[CI]: fix for Secrets Scanner

We need to rename Jenkins secrets IDs to human readable form. Jenkins secrets we reference in the CI are currently represented in UUID format. It confuses Secrets Scanner, which takes these data for passwords. Renaming these secret IDs in Jenkins will allow us to restor Secrets Scanner normal workflow. issue: HPCINFRA-2572 Signed-off-by: Viacheslav Login <[email protected]>
Mellanox · Sep 21, 2024 · 13031f8 · 13031f8
1 parent bcebfc1
commit 13031f8
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 9 deletions.
diff --git a/.ci/matrix_job.yaml b/.ci/matrix_job.yaml
@@ -4,7 +4,7 @@ job: LIBXLIO
 step_allow_single_selector: false
 
 registry_host: harbor.mellanox.com
-registry_auth: 1daaea28-800e-425f-a91f-3bd3e9136eea
+registry_auth: swx-infra_harbor_credentials
 registry_path: /swx-infra/media
 
 kubernetes:
@@ -16,8 +16,9 @@ kubernetes:
   requests: '{memory: 10Gi, cpu: 10000m}'
 
 credentials:
-  - {credentialsId: '925b0900-e273-4042-bc7c-facaefae0727', usernameVariable: 'XLIO_COV_USER', passwordVariable: 'XLIO_COV_PASSWORD'}
-  - {credentialsId: 'fb735938-fa1c-4b61-b568-a7c153b4fe74', usernameVariable: 'MELLANOX_GH_USER', passwordVariable: 'MELLANOX_GH_TOKEN'}
+  - {credentialsId: 'media_coverity_credentials', usernameVariable: 'XLIO_COV_USER', passwordVariable: 'XLIO_COV_PASSWORD'}
+  - {credentialsId: 'mellanox_github_credentials', usernameVariable: 'MELLANOX_GH_USER', passwordVariable: 'MELLANOX_GH_TOKEN'}
+  - {credentialsId: 'blackduck_api_token', variable: 'BD_TOKEN'}
 
 volumes:
   - {mountPath: /hpc/local/bin, hostPath: /hpc/local/bin}
@@ -156,7 +157,7 @@ steps:
 
   - name: Copyrights
     enable: ${do_copyrights}
-    credentialsId: 'fb735938-fa1c-4b61-b568-a7c153b4fe74'
+    credentialsId: 'mellanox_github_credentials'
     run: env WORKSPACE=$PWD COMPILE_DOCA=false COMPILE_DPCP=false GITHUB_TOKEN=$MELLANOX_GH_TOKEN ./contrib/jenkins_tests/copyrights.sh
     containerSelector:
       - "{name: 'header-check', category: 'tool', variant: 1}"
@@ -257,7 +258,7 @@ steps:
 
   - name: Coverity
     enable: ${do_coverity}
-    credentialsId: '925b0900-e273-4042-bc7c-facaefae0727'
+    credentialsId: 'media_coverity_credentials'
     containerSelector:
       - "{name: 'toolbox', category: 'tool'}"
     agentSelector:
@@ -368,6 +369,7 @@ steps:
 
   - name: Blackduck
     enable: ${do_blackduck}
+    credentialsId: 'blackduck_api_token'
     containerSelector:
       - "{name: 'blackduck', category:'tool', variant:1}"
     agentSelector:
@@ -383,9 +385,9 @@ steps:
       reportName: "BlackDuck report"
       scanMode: "source"
       skipDockerDaemonCheck: true
-      credentialsId: "b68aedbd-e39f-4ee2-acce-e25a5b91fe18"
+      credentialsId: "swx-jenkins3-svc_git-nbu_token"
     env:
-      SPRING_APPLICATION_JSON: '{"blackduck.url":"https://blackduck.mellanox.com/","blackduck.api.token":"ODMwOWYwMzEtODA2ZC00MzBjLWI1ZDEtNmFiMjBkYzQzMzkwOjNmNjExN2M1LWE2ZmEtNDZlYS1hZjRiLTZlNDgwNjAwOTVjNw=="}'
+      SPRING_APPLICATION_JSON: "{'blackduck.url':'https://blackduck.mellanox.com/','blackduck.api.token':'$BD_TOKEN'}"
 
 pipeline_start:
   run: |

diff --git a/.ci/opensource_jjb.yaml b/.ci/opensource_jjb.yaml
@@ -120,7 +120,7 @@
             failure-status: "[FAIL]"
             error-status:   "[FAIL]"
             status-add-test-results: true
-            auth-id: '2806c206-c725-4d8c-af4b-bedfc463b401'
+            auth-id: 'swx-jenkins5_gh_token'
             org-list: ["Mellanox"]
             white-list: ["swx-jenkins","swx-jenkins2","swx-jenkins3","mellanox-github"]
             allow-whitelist-orgs-as-admins: true
@@ -129,7 +129,7 @@
         scm:
             - git:
                 url: "{jjb_git}"
-                credentials-id: 'b7d08ca7-378c-45d6-ac4b-3f30bdf49168'
+                credentials-id: 'swx-jenkins_ssh_key'
                 branches: ['$sha1']
                 shallow-clone: true
                 depth: 2