From a52b811e5b5149a215a0842259c035a81577b734 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Wed, 17 Dec 2025 01:47:33 -0300
Subject: [PATCH] jenkins: source pipeline creds from secrets

---
 services/jenkins/helmrelease.yaml | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/services/jenkins/helmrelease.yaml b/services/jenkins/helmrelease.yaml
index 21f8821..4d7bb2b 100644
--- a/services/jenkins/helmrelease.yaml
+++ b/services/jenkins/helmrelease.yaml
@@ -83,6 +83,16 @@ spec:
             secretKeyRef:
               name: jenkins-oidc
               key: logoutUrl
+        - name: GITEA_PAT_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: gitea-pat
+              key: username
+        - name: GITEA_PAT_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: gitea-pat
+              key: token
       customInitContainers:
         - name: clean-jcasc-stale
           image: alpine:3.20
@@ -159,15 +169,9 @@ spec:
                   - usernamePassword:
                       scope: GLOBAL
                       id: gitea-pat
-                      username: "bstein"
-                      password: "4693a39ee3f0ebb58e7d1795ab98add6df44ef12"
-                      description: "Gitea PAT for harbor-arm-build"
-                  - usernamePassword:
-                      scope: GLOBAL
-                      id: harbor-robot
-                      username: "robot$infra+robotuser-pipeline"
-                      password: "ouuvMheoTxOQtFSbWnO1OKVujORMPfO7"
-                      description: "Harbor robot for pipeline push"
+                      username: "${GITEA_PAT_USERNAME}"
+                      password: "${GITEA_PAT_TOKEN}"
+                      description: "Gitea PAT for pipelines"
           jobs.yaml: |
             jobs:
               - script: |