Merge branch 'chore/remove-secrets' of P129679/molgenis-ops-docker-helm into master
This commit is contained in:
commit
6f0262d2d9
@ -40,57 +40,62 @@ You can use [all configuration values of the jenkins subchart](https://github.co
|
|||||||
### GitHub Authentication delegation
|
### GitHub Authentication delegation
|
||||||
You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
|
You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
|
||||||
|
|
||||||
### Additional configuration
|
### Secrets
|
||||||
There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`:
|
|
||||||
|
|
||||||
* PipelineSecrets
|
When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins.
|
||||||
|
|
||||||
When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins
|
|
||||||
build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
|
|
||||||
each other with their own secrets.
|
|
||||||
|
|
||||||
You can override the values at deploy time but otherwise also configure them
|
You can override the values at deploy time but otherwise also configure them
|
||||||
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
|
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
|
||||||
|
|
||||||
* Vault
|
#### Vault
|
||||||
|
|
||||||
New vault token to be used by the pods to retrieve their tokens from the vault.
|
The vault secret gets mounted in the vault pod so pipeline scripts can retrieve secrets from the vault.
|
||||||
|
|
||||||
| Parameter | Description | Default |
|
| Parameter | Description | Default |
|
||||||
| ---------------------------------- | ------------------------------------------ | ---------------------------------------------- |
|
| ------------------------- | ------------------------------------------ | ---------------------------------------------- |
|
||||||
| `PipelineSecrets.Vault.Replace` | Replace the molgenis-pipeline-vault secret | `true` |
|
| `secret.vault.token` | Token to log into the hashicorp vault | `xxxx` |
|
||||||
| `PipelineSecrets.Vault.Token` | Token to log into the hashicorp vault | `xxxx` |
|
| `secret.vault.addr` | Address of the vault | `https:vault-operator.vault-operator.svc:8200` |
|
||||||
| `PipelineSecrets.Vault.Addr` | Address of the vault | `https:vault-operator.vault-operator.svc:8200` |
|
| `secret.vault.skipVerify` | Skip verification of the https connection | `1` |
|
||||||
| `PipelineSecrets.Vault.SkipVerify` | Skip verification of the https connection | `1` |
|
|
||||||
|
|
||||||
* Env
|
#### GitHub
|
||||||
|
|
||||||
Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
|
Token used by Jenkins to authenticate on GitHub.
|
||||||
in the slave pods.
|
|
||||||
|
|
||||||
| Parameter | Description | Default |
|
| Parameter | Description | Default |
|
||||||
| --------------------------------------- | ----------------------------------------- | --------------- |
|
| --------------------- | ------------------------ | ------------------ |
|
||||||
| `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
|
| `secret.gitHub.user` | username for the account | `molgenis-jenkins` |
|
||||||
| `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` |
|
| `secret.gitHub.token` | token for the account | `xxxx` |
|
||||||
| `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
|
|
||||||
| `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
|
|
||||||
| `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` |
|
|
||||||
| `PipelineSecrets.Env.DockerHubPassword` | token for molgenis user in hub.docker.com | `xxxx` |
|
|
||||||
| `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` |
|
|
||||||
| `PipelineSecrets.Env.NpmToken` | token for npmjs.org | `xxxx` |
|
|
||||||
| `PipelineSecrets.Env.SauceAccessKey` | token for saucelabs.com | `xxxx` |
|
|
||||||
|
|
||||||
* File
|
#### Gogs
|
||||||
|
|
||||||
Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
|
Token used by Jenkins to authenticate on the [RuG Webhosting Gogs](https://git.webhosting.rug.nl).
|
||||||
in the `/root/.m2` directory of the slave pods.
