Add trusted-ca configMap and require parameters.

rnc · rnc · commit c434f83ee013 · 2024-11-07T09:11:38.000Z
diff --git a/deploy/tasks/maven-deployment.yaml b/deploy/tasks/maven-deployment.yaml
@@ -41,9 +41,25 @@ spec:
       description: Name of the processor image. Useful to override for development.
       type: string
       default: "quay.io/redhat-user-workloads/konflux-jbs-pnc-tenant/jvm-build-service/build-request-processor:latest"
+    - name: caTrustConfigMapKey
+      description: The name of the key in the ConfigMap that contains the
+        CA bundle data.
+      type: string
+      default: ca-bundle.crt
+    - name: caTrustConfigMapName
+      description: The name of the ConfigMap to read CA bundle data from.
+      type: string
+      default: trusted-ca
   volumes:
     - name: workdir
       emptyDir: {}
+    - name: trusted-ca
+      configMap:
+        name: $(params.caTrustConfigMapName)
+        items:
+          - key: $(params.caTrustConfigMapKey)
+            path: ca-bundle.crt
+        optional: true
   stepTemplate:
     volumeMounts:
       - mountPath: /var/workdir
@@ -74,6 +90,10 @@ spec:
         requests:
           cpu: 10m
           memory: 512Mi
+      volumeMounts:
+        - mountPath: /mnt/trusted-ca
+          name: trusted-ca
+          readOnly: true
       env:
         - name: MAVEN_PASSWORD
           valueFrom:
@@ -88,3 +108,13 @@ spec:
         - --mvn-repo=$(params.MVN_REPO)
         - --mvn-username=$(params.MVN_USERNAME)
         - --server-id=$(params.MVN_SERVER_ID)
+      script: |
+        #!/bin/bash
+        set -e
+        ca_bundle=/mnt/trusted-ca/ca-bundle.crt
+        if [ -f "$ca_bundle" ]; then
+          echo "INFO: Using mounted CA bundle: $ca_bundle"
+          cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors
+          update-ca-trust
+        fi
+        /opt/jboss/container/java/run/run-java.sh $@
diff --git a/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/deploy/DeployCommand.java b/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/deploy/DeployCommand.java
@@ -19,7 +19,7 @@
 @CommandLine.Command(name = "deploy")
 public class DeployCommand implements Runnable {
 
-    @CommandLine.Option(names = "--directory")
+    @CommandLine.Option(names = "--directory", required = true)
     String artifactDirectory;
 
     // Maven Repo Deployment specification
@@ -35,7 +35,7 @@ public class DeployCommand implements Runnable {
     @CommandLine.Option(names = "--mvn-settings")
     String mvnSettings;
 
-    @CommandLine.Option(names = "--mvn-repo")
+    @CommandLine.Option(names = "--mvn-repo", required = true)
     String mvnRepo;
 
     @CommandLine.Option(names = "--server-id")
@@ -91,12 +91,9 @@ public void run() {
                     System.setProperty("maven.settings", settings.toString());
                 }
             }
-            if (isNotEmpty(mvnRepo)) {
-                // Maven Repo Deployment
-                MavenRepositoryDeployer deployer = new MavenRepositoryDeployer(mvnCtx, mvnUser, mvnPassword.orElse(""), mvnRepo, serverId, deploymentPath);
-                deployer.deploy();
-            }
-
+            // Maven Repo Deployment
+            MavenRepositoryDeployer deployer = new MavenRepositoryDeployer(mvnCtx, mvnUser, mvnPassword.orElse(""), mvnRepo, serverId, deploymentPath);
+            deployer.deploy();
         } catch (Exception e) {
             Log.error("Deployment failed", e);
             throw new RuntimeException(e);
