From c8b1e1965b5e095f363b6014af6d4454c28a0b52 Mon Sep 17 00:00:00 2001
From: Fleur Kelpin <f.kelpin@umcg.nl>
Date: Thu, 28 Jun 2018 09:25:27 +0200
Subject: [PATCH 1/7] Add secrets and mount them in the molgenis-jenkins pod.

---
 molgenis-jenkins/templates/config.tpl         | 27 +++++++-
 .../molgenis-pipeline-env-secret.yaml         | 17 +++++
 .../molgenis-pipeline-file-secret.yaml        | 15 +++++
 molgenis-jenkins/values.yaml                  | 62 ++++++++++++++++---
 4 files changed, 111 insertions(+), 10 deletions(-)
 create mode 100644 molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
 create mode 100644 molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml

diff --git a/molgenis-jenkins/templates/config.tpl b/molgenis-jenkins/templates/config.tpl
index 5016425..265de5c 100644
--- a/molgenis-jenkins/templates/config.tpl
+++ b/molgenis-jenkins/templates/config.tpl
@@ -140,7 +140,32 @@ data:
                   <resourceLimitMemory>{{.Values.Pod.Memory}}</resourceLimitMemory>
                 </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
               </containers>
-              <envVars/>
+              <envVars>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>PGP_PASSPHRASE</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>pgpPassphrase</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
+                  <key>PGP_SECRETKEY</key>
+                  <value>keyfile:/root/.m2/key.asc</value>
+                </org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>SONAR_TOKEN</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>sonarToken</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>CODECOV_TOKEN</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>codecovToken</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>GITHUB_TOKEN</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>githubToken</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+              </envVars>
               <annotations/>
 {{- if .Values.Pod.ImagePullSecret }}
               <imagePullSecrets>
diff --git a/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml b/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
new file mode 100644
index 0000000..dd5763e
--- /dev/null
+++ b/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.PipelineSecrets.Env }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: molgenis-pipeline-env-secret
+  labels:
+    app: {{ template "jenkins.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }}
+  codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
+  githubToken: {{ .Values.PipelineSecrets.Env.GithubToken | b64enc | quote }}
+  sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
+{{- end }}
\ No newline at end of file
diff --git a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
new file mode 100644
index 0000000..d8ecbb6
--- /dev/null
+++ b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.PipelineSecrets.File }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: molgenis-pipeline-env-secret
+  labels:
+    app: {{ template "jenkins.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  maven.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
+  key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
+{{- end }}
diff --git a/molgenis-jenkins/values.yaml b/molgenis-jenkins/values.yaml
index e6cabfa..e18ab73 100644
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@@ -70,7 +70,7 @@ jenkins:
     CustomConfigMap: true
   rbac:
     install: true
-  # A second agent to configure a second pod template
+  # A second pod template for maven builds
   Pod:
     Enabled: true
     Image: "webhost12.service.rug.nl/molgenis/molgenis-maven"
@@ -78,10 +78,10 @@ jenkins:
   # ImagePullSecret: jenkins
     Label: "molgenis-maven"
     Privileged: false
-    Cpu: "200m"
-    Memory: "256Mi"
+    Cpu: ""
+    Memory: ""
     # You may want to change this to true while testing a new image
-    AlwaysPullImage: true
+    AlwaysPullImage: false
     Command: "/bin/sh -c"
     Args: "cat"
     TTY: true
@@ -90,12 +90,56 @@ jenkins:
     # Configure the attributes as they appear in the corresponding Java class for that type
     # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes
     volumes:
-      - type: "HostPath"
-        mountPath: "/var/run/docker.sock"
+      - type: HostPath
         hostPath: "/var/run/docker.sock"
-    # - type: Secret
-    #   secretName: mysecret
-    #   mountPath: /var/myapp/mysecret
+        mountPath: "/var/run/docker.sock"
+      - type: Secret
+        secretName: molgenis-pipeline-file-secret
+        mountPath: "keyfile:/root/.m2"
     NodeSelector: {}
     # Key Value selectors. Ex:
     # jenkins-agent: v1
+PipelineSecrets:
+  Env:
+    # Passphrase for the pgp private key file
+    pgpPassphrase: xxxx
+    # Token for codecov.io service
+    codecovToken: xxxx
+    # Token for github bot account
+    githubToken: xxxx
+    # Token for sonarcloud.io
+    sonarToken: xxxx
+  File:
+    # PGP Private key in ascii format used to sign artifacts
+    PGPPrivateKeyAsc: |-
+      -----BEGIN PGP PRIVATE KEY BLOCK-----
+      xxxxx
+      -----END PGP PRIVATE KEY BLOCK-----
+    # maven.settings file
+    MavenSettingsXML: |-
+      <settings>
+        <!-- sets the local maven repository outside of the ~/.m2 folder for easier mounting of secrets and repo -->
+        <localRepository>${user.home}/.mvnrepository</localRepository>
+        <!-- lets disable the download progress indicator that fills up logs -->
+        <interactiveMode>false</interactiveMode>
+        <mirrors>
+          <mirror>
+            <id>nexus</id>
+            <mirrorOf>external:*</mirrorOf>
+            <url>https://registry.molgenis.org/repository/maven-central/</url>
+          </mirror>
+        </mirrors>
+        <servers>
+          <server>
+            <id>local-nexus</id>
+            <url>https://registry.molgenis.org/repository/maven-central/</url>
+            <username>admin</username>
+            <password>xxxxx</password>
+          </server>
+          <server>
+            <id>oss-sonatype-staging</id>
+            <username>molgenis</username>
+            <password>xxxxx</password>
+          </server>
+        </servers>
+      </settings>
\ No newline at end of file

