Remove TRUSTIFICATION_* from Jenkins secrets

lcarva · lcarva · commit 7f65514148c9 · 2025-04-07T14:33:43.000-04:00
Since these are not contain sensitive information, it is now accessed
via a regular variables instead of a credential.

Signed-off-by: Luiz Carvalho &lt;lucarval@redhat.com&gt;
diff --git a/generated/gitops-template/jenkins/Jenkinsfile b/generated/gitops-template/jenkins/Jenkinsfile
@@ -13,11 +13,11 @@ pipeline {
         /* Used to verify the image signature and attestation */
         /* COSIGN_PUBLIC_KEY = credentials('COSIGN_PUBLIC_KEY') */
         /* URL of the BOMbastic api host (e.g. https://sbom.trustification.dev) */
-        TRUSTIFICATION_BOMBASTIC_API_URL = credentials('TRUSTIFICATION_BOMBASTIC_API_URL')
+        /* TRUSTIFICATION_BOMBASTIC_API_URL = credentials('TRUSTIFICATION_BOMBASTIC_API_URL') */
         /* URL of the OIDC token issuer (e.g. https://sso.trustification.dev/realms/chicken) */
-        TRUSTIFICATION_OIDC_ISSUER_URL = credentials('TRUSTIFICATION_OIDC_ISSUER_URL')
-        TRUSTIFICATION_OIDC_CLIENT_ID = credentials('TRUSTIFICATION_OIDC_CLIENT_ID')
-        TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION = credentials('TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION')
+        /* TRUSTIFICATION_OIDC_ISSUER_URL = credentials('TRUSTIFICATION_OIDC_ISSUER_URL') */
+        /* TRUSTIFICATION_OIDC_CLIENT_ID = credentials('TRUSTIFICATION_OIDC_CLIENT_ID') */
+        /* TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION = credentials('TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION') */
         /* Set when using Jenkins on non-local cluster and using an external Rekor instance */
         /* REKOR_HOST = credentials('REKOR_HOST') */
         /* Set when using Jenkins on non-local cluster and using an external TUF instance */
diff --git a/templates/data.yaml b/templates/data.yaml
@@ -129,11 +129,32 @@ gitops_variables:
     comment: Used to verify the image signature and attestation
 
   - name: TRUSTIFICATION_BOMBASTIC_API_URL
+    if: 'isGitHub || isAzure'
+    comment: URL of the BOMbastic api host (e.g. https://sbom.trustification.dev)
+  - name: TRUSTIFICATION_BOMBASTIC_API_URL
+    if: '!isGitHub && !isAzure'
+    commented_out: true
     comment: URL of the BOMbastic api host (e.g. https://sbom.trustification.dev)
+
   - name: TRUSTIFICATION_OIDC_ISSUER_URL
+    if: 'isGitHub || isAzure'
+    comment: URL of the OIDC token issuer (e.g. https://sso.trustification.dev/realms/chicken)
+  - name: TRUSTIFICATION_OIDC_ISSUER_URL
+    if: '!isGitHub && !isAzure'
+    commented_out: true
     comment: URL of the OIDC token issuer (e.g. https://sso.trustification.dev/realms/chicken)
+
+  - name: TRUSTIFICATION_OIDC_CLIENT_ID
+    if: 'isGitHub || isAzure'
   - name: TRUSTIFICATION_OIDC_CLIENT_ID
+    if: '!isGitHub && !isAzure'
+    commented_out: true
+
+  - name: TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION
+    if: 'isGitHub || isAzure'
   - name: TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION
+    if: '!isGitHub && !isAzure'
+    commented_out: true
 
   # If the OCI registry is not public then ec needs some credentials so it can see the attestations.
   # Todo: Use different credentials here so we provide read access only instead of read/write access.
