Configure Wave
The following covers common operations when setting up and configuring wave see configuration for a full refeence of all configuration values and options.
Email Configuration.
Wave can be configured to send notification emails for various build related events.
SMTP
Configuration
Add mail to your Micronaut environments and configure the SMTP settings in your Wave configuration:
Environment Configuration:
# Add 'mail' to your existing environments
MICRONAUT_ENVIRONMENTS: "postgres,redis,lite,mail"
SMTP Configuration:
mail:
from: "wave-notifications@your-domain.com"
smtp:
host: "smtp.your-provider.com"
port: "587"
user: "your-smtp-username"
password: "your-smtp-password"
auth: true
starttls:
enable: true
required: true
ssl:
protocols: "TLSv1.2"
Configuration Options
| Setting | Description | Example Values |
|---|---|---|
from | Email address that appears as sender | wave@company.com |
host | SMTP server hostname | smtp.gmail.com, smtp.office365.com |
port | SMTP server port | 587 (STARTTLS), 465 (SSL), 25 (plain) |
user | SMTP authentication username | Usually your email address |
password | SMTP authentication password | App password or account password |
auth | Enable SMTP authentication | true (recommended) |
starttls.enable | Enable STARTTLS encryption | true (recommended) |
starttls.required | Require STARTTLS encryption | true (recommended) |
ssl.protocols | Supported SSL/TLS protocols | TLSv1.2, TLSv1.3 |
SES
For AWS environments, Wave supports direct integration with Amazon Simple Email Service (SES) using IAM authentication instead of SMTP credentials.
Requirements
- AWS SES must be configured in the same region as your Wave deployment
- Wave must have appropriate IAM permissions to send emails via SES
- The IAM role or user must have
ses:SendEmailandses:SendRawEmailpermissions
Configuration
Add aws-ses to your Micronaut environments along with mail:
Environment Configuration:
# Add both 'mail' and 'aws-ses' to your existing environments
MICRONAUT_ENVIRONMENTS: "postgres,redis,lite,mail,aws-ses"
SES Configuration:
mail:
from: "wave-notifications@your-domain.com"
IAM Permissions
Wave requires the following IAM permissions for SES integration:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["ses:SendEmail", "ses:SendRawEmail"],
"Resource": "*"
}
]
}
SES Setup Requirements
Before configuring Wave with SES:
- Verify your sending domain in the AWS SES console
- Move out of SES sandbox if sending to unverified email addresses
- Configure appropriate sending limits for your use case
- Ensure SES is available in your Wave deployment region
Regional Considerations
Wave will automatically use SES in the same AWS region where it's deployed. Ensure SES is:
- Available and configured in your deployment region
- Has verified domains/addresses for your
fromemail address - Not in sandbox mode if sending to external recipients
Note: No SMTP configuration is needed when using SES with IAM authentication - Wave will use the AWS SDK to send emails directly through the SES API.
Enabling Scanning
Wave can perform security scanning on container builds. This feature requires the build service to be enabled and additional scanning infrastructure.
Prerequisites
- Wave build service must be enabled (wave.build.enabled: true)
- Scanning backend must be configured and accessible
- Appropriate compute resources for scanning workloads
wave:
build:
enabled: true
scan: true
ECR Cache Repository
Wave supports using Amazon Elastic Container Registry (ECR) as a cache repository to store and reuse build layers, improving build performance and reducing bandwidth usage.
Prerequisites
- AWS ECR repository configured in the same region as Wave
- Wave must have appropriate IAM permissions to push/pull from ECR
- ECR repository must be accessible from Wave build infrastructure
Configuration
Configure ECR cache repository in your Wave configuration:
wave:
build:
enabled: true
cache:
enabled: true
repository: "123456789012.dkr.ecr.us-east-1.amazonaws.com/wave-cache"
IAM Permissions
Wave requires the following IAM permissions for ECR cache operations:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload"
],
"Resource": ["arn:aws:ecr:us-east-1:123456789012:repository/wave-cache"]
},
{
"Effect": "Allow",
"Action": ["ecr:GetAuthorizationToken"],
"Resource": "*"
}
]
}
ECR Repository Setup
Create and configure your ECR cache repository:
-
Create ECR repository:
aws ecr create-repository --repository-name wave-cache --region us-east-1 -
Configure lifecycle policy to manage cache storage costs:
{
"rules": [
{
"rulePriority": 1,
"selection": {
"tagStatus": "untagged",
"countType": "sinceImagePushed",
"countUnit": "days",
"countNumber": 7
},
"action": {
"type": "expire"
}
}
]
}
Benefits
Using ECR as a cache repository provides:
- Faster builds by reusing cached layers
- Reduced bandwidth usage for repeated builds
- Cost optimization through efficient layer storage
- Regional performance with ECR in the same region as Wave
- Integrated security with AWS IAM and ECR security features
Configuration Options
| Setting | Description | Example |
|---|---|---|
cache.enabled | Enable build caching | true |
cache.repository | ECR repository URL | 123456789012.dkr.ecr.us-east-1.amazonaws.com/wave-cache |
Note: ECR cache requires Wave build service to be enabled and is only available in AWS deployments with proper ECR access configured.