Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Customizing Red Hat Advanced Developer Suite - software supply chain

Red Hat Advanced Developer Suite - software supply chain 1.8

Learn how to customize default software templates and build pipeline configurations.

Red Hat Advanced Developer Suite - software supply chain Documentation Team

Abstract

This document provides instructions for cluster administrators on customizing RHADS - SSC's software templates, build pipelines, and integrations to better align with the unique requirements of your on-prem environments.

Preface
Copy link

While RHADS - SSC includes ready-to-use pipeline templates, you can fully customize them for your environment. Learn how to add security checks, modify deployment processes, and integrate external tools.

Chapter 1. Customizing sample software templates
Copy link

Learn how to customize software templates for your on-premise environment. As a cluster administrator, you have full control over modifying metadata and specifications to align with your deployment needs.

Prerequisites

Before customizing the sample software templates, ensure you have the following prerequisites in place:

  • You have used the forked repository URL from the tssc-sample-templates during installation.
  • The forked tssc-sample-templates repository is up to date with the upstream repository.
  • You have cloned the tssc-sample-templates repository to your local machine.

Procedure

  1. Navigate to the cloned tssc-sample-templates repository on your local machine.

  2. Open the properties file with your preferred text editor. For example, run the following command in your terminal to open it with Visual Studio Code: 

    $ code properties
    Copy to Clipboard Toggle word wrap 
    # PE can replace these values with on-prem host
export GITHUB__DEFAULT__HOST=github.com
export GITLAB__DEFAULT__HOST=gitlab.com
export BITBUCKET__DEFAULT__HOST=bitbucket.org

export QUAY__DEFAULT__HOST=quay.io

# leave empty if you don't want to set defaults for your git or quay org
export GITHUB__DEFAULT__ORG=""
export GITLAB__DEFAULT__ORG=""
export BITBUCKET__DEFAULT__ORG=""
export QUAY__DEFAULT__ORG=""

# PE can replace these values with own pipeline fork
export PIPELINE__REPO__URL=https://github.com/redhat-appstudio/tssc-sample-pipelines
export PIPELINE__REPO__BRANCH=main

export DEFAULT__DEPLOYMENT__NAMESPACE__PREFIX=tssc-app

export RHTAP__DEFAULT__NAMESPACE=tssc
export ARGOCD__DEFAULT__NAMESPACE=tssc-gitops
export ARGOCD__DEFAULT__INSTANCE=default
export ARGOCD__DEFAULT__PROJECT=default


# For secret reference in Repository CRs
# Secret will be prefixed by CI name, gitops (for github), or gitlab, or bitbucket in template
# export GIT__SECRET__DEFAULT__NAME=auth-secret
export GIT__SECRET__DEFAULT__KEY=password
export WEBHOOK__SECRET__DEFAULT__NAME=pipelines-secret
export WEBHOOK__SECRET__DEFAULT__KEY=webhook.secret

# compute the template tag to set defaults, leave empty if not set
if [ ! -z "${GITHUB__DEFAULT__ORG}" ]; then
export DEFAULT_ORG_FOR_GITHUB="default: $GITHUB__DEFAULT__ORG"
fi
if [ ! -z "${GITLAB__DEFAULT__ORG}" ]; then
export DEFAULT_ORG_FOR_GITLAB="default: $GITLAB__DEFAULT__ORG"
fi
if [ ! -z "${BITBUCKET__DEFAULT__ORG}" ]; then
export DEFAULT_ORG_FOR_BITBUCKET="default: $BITBUCKET__DEFAULT__ORG"
fi
if [ ! -z "${QUAY__DEFAULT__ORG}" ]; then
export DEFAULT_ORG_FOR_QUAY="default: $QUAY__DEFAULT__ORG"
fi
    Copy to Clipboard Toggle word wrap

  3. Customize the properties file by updating the following key-value pairs according to your environment:

    Expand
    KeyDescription

    export GITHUB_DEFAULT_HOST

    Set this to your on-premise GitHub host fully qualified domain name. That is, the URL without the HTTP protocol and without the .git extension. For example github-github.apps.cluster-ljg9z.sandbox219.opentlc.com. The default value is github.com.

    export GITLAB_DEFAULT_HOST

    Set this to your on-premise GitLab host fully qualified domain name. That is, the URL without the HTTP protocol and without the .git extension. For example gitlab-gitlab.apps.cluster-ljg9z.sandbox219.opentlc.com. The default value is gitlab.com.

    export DEFAULT_DEPLOYMENT_NAMESPACE_PREFIX

    The namespace prefix for deployments within RHADS - SSC. The default value is tssc-app.

