diff --git a/molgenis-jenkins/README.md b/molgenis-jenkins/README.md
index 9fe7bd6..0e18137 100644
--- a/molgenis-jenkins/README.md
+++ b/molgenis-jenkins/README.md
@@ -25,47 +25,59 @@ Array values can be added as {value, value, value}.
jenkins.Master.HostName=jenkins.molgenis.org
jenkins.Master.AdminPassword=pa$$word
jenkins.Persistence.Enabled=false
-jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1}
+jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1, blueocean:1.6.2, github-oauth:0.29}
+jenkins.Master.Security.UseGitHub=false
+## if UseGitHub=true
+jenkins.Master.Security.GitHub.ClientID=id
+jenkins.Master.Security.GitHub.ClientSecret=S3cr3t
+## end UseGitHub=true
PipelineSecrets.Env.PGPPassphrase=literal:S3cr3t
```
You can use [all configuration values of the jenkins subchart](https://github.com/kubernetes/charts/tree/master/stable/jenkins).
> Because we use jenkins as a sub-chart, you should prefix all value keys with `jenkins`!
+### GitHub Authentication delegation
+You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
+
+### Additional configuration
There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`:
-## PipelineSecrets
-When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins
-build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
-each other with their own secrets.
+* PipelineSecrets
-You can override the values at deploy time but otherwise also configure them
-[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
+ When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins
+ build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
+ each other with their own secrets.
-### Env
-Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
-in the slave pods.
+ You can override the values at deploy time but otherwise also configure them
+ [in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
-| Parameter | Description | Default |
-| ---------------------------------- | ------------------------------------ | --------------- |
-| `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
-| `PipelineSecrets.Env.PGPPassphrase`| passphrase for the pgp signing key | `literal:xxxx` |
-| `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
-| `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
-| `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` | |
+* Env
+
+ Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
+ in the slave pods.
-### File
+ | Parameter | Description | Default |
+ | -------------------------------------- | ----------------------------------------- | --------------- |
+ | `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
+ | `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` |
+ | `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
+ | `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
+ | `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` |
+ | `PipelineSecrets.Env.DockerHubPassword`| token for molgenis user in hub.docker.com | `xxxx` |
+ | `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` | |
-Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
-in the `/root/.m2` directory of the slave pods.
-> The settings.xml file references the
+* File
-| Parameter | Description | Default |
-| -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- |
-| `PipelineSecrets.File.Replace` | Replace molgenis-pipeline-file secret | `true` |
-| `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
-| `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file | `[...]` (see actual [values.yaml](values.yaml)) |
+ Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
+ in the `/root/.m2` directory of the slave pods.
+ > The settings.xml file references the
+ | Parameter | Description | Default |
+ | -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- |
+ | `PipelineSecrets.File.Replace` | Replace molgenis-pipeline-file secret | `true` |
+ | `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
+ | `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file | `[...]` (see actual [values.yaml](values.yaml)) |
## Command line use
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
diff --git a/molgenis-jenkins/templates/config.tpl b/molgenis-jenkins/templates/config.tpl
index 570ce05..1626be9 100644
--- a/molgenis-jenkins/templates/config.tpl
+++ b/molgenis-jenkins/templates/config.tpl
@@ -15,7 +15,17 @@ data:
true
+{{- if .Values.jenkins.Master.Security.UseGitHub }}
+
+ https://github.com
+ https://api.github.com
+ {{ .Values.jenkins.Master.Security.Github.ClientID }}
+ {{ .Values.jenkins.Master.Security.Github.ClientSecret }}
+ read:org,user:email
+
+{{- else }}
+{{- end }}
false
${JENKINS_HOME}/workspace/${ITEM_FULLNAME}
diff --git a/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml b/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml
new file mode 100644
index 0000000..e5a6214
--- /dev/null
+++ b/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+ name: "molgenis-jenkins-dockerhub-secret"
+ labels:
+# so we know what type it is.
+ "jenkins.io/credentials-type": "usernamePassword"
+ annotations: {
+# description - can not be a label as spaces are not allowed
+ "jenkins.io/credentials-description" : "user to authenticate against Docker Hub (hub.docker.com)"
+ }
+type: Opaque
+data:
+ username: {{ "molgenisci" | b64enc | quote }}
+ password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }}
\ No newline at end of file
diff --git a/molgenis-jenkins/values.yaml b/molgenis-jenkins/values.yaml
index 76e6db6..bd2e473 100644
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@@ -10,7 +10,13 @@ jenkins:
- git:3.9.1
- github-branch-source:2.3.6
- kubernetes-credentials-provider:0.9
- - blueocean:1.6.1
+ - blueocean:1.6.2
+ - github-oauth:0.29
+ Security:
+ UseGitHub: false
+ GitHub:
+ ClientID: ""
+ ClienSecret: ""
Jobs: |-
molgenis: |-
@@ -269,6 +275,8 @@ PipelineSecrets:
SonarToken: xxxx
# Password Local NEXUS
NexusPassword: xxxx
+ # Password hub.docker.com
+ DockerHubPassword: xxxx
File:
# Set to false to keep existing secret
Replace: true