search

eclipse-tractusx / .eclipsefdn

Repository to host configurations related to the Eclipse Foundation.
https://eclipse-tractusx.github.io/.eclipsefdn/
1 stars 15 forks source link

Reference secrets available in cbi pass repo #9

Closed netomi closed 1 year ago

netomi commented 1 year ago

I started to reference secrets available in the cbi pass repo, please double check.

There are some duplicates like veracode secrets, and others are not available yet, like sonar or azure credentials. If you know where these secrets are stored atm, please let me know.

github-actions[bot] commented 1 year ago
Diff for 7267f287ea15f1687014bf4113e3f4a85a1d3b74: ```diff Printing local diff for configuration at '/home/runner/work/.eclipsefdn/.eclipsefdn/otterdog-configs/otterdog.json' Actions are indicated with the following symbols: + create ! modify ! forced update - delete Organization eclipse-tractusx[id=eclipse-tractusx] there have been 41 validation infos, enable verbose output with '-v' to to display them. ! org_secret[name="DOCKER_HUB_TOKEN"] { ! value = "********" -> "pass:bots/automotive.tractusx/docker.com/token" } ! org_secret[name="DOCKER_HUB_USER"] { ! value = "********" -> "pass:bots/automotive.tractusx/docker.com/username" } ! org_secret[name="ORG_GPG_PASSPHRASE"] { ! value = "********" -> "pass:bots/automotive.tractusx/gpg/passphrase" } ! org_secret[name="ORG_GPG_PRIVATE_KEY"] { ! value = "********" -> "pass:bots/automotive.tractusx/gpg/secret-keys.asc" } ! org_secret[name="ORG_VERACODE_API_ID"] { ! value = "********" -> "pass:bots/automotive.tractusx/veracode.com/api-id" } ! org_secret[name="ORG_VERACODE_API_KEY"] { ! value = "********" -> "pass:bots/automotive.tractusx/veracode.com/api-key" } ! org_secret[name="VERACODE_API_ID"] { ! value = "********" -> "pass:bots/automotive.tractusx/veracode.com/api-id" } ! org_secret[name="VERACODE_API_KEY"] { ! value = "********" -> "pass:bots/automotive.tractusx/veracode.com/api-key" } Plan: 0 to add, 8 to change, 0 to delete. ``` ```diff Showing diff to a canonical version of the configuration at '/home/runner/work/.eclipsefdn/.eclipsefdn/otterdog-configs/otterdog.json' Organization eclipse-tractusx[id=eclipse-tractusx] --- original +++ canonical @@ -437,7 +437,6 @@ web_commit_signoff_required: false, }, orgs.newRepo('sig-project-management') { - aliases: ['sig-project-managment'], allow_update_branch: false, secret_scanning_push_protection: "disabled", web_commit_signoff_required: false, ```
fredg02 commented 1 year ago

Not sure what you mean by Sonar and Azure credentials. Can you point me to where those credentials are used?

Siegfriedk commented 1 year ago

  • ORG_OSSRH_PASSWORD => pass:bots/automotive.tractusx/oss.sonatype.org/password

  • ORG_OSSRH_USERNAME => pass:bots/automotive.tractusx/oss.sonatype.org/username

  • ORG_PORTAL_DISPATCH_APPID => pass:bots/automotive.tractusx/github.com/github-app-id

  • ORG_PORTAL_DISPATCH_KEY => pass:bots/automotive.tractusx/github.com/github-app-private-key

  • VERACODE_API_ID and VERACODE_API_KEY can probably be deleted (@Siegfriedk can you confirm?)

Not sure what you mean by Sonar and Azure credentials. Can you point me to where those credentials are used?

@fredg02 veracode is unfortunatly double due to a miss naming between catenax-ng and tractus-x. I'm currently not sure were we aligned on from a naming perspective and would just keep it for now.

Azure i'm not aware that there are azure secrets configured. At least not from our side as we do not offer any azure integration

