diff --git a/deploy/pipeline/mw-pipeline-v0.1.yaml b/deploy/pipeline/mw-pipeline-v0.1.yaml index aedfd2f38..8edd09daa 100644 --- a/deploy/pipeline/mw-pipeline-v0.1.yaml +++ b/deploy/pipeline/mw-pipeline-v0.1.yaml @@ -41,6 +41,10 @@ spec: type: string - name: ENABLE_INDY_PROXY type: string + - name: INDY_PROXY_CLIENT_ID + type: string + - name: INDY_PROXY_CLIENT_CREDENTIAL + type: string - name: JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE type: string - name: NOTIFICATION_CONTEXT @@ -125,6 +129,10 @@ spec: value: $(params.caTrustConfigMapName) - name: ENABLE_INDY_PROXY value: $(params.ENABLE_INDY_PROXY) + - name: INDY_PROXY_CLIENT_ID + value: $(params.INDY_PROXY_CLIENT_ID) + - name: INDY_PROXY_CLIENT_CREDENTIAL + value: $(params.INDY_PROXY_CLIENT_CREDENTIAL) - name: BUILD_ARGS #TODO this should be baked in the OCI source image only a ACCESS_TOKEN should be passed value: - PROXY_URL=$(params.MVN_REPO_DEPENDENCIES_URL) diff --git a/deploy/tasks/README.md b/deploy/tasks/README.md index 0ca092865..fb2cbabf0 100644 --- a/deploy/tasks/README.md +++ b/deploy/tasks/README.md @@ -12,18 +12,18 @@ It should be base-lined to the most recent definition from Konflux build-definit ### Domain Proxy Adds Domain Proxy to the build: * https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L134-L189 -* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L288-L313 -* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L327 -* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L621-L657 +* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L296-L321 +* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L335 +* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L629-L665 ### Indy Sidecar Adds Indy configuration to the build: -* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L190-L193 -* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L226-L236 -* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L864-L884 +* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L190-L201 +* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L234-L244 +* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L872-L894 ### Trusted CA Adds the trusted ca to the build: -* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L591-L595 +* https://github.com/redhat-appstudio/jvm-build-service/blob/main/deploy/tasks/buildah-oci-ta.yaml#L599-L603 diff --git a/deploy/tasks/buildah-oci-ta.yaml b/deploy/tasks/buildah-oci-ta.yaml index 9d49aa951..2b485f704 100644 --- a/deploy/tasks/buildah-oci-ta.yaml +++ b/deploy/tasks/buildah-oci-ta.yaml @@ -191,6 +191,14 @@ spec: type: string description: Enable the indy generic proxy (true/false) default: "false" + - name: INDY_PROXY_CLIENT_ID + type: string + description: The client ID used by indy proxy to communicate with Indy. + default: "" + - name: INDY_PROXY_CLIENT_CREDENTIAL + type: string + description: The client credential used by indy proxy to communicate with Indy. + default: "" results: - name: IMAGE_DIGEST description: Digest of the image just built @@ -880,5 +888,7 @@ spec: memory: 512Mi script: | if [ "$(params.ENABLE_INDY_PROXY)" == "true" ]; then - /usr/local/bin/dumb-init /deployment/start-service.sh + export QUARKUS_OIDC_CLIENT_CLIENT_ID="$(params.INDY_PROXY_CLIENT_ID)" + export QUARKUS_OIDC_CLIENT_CREDENTIALS_SECRET="$(params.INDY_PROXY_CLIENT_CREDENTIAL)" + /deployment/start-service.sh fi