diff --git a/charts/jarvis-system/templates/Secret-harbor-netrc.yaml b/charts/jarvis-system/templates/Secret-harbor-netrc.yaml new file mode 100644 index 00000000..490eb75a --- /dev/null +++ b/charts/jarvis-system/templates/Secret-harbor-netrc.yaml @@ -0,0 +1,11 @@ +{{- define "Secret-harbor-netrc" -}} +{{- $HARBOR_URL := $.Values.params.harbor.dashboard.host -}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ template "helpers.labels.fullname" . }}-harbor-netrc +data: + harbor-netrc: {{ b64enc ( printf "machine %s login %s password %s" $HARBOR_URL $.Values.config.test.ldap_username $.Values.config.test.ldap_password ) }} +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Secret-harbor-netrc" ) }} diff --git a/charts/jarvis-system/templates/Task-createFailure.yaml b/charts/jarvis-system/templates/Task-createFailure.yaml index 54eecf5a..586a4e18 100644 --- a/charts/jarvis-system/templates/Task-createFailure.yaml +++ b/charts/jarvis-system/templates/Task-createFailure.yaml @@ -21,12 +21,14 @@ spec: - name: gerrit-netrc mountPath: /run/jarvis/gerrit-netrc subPath: gerrit-netrc + - name: harbor-netrc + mountPath: /run/jarvis/harbor-netrc script: | #!/bin/bash set -eu -o pipefail -x # Get project information from Harbor - PROJECT_INFO=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H "accept: application/json") + PROJECT_INFO=$(curl -k -X GET --netrc-file /run/jarvis/harbor-netrc/harbor-netrc "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H "accept: application/json") PROJECT_ID=$(echo $PROJECT_INFO | jq -r '.project'[0].'project_id') # Get the taskRun uid from the microflow-setup-image pod @@ -47,7 +49,7 @@ spec: if [ $REPO_COUNT -gt 0 ]; then REPOSITORY_NAME=$(echo $PROJECT_INFO | jq -r '.repository'[0].'repository_name' | awk -F"/" '{print $2}') # Grabs the SHA256 of the corresponding artifact based off taskrun uid - SHA256=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H "accept: application/json" | jq -r '.digest') + SHA256=$(curl -k -X GET --netrc-file /run/jarvis/harbor-netrc/harbor-netrc "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H "accept: application/json" | jq -r '.digest') MESSAGE="${MESSAGE}\n\n----- Image Scan Report -----\nhttps://{{ .Values.params.harbor.dashboard.host }}/harbor/projects/${PROJECT_ID}/repositories/${REPOSITORY_NAME}/artifacts/${SHA256}" fi @@ -90,6 +92,10 @@ spec: items: - key: gerrit-netrc path: gerrit-netrc + - name: harbor-netrc + secret: + secretName: {{ template "helpers.labels.fullname" . }}-harbor-netrc + defaultMode: 0444 ... {{- end -}} -{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createFailure" ) }} \ No newline at end of file +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createFailure" ) }} diff --git a/charts/jarvis-system/templates/Task-createSuccess.yaml b/charts/jarvis-system/templates/Task-createSuccess.yaml index 5748a918..eb4e67d4 100644 --- a/charts/jarvis-system/templates/Task-createSuccess.yaml +++ b/charts/jarvis-system/templates/Task-createSuccess.yaml @@ -21,12 +21,15 @@ spec: - name: gerrit-netrc mountPath: /run/jarvis/gerrit-netrc subPath: gerrit-netrc + - name: harbor-netrc + mountPath: /run/jarvis/harbor-netrc + script: | #!/bin/bash set -eu -o pipefail -x # Get project information from Harbor - PROJECT_INFO=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H "accept: application/json") + PROJECT_INFO=$(curl -k -X GET --netrc-file /run/jarvis/harbor-netrc/harbor-netrc "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H "accept: application/json") PROJECT_ID=$(echo $PROJECT_INFO | jq -r '.project'[0].'project_id') # Get the taskRun uid from the microflow-setup-image pod @@ -47,7 +50,7 @@ spec: if [ $REPO_COUNT -gt 0 ]; then REPOSITORY_NAME=$(echo $PROJECT_INFO | jq -r '.repository'[0].'repository_name' | awk -F"/" '{print $2}') # Grabs the SHA256 of the corresponding artifact based off taskrun uid - SHA256=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H "accept: application/json" | jq -r '.digest') + SHA256=$(curl -k -X GET --netrc-file /run/jarvis/harbor-netrc/harbor-netrc "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H "accept: application/json" | jq -r '.digest') MESSAGE="${MESSAGE}\n\n----- Image Scan Report -----\nhttps://{{ .Values.params.harbor.dashboard.host }}/harbor/projects/${PROJECT_ID}/repositories/${REPOSITORY_NAME}/artifacts/${SHA256}" fi @@ -90,6 +93,10 @@ spec: items: - key: gerrit-netrc path: gerrit-netrc + - name: harbor-netrc + secret: + secretName: {{ template "helpers.labels.fullname" . }}-harbor-netrc + defaultMode: 0444 ... {{- end -}} -{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createSuccess" ) }} \ No newline at end of file +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Task-createSuccess" ) }} diff --git a/charts/jarvis-system/values.yaml b/charts/jarvis-system/values.yaml index 8f00cfb2..1400adb2 100644 --- a/charts/jarvis-system/values.yaml +++ b/charts/jarvis-system/values.yaml @@ -67,4 +67,9 @@ params: orgid: 1 harbor: dashboard: - host: harbor-core.jarvis.local \ No newline at end of file + host: harbor-core.jarvis.local + +config: + test: + ldap_username: jarvis + ldap_password: password