diff --git a/.tekton/kartograph-agent-runtime-push.yaml b/.tekton/kartograph-agent-runtime-push.yaml index b69d91eea..30672014c 100644 --- a/.tekton/kartograph-agent-runtime-push.yaml +++ b/.tekton/kartograph-agent-runtime-push.yaml @@ -615,9 +615,9 @@ spec: value: $(params.git-url) workspaces: - name: basic-auth - workspace: git-auth + workspace: hp-fleet-gitops-auth - name: netrc - workspace: netrc + workspace: hp-fleet-gitops-auth taskSpec: params: - name: COMMIT_SHA @@ -657,6 +657,12 @@ spec: export HOME=/tekton/home mkdir -p "$HOME" + if [ ! -f "${WORKSPACE_BASIC_AUTH_PATH}/.git-credentials" ] && [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then + echo "ERROR: Secret kartograph-hp-fleet-gitops-auth is missing or empty." + echo "Apply .tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml in kartograph-tenant." + exit 1 + fi + if [ -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then cp "${WORKSPACE_NETRC_PATH}/.netrc" "$HOME/.netrc" chmod 600 "$HOME/.netrc" @@ -685,7 +691,7 @@ spec: PATCH_FILE="apps/kartograph/overlays/stage/configmap-patch.yaml" if [ -f "$PATCH_FILE" ]; then - sed -i 's|\(KARTOGRAPH_EXTRACTION_RUNTIME_STICKY_IMAGE:.*kartograph-agent-runtime:\)[^"]*|\1'"${COMMIT_SHA}"'"|' "$PATCH_FILE" + sed -i 's|\(KARTOGRAPH_EXTRACTION_RUNTIME_STICKY_IMAGE:.*kartograph-agent-runtime:\)[^"]*|\1'"${COMMIT_SHA}"'|' "$PATCH_FILE" fi git config user.email "konflux@kartograph.openshift.com" @@ -777,4 +783,7 @@ spec: - name: git-auth secret: secretName: "{{ git_auth_secret }}" + - name: hp-fleet-gitops-auth + secret: + secretName: kartograph-hp-fleet-gitops-auth status: {} diff --git a/.tekton/kartograph-api-push.yaml b/.tekton/kartograph-api-push.yaml index a2a111e0c..ee35542a7 100644 --- a/.tekton/kartograph-api-push.yaml +++ b/.tekton/kartograph-api-push.yaml @@ -615,9 +615,9 @@ spec: value: $(params.git-url) workspaces: - name: basic-auth - workspace: git-auth + workspace: hp-fleet-gitops-auth - name: netrc - workspace: netrc + workspace: hp-fleet-gitops-auth taskSpec: params: - name: COMMIT_SHA @@ -657,6 +657,12 @@ spec: export HOME=/tekton/home mkdir -p "$HOME" + if [ ! -f "${WORKSPACE_BASIC_AUTH_PATH}/.git-credentials" ] && [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then + echo "ERROR: Secret kartograph-hp-fleet-gitops-auth is missing or empty." + echo "Apply .tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml in kartograph-tenant." + exit 1 + fi + if [ -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then cp "${WORKSPACE_NETRC_PATH}/.netrc" "$HOME/.netrc" chmod 600 "$HOME/.netrc" @@ -769,4 +775,7 @@ spec: - name: git-auth secret: secretName: "{{ git_auth_secret }}" + - name: hp-fleet-gitops-auth + secret: + secretName: kartograph-hp-fleet-gitops-auth status: {} diff --git a/.tekton/kartograph-dev-ui-push.yaml b/.tekton/kartograph-dev-ui-push.yaml index b53ce07a3..d3b5d151d 100644 --- a/.tekton/kartograph-dev-ui-push.yaml +++ b/.tekton/kartograph-dev-ui-push.yaml @@ -615,9 +615,9 @@ spec: value: $(params.git-url) workspaces: - name: basic-auth - workspace: git-auth + workspace: hp-fleet-gitops-auth - name: netrc - workspace: netrc + workspace: hp-fleet-gitops-auth taskSpec: params: - name: COMMIT_SHA @@ -657,6 +657,12 @@ spec: export HOME=/tekton/home mkdir -p "$HOME" + if [ ! -f "${WORKSPACE_BASIC_AUTH_PATH}/.git-credentials" ] && [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then + echo "ERROR: Secret kartograph-hp-fleet-gitops-auth is missing or empty." + echo "Apply .tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml in kartograph-tenant." + exit 1 + fi + if [ -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then cp "${WORKSPACE_NETRC_PATH}/.netrc" "$HOME/.netrc" chmod 600 "$HOME/.netrc" @@ -769,4 +775,7 @@ spec: - name: git-auth secret: secretName: "{{ git_auth_secret }}" + - name: hp-fleet-gitops-auth + secret: + secretName: kartograph-hp-fleet-gitops-auth status: {} diff --git a/.tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml b/.tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml new file mode 100644 index 000000000..c568b46a1 --- /dev/null +++ b/.tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml @@ -0,0 +1,23 @@ +# Apply in Konflux tenant namespace (kartograph-tenant) after replacing placeholders. +# +# PAT needs repo + pull_request scope on openshift-online/hp-fleet-gitops. +# Do not commit real tokens. +# +# oc project kartograph-tenant +# oc create -f kartograph-hp-fleet-gitops-auth.secret.yaml +# +apiVersion: v1 +kind: Secret +metadata: + name: kartograph-hp-fleet-gitops-auth + namespace: kartograph-tenant +type: Opaque +stringData: + .gitconfig: | + [credential] + helper = store + .git-credentials: https://x-access-token:REPLACE_WITH_GITHUB_PAT@github.com + .netrc: | + machine github.com + login x-access-token + password REPLACE_WITH_GITHUB_PAT diff --git a/.tekton/kartograph-openshell-gateway-push.yaml b/.tekton/kartograph-openshell-gateway-push.yaml index 98d9d5219..25fecbadf 100644 --- a/.tekton/kartograph-openshell-gateway-push.yaml +++ b/.tekton/kartograph-openshell-gateway-push.yaml @@ -615,9 +615,9 @@ spec: value: $(params.git-url) workspaces: - name: basic-auth - workspace: git-auth + workspace: hp-fleet-gitops-auth - name: netrc - workspace: netrc + workspace: hp-fleet-gitops-auth taskSpec: params: - name: COMMIT_SHA @@ -657,6 +657,12 @@ spec: export HOME=/tekton/home mkdir -p "$HOME" + if [ ! -f "${WORKSPACE_BASIC_AUTH_PATH}/.git-credentials" ] && [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then + echo "ERROR: Secret kartograph-hp-fleet-gitops-auth is missing or empty." + echo "Apply .tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml in kartograph-tenant." + exit 1 + fi + if [ -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then cp "${WORKSPACE_NETRC_PATH}/.netrc" "$HOME/.netrc" chmod 600 "$HOME/.netrc" @@ -769,4 +775,7 @@ spec: - name: git-auth secret: secretName: "{{ git_auth_secret }}" + - name: hp-fleet-gitops-auth + secret: + secretName: kartograph-hp-fleet-gitops-auth status: {}