From 13031f83946609d1cec70ffe5d9f63dd886f334a Mon Sep 17 00:00:00 2001 From: Viacheslav Login Date: Sat, 21 Sep 2024 23:06:46 +0300 Subject: [PATCH] [CI]: fix for Secrets Scanner We need to rename Jenkins secrets IDs to human readable form. Jenkins secrets we reference in the CI are currently represented in UUID format. It confuses Secrets Scanner, which takes these data for passwords. Renaming these secret IDs in Jenkins will allow us to restor Secrets Scanner normal workflow. issue: HPCINFRA-2572 Signed-off-by: Viacheslav Login --- .ci/matrix_job.yaml | 16 +++++++++------- .ci/opensource_jjb.yaml | 4 ++-- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/.ci/matrix_job.yaml b/.ci/matrix_job.yaml index 6152c4d10..a03240b01 100644 --- a/.ci/matrix_job.yaml +++ b/.ci/matrix_job.yaml @@ -4,7 +4,7 @@ job: LIBXLIO step_allow_single_selector: false registry_host: harbor.mellanox.com -registry_auth: 1daaea28-800e-425f-a91f-3bd3e9136eea +registry_auth: swx-infra_harbor_credentials registry_path: /swx-infra/media kubernetes: @@ -16,8 +16,9 @@ kubernetes: requests: '{memory: 10Gi, cpu: 10000m}' credentials: - - {credentialsId: '925b0900-e273-4042-bc7c-facaefae0727', usernameVariable: 'XLIO_COV_USER', passwordVariable: 'XLIO_COV_PASSWORD'} - - {credentialsId: 'fb735938-fa1c-4b61-b568-a7c153b4fe74', usernameVariable: 'MELLANOX_GH_USER', passwordVariable: 'MELLANOX_GH_TOKEN'} + - {credentialsId: 'media_coverity_credentials', usernameVariable: 'XLIO_COV_USER', passwordVariable: 'XLIO_COV_PASSWORD'} + - {credentialsId: 'mellanox_github_credentials', usernameVariable: 'MELLANOX_GH_USER', passwordVariable: 'MELLANOX_GH_TOKEN'} + - {credentialsId: 'blackduck_api_token', variable: 'BD_TOKEN'} volumes: - {mountPath: /hpc/local/bin, hostPath: /hpc/local/bin} @@ -156,7 +157,7 @@ steps: - name: Copyrights enable: ${do_copyrights} - credentialsId: 'fb735938-fa1c-4b61-b568-a7c153b4fe74' + credentialsId: 'mellanox_github_credentials' run: env WORKSPACE=$PWD COMPILE_DOCA=false COMPILE_DPCP=false GITHUB_TOKEN=$MELLANOX_GH_TOKEN ./contrib/jenkins_tests/copyrights.sh containerSelector: - "{name: 'header-check', category: 'tool', variant: 1}" @@ -257,7 +258,7 @@ steps: - name: Coverity enable: ${do_coverity} - credentialsId: '925b0900-e273-4042-bc7c-facaefae0727' + credentialsId: 'media_coverity_credentials' containerSelector: - "{name: 'toolbox', category: 'tool'}" agentSelector: @@ -368,6 +369,7 @@ steps: - name: Blackduck enable: ${do_blackduck} + credentialsId: 'blackduck_api_token' containerSelector: - "{name: 'blackduck', category:'tool', variant:1}" agentSelector: @@ -383,9 +385,9 @@ steps: reportName: "BlackDuck report" scanMode: "source" skipDockerDaemonCheck: true - credentialsId: "b68aedbd-e39f-4ee2-acce-e25a5b91fe18" + credentialsId: "swx-jenkins3-svc_git-nbu_token" env: - SPRING_APPLICATION_JSON: '{"blackduck.url":"https://blackduck.mellanox.com/","blackduck.api.token":"ODMwOWYwMzEtODA2ZC00MzBjLWI1ZDEtNmFiMjBkYzQzMzkwOjNmNjExN2M1LWE2ZmEtNDZlYS1hZjRiLTZlNDgwNjAwOTVjNw=="}' + SPRING_APPLICATION_JSON: "{'blackduck.url':'https://blackduck.mellanox.com/','blackduck.api.token':'$BD_TOKEN'}" pipeline_start: run: | diff --git a/.ci/opensource_jjb.yaml b/.ci/opensource_jjb.yaml index 7d5aba831..f346ecaa0 100644 --- a/.ci/opensource_jjb.yaml +++ b/.ci/opensource_jjb.yaml @@ -120,7 +120,7 @@ failure-status: "[FAIL]" error-status: "[FAIL]" status-add-test-results: true - auth-id: '2806c206-c725-4d8c-af4b-bedfc463b401' + auth-id: 'swx-jenkins5_gh_token' org-list: ["Mellanox"] white-list: ["swx-jenkins","swx-jenkins2","swx-jenkins3","mellanox-github"] allow-whitelist-orgs-as-admins: true @@ -129,7 +129,7 @@ scm: - git: url: "{jjb_git}" - credentials-id: 'b7d08ca7-378c-45d6-ac4b-3f30bdf49168' + credentials-id: 'swx-jenkins_ssh_key' branches: ['$sha1'] shallow-clone: true depth: 2