jenkins: source pipeline creds from secrets

2025-12-17 01:47:33 -03:00 · 2025-12-17 01:47:33 -03:00 · a52b811e5b
commit a52b811e5b
parent cd1b9b57b0
1 changed files with 13 additions and 9 deletions
--- a/services/jenkins/helmrelease.yaml
+++ b/services/jenkins/helmrelease.yaml
@ -83,6 +83,16 @@ spec:
            secretKeyRef:
              name: jenkins-oidc
              key: logoutUrl
+        - name: GITEA_PAT_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: gitea-pat
+              key: username
+        - name: GITEA_PAT_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: gitea-pat
+              key: token
      customInitContainers:
        - name: clean-jcasc-stale
          image: alpine:3.20
@ -159,15 +169,9 @@ spec:
                  - usernamePassword:
                      scope: GLOBAL
                      id: gitea-pat
-                      username: "bstein"
-                      password: "4693a39ee3f0ebb58e7d1795ab98add6df44ef12"
-                      description: "Gitea PAT for harbor-arm-build"
-                  - usernamePassword:
-                      scope: GLOBAL
-                      id: harbor-robot
-                      username: "robot$infra+robotuser-pipeline"
-                      password: "ouuvMheoTxOQtFSbWnO1OKVujORMPfO7"
-                      description: "Harbor robot for pipeline push"
+                      username: "${GITEA_PAT_USERNAME}"
+                      password: "${GITEA_PAT_TOKEN}"
+                      description: "Gitea PAT for pipelines"
          jobs.yaml: |
            jobs:
              - script: |