[CI]: fixing false positives in the Secrets Scanner

We need to rename Jenkins secrets IDs to human readable form. Jenkins secrets we reference in the CI are currently represented in UUID format. It confuses Secrets Scanner, which takes these data for passwords. Renaming these secret IDs in Jenkins will allow us to restor Secrets Scanner normal workflow. issue: HPCINFRA-2572 Signed-off-by: Viacheslav Login <[email protected]>
Mellanox · Sep 19, 2024 · ff147b0 · ff147b0
1 parent 92e6e30
commit ff147b0
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/.ci/matrix_job.yaml b/.ci/matrix_job.yaml
@@ -4,7 +4,7 @@ job: LIBXLIO
 step_allow_single_selector: false
 
 registry_host: harbor.mellanox.com
-registry_auth: 1daaea28-800e-425f-a91f-3bd3e9136eea
+registry_auth: swx-infra_harbor_credentials
 registry_path: /swx-infra/media
 
 kubernetes:
@@ -16,7 +16,7 @@ kubernetes:
   requests: '{memory: 10Gi, cpu: 10000m}'
 
 credentials:
-  - {credentialsId: '925b0900-e273-4042-bc7c-facaefae0727', usernameVariable: 'XLIO_COV_USER', passwordVariable: 'XLIO_COV_PASSWORD'}
+  - {credentialsId: 'media_coverity_credentials', usernameVariable: 'XLIO_COV_USER', passwordVariable: 'XLIO_COV_PASSWORD'}
 
 volumes:
   - {mountPath: /hpc/local/bin, hostPath: /hpc/local/bin}
@@ -255,7 +255,7 @@ steps:
 
   - name: Coverity
     enable: ${do_coverity}
-    credentialsId: '925b0900-e273-4042-bc7c-facaefae0727'
+    credentialsId: 'media_coverity_credentials'
     containerSelector:
       - "{name: 'toolbox', category: 'tool'}"
     agentSelector:
@@ -396,7 +396,7 @@ steps:
       reportName: "BlackDuck report"
       scanMode: "source"
       skipDockerDaemonCheck: true
-      credentialsId: "b68aedbd-e39f-4ee2-acce-e25a5b91fe18"
+      credentialsId: "swx-jenkins3-svc_git-nbu_token"
     env:
       SPRING_APPLICATION_JSON: '{"blackduck.url":"https://blackduck.mellanox.com/","blackduck.api.token":"ODMwOWYwMzEtODA2ZC00MzBjLWI1ZDEtNmFiMjBkYzQzMzkwOjNmNjExN2M1LWE2ZmEtNDZlYS1hZjRiLTZlNDgwNjAwOTVjNw=="}'
 

diff --git a/.ci/opensource_jjb.yaml b/.ci/opensource_jjb.yaml
@@ -120,7 +120,7 @@
             failure-status: "[FAIL]"
             error-status:   "[FAIL]"
             status-add-test-results: true
-            auth-id: '2806c206-c725-4d8c-af4b-bedfc463b401'
+            auth-id: 'swx-jenkins5_gh_token'
             org-list: ["Mellanox"]
             white-list: ["swx-jenkins","swx-jenkins2","swx-jenkins3","mellanox-github"]
             allow-whitelist-orgs-as-admins: true
@@ -129,7 +129,7 @@
         scm:
             - git:
                 url: "{jjb_git}"
-                credentials-id: 'b7d08ca7-378c-45d6-ac4b-3f30bdf49168'
+                credentials-id: 'swx-jenkins_ssh_key'
                 branches: ['$sha1']
                 shallow-clone: true
                 depth: 2