpdateRunnerPolicy \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "policy": { "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "role": "RUNNER_ROLE_UNSPECIFIED" } } ``` ## Domain Types ### Runner Policy - `RunnerPolicy object { groupId, role }` - `groupId: optional string` - `role: optional RunnerRole` role is the role assigned to the group - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` ### Runner Role - `RunnerRole = "RUNNER_ROLE_UNSPECIFIED" or "RUNNER_ROLE_ADMIN" or "RUNNER_ROLE_USER"` - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` ### Policy Create Response - `PolicyCreateResponse object { policy }` - `policy: RunnerPolicy` - `groupId: optional string` - `role: optional RunnerRole` role is the role assigned to the group - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` ### Policy Delete Response - `PolicyDeleteResponse = unknown` ### Policy Update Response - `PolicyUpdateResponse object { policy }` - `policy: RunnerPolicy` - `groupId: optional string` - `role: optional RunnerRole` role is the role assigned to the group - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"`