|
|
||||||
> The settings.xml file references the
|
|
||||||
|
|
||||||
| Parameter | Description | Default |
|
| Parameter | Description | Default |
|
||||||
| -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- |
|
| ------------------- | ------------------------ | --------- |
|
||||||
| `PipelineSecrets.File.Replace` | Replace molgenis-pipeline-file secret | `true` |
|
| `secret.gogs.user` | username for the account | `p281392` |
|
||||||
| `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
|
| `secret.gogs.token` | token for the account | `xxxx` |
|
||||||
| `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml)) |
|
|
||||||
|
#### Legacy:
|
||||||
|
|
||||||
|
##### Docker Hub
|
||||||
|
|
||||||
|
Account used in pipeline builds to push docker images to `hub.docker.com`.
|
||||||
|
> They should read `secret/gcc/account/dockerhub` from vault instead!
|
||||||
|
|
||||||
|
| Parameter | Description | Default |
|
||||||
|
| --------------------------- | ------------------------ | --------------- |
|
||||||
|
| `secret.dockerHub.user` | username for the account | `molgenisci` |
|
||||||
|
| `secret.dockerHub.password` | password for the account | `xxxx` |
|
||||||
|
|
||||||
|
##### Registry
|
||||||
|
|
||||||
|
Account used in pipeline builds to push docker images to `registry.molgenis.org`.
|
||||||
|
> They should read `secret/ops/account/nexus` from vault instead!
|
||||||
|
|
||||||
|
| Parameter | Description | Default |
|
||||||
|
| --------------------------- | ------------------------ | --------- |
|
||||||
|
| `secret.dockerHub.user` | username for the account | `admin` |
|
||||||
|
| `secret.dockerHub.password` | password for the account | `xxxx` |
|
||||||
|
|
||||||
## Command line use
|
## Command line use
|
||||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
|
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
|
||||||
|
@ -8,9 +8,9 @@ metadata:
|
|||||||
"jenkins.io/credentials-type": "usernamePassword"
|
"jenkins.io/credentials-type": "usernamePassword"
|
||||||
annotations: {
|
annotations: {
|
||||||
# description - can not be a label as spaces are not allowed
|
# description - can not be a label as spaces are not allowed
|
||||||
"jenkins.io/credentials-description" : "user to authenticate against Docker Hub (hub.docker.com)"
|
"jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to Docker Hub (hub.docker.com)"
|
||||||
}
|
}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
data:
|
data:
|
||||||
username: {{ "molgenisci" | b64enc | quote }}
|
username: {{ .Values.secret.registry.user | b64enc | quote }}
|
||||||
password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }}
|
password: {{ .Values.secret.registry.password | b64enc | quote }}
|
@ -8,9 +8,9 @@ metadata:
|
|||||||
"jenkins.io/credentials-type": "usernamePassword"
|
"jenkins.io/credentials-type": "usernamePassword"
|
||||||
annotations: {
|
annotations: {
|
||||||
# description - can not be a label as spaces are not allowed
|
# description - can not be a label as spaces are not allowed
|
||||||
"jenkins.io/credentials-description" : "oauth token for the molgenis-jenkins github user"
|
"jenkins.io/credentials-description" : "Oauth token for the {{.Values.secret.gitHub.user}} GitHub user"
|
||||||
}
|
}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
data:
|
data:
|
||||||
username: {{ "molgenis-jenkins" | b64enc | quote }}
|
username: {{ .Values.secret.gitHub.user | b64enc | quote }}
|
||||||
password: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}
|
password: {{ .Values.secret.gitHub.token | b64enc | quote }}
|
@ -8,9 +8,9 @@ metadata:
|
|||||||
"jenkins.io/credentials-type": "usernamePassword"
|
"jenkins.io/credentials-type": "usernamePassword"
|
||||||
annotations: {
|
annotations: {
|
||||||
# description - can not be a label as spaces are not allowed
|
# description - can not be a label as spaces are not allowed
|
||||||
"jenkins.io/credentials-description" : "user to authenticate against GOGS (git.webhosting.rug.nl)"
|
"jenkins.io/credentials-description" : "Account used to authenticate against RuG Webhosting Gogs."
