Chapter 1. Customizing sample software templates

Procedure

1. Clone your forked tssc-sample-templates repository, and then open it in your preferred text editor, such as Visual Studio Code.

2. Locate the properties file within your project directory. This file stores the default values that you can customize. Open it for editing and update the following key-value pairs according to your environment.

   Expand

   Key	Description
   export GITHUB_DEFAULT_HOST	Set this to your on-prem GitHub host fully qualified domain name. That is, the URL without the HTTP protocol and without the .git extension. For example github-github.apps.cluster-ljg9z.sandbox219.opentlc.com. Default is github.com.
   export GITLAB_DEFAULT_HOST	Set this to your on-prem GitLab host host fully qualified domain name. That is, the URL without the HTTP protocol and without the .git extension. For example gitlab-gitlab.apps.cluster-ljg9z.sandbox219.opentlc.com. Default is gitlab.com.
   export QUAY_DEFAULT_HOST	The default Quay URL corresponds to your specific on-prem image registry URL without the HTTP protocol. For example, quay-tv2pb.apps.cluster-tv2pb.sandbox1194.opentlc.com. The default quay host is quay.io.
   export DEFAULT_DEPLOYMENT_NAMESPACE_PREFIX	The namespace prefix for deployments within RHTAP. Default is rhtap-app. Note Update this if you have modified the default trusted-application-pipeline: namespace during the RHTAP installation process.
   export PIPELINE_REPO_URL	The URL of the forked pipeline repository. For example, https://github.com/redhat-appstudio/tssc-sample-pipelines.
   export PIPELINE_REPO_BRANCH	The branch of the forked pipeline repository to which you want to point. For example, main.
   export GITHUB_DEFAULT_ORG	The name of your GitHub organization that you want to set as default.
   export QUAY_DEFAULT_ORG	The name of your Quay organization that you want to set as default.

   Show more

   Figure 1.1. The properties file

   

   View larger image

   

3. Run the generate.sh script in your terminal. This action adjusts the software templates, replacing default host values with your specified inputs.

   ./generate.sh

   Copy to Clipboard Toggle word wrap

   Figure 1.2. The generate.sh script

   

   View larger image

   

4. For Jenkins only: To customize your Jenkins library, navigate to skeleton > ci > gitops-template > jenkins, and open Jenkinsfile. Replace the remote URL with the URL of your forked repository. For example, remote: 'https://github.com/<username>/tssc-sample-jenkins.git'.

   Additionally, if your Jenkins is on a non-local OpenShift instance, and your Rekor and TUF services are on different clusters, update the REKOR_HOST and TUF_MIRROR environment variables. You can configure these variables in the env.sh file within the component repository or set them as environment variables or secrets in Jenkins. This configuration ensures that your external Jenkins server can communicate with Rekor and TUF installed with RHTAP. Without this, RHTAP might not sign container images correctly in the Jenkins pipeline.

   To update the REKOR_HOST and TUF_MIRROR variables:

   1. Open the env.sh file via skeleton > ci > gitops-template > jenkins > rhtap.

      The second env.sh file is located at skeleton > ci > source-repo > jenkins > rhtap. Pick the one that suits your needs or update both.

      In env.sh, review the default values for REKOR_HOST and TUF_MIRROR:

      REKOR_HOST=http://rekor-server.rhtap-tas.svc
      TUF_MIRROR=http://tuf.rhtap-tas.svc

      Copy to Clipboard Toggle word wrap

   2. Replace .svc with your OpenShift cluster URL. The .svc domain refers to the local cluster, and internal services can access other services with .svc in their routes, but an external Jenkins cannot.

      The correct routes of the Rekor and TUF services are printed as part of the installation process of RHTAP. If these data aren’t available to you, run this command in your CLI and select the Rekor and TUF routes in the output:

      $ oc get routes -n rhtap-tas

      Copy to Clipboard Toggle word wrap

      An example of a Rekor server URL: http://rekor-server.rhtap-tas.apps.rosa.j6ufg-t3htv-ts6.z797.p3.openshiftapps.com.

   Note
   • To configure environment variables or secrets in Jenkins see, Adding secrets to Jenkins for secure integration with external tools.
   • By default, RHTAP uses dynamically loaded Jenkins libraries. If you need to configure RHTAP to use built-in Jenkins libraries instead of dynamic loading, you must modify the Jenkins provisioning setup. This change can improve traceability and Red Hat Enterprise Contract (Enterprise Contract) attestations. For detailed instructions, see Configuring RHTAP to use built-in Jenkins libraries.
5. For RHACS only: To enable RHACS scans, set the export DISABLE_ACS to false in the env.sh file.

6. Commit and push the changes to your repository. This automatically updates the template in RHDH. Alternatively, you can import and refresh a single or all customized templates directly in RHDH.

   1. Go to your forked sample template repository on your Git provider.
   2. For a single template, from the templates directory, select template.yaml. Copy its URL from the browser address bar. For example, https://github.com/<username>/tssc-sample-templates/blob/main/templates/devfile-sample-code-with-quarkus-dance/template.yaml. Otherwise, for all the templates, select all.yaml and copy its URL from the browser address bar. For example, https://github.com/<username>/tssc-sample-templates/blob/main/all.yaml.
   3. Switch back to RHDH platform.
   4. Select Create > Register Existing Component.
   5. In the Select URL field, paste the appropriate URL that you copied in Step 4b.
   6. Select Analyze and then select Import to update the templates in RHDH.