From 03cf1c390b93ad743a771da51c670d70e4a3a379 Mon Sep 17 00:00:00 2001
From: Fleur Kelpin <f.kelpin@umcg.nl>
Date: Thu, 28 Jun 2018 11:51:51 +0200
Subject: [PATCH 2/7] Add Replace key for pipeline secrets

---
 molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml  | 2 +-
 molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml | 2 +-
 molgenis-jenkins/values.yaml                                  | 4 ++++
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml b/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
index dd5763e..831a1ea 100644
--- a/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.PipelineSecrets.Env }}
+{{- if .Values.PipelineSecrets.Env.Replace }}
 apiVersion: v1
 kind: Secret
 metadata:
diff --git a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
index d8ecbb6..e242f9d 100644
--- a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.PipelineSecrets.File }}
+{{- if .Values.PipelineSecrets.File.Replace }}
 apiVersion: v1
 kind: Secret
 metadata:
diff --git a/molgenis-jenkins/values.yaml b/molgenis-jenkins/values.yaml
index e18ab73..c3d8450 100644
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@@ -101,6 +101,8 @@ jenkins:
     # jenkins-agent: v1
 PipelineSecrets:
   Env:
+    # Set to false to keep existing secret
+    Replace: true
     # Passphrase for the pgp private key file
     pgpPassphrase: xxxx
     # Token for codecov.io service
@@ -110,6 +112,8 @@ PipelineSecrets:
     # Token for sonarcloud.io
     sonarToken: xxxx
   File:
+    # Set to false to keep existing secret
+    Replace: true
     # PGP Private key in ascii format used to sign artifacts
     PGPPrivateKeyAsc: |-
       -----BEGIN PGP PRIVATE KEY BLOCK-----

From 107d503976cdc1d8ea2370748400c322e9da8cb5 Mon Sep 17 00:00:00 2001
From: Fleur Kelpin <f.kelpin@umcg.nl>
Date: Thu, 28 Jun 2018 12:04:46 +0200
Subject: [PATCH 3/7] Fix keys in values file

---
 molgenis-jenkins/Chart.yaml                               | 2 +-
 .../templates/molgenis-pipeline-file-secret.yaml          | 2 +-
 molgenis-jenkins/values.yaml                              | 8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/molgenis-jenkins/Chart.yaml b/molgenis-jenkins/Chart.yaml
index ab01539..6823d24 100755
--- a/molgenis-jenkins/Chart.yaml
+++ b/molgenis-jenkins/Chart.yaml
@@ -1,6 +1,6 @@
 name: molgenis-jenkins
 home: https://jenkins.io/
-version: 0.2.1
+version: 0.2.2
 appVersion: 2.107
 description: Molgenis installation for the jenkins chart.
 sources:
diff --git a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
index e242f9d..a325b3e 100644
--- a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
@@ -10,6 +10,6 @@ metadata:
     heritage: "{{ .Release.Service }}"
 type: Opaque
 data:
-  maven.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
   key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
+  maven.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
 {{- end }}
diff --git a/molgenis-jenkins/values.yaml b/molgenis-jenkins/values.yaml
index c3d8450..38f8d72 100644
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@@ -104,13 +104,13 @@ PipelineSecrets:
     # Set to false to keep existing secret
     Replace: true
     # Passphrase for the pgp private key file
-    pgpPassphrase: xxxx
+    PGPPassphrase: xxxx
     # Token for codecov.io service
-    codecovToken: xxxx
+    CodecovToken: xxxx
     # Token for github bot account
-    githubToken: xxxx
+    GithubToken: xxxx
     # Token for sonarcloud.io
-    sonarToken: xxxx
+    SonarToken: xxxx
   File:
     # Set to false to keep existing secret
     Replace: true