|
||||||
}
|
}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
data:
|
data:
|
||||||
username: {{ "p281392" | b64enc | quote }}
|
username: {{ .Values.secret.gogs.user | b64enc | quote }}
|
||||||
password: {{ .Values.PipelineSecrets.Env.GogsToken | b64enc | quote }}
|
password: {{ .Values.secret.gogs.token | b64enc | quote }}
|
@ -1,16 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
# this is the jenkins id.
|
|
||||||
name: "molgenis-jenkins-nexus-secret"
|
|
||||||
labels:
|
|
||||||
# so we know what type it is.
|
|
||||||
"jenkins.io/credentials-type": "usernamePassword"
|
|
||||||
annotations: {
|
|
||||||
# description - can not be a label as spaces are not allowed
|
|
||||||
"jenkins.io/credentials-description" : "user to authenticate against NEXUS"
|
|
||||||
}
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
username: {{ "admin" | b64enc | quote }}
|
|
||||||
password: {{ .Values.PipelineSecrets.Env.NexusPassword | b64enc | quote }}
|
|
@ -0,0 +1,17 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: molgenis-jenkins-registry-secret
|
||||||
|
labels:
|
||||||
|
app: {{ template "jenkins.fullname" . }}
|
||||||
|
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||||
|
release: "{{ .Release.Name }}"
|
||||||
|
heritage: "{{ .Release.Service }}"
|
||||||
|
annotations: {
|
||||||
|
# description - can not be a label as spaces are not allowed
|
||||||
|
"jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to registry.molgenis.org."
|
||||||
|
}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
username: {{ .Values.secret.registry.user | b64enc | quote }}
|
||||||
|
password: {{ .Values.secret.registry.password | b64enc | quote }}
|
@ -1,16 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
# this is the jenkins id.
|
|
||||||
name: "molgenis-jenkins-saucelabs-secret"
|
|
||||||
labels:
|
|
||||||
# so we know what type it is.
|
|
||||||
"jenkins.io/credentials-type": "usernamePassword"
|
|
||||||
annotations: {
|
|
||||||
# description - can not be a label as spaces are not allowed
|
|
||||||
"jenkins.io/credentials-description" : "user to authenticate against Saucelabs (saucelabs.com)"
|
|
||||||
}
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
username: {{ "molgenis-jenkins" | b64enc | quote }}
|
|
||||||
password: {{ .Values.PipelineSecrets.Env.SauceAccessKey | b64enc | quote }}
|
|
@ -1,18 +0,0 @@
|
|||||||
{{- if .Values.PipelineSecrets.Env.Replace }}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: molgenis-pipeline-env-secret
|
|
||||||
labels:
|
|
||||||
app: {{ template "jenkins.fullname" . }}
|
|
||||||
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
|
||||||
release: "{{ .Release.Name }}"
|
|
||||||
heritage: "{{ .Release.Service }}"
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }}
|
|
||||||
codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
|
|
||||||
githubToken: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}
|
|
||||||
sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
|
|
||||||
npmToken: {{ .Values.PipelineSecrets.Env.NpmToken | b64enc | quote }}