github-actions[bot] commented 1 year ago
Diff for 069821bafcb9c5b095ae63c05e9fc08b5f35b5c1: ```diff Printing local diff for configuration at '/home/runner/work/.eclipsefdn/.eclipsefdn/otterdog-configs/otterdog.json' Actions are indicated with the following symbols: + create ! modify ! forced update - delete Organization eclipse-tractusx[id=eclipse-tractusx] there have been 37 validation infos, enable verbose output with '-v' to to display them. ! org_secret[name="DOCKER_HUB_TOKEN"] { ! value = "********" -> "pass:bots/automotive.tractusx/docker.com/token" } ! org_secret[name="DOCKER_HUB_USER"] { ! value = "********" -> "pass:bots/automotive.tractusx/docker.com/username" } ! org_secret[name="ORG_GPG_PASSPHRASE"] { ! value = "********" -> "pass:bots/automotive.tractusx/gpg/passphrase" } ! org_secret[name="ORG_GPG_PRIVATE_KEY"] { ! value = "********" -> "pass:bots/automotive.tractusx/gpg/secret-keys.asc" } ! org_secret[name="ORG_OSSRH_PASSWORD"] { ! value = "********" -> "pass:bots/automotive.tractusx/oss.sonatype.org/password" } ! org_secret[name="ORG_OSSRH_USERNAME"] { ! value = "********" -> "pass:bots/automotive.tractusx/oss.sonatype.org/username" } ! org_secret[name="ORG_PORTAL_DISPATCH_APPID"] { ! value = "********" -> "pass:bots/automotive.tractusx/github.com/github-app-id" } ! org_secret[name="ORG_PORTAL_DISPATCH_KEY"] { ! value = "********" -> "pass:bots/automotive.tractusx/github.com/github-app-private-key" } ! org_secret[name="ORG_VERACODE_API_ID"] { ! value = "********" -> "pass:bots/automotive.tractusx/veracode.com/api-id" } ! org_secret[name="ORG_VERACODE_API_KEY"] { ! value = "********" -> "pass:bots/automotive.tractusx/veracode.com/api-key" } ! org_secret[name="VERACODE_API_ID"] { ! value = "********" -> "pass:bots/automotive.tractusx/veracode.com/api-id" } ! org_secret[name="VERACODE_API_KEY"] { ! value = "********" -> "pass:bots/automotive.tractusx/veracode.com/api-key" } ! repository[name="e2e-testing"] { ! has_discussions = "True" -> "False" } ! repository[name="eclipse-tractusx.github.io"] { ! has_discussions = "True" -> "False" } ! repository[name="item-relationship-service"] { ! dependabot_security_updates_enabled = "True" -> "False" } ! repository[name="managed-identity-wallet"] { ! has_discussions = "True" -> "False" } ! repository[name="online-simulation-kit"] { ! has_discussions = "True" -> "False" } - remove repository[name="puris"] { - allow_auto_merge = False - allow_forking = True - allow_merge_commit = True - allow_rebase_merge = True - allow_squash_merge = True - allow_update_branch = False - archived = False - default_branch = "main" - delete_branch_on_merge = True - dependabot_alerts_enabled = True - dependabot_security_updates_enabled = False - description = "Predictive Unit Real-Time Information Service (PURIS) for Short Term Demand and Capacity Management" - has_discussions = False - has_issues = True - has_projects = True - has_wiki = True - homepage = None - is_template = False - merge_commit_message = "PR_TITLE" - merge_commit_title = "MERGE_MESSAGE" - name = "puris" - private = False - secret_scanning = "enabled" - secret_scanning_push_protection = "disabled" - squash_merge_commit_message = "COMMIT_MESSAGES" - squash_merge_commit_title = "COMMIT_OR_PR_TITLE" - template_repository = None - topics = [] - web_commit_signoff_required = False - } ! repository[name="sig-infra"] { ! has_discussions = "True" -> "False" } - remove repository[name="sig-release"] { - allow_auto_merge = False - allow_forking = True - allow_merge_commit = True - allow_rebase_merge = True - allow_squash_merge = True - allow_update_branch = False - archived = False - default_branch = "main" - delete_branch_on_merge = False - dependabot_alerts_enabled = True - dependabot_security_updates_enabled = False - description = None - has_discussions = True - has_issues = True - has_projects = True - has_wiki = True - homepage = None - is_template = False - merge_commit_message = "PR_TITLE" - merge_commit_title = "MERGE_MESSAGE" - name = "sig-release" - private = False - secret_scanning = "enabled" - secret_scanning_push_protection = "disabled" - squash_merge_commit_message = "COMMIT_MESSAGES" - squash_merge_commit_title = "COMMIT_OR_PR_TITLE" - template_repository = None - topics = [] - web_commit_signoff_required = False - } ! repository[name="ssi-docu"] { ! has_discussions = "True" -> "False" } ! repository[name="tractusx-edc"] { ! has_discussions = "True" -> "False" } - remove repo_secret[name="SWAGGERHUB_API_KEY", repository="tractusx-edc"] { - name = "SWAGGERHUB_API_KEY" - } - remove repo_secret[name="SWAGGERHUB_USER", repository="tractusx-edc"] { - name = "SWAGGERHUB_USER" - } + add repository[name="sig-project-management"] { + allow_auto_merge = False + allow_forking = True + allow_merge_commit = True + allow_rebase_merge = True + allow_squash_merge = True + allow_update_branch = False + archived = False + default_branch = "main" + delete_branch_on_merge = False + dependabot_alerts_enabled = True + dependabot_security_updates_enabled = False + description = None + has_discussions = False + has_issues = True + has_projects = True + has_wiki = True + homepage = None + is_template = False + merge_commit_message = "PR_TITLE" + merge_commit_title = "MERGE_MESSAGE" + name = "sig-project-management" + private = False + secret_scanning = "enabled" + secret_scanning_push_protection = "disabled" + squash_merge_commit_message = "COMMIT_MESSAGES" + squash_merge_commit_title = "COMMIT_OR_PR_TITLE" + template_repository = None + topics = [] + web_commit_signoff_required = False + } Plan: 1 to add, 20 to change, 4 to delete. ``` ```diff Showing diff to a canonical version of the configuration at '/home/runner/work/.eclipsefdn/.eclipsefdn/otterdog-configs/otterdog.json' Organization eclipse-tractusx[id=eclipse-tractusx] --- original +++ canonical @@ -437,7 +437,6 @@ web_commit_signoff_required: false, }, orgs.newRepo('sig-project-management') { - aliases: ['sig-project-managment'], allow_update_branch: false, secret_scanning_push_protection: "disabled", web_commit_signoff_required: false, ```
netomi commented 1 year ago