From 06d1880dc43952bca2bc6ef899fae38d8f0a784e Mon Sep 17 00:00:00 2001
From: Fleur Kelpin <f.kelpin@umcg.nl>
Date: Thu, 28 Jun 2018 12:10:07 +0200
Subject: [PATCH 4/7] Give proper name to file secret

---
 molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
index a325b3e..7406abd 100644
--- a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: molgenis-pipeline-env-secret
+  name: molgenis-pipeline-file-secret
   labels:
     app: {{ template "jenkins.fullname" . }}
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"

From 3f812f7f749fec2d614833f30f4f223234d816a9 Mon Sep 17 00:00:00 2001
From: Fleur Kelpin <f.kelpin@umcg.nl>
Date: Thu, 28 Jun 2018 12:17:23 +0200
Subject: [PATCH 5/7] Fix mount point.

---
 molgenis-jenkins/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/molgenis-jenkins/values.yaml b/molgenis-jenkins/values.yaml
index 38f8d72..8518df7 100644
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@@ -95,7 +95,7 @@ jenkins:
         mountPath: "/var/run/docker.sock"
       - type: Secret
         secretName: molgenis-pipeline-file-secret
-        mountPath: "keyfile:/root/.m2"
+        mountPath: "/root/.m2"
     NodeSelector: {}
     # Key Value selectors. Ex:
     # jenkins-agent: v1

From 19b2ff11133a850a84715f4fb0aa0bd56d1ac6d4 Mon Sep 17 00:00:00 2001
From: Fleur Kelpin <f.kelpin@umcg.nl>
Date: Thu, 28 Jun 2018 12:54:23 +0200
Subject: [PATCH 6/7] Fix settings.xml filename.

---
 molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
index 7406abd..65ac30b 100644
--- a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
@@ -11,5 +11,5 @@ metadata:
 type: Opaque
 data:
   key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
-  maven.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
+  settings.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
 {{- end }}

From 012b58ea678727c242cc16885cba8525f37c26f7 Mon Sep 17 00:00:00 2001
From: Fleur Kelpin <f.kelpin@umcg.nl>
Date: Thu, 28 Jun 2018 13:09:13 +0200
Subject: [PATCH 7/7] Update settings.xml value.

---
 molgenis-jenkins/values.yaml | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/molgenis-jenkins/values.yaml b/molgenis-jenkins/values.yaml
index 8518df7..2a4e91a 100644
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@@ -103,8 +103,8 @@ PipelineSecrets:
   Env:
     # Set to false to keep existing secret
     Replace: true
-    # Passphrase for the pgp private key file
-    PGPPassphrase: xxxx
+    # Passphrase for the pgp private key file, prefixed with literal:
+    PGPPassphrase: literal:xxxx
     # Token for codecov.io service
     CodecovToken: xxxx
     # Token for github bot account
@@ -122,9 +122,7 @@ PipelineSecrets:
     # maven.settings file
     MavenSettingsXML: |-
       <settings>
-        <!-- sets the local maven repository outside of the ~/.m2 folder for easier mounting of secrets and repo -->
         <localRepository>${user.home}/.mvnrepository</localRepository>
-        <!-- lets disable the download progress indicator that fills up logs -->
         <interactiveMode>false</interactiveMode>
         <mirrors>
           <mirror>
@@ -134,16 +132,23 @@ PipelineSecrets:
           </mirror>
         </mirrors>
         <servers>
+          <!-- for snapshot builds of the master -->
+          <server>
+            <id>sonatype-nexus-staging</id>
+            <username>molgenis</username>
+            <password>xxxx</password>
+          </server>
           <server>
             <id>local-nexus</id>
-            <url>https://registry.molgenis.org/repository/maven-central/</url>
+            <url>https://registry.molgenis.org/repository/maven-snapshots/</url>
             <username>admin</username>
             <password>xxxxx</password>
           </server>
+          <!-- for docker images-->
           <server>
-            <id>oss-sonatype-staging</id>
-            <username>molgenis</username>
-            <password>xxxxx</password>
+            <id>registry.molgenis.org</id>
+            <username>admin</username>
+            <password>xxxx</password>
           </server>
         </servers>
       </settings>
\ No newline at end of file