|
|
||||||
{{- end }}
|
|
@ -1,15 +0,0 @@
|
|||||||
{{- if .Values.PipelineSecrets.File.Replace }}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: molgenis-pipeline-file-secret
|
|
||||||
labels:
|
|
||||||
app: {{ template "jenkins.fullname" . }}
|
|
||||||
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
|
||||||
release: "{{ .Release.Name }}"
|
|
||||||
heritage: "{{ .Release.Service }}"
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
|
|
||||||
settings.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
|
|
||||||
{{- end }}
|
|
@ -1,4 +1,3 @@
|
|||||||
{{- if .Values.PipelineSecrets.Vault.Replace }}
|
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
@ -10,7 +9,6 @@ metadata:
|
|||||||
heritage: "{{ .Release.Service }}"
|
heritage: "{{ .Release.Service }}"
|
||||||
type: Opaque
|
type: Opaque
|
||||||
data:
|
data:
|
||||||
token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
|
token: {{ .Values.secret.vault.token | b64enc | quote }}
|
||||||
addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
|
addr: {{ .Values.secret.vault.addr | b64enc | quote }}
|
||||||
skipVerify: {{ .Values.PipelineSecrets.Vault.SkipVerify | b64enc | quote }}
|
skipVerify: {{ .Values.secret.vault.skipVerify | b64enc | quote }}
|
||||||
{{- end }}
|
|
@ -368,8 +368,8 @@ jenkins:
|
|||||||
install: true
|
install: true
|
||||||
Pods:
|
Pods:
|
||||||
molgenis:
|
molgenis:
|
||||||
Label: molgenisv2
|
Label: molgenis
|
||||||
NodeUsageMode: EXCLUSIVE
|
NodeUsageMode: NORMAL
|
||||||
volumes:
|
volumes:
|
||||||
- type: HostPath
|
- type: HostPath
|
||||||
hostPath: "/var/run/docker.sock"
|
hostPath: "/var/run/docker.sock"
|
||||||
@ -417,39 +417,6 @@ jenkins:
|
|||||||
secretName: molgenis-pipeline-vault-secret
|
secretName: molgenis-pipeline-vault-secret
|
||||||
secretKey: addr
|
secretKey: addr
|
||||||
NodeSelector: {}
|
NodeSelector: {}
|
||||||
molgenis-legacy:
|
|
||||||
InheritFrom: molgenis
|
|
||||||
Label: molgenis
|
|
||||||
NodeUsageMode: NORMAL
|
|
||||||
volumes:
|
|
||||||
- type: Secret
|
|
||||||
secretName: molgenis-pipeline-file-secret
|
|
||||||
mountPath: "/home/jenkins/.m2"
|
|
||||||
Containers:
|
|
||||||
EnvVars:
|
|
||||||
- type: Secret
|
|
||||||
key: PGP_PASSPHRASE
|
|
||||||
secretName: molgenis-pipeline-env-secret
|
|
||||||
secretKey: pgpPassphrase
|
|
||||||
- type: KeyValue
|
|
||||||
key: PGP_SECRETKEY
|
|
||||||
value: "keyfile:/home.jenkins/.m2/key.asc"
|
|
||||||
- type: KeyValue
|
|
||||||
key: npm_config_registry
|
|
||||||
value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
|
|
||||||
- type: Secret
|
|
||||||
key: SONAR_TOKEN
|
|
||||||
secretName: molgenis-pipeline-env-secret
|
|
||||||
secretKey: sonarToken
|
|
||||||
- type: Secret
|
|
||||||
key: CODECOV_TOKEN
|
|
||||||
secretName: molgenis-pipeline-env-secret
|
|
||||||
secretKey: codecovToken
|
|
||||||
- type: Secret
|
|
||||||
key: GITHUB_TOKEN
|
|
||||||
secretName: molgenis-pipeline-env-secret
|
|
||||||
secretKey: githubToken
|
|
||||||
NodeSelector: {}
|
|
||||||
node:
|
node:
|
||||||
Label: node-carbon
|
Label: node-carbon