    Note

    Update this if you have modified the default developerHub: namespacePrefixes during the installation process.

    export PIPELINE_REPO_URL

    The URL of the forked pipeline repository. For example, https://github.com/redhat-appstudio/tssc-sample-pipelines.

    export PIPELINE_REPO_BRANCH

    The target branch of the forked pipeline repository. For example, main.

    export GITHUB_DEFAULT_ORG

    The name of the GitHub organization that you want to set as the default.

    export QUAY_DEFAULT_ORG

    The name of the Quay organization that you want to set as the default.

  4. Adjust the software templates, replacing default host values with your specified inputs by running the following command from the top-level directory of the repository: 

    $ ./generate.sh
    Copy to Clipboard Toggle word wrap

  5. For Jenkins only

    If your Jenkins instance is not deployed to an on-premise OpenShift Container Platform (OCP) instance, and your Rekor and TUF services are on different clusters, update the REKOR_HOST and TUF_MIRROR environment variables. You can configure these variables in the env.sh file within the component repository or set them as environment variables or secrets in Jenkins.

    This configuration ensures that the external Jenkins server can communicate with the Rekor and TUF services installed with RHADS - SSC. Without this customization, RHADS - SSC might not sign the container images correctly in the Jenkins pipeline.

    To update the REKOR_HOST and TUF_MIRROR variables:

    1. Open the env.sh file by navigating to the skeleton > ci > gitops-template > jenkins > tssc directory.

      The second env.sh file is located at skeleton > ci > source-repo > jenkins > tssc. Update the settings to suit your needs.

      In env.sh, review the default values for REKOR_HOST and TUF_MIRROR: 

      REKOR_HOST=http://rekor-server.tssc-tas.svc
TUF_MIRROR=http://tuf.tssc-tas.svc
      Copy to Clipboard Toggle word wrap

    2. Replace .svc with your OCP cluster URL. The .svc domain refers to the local cluster, and internal services can access other services with .svc in their routes, but an external Jenkins cannot.

      The correct routes of the Rekor and TUF services are printed as part of the installation process of RHADS - SSC. If these data aren’t available to you, run this command in your CLI and select the Rekor and TUF routes in the output: 

      $ oc get routes -n tssc-tas
      Copy to Clipboard Toggle word wrap

      An example of a Rekor server URL: http://rekor-server.tssc-tas.apps.rosa.j6ufg-t3htv-ts6.z797.p3.openshiftapps.com.

      Note
  6. For Red Hat Advanced Cluster Security (RHACS) only: To enable RHACS scans, set the export DISABLE_ACS to false in the env.sh file.
  7. Option A: Commit and push the changes to your repository. This automatically updates the template in Red Hat Developer Hub (RHDH).

  8. Option B: Manually import and refresh the templates using the following steps:

    1. Go to your forked sample template repository on your Git provider.

    2. Get the appropriate URL:

    3. Switch back to the RHDH platform.
    4. Select Create > Register Existing Component.
    5. In the Select URL field, paste the appropriate URL that you copied in the previous step.
    6. Select Analyze and then select Import to update the templates in RHDH.

Verification

  • Consider creating an application to explore the impact of your template customization.

Chapter 2. About sample pipelines
Copy link

Learn how to update the Pipeline as Code (pac) URLs within the sample templates repository and customize the sample pipelines repository to match your workflow. By customizing the pac URLs, you can integrate custom pipelines tailored to your CI/CD requirements.

The sample pipelines repository provides functional templates, which you can customize for your organization’s specific CI/CD workflows. The sample pipelines repository includes several key pipeline templates in the pac directory:

  • gitops-repo: This directory holds the pipeline definitions for validating pull requests within your GitOps repository. It triggers the gitops-pull-request pipeline, located in the pipelines directory, validating that image updates comply with organizational standards. This setup is crucial for 'promotion' workflows, where an application’s deployment state advances sequentially through environments, such as from development to staging or from staging to production. For more information about pipeline definitions in gitops-repo, refer Gitops Pipelines.
  • pipelines: This directory houses the implementations of build and validation pipelines that are referenced by the event handlers in both the gitops-repo and source-repo. By examining the contents of this directory, you can understand the specific actions performed by the pipelines, including how they contribute to the secure promotion and deployment of applications.
  • source-repo: This directory focuses on Dockerfile-based secure supply chain software builds. It includes pipeline definitions for cloning the source, generating and signing artifacts (such as .sig for image signature, .att for attestation, and .sbom for Software Bill of Materials), and pushing these to the user’s image registry. For more information about pipeline definitions in source-repo, refer Shared Git resolver model for shared pipeline and tasks.
  • tasks: This directory houses a collection of tasks that can be added or modified, aligning with organizational needs. For example, Advanced Cluster Security (ACS) tasks can be substituted with alternative checks, or entirely new tasks can be integrated into the pipeline to enhance its functionality and compliance.

Chapter 3. Customizing sample pipelines
Copy link

Update the Pipeline as Code (pac) URLs within the sample templates repository. Then, customize the sample pipelines repository to match your workflow as needed. By customizing pac URLs, you can integrate custom pipelines tailored to your continuous integration and continuous delivery (CI/CD) requirements.

Prerequisites

Before customizing the sample pipelines, you must ensure you have the following prerequisites in place:

Procedure

  1. Access the forked tssc-sample-pipelines repository URL:

    1. Open the forked tssc-sample-pipelines repository.
    2. Copy the complete URL from the address bar. For example, https://github.com/<username>/tssc-sample-pipelines.

  2. Update pac URLs in the tssc-sample-templates repository:

    1. In your terminal, navigate to the local clone of the tssc-sample-templates repository.

    2. Update the Tekton definition by running the following command: 

      ./scripts/update-tekton-definition {fork_url} {branch_name}
      Copy to Clipboard Toggle word wrap

      Replace {fork_url} with the copied URL from step 1 and {branch_name} with the desired branch name. For example, to update the Tekton definition, run the following command: 

      $ .scripts/update-tekton-definition \https://github.com/myusername/tssc-sample-pipelines main
      Copy to Clipboard Toggle word wrap

  3. Review, commit, and push your changes:

    1. Review the updated files within the tssc-sample-templates repository.
    2. Commit the changes with an appropriate message.
    3. Push the committed changes to the forked repository.

Verification

  • Consider creating an application to explore the impact of your template and pipeline customizations.

When customizing pipelines in GitLab, rebuilding the container image is a critical step to ensure your changes are included in the updated workflow.

Pipelines in GitLab rely on a specific container image, such as the GitLab runner image, to run the tasks defined in your CI/CD workflow. The GitLab runner image provides the necessary tools, configuration, and scripts required for your pipeline to run. If you modify tasks in the pipeline, you must update and rebuild the container image to include those changes. This ensures that the pipeline tasks are properly executed when the pipeline is triggered.

Rebuilding the container image involves the following steps:

  • Running podman to extract the existing pipeline files.
  • Customizing the pipeline tasks with your requirements.
  • Rebuilding the container image.
  • Pushing the updated image to a container registry.

Prerequisites

Before making changes, ensure that:

  • You have podman installed on your system.
  • You have login credentials for Quay.io to push the updated image.
  • You have forked and cloned the Sample templates repository.
  • Your forked repository is up to date and synced with the upstream repository.

Procedure

  1. Create a directory for the build resources. The location of the directory depends on your role:

    • Platform engineer: If you are rebuilding the image to update the default pipeline for your organization, you can create the directory within the location where you forked the tssc-sample-templates repository. For example, rebuild-image.

    • Developers: If you are rebuilding the image for your own use or a specific project, create a directory in a location outside the organization-wide fork of tssc-sample-templates to avoid conflicts. 

      $ mkdir rebuild-image
      Copy to Clipboard Toggle word wrap

  2. Run the following command and copy the container image URL: 

    $ less ../tssc-sample-templates/skeleton/ci/source-repo/gitlabci/.gitlab-ci.yml
    Copy to Clipboard Toggle word wrap 
    image: quay.io/redhat-tssc/task-runner/
    Copy to Clipboard Toggle word wrap

  3. Copy the existing pipeline content locally by running the following command: 

    $ podman run -v $(pwd):/pwd:z <The_url_you_copied_in_step_2> cp -r /work/tssc /pwd
    Copy to Clipboard Toggle word wrap

    This command starts the container by using the <the_url_you_copied_in_step_2> image. It then copies the pipeline files from /work/tssc inside the container to your working directory ($(pwd)). Additionally, if you are not on a system with SELinux enabled (for example, Fedora, RHEL, or CentOS), remove the :z option in the command to ensure compatibility.

  4. Navigate to the rhtap directory and customize the pipelines tasks as required.

  5. Create a Dockerfile in the rebuild-image directory and add the following content to include your changes in the container. Additionally, the base image quay.io/redhat-tssc/task-runner:1.8 is built on ubi/ubi-minimal, which provides a lightweight Universal Base Image (UBI). If you need to install additional software and dependencies, use microdnf. For example, example command: 

    FROM quay.io/redhat-tssc/task-runner:1.8

COPY ./tssc /work/tssc

RUN microdnf -y install make
    Copy to Clipboard Toggle word wrap
    FROM
    Uses the existing rhtap-runner container as the starting point.
    COPY
    Copies the updated pipeline tasks from the local rhtap folder into the /work/tssc directory inside the container.
    RUN
    Demonstrates the use of the microdnf to install additional software or dependencies.

