@@ -10,15 +10,21 @@ The OpenShift Pipelines configuration is a requirement in order to support CI/CD
1010kubectl get route -n openshift-pipelines pipelines-as-code-controller
1111```
1212
13- 3 . Download ` cosign ` , which will be used to generate the updated ` signing-secrets ` .
13+ 3 . Download ` cosign ` depending on your platform , which will be used to generate the updated ` signing-secrets ` .
1414
1515```
1616curl -sL https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64 -o /usr/bin/cosign && chmod +x /usr/bin/cosign
1717```
1818
19- 4 . In your Operator's Namespace, delete (if exists) the ` signing-secrets ` Secret.
19+ or
2020
21- 5 . Generate the new ` signing-secrets ` inside the Operator's Namespace and patch the new secret as immutable:
21+ ```
22+ curl -sL https://github.com/sigstore/cosign/releases/latest/download/cosign-darwin-amd64 -o /usr/bin/cosign && chmod +x /usr/bin/cosign
23+ ```
24+
25+ 4 . In the ` openshift-pipelines ` Namespace, delete (if exists) the ` signing-secrets ` Secret.
26+
27+ 5 . Generate the new ` signing-secrets ` in the ` openshift-pipelines ` Namespace and patch the new secret as immutable:
2228
2329```
2430export KUBERNETES_SERVICE_PORT=<your-kubernetes-service port>
@@ -30,10 +36,10 @@ kubectl patch secret -n openshift-pipelines signing-secrets -o yaml --patch='{"i
30366 . Ensure that the ` tektonconfigs ` CRDs are available. You can verify that if the below command returns 1 as response:
3137
3238```
33- kubectl api-resources | grep -c "^ tektonconfigs "
39+ kubectl api-resources | grep " tektonconfigs"
3440```
3541
36- 7 . Update the ` TektonConfig ` , by enabling the necessary resolvers and use a targeted namespace :
42+ 7 . Update the ` TektonConfig ` , by enabling the necessary resolvers:
3743
3844```
3945kubectl patch tektonconfig config --type 'merge' --patch "$( cat <<EOF
@@ -74,7 +80,7 @@ export GITHUB_APP_APP_ID=<your-github-app's-app-id-value>
7480export GITHUB_APP_PRIVATE_KEY="
7581<your-multi-lined-github-app-private-key>
7682"
77- kubectl -n "$PIPELINES_NAMESPACE" create secret generic pipelines-as-code-secret \
83+ kubectl -n openshift-pipelines create secret generic pipelines-as-code-secret \
7884 --from-literal github-application-id="$GITHUB_APP_APP_ID" \
7985 --from-literal github-private-key="$GITHUB_APP_PRIVATE_KEY" \
8086 --from-literal webhook.secret="$GITHUB_APP_WEBHOOK_SECRET"
@@ -83,7 +89,7 @@ kubectl -n "$PIPELINES_NAMESPACE" create secret generic pipelines-as-code-secret
838910 . Fetch the codesign public key from the ` signing-secrets ` Secret inside the Operator's Namespace.
8490
8591```
86- export COSIGN_SIGNING_PUBLIC_KEY=$(kubectl get secrets -n $PIPELINES_NAMESPACE signing-secrets -o jsonpath='{.data.cosign\.pub}')
92+ export COSIGN_SIGNING_PUBLIC_KEY=$(kubectl get secrets -n openshift-pipelines signing-secrets -o jsonpath='{.data.cosign\.pub}')
8793cat <<EOF | kubectl apply -f - >/dev/null
8894apiVersion: v1
8995data:
@@ -106,14 +112,14 @@ EOF
106112kubectl -n $APP_NAMESPACE create secret generic pipelines-secret --from-literal=webhook.secret=$GITHUB_APP_WEBHOOK_SECRET
107113```
108114
109- 12 . Similarly with the previous step, create the ` image-registry-token ` in your application's Namespace, containing the docker ` config.json ` file of your Quay.io account (see more info [ here] ( https://docs.redhat.com/en/documentation/red_hat_quay/3.6/html-single/use_red_hat_quay/index#allow-robot-access-user-repo ) ):
115+ 12 . Similarly with the previous step, create the ` ai-lab- image-registry-token` in your application's Namespace, containing the docker ` config.json ` file of your Quay.io account (see more info [ here] ( https://docs.redhat.com/en/documentation/red_hat_quay/3.6/html-single/use_red_hat_quay/index#allow-robot-access-user-repo ) ):
110116
111117```
112118export IMAGE_REGISTRY_TOKEN_SECRET="ai-lab-image-registry-token"
113119kubectl -n $APP_NAMESPACE create secret docker-registry "$IMAGE_REGISTRY_TOKEN_SECRET" --from-file=.dockerconfigjson=<your-docker-config.json-file-path>
114120```
115121
116- 13 . Patch the ` default ` and ` pipeline ` ServiceAccounts by adding to them the image registry token secret created above:
122+ 1 . Patch the ` default ` and ` pipeline ` ServiceAccounts in your application Namespace by adding the image registry token secret created above:
117123
118124```
119125for SA in default pipeline; do
0 commit comments