|
||||||
NodeUsageMode: EXCLUSIVE
|
NodeUsageMode: EXCLUSIVE
|
||||||
@ -461,155 +428,45 @@ jenkins:
|
|||||||
Command: cat
|
Command: cat
|
||||||
WorkingDir: /home/jenkins
|
WorkingDir: /home/jenkins
|
||||||
TTY: true
|
TTY: true
|
||||||
|
vault:
|
||||||
|
Image: "vault"
|
||||||
|
Command: cat
|
||||||
|
WorkingDir: /home/jenkins
|
||||||
|
TTY: true
|
||||||
EnvVars:
|
EnvVars:
|
||||||
- type: KeyValue
|
|
||||||
key: npm_config_registry
|
|
||||||
value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
|
|
||||||
- type: Secret
|
- type: Secret
|
||||||
key: CODECOV_TOKEN
|
key: VAULT_TOKEN
|
||||||
secretName: molgenis-pipeline-env-secret
|
secretName: molgenis-pipeline-vault-secret
|
||||||
secretKey: codecovToken
|
secretKey: token
|
||||||
- type: Secret
|
- type: Secret
|
||||||
key: GITHUB_TOKEN
|
key: VAULT_SKIP_VERIFY
|
||||||
secretName: molgenis-pipeline-env-secret
|
secretName: molgenis-pipeline-vault-secret
|
||||||
secretKey: githubToken
|
secretKey: skipVerify
|
||||||
- type: Secret
|
- type: Secret
|
||||||
key: NPM_TOKEN
|
key: VAULT_ADDR
|
||||||
secretName: molgenis-pipeline-env-secret
|
secretName: molgenis-pipeline-vault-secret
|
||||||
secretKey: npmToken
|
secretKey: addr
|
||||||
NodeSelector: {}
|
NodeSelector: {}
|
||||||
molgenis-it:
|
#secret contains configuration for the kubernetes secrets that jenkins can access
|
||||||
InheritFrom: molgenis
|
secret:
|
||||||
Label: molgenis-it
|
# vault configures the vault secret
|
||||||
NodeUsageMode: EXCLUSIVE
|
vault:
|
||||||
Containers:
|
token: xxxx
|
||||||
elasticsearch:
|
addr: "https://vault-operator.vault-operator.svc:8200"
|
||||||
Image: docker.elastic.co/elasticsearch/elasticsearch
|
skipVerify: "1"
|
||||||
ImageTag: 5.5.3
|
# githubToken contains access token for jenkins bot account on github.com
|
||||||
resources:
|
gitHub:
|
||||||
requests:
|
user: "molgenis-jenkins"
|
||||||
cpu: "100m"
|
token: xxxx
|
||||||
memory: "1Gi"
|
# gogs contains access token for jenkins bot account on RuG GoGs
|
||||||
limits:
|
gogs:
|
||||||
cpu: "1"
|
user: p281392
|
||||||
memory: "1500Mi"
|
token: xxxx
|
||||||
EnvVars:
|
# registry contains credentials for registry.molgenis.org
|
||||||
- type: KeyValue
|
registry:
|
||||||
key: ES_JAVA_OPTS
|
user: admin
|
||||||
value: "-Xms512m -Xmx512m"
|
password: xxxx
|
||||||
- type: KeyValue
|
# dockerHubPassword contains password for hub.docker.com
|
||||||
key: cluster.name
|
dockerHub:
|
||||||
value: molgenis
|
user: molgenisci
|
||||||
- type: KeyValue
|
password: xxxx
|
||||||
key: bootstrap.memory_lock
|
|
||||||
value: "true"
|
|
||||||
- type: KeyValue
|
|
||||||
key: xpack.security.enabled
|
|
||||||
value: "false"
|
|
||||||
- type: KeyValue
|
|
||||||
key: discovery.type
|
|
||||||
value: single-node
|
|
||||||
postgres:
|
|
||||||
Image: postgres
|
|
||||||
ImageTag: 9.6-alpine
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: "100m"
|
|
||||||
memory: "250Mi"
|
|
||||||
limits:
|
|
||||||
cpu: "1"
|
|
||||||
memory: "250Mi"
|
|
||||||
EnvVars:
|
|
||||||
- type: KeyValue
|
|
||||||
