From 2368235ecb97864592103e8d152121bee52f6032 Mon Sep 17 00:00:00 2001
From: John Duimovich <jduimovich@gmail.com>
Date: Mon, 25 Nov 2024 16:30:04 -0500
Subject: [PATCH] Update ci for templates

---
 .../.github/workflows/gitops-promotion.yml    | 43 ++++++++++++------
 .../ci/gitops-template/jenkins/Jenkinsfile    |  6 +++
 .../workflows/build-and-update-gitops.yml     | 44 +++++++++++++------
 skeleton/ci/source-repo/jenkins/Jenkinsfile   |  7 +++
 4 files changed, 72 insertions(+), 28 deletions(-)

diff --git a/skeleton/ci/gitops-template/githubactions/.github/workflows/gitops-promotion.yml b/skeleton/ci/gitops-template/githubactions/.github/workflows/gitops-promotion.yml
index 25bdd17a..93020a80 100644
--- a/skeleton/ci/gitops-template/githubactions/.github/workflows/gitops-promotion.yml
+++ b/skeleton/ci/gitops-template/githubactions/.github/workflows/gitops-promotion.yml
@@ -13,8 +13,6 @@ env:
   # 🖊️ EDIT to change the image registry settings.
   # Registries such as GHCR, Quay.io, and Docker Hub are supported.
   IMAGE_REGISTRY: ${{ secrets.IMAGE_REGISTRY }}
-  IMAGE_REGISTRY_USER: ${{ secrets.IMAGE_REGISTRY_USER }}
-  IMAGE_REGISTRY_PASSWORD: ${{ secrets.IMAGE_REGISTRY_PASSWORD }}
 
   # Used to verify the image signature and attestation
   COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
@@ -25,8 +23,16 @@ env:
   TRUSTIFICATION_OIDC_CLIENT_ID: ${{ secrets.TRUSTIFICATION_OIDC_CLIENT_ID }}
   TRUSTIFICATION_OIDC_CLIENT_SECRET: ${{ secrets.TRUSTIFICATION_OIDC_CLIENT_SECRET }}
   TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION: ${{ secrets.TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION }}
-  QUAY_IO_CREDS_USR: ${{ secrets.QUAY_IO_CREDS_USR }}
-  QUAY_IO_CREDS_PSW: ${{ secrets.QUAY_IO_CREDS_PSW }}
+  # Set this to the user for your specific registry
+  IMAGE_REGISTRY_USER: ${{ secrets.IMAGE_REGISTRY_USER }}
+  # Set this password for your specific registry
+  IMAGE_REGISTRY_PASSWORD: ${{ secrets.IMAGE_REGISTRY_PASSWORD }}
+  # QUAY_IO_CREDS_USR: ${{ secrets.QUAY_IO_CREDS_USR }}
+  # QUAY_IO_CREDS_PSW: ${{ secrets.QUAY_IO_CREDS_PSW }}
+  # ARTIFACTORY_IO_CREDS_USR: ${{ secrets.ARTIFACTORY_IO_CREDS_USR }}
+  # ARTIFACTORY_IO_CREDS_PSW: ${{ secrets.ARTIFACTORY_IO_CREDS_PSW }}
+  # NEXUS_IO_CREDS_USR: ${{ secrets.NEXUS_IO_CREDS_USR }}
+  # NEXUS_IO_CREDS_PSW: ${{ secrets.NEXUS_IO_CREDS_PSW }}
 
   # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below.
   IMAGE_TAGS: ""
@@ -53,17 +59,26 @@ jobs:
         script: |
           const secrets = {
             IMAGE_REGISTRY: `${{ secrets.IMAGE_REGISTRY }}`,
-            IMAGE_REGISTRY_USER: `${{ secrets.IMAGE_REGISTRY_USER }}`,
-            IMAGE_REGISTRY_PASSWORD: `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`,
 
-            COSIGN_PUBLIC_KEY: `${{ secrets.COSIGN_PUBLIC_KEY }}`,
-            TRUSTIFICATION_BOMBASTIC_API_URL: `${{ secrets.TRUSTIFICATION_BOMBASTIC_API_URL }}`,
-            TRUSTIFICATION_OIDC_ISSUER_URL: `${{ secrets.TRUSTIFICATION_OIDC_ISSUER_URL }}`,
-            TRUSTIFICATION_OIDC_CLIENT_ID: `${{ secrets.TRUSTIFICATION_OIDC_CLIENT_ID }}`,
-            TRUSTIFICATION_OIDC_CLIENT_SECRET: `${{ secrets.TRUSTIFICATION_OIDC_CLIENT_SECRET }}`,
-            TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION: `${{ secrets.TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION }}`,
-            QUAY_IO_CREDS_USR: `${{ secrets.QUAY_IO_CREDS_USR }}`,
-            QUAY_IO_CREDS_PSW: `${{ secrets.QUAY_IO_CREDS_PSW }}`,
+            /* Used to verify the image signature and attestation */
+            COSIGN_PUBLIC_KEY: `${{ secrets.COSIGN_PUBLIC_KEY }}`, 
+            /* URL of the BOMbastic api host (e.g. https://sbom.trustification.dev) */
+            TRUSTIFICATION_BOMBASTIC_API_URL: `${{ secrets.TRUSTIFICATION_BOMBASTIC_API_URL }}`, 
+            /* URL of the OIDC token issuer (e.g. https://sso.trustification.dev/realms/chicken) */
+            TRUSTIFICATION_OIDC_ISSUER_URL: `${{ secrets.TRUSTIFICATION_OIDC_ISSUER_URL }}`, 
+            TRUSTIFICATION_OIDC_CLIENT_ID: `${{ secrets.TRUSTIFICATION_OIDC_CLIENT_ID }}`, 
+            TRUSTIFICATION_OIDC_CLIENT_SECRET: `${{ secrets.TRUSTIFICATION_OIDC_CLIENT_SECRET }}`, 
+            TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION: `${{ secrets.TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION }}`, 
+            /* Set this to the user for your specific registry */
+            IMAGE_REGISTRY_USER: `${{ secrets.IMAGE_REGISTRY_USER }}`, 
+            /* Set this password for your specific registry */
+            IMAGE_REGISTRY_PASSWORD: `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`, 
+            /*QUAY_IO_CREDS_USR: `${{ secrets.QUAY_IO_CREDS_USR }}`, */
+            /*QUAY_IO_CREDS_PSW: `${{ secrets.QUAY_IO_CREDS_PSW }}`, */
+            /*ARTIFACTORY_IO_CREDS_USR: `${{ secrets.ARTIFACTORY_IO_CREDS_USR }}`, */
+            /*ARTIFACTORY_IO_CREDS_PSW: `${{ secrets.ARTIFACTORY_IO_CREDS_PSW }}`, */
+            /*NEXUS_IO_CREDS_USR: `${{ secrets.NEXUS_IO_CREDS_USR }}`, */
+            /*NEXUS_IO_CREDS_PSW: `${{ secrets.NEXUS_IO_CREDS_PSW }}`, */
           };
           const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
             if (value.length === 0) {
diff --git a/skeleton/ci/gitops-template/jenkins/Jenkinsfile b/skeleton/ci/gitops-template/jenkins/Jenkinsfile
index 84578cd7..ec33e59d 100644
--- a/skeleton/ci/gitops-template/jenkins/Jenkinsfile
+++ b/skeleton/ci/gitops-template/jenkins/Jenkinsfile
@@ -19,7 +19,13 @@ pipeline {
         TRUSTIFICATION_OIDC_CLIENT_ID = credentials('TRUSTIFICATION_OIDC_CLIENT_ID')
         TRUSTIFICATION_OIDC_CLIENT_SECRET = credentials('TRUSTIFICATION_OIDC_CLIENT_SECRET')
         TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION = credentials('TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION')
+        /* Set this to the user for your specific registry */
+        /* IMAGE_REGISTRY_USER = credentials('IMAGE_REGISTRY_USER') */
+        /* Set this password for your specific registry */
+        /* IMAGE_REGISTRY_PASSWORD = credentials('IMAGE_REGISTRY_PASSWORD') */
         QUAY_IO_CREDS = credentials('QUAY_IO_CREDS')
+        /* ARTIFACTORY_IO_CREDS = credentials('ARTIFACTORY_IO_CREDS') */
+        /* NEXUS_IO_CREDS = credentials('NEXUS_IO_CREDS') */
     }
     stages {
         stage('Verify EC') {
diff --git a/skeleton/ci/source-repo/githubactions/.github/workflows/build-and-update-gitops.yml b/skeleton/ci/source-repo/githubactions/.github/workflows/build-and-update-gitops.yml
index 9b07a3af..1782ded7 100644
--- a/skeleton/ci/source-repo/githubactions/.github/workflows/build-and-update-gitops.yml
+++ b/skeleton/ci/source-repo/githubactions/.github/workflows/build-and-update-gitops.yml
@@ -13,14 +13,22 @@ env:
   # 🖊️ EDIT to change the image registry settings.
   # Registries such as GHCR, Quay.io, and Docker Hub are supported.
   IMAGE_REGISTRY: ${{ secrets.IMAGE_REGISTRY }}
-  IMAGE_REGISTRY_USER: ${{ secrets.IMAGE_REGISTRY_USER }}
-  IMAGE_REGISTRY_PASSWORD: ${{ secrets.IMAGE_REGISTRY_PASSWORD }}
 
   ROX_API_TOKEN: ${{ secrets.ROX_API_TOKEN }}
   ROX_CENTRAL_ENDPOINT: ${{ secrets.ROX_CENTRAL_ENDPOINT }}
   GITOPS_AUTH_PASSWORD: ${{ secrets.GITOPS_AUTH_PASSWORD }}
-  QUAY_IO_CREDS_USR: ${{ secrets.QUAY_IO_CREDS_USR }}
-  QUAY_IO_CREDS_PSW: ${{ secrets.QUAY_IO_CREDS_PSW }}
+  # Uncomment this when using Gitlab
+  # GITOPS_AUTH_USERNAME: ${{ secrets.GITOPS_AUTH_USERNAME }}
+  # Set this to the user for your specific registry
+  IMAGE_REGISTRY_USER: ${{ secrets.IMAGE_REGISTRY_USER }}
+  # Set this password for your specific registry
+  IMAGE_REGISTRY_PASSWORD: ${{ secrets.IMAGE_REGISTRY_PASSWORD }}
+  # QUAY_IO_CREDS_USR: ${{ secrets.QUAY_IO_CREDS_USR }}
+  # QUAY_IO_CREDS_PSW: ${{ secrets.QUAY_IO_CREDS_PSW }}
+  # ARTIFACTORY_IO_CREDS_USR: ${{ secrets.ARTIFACTORY_IO_CREDS_USR }}
+  # ARTIFACTORY_IO_CREDS_PSW: ${{ secrets.ARTIFACTORY_IO_CREDS_PSW }}
+  # NEXUS_IO_CREDS_USR: ${{ secrets.NEXUS_IO_CREDS_USR }}
+  # NEXUS_IO_CREDS_PSW: ${{ secrets.NEXUS_IO_CREDS_PSW }}
   COSIGN_SECRET_PASSWORD: ${{ secrets.COSIGN_SECRET_PASSWORD }}
   COSIGN_SECRET_KEY: ${{ secrets.COSIGN_SECRET_KEY }}
   COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
@@ -56,17 +64,25 @@ jobs:
         script: |
           const secrets = {
             IMAGE_REGISTRY: `${{ secrets.IMAGE_REGISTRY }}`,
-            IMAGE_REGISTRY_USER: `${{ secrets.IMAGE_REGISTRY_USER }}`,
-            IMAGE_REGISTRY_PASSWORD: `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`,
 
