Bosca Git

A full, self-hosted Git server with S3-backed storage, PostgreSQL refs, pull requests, branch protection, CI/CD pipelines — and the source of truth for scripts and analytics queries.

Overview

Bosca Git is a complete Git server (not a wrapper around GitHub/GitLab). It implements the Git smart HTTP protocol natively using JGit, stores pack files in S3-compatible object storage, and keeps ref metadata in PostgreSQL. This makes the server completely stateless — multiple pods can serve the same repositories concurrently.

Git Protocol

Standard Git operations work out of the box:

All I/O is fully streamed — pack files are piped directly between Netty and JGit without memory buffering. Authentication uses bearer tokens; scoped API tokens require git:read / git:write scopes.

Repository Content Types

Repositories are classified by content type, which enables specialized post-push behaviors:

Source Refs — Scripts & Queries from Git

Git serves as the source of truth for scripts and analytics queries. A source ref links a script or query to a specific file in a Git repository:

When a push lands on the linked branch and the file has changed:

1. The ContentChangeWatcher job detects the changed file
2. Reads the blob content at the new commit SHA via JGit DFS
3. Updates the script source in the scripting engine's database
4. Dispatches a ScriptSourceUpdatedEvent for cache invalidation

The same flow works for analytics queries via setQuerySourceRef — SQL files stored in Git are synced to the analytics query store on push.

Pull Requests & Reviews

Bosca Git has a full pull request system:

• Create PRs — specify source/target branches, title, description, assignees
• Reviews — approve, request changes, or comment with inline review comments on specific files/lines
• Merge strategies — merge commit, squash, or rebase (configurable per-repository)
• Auto-delete branches — configurable via repository settings

Branch Protection

Enforce rules on protected branches:

• Block force pushes
• Block branch deletion
• Require pull requests — direct pushes are rejected; changes must go through a PR
• Push access restrictions — limit who can push to the branch

Push Hooks

Pre-receive

Enforces branch protection rules before refs are updated. Rejects pushes that violate protection policies.

Post-receive

After a successful push:

1. Updates repository disk size
2. Dispatches webhook events (push, branch created/deleted, tag created/deleted)
3. Extracts WorkOps task keys from commit messages (pattern [A-Z][A-Z0-9_]+-\d+) and stores references
4. Enqueues search index jobs (repository metadata + file content)
5. Triggers CI/CD pipelines for updated branches
6. Dispatches content change events for SCRIPT_PROJECT and BX_PROJECT repos

CI/CD Pipelines

Bosca Git includes a built-in CI/CD system:

• Pipeline definitions parsed from YAML files in the repository
• Trigger types: push, pull request, tag, manual, schedule
• Agent modes: runner (executes jobs) and orchestrator (manages ephemeral VMs)
• Concurrency groups to prevent conflicting runs
• Per-repository secrets (encrypted at rest)
• Step-level logs with streaming via the CLI (bosca ci run logs --follow)

Webhooks

Webhooks deliver push, PR, and pipeline events to external URLs with HMAC-SHA256 signatures. Failed deliveries retry with exponential backoff (10s, 60s, 300s). Delivery history is queryable via GraphQL.

Storage Architecture

Git object data is stored in S3-compatible object storage:

• Pack files at git/{'{'}repositoryId{'}'}/packs/{'{'}packName{'}'}.{'{'}extension{'}'}
• LFS objects at git-lfs/{'{'}repositoryId{'}'}/{'{'}oid{'}'}
• Pack metadata in PostgreSQL (git.dfs_packs, git.dfs_pack_extensions)
• Refs in PostgreSQL (git.dfs_refs)

GraphQL API

The full Git API is available via GraphQL: