fix RHTAPBUGS-1305 setup git credential helper for private repos

pipelines/docker-build-rhtap/README.md

@@ -18,6 +18,7 @@
 ### acs-deploy-check:0.1 task parameters
 |name|description|default value|already set by|
 |---|---|---|---|
+|gitops-auth-secret-name| Secret of basic-auth type containing credentials to clone the gitops repository. | gitops-auth-secret| |
 |gitops-repo-url| URL of gitops repository to check.| None| '$(params.git-url)-gitops'|
 |insecure-skip-tls-verify| When set to `"true"`, skip verifying the TLS certs of the Central endpoint. Defaults to `"false"`. | false| 'true'|
 |rox-secret-name| Secret containing the StackRox server endpoint and API token with CI permissions under rox-api-endpoint and rox-api-token keys. For example: rox-api-endpoint: rox.stackrox.io:443 ; rox-api-token: eyJhbGciOiJS... | None| '$(params.stackrox-secret)'|

task/acs-deploy-check/0.1/acs-deploy-check.yaml

@@ -30,13 +30,22 @@ spec:
       default: 'false'
       description: |
         When set to `"true"`, skip verifying the TLS certs of the Central endpoint. Defaults to `"false"`.
+    - name: gitops-auth-secret-name
+      type: string
+      default: gitops-auth-secret
+      description: |
+        Secret of basic-auth type containing credentials to clone the gitops repository.
   volumes:
     - name: repository
       emptyDir: {}
     - name: rox-secret
       secret:
         secretName: $(params.rox-secret-name)
         optional: true
+    - name: gitops-auth-secret
+      secret:
+        secretName: $(params.gitops-auth-secret-name)
+        optional: true
   steps:
     - name: annotate-task
       image: registry.redhat.io/openshift4/ose-cli:4.13@sha256:73df37794ffff7de1101016c23dc623e4990810390ebdabcbbfa065214352c7c
@@ -55,6 +64,8 @@ spec:
           mountPath: /workspace/repository
         - name: rox-secret
           mountPath: /rox-secret
+        - name: gitops-auth-secret
+          mountPath: /gitops-auth-secret
       workingDir: /workspace/repository
       env:
         - name: PARAM_INSECURE_SKIP_TLS_VERIFY
@@ -65,6 +76,18 @@ spec:
         #!/usr/bin/env bash
         set +x
 
+        # Check if credentials for cloning private repo are provided. Do nothing otherwise - probably public repo
+        if test -f /gitops-auth-secret/password ; then
+
+          password=$(cat /gitops-auth-secret/password)
+          if test -f /gitops-auth-secret/username ; then
+            username=$(cat /gitops-auth-secret/username)
+            HOSTNAME=$(echo "${PARAM_GITOPS_REPO_URL}" | awk -F/ '{print $3}')
+            echo "https://${username}:${password}@${HOSTNAME}" > "${HOME}/.git-credentials"
+          fi
+          echo -e "[credential \"https://${HOSTNAME}\"]\n  helper = store" > "${HOME}/.gitconfig"
+        fi
+
         # Check if rox API enpoint is configured
         if test -f /rox-secret/rox-api-endpoint ; then
           export ROX_CENTRAL_ENDPOINT=$(</rox-secret/rox-api-endpoint)

task/update-deployment/0.1/update-deployment.yaml

@@ -40,11 +40,13 @@ spec:
           password=$(cat /gitops-auth-secret/password)
           if test -f /gitops-auth-secret/username ; then
             username=$(cat /gitops-auth-secret/username)
-            echo "https://${username}:${password})@${hostname}" > "${HOME}/.git-credentials"
+            hostname=$(echo "${PARAM_GITOPS_REPO_URL}" | awk -F/ '{print $3}')
+            echo "https://${username}:${password}@${hostname}" > "${HOME}/.git-credentials"
             origin_with_auth=https://${username}:${password}@${remote_without_protocol}.git
           else
             origin_with_auth=https://${password}@${remote_without_protocol}.git
           fi
+           printf "[credential \"https://%s\"]\n  helper = store" "${hostname}" > "${HOME}/.gitconfig"
         else
           echo "git credentials to push into gitops repository ${PARAM_GITOPS_REPO_URL} is not configured."
           echo "gitops repository is not updated automatically."