@@ -64,6 +64,12 @@ build_variables:
64
64
commented_out : true
65
65
66
66
- name : COSIGN_PUBLIC_KEY
67
+ if : ' isGitHub || isAzure'
68
+ comment : Used to verify the image signature and attestation
69
+ - name : COSIGN_PUBLIC_KEY
70
+ if : ' !isGitHub && !isAzure'
71
+ commented_out : true
72
+ comment : Used to verify the image signature and attestation
67
73
68
74
build_secrets :
69
75
- name : ROX_API_TOKEN
@@ -81,27 +87,27 @@ build_secrets:
81
87
- name : IMAGE_REGISTRY_PASSWORD
82
88
if : ' !isGitHub && !isAzure'
83
89
commented_out : true
84
- comment : " Set this password for your specific registry"
90
+ comment : " Set this password for your specific registry"
85
91
86
92
- name : QUAY_IO_CREDS
87
93
if : isJenkins
88
94
comment : " Default registry is set to quay.io"
89
95
- name : QUAY_IO_CREDS_PSW
90
- if : ' !isJenkins'
96
+ if : ' !isJenkins'
91
97
commented_out : true
92
98
93
99
- name : ARTIFACTORY_IO_CREDS
94
100
if : isJenkins
95
101
commented_out : true
96
102
- name : ARTIFACTORY_IO_CREDS_PSW
97
- if : ' !isJenkins'
103
+ if : ' !isJenkins'
98
104
commented_out : true
99
105
100
106
- name : NEXUS_IO_CREDS
101
107
if : isJenkins
102
108
commented_out : true
103
109
- name : NEXUS_IO_CREDS_PSW
104
- if : ' !isJenkins'
110
+ if : ' !isJenkins'
105
111
commented_out : true
106
112
107
113
- name : COSIGN_SECRET_PASSWORD
@@ -115,14 +121,40 @@ gitops_steps:
115
121
116
122
gitops_variables :
117
123
- name : COSIGN_PUBLIC_KEY
124
+ if : ' isGitHub || isAzure'
125
+ comment : Used to verify the image signature and attestation
126
+ - name : COSIGN_PUBLIC_KEY
127
+ if : ' !isGitHub && !isAzure'
128
+ commented_out : true
118
129
comment : Used to verify the image signature and attestation
119
130
120
131
- name : TRUSTIFICATION_BOMBASTIC_API_URL
132
+ if : ' isGitHub || isAzure'
133
+ comment : URL of the BOMbastic api host (e.g. https://sbom.trustification.dev)
134
+ - name : TRUSTIFICATION_BOMBASTIC_API_URL
135
+ if : ' !isGitHub && !isAzure'
136
+ commented_out : true
121
137
comment : URL of the BOMbastic api host (e.g. https://sbom.trustification.dev)
138
+
122
139
- name : TRUSTIFICATION_OIDC_ISSUER_URL
140
+ if : ' isGitHub || isAzure'
141
+ comment : URL of the OIDC token issuer (e.g. https://sso.trustification.dev/realms/chicken)
142
+ - name : TRUSTIFICATION_OIDC_ISSUER_URL
143
+ if : ' !isGitHub && !isAzure'
144
+ commented_out : true
123
145
comment : URL of the OIDC token issuer (e.g. https://sso.trustification.dev/realms/chicken)
146
+
124
147
- name : TRUSTIFICATION_OIDC_CLIENT_ID
148
+ if : ' isGitHub || isAzure'
149
+ - name : TRUSTIFICATION_OIDC_CLIENT_ID
150
+ if : ' !isGitHub && !isAzure'
151
+ commented_out : true
152
+
125
153
- name : TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION
154
+ if : ' isGitHub || isAzure'
155
+ - name : TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION
156
+ if : ' !isGitHub && !isAzure'
157
+ commented_out : true
126
158
127
159
# If the OCI registry is not public then ec needs some credentials so it can see the attestations.
128
160
# Todo: Use different credentials here so we provide read access only instead of read/write access.
@@ -174,24 +206,24 @@ gitops_secrets:
174
206
- name : IMAGE_REGISTRY_PASSWORD
175
207
if : ' !isGitHub && !isAzure'
176
208
commented_out : true
177
- comment : " Set this password for your specific registry"
209
+ comment : " Set this password for your specific registry"
178
210
# show all the values options in the jenkins file and other CIs
179
211
# this gives users a way to know what to set. Not perfect but better
180
- # to be documented
212
+ # to be documented
181
213
- name : QUAY_IO_CREDS
182
214
if : isJenkins
183
215
- name : QUAY_IO_CREDS_PSW
184
- if : ' !isJenkins'
185
- commented_out : true
216
+ if : ' !isJenkins'
217
+ commented_out : true
186
218
- name : ARTIFACTORY_IO_CREDS
187
219
if : isJenkins
188
220
commented_out : true
189
221
- name : ARTIFACTORY_IO_CREDS_PSW
190
- if : ' !isJenkins'
191
- commented_out : true
222
+ if : ' !isJenkins'
223
+ commented_out : true
192
224
- name : NEXUS_IO_CREDS
193
225
if : isJenkins
194
226
commented_out : true
195
227
- name : NEXUS_IO_CREDS_PSW
196
- if : ' !isJenkins'
228
+ if : ' !isJenkins'
197
229
commented_out : true
0 commit comments