-            ROX_API_TOKEN: `${{ secrets.ROX_API_TOKEN }}`,
-            ROX_CENTRAL_ENDPOINT: `${{ secrets.ROX_CENTRAL_ENDPOINT }}`,
-            GITOPS_AUTH_PASSWORD: `${{ secrets.GITOPS_AUTH_PASSWORD }}`,
-            QUAY_IO_CREDS_USR: `${{ secrets.QUAY_IO_CREDS_USR }}`,
-            QUAY_IO_CREDS_PSW: `${{ secrets.QUAY_IO_CREDS_PSW }}`,
-            COSIGN_SECRET_PASSWORD: `${{ secrets.COSIGN_SECRET_PASSWORD }}`,
-            COSIGN_SECRET_KEY: `${{ secrets.COSIGN_SECRET_KEY }}`,
-            COSIGN_PUBLIC_KEY: `${{ secrets.COSIGN_PUBLIC_KEY }}`,
+            ROX_API_TOKEN: `${{ secrets.ROX_API_TOKEN }}`, 
+            ROX_CENTRAL_ENDPOINT: `${{ secrets.ROX_CENTRAL_ENDPOINT }}`, 
+            GITOPS_AUTH_PASSWORD: `${{ secrets.GITOPS_AUTH_PASSWORD }}`, 
+            /* Uncomment this when using Gitlab */
+            /*GITOPS_AUTH_USERNAME: `${{ secrets.GITOPS_AUTH_USERNAME }}`, */
+            /* Set this to the user for your specific registry */
+            IMAGE_REGISTRY_USER: `${{ secrets.IMAGE_REGISTRY_USER }}`, 
+            /* Set this password for your specific registry */
+            IMAGE_REGISTRY_PASSWORD: `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`, 
+            /*QUAY_IO_CREDS_USR: `${{ secrets.QUAY_IO_CREDS_USR }}`, */
+            /*QUAY_IO_CREDS_PSW: `${{ secrets.QUAY_IO_CREDS_PSW }}`, */
+            /*ARTIFACTORY_IO_CREDS_USR: `${{ secrets.ARTIFACTORY_IO_CREDS_USR }}`, */
+            /*ARTIFACTORY_IO_CREDS_PSW: `${{ secrets.ARTIFACTORY_IO_CREDS_PSW }}`, */
+            /*NEXUS_IO_CREDS_USR: `${{ secrets.NEXUS_IO_CREDS_USR }}`, */
+            /*NEXUS_IO_CREDS_PSW: `${{ secrets.NEXUS_IO_CREDS_PSW }}`, */
+            COSIGN_SECRET_PASSWORD: `${{ secrets.COSIGN_SECRET_PASSWORD }}`, 
+            COSIGN_SECRET_KEY: `${{ secrets.COSIGN_SECRET_KEY }}`, 
+            COSIGN_PUBLIC_KEY: `${{ secrets.COSIGN_PUBLIC_KEY }}`, 
 
           };
           const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
diff --git a/skeleton/ci/source-repo/jenkins/Jenkinsfile b/skeleton/ci/source-repo/jenkins/Jenkinsfile
index beeb0b79..2aae16c6 100644
--- a/skeleton/ci/source-repo/jenkins/Jenkinsfile
+++ b/skeleton/ci/source-repo/jenkins/Jenkinsfile
@@ -12,7 +12,14 @@ pipeline {
         GITOPS_AUTH_PASSWORD = credentials('GITOPS_AUTH_PASSWORD')
         /* Uncomment this when using Gitlab */
         /* GITOPS_AUTH_USERNAME = credentials('GITOPS_AUTH_USERNAME') */
+        /* Set this to the user for your specific registry */
+        /* IMAGE_REGISTRY_USER = credentials('IMAGE_REGISTRY_USER') */
+        /* Set this password for your specific registry */
+        /* IMAGE_REGISTRY_PASSWORD = credentials('IMAGE_REGISTRY_PASSWORD') */
+        /* Default registry is set to quay.io */
         QUAY_IO_CREDS = credentials('QUAY_IO_CREDS')
+        /* ARTIFACTORY_IO_CREDS = credentials('ARTIFACTORY_IO_CREDS') */
+        /* NEXUS_IO_CREDS = credentials('NEXUS_IO_CREDS') */
         COSIGN_SECRET_PASSWORD = credentials('COSIGN_SECRET_PASSWORD')
         COSIGN_SECRET_KEY = credentials('COSIGN_SECRET_KEY')
         COSIGN_PUBLIC_KEY = credentials('COSIGN_PUBLIC_KEY')