  6. Build the new container image by running the following command: 

    $ podman build -f Dockerfile -t quay.io/<namespace>/<new_image_name>
    1
    Copy to Clipboard Toggle word wrap

    The -f Dockerfile option specifies the Dockerfile to use to build the container image. The -f option allows you to explicitly point to the Dockerfile if it’s not named Dockerfile or is located in a different directory. The -t quay.io/<namespace>/<new_image_name> option assigns a tag (name) to the container image for easy identification.

  7. Login to Quay.io by running the following command: 

    $ podman login quay.io
    Copy to Clipboard Toggle word wrap

  8. Push the updated image by running the following command: 

    $ podman push quay.io/<namespace>/<new_image_name>
    Copy to Clipboard Toggle word wrap

    This uploads the customized container image to Quay.io, making it available for use in GitLab pipelines.

  9. Platform engineer only: Navigate to the .gitlab-ci.yml in the tssc-sample-templates > skeleton > ci > source-repo > gitlabci > directory and replace the container image URL with the one you just created. This makes the new container image the default. 

    image: quay.io/<namespace>/<new_image_name>
    Copy to Clipboard Toggle word wrap

  10. For developers only: To update the container image just for a single repository in GitLab, navigate to the source repository > .gitlab-ci.yaml and replace the container image URL with the one you just created. 

    image: quay.io/<namespace>/<new_image_name>
    Copy to Clipboard Toggle word wrap
  11. Commit and push the changes to apply the updated pipeline configuration.

Chapter 5. Image registry detection in RHDH
Copy link

Red Hat Developer Hub displays the Image Registry tab on a component page to provide information about container images stored in an artifact registry. Red Hat Advanced Developer Suite (RHADS) automatically detects the registry type by analyzing the URL in the component source code.

If a registry URL contains "quay", "jfrog", or "artifactory", RHADS automatically adds the corresponding annotation to the catalog-info.yaml file in the application’s Git repository. However, if the registry URL does not contain these specific strings, the registry type cannot be detected automatically, and the Image Registry tab does not appear.

In cases where the tab is missing, you can enable it using one of the following methods:

  • Manually enable the tab for a specific existing component.
  • Modify the registry detection script in your software templates to support automatic detection for all future components.

If the Image Registry tab is missing for a specific component, you can manually add the required annotations to the component’s metadata. You must repeat this procedure for every affected component.

Procedure

  1. In the Git repository containing your component, navigate to skeleton > source-repo and open the catalog-info.yaml file.

  2. Add the annotation relevant to your registry provider to the metadata section:

    For Quay: 

    metadata:
    annotations:
        'quay.io/repository-slug': '<ORGANIZATION>/<REPOSITORY>'
    Copy to Clipboard Toggle word wrap

    For JFrog Artifactory: 

    metadata:
    annotations:
        'jfrog-artifactory/image-name': '<IMAGE-NAME>'
    Copy to Clipboard Toggle word wrap
  3. Commit and push the changes to the repository.

Verification

  • Select the component in the RHADS - SSC UI where the Image Registry tab was missing. The tab menu now displays the Image Registry tab.

Red Hat Advanced Developer Suite (RHADS) software templates use patterns to identify Quay or JFrog Artifactory registries. If your registry URL does not match the default patterns, you can update the template detection script to ensure all new components are annotated correctly and display the Image Registry tab automatically.

Prerequisites

Procedure

  1. In the GitHub repository containing your templates, navigate to skeleton > source-repo and open the catalog-info.yaml file.

  2. Locate the code block related to registry detection: 

      {%- if "quay" in values.image %}
    quay.io/repository-slug: ${{ values.repoSlug }}

  {%- elif "jfrog" in values.image or "artifactory" in values.image %}
    jfrog-artifactory/image-name: ${{ values.imageName }}
    Copy to Clipboard Toggle word wrap

  3. Replace "quay", "jfrog", or "artifactory" with the unique part of your registry URL.

    For example, if your Artifactory registry is named my-registry.mycompany.com, your image names might be my-registry.mycompany.com followed by the username and image name. You can add my-registry.mycompany to the catalog-info.yaml detection logic.

Verification

  • Create a new component using the updated template. The Image Registry tab is displayed automatically in the Red Hat Developer Hub UI.

Revised on 2026-02-04 23:23:55 UTC

Legal Notice
Copy link

Copyright © Red Hat.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top