key: POSTGRES_USER
|
|
||||||
value: molgenis
|
|
||||||
- type: KeyValue
|
|
||||||
key: POSTGRES_PASSWORD
|
|
||||||
value: molgenis
|
|
||||||
- type: KeyValue
|
|
||||||
key: POSTGRES_DB
|
|
||||||
value: molgenis
|
|
||||||
opencpu:
|
|
||||||
Image: molgenis/opencpu
|
|
||||||
AlwaysPullImage: true
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: "100m"
|
|
||||||
memory: "256Mi"
|
|
||||||
limits:
|
|
||||||
cpu: "1"
|
|
||||||
memory: "512Mi"
|
|
||||||
NodeSelector: {}
|
|
||||||
PipelineSecrets:
|
|
||||||
Vault:
|
|
||||||
Replace: true
|
|
||||||
Token: xxxx
|
|
||||||
Addr: "https://vault-operator.vault-operator.svc:8200"
|
|
||||||
SkipVerify: 1
|
|
||||||
Env:
|
|
||||||
# Set to false to keep existing secret
|
|
||||||
Replace: true
|
|
||||||
# Passphrase for the pgp private key file, prefixed with literal:
|
|
||||||
PGPPassphrase: literal:xxxx
|
|
||||||
# Token for codecov.io service
|
|
||||||
CodecovToken: xxxx
|
|
||||||
# Token for github bot account
|
|
||||||
GitHubToken: xxxx
|
|
||||||
# Token for github bot account
|
|
||||||
GogsToken: xxxx
|
|
||||||
# Token for sonarcloud.io
|
|
||||||
SonarToken: xxxx
|
|
||||||
# Token for npmjs.org
|
|
||||||
NpmToken: xxxx
|
|
||||||
# Password Local NEXUS
|
|
||||||
NexusPassword: xxxx
|
|
||||||
# Password hub.docker.com
|
|
||||||
DockerHubPassword: xxxx
|
|
||||||
# Access key for saucelabs.com
|
|
||||||
SauceAccessKey: xxxx
|
|
||||||
File:
|
|
||||||
# Set to false to keep existing secret
|
|
||||||
Replace: true
|
|
||||||
# PGP Private key in ascii format used to sign artifacts
|
|
||||||
PGPPrivateKeyAsc: |-
|
|
||||||
-----BEGIN PGP PRIVATE KEY BLOCK-----
|
|
||||||
xxxxx
|
|
||||||
-----END PGP PRIVATE KEY BLOCK-----
|
|
||||||
# maven.settings file
|
|
||||||
MavenSettingsXML: |-
|
|
||||||
<settings>
|
|
||||||
<localRepository>${user.home}/.mvnrepository</localRepository>
|
|
||||||
<interactiveMode>false</interactiveMode>
|
|
||||||
<mirrors>
|
|
||||||
<mirror>
|
|
||||||
<id>nexus</id>
|
|
||||||
<mirrorOf>external:*</mirrorOf>
|
|
||||||
<url>http://nexus.molgenis-nexus:8081/repository/maven-central/</url>
|
|
||||||
</mirror>
|
|
||||||
</mirrors>
|
|
||||||
<servers>
|
|
||||||
<!-- for snapshot builds of the master -->
|
|
||||||
<server>
|
|
||||||
<id>sonatype-nexus-staging</id>
|
|
||||||
<username>molgenis</username>
|
|
||||||
<password>xxxx</password>
|
|
||||||
</server>
|
|
||||||
<server>
|
|
||||||
<id>local-nexus</id>
|
|
||||||
<url>http://nexus.molgenis-nexus:8081/repository/maven-snapshots/</url>
|
|
||||||
<username>admin</username>
|
|
||||||
<password>xxxxx</password>
|
|
||||||
</server>
|
|
||||||
<!-- for docker images-->
|
|
||||||
<server>
|
|
||||||
<id>registry.molgenis.org</id>
|
|
||||||
<username>admin</username>
|
|
||||||
<password>xxxx</password>
|
|
||||||
</server>
|
|
||||||
<server>
|
|
||||||
<id>registry.hub.docker.com</id>
|
|
||||||
<username>molgenisci</username>
|
|
||||||
<password>xxxx</password>
|
|
||||||
</server>
|
|
||||||
</servers>
|
|
||||||
</settings>
|
|
Loading…
Reference in New Issue
Block a user