ty for the additional secrets, I added them accordingly.

sonar tokens / credentials are used by various repos as repository secret. azure credentials seems to be used by the tractusx-edc repo:

https://github.com/eclipse-tractusx/tractusx-edc/blob/313b90b7bb4b0850b6dd13a56d023b63801c1ab4/.github/workflows/deployment-test.yaml#L40

We have now defined all organizational secrets, I guess we can merge that PR already and work on the remaining at a later time.

github-actions[bot] commented 1 year ago
Diff for 0cccf0781d7cfc83aafebd9271117ca5a2adf854: ```diff Printing local diff for configuration at '/home/runner/work/.eclipsefdn/.eclipsefdn/otterdog-configs/otterdog.json' Actions are indicated with the following symbols: + create ! modify ! forced update - delete Organization eclipse-tractusx[id=eclipse-tractusx] there have been 37 validation infos, enable verbose output with '-v' to to display them. ! org_secret[name="DOCKER_HUB_TOKEN"] { ! value = "********" -> "pass:bots/automotive.tractusx/docker.com/token" } ! org_secret[name="DOCKER_HUB_USER"] { ! value = "********" -> "pass:bots/automotive.tractusx/docker.com/username" } ! org_secret[name="ORG_GPG_PASSPHRASE"] { ! value = "********" -> "pass:bots/automotive.tractusx/gpg/passphrase" } ! org_secret[name="ORG_GPG_PRIVATE_KEY"] { ! value = "********" -> "pass:bots/automotive.tractusx/gpg/secret-keys.asc" } ! org_secret[name="ORG_OSSRH_PASSWORD"] { ! value = "********" -> "pass:bots/automotive.tractusx/oss.sonatype.org/password" } ! org_secret[name="ORG_OSSRH_USERNAME"] { ! value = "********" -> "pass:bots/automotive.tractusx/oss.sonatype.org/username" } ! org_secret[name="ORG_PORTAL_DISPATCH_APPID"] { ! value = "********" -> "pass:bots/automotive.tractusx/github.com/github-app-id" } ! org_secret[name="ORG_PORTAL_DISPATCH_KEY"] { ! value = "********" -> "pass:bots/automotive.tractusx/github.com/github-app-private-key" } ! org_secret[name="ORG_VERACODE_API_ID"] { ! value = "********" -> "pass:bots/automotive.tractusx/veracode.com/api-id" } ! org_secret[name="ORG_VERACODE_API_KEY"] { ! value = "********" -> "pass:bots/automotive.tractusx/veracode.com/api-key" } ! org_secret[name="VERACODE_API_ID"] { ! value = "********" -> "pass:bots/automotive.tractusx/veracode.com/api-id" } ! org_secret[name="VERACODE_API_KEY"] { ! value = "********" -> "pass:bots/automotive.tractusx/veracode.com/api-key" } Plan: 0 to add, 12 to change, 0 to delete. ``` ```diff Showing diff to a canonical version of the configuration at '/home/runner/work/.eclipsefdn/.eclipsefdn/otterdog-configs/otterdog.json' Organization eclipse-tractusx[id=eclipse-tractusx] ```