Update config for secrets

Author: ThomasVitale

.github/workflows/release.yml

@@ -18,6 +18,6 @@ jobs:
       registry-server: ghcr.io
       registry-username: ${{ github.actor }}
       image: ${{ github.repository }}
-      version: 0.1.0
+      version: 0.1.1
     secrets:
       pull-request-token: ${{ secrets.GH_ORG_PAT }}

README.md

@@ -109,12 +109,13 @@ The Workspace Provisioner package has the following configurable properties.
 | `namespaces` | `[]` | Configuration for the namespaces the platform will provision and manage. |
 | `service_account` | `default` | The `ServiceAccount` to be configured with credentials and roles in each workspace. |
 | `oci_registry.secret.name` | `""` | The name of the Secret holding the credentials to access the OCI registry. **Required**. |
+| `oci_registry.secret.namespace` | `""` | The namespace of the Secret holding the credentials to access the OCI registry. **Required**. |
 | `cosign.secret.name` | `""` | The name of the Secret holding the Cosign key pair. |
 | `cosign.secret.namespace` | `""` | The namespace of the Secret holding the Cosign key pair. |
 | `git.server` | `https://github.com` | The Git server hosting the Git repositories used in the GitOps workflows. |
 | `git.credentials.username` | `""` | The username to access the Git repositories. |
 | `git.credesntials.password` | `""` | The password to access the Git repositories. |
-| `git.secret.name` | `""` | The name of the Secret holding the Git credentials. |
+| `git.secret.name` | `supply-chain-git-credentials` | The name of the Secret holding the Git credentials. |
 
 </details>
 

package/config/setup-namespaces.yml

@@ -8,6 +8,31 @@
 #@   return data.values.git.server != "" and data.values.git.credentials.username != "" and data.values.git.credentials.password != ""
 #@ end
 
+#! SECRET EXPORTS
+
+---
+apiVersion: secretgen.carvel.dev/v1alpha1
+kind: SecretExport
+metadata:
+  name: #@ data.values.oci_registry.secret.name
+  namespace: #@ data.values.oci_registry.secret.namespace
+spec:
+  toNamespaces:
+    - "*"
+
+#@ if/end is_cosign_secret_available():
+---
+apiVersion: secretgen.carvel.dev/v1alpha1
+kind: SecretExport
+metadata:
+  name: #@ data.values.cosign.secret.name
+  namespace: #@ data.values.cosign.secret.namespace
+spec:
+  toNamespaces:
+    - "*"
+
+#! NAMESPACES
+
 #@ for namespace in data.values.namespaces:
 
 ---

package/config/values-schema.yml

@@ -16,6 +16,9 @@ oci_registry:
     #@schema/desc "The name of the Secret holding the credentials to access the OCI registry."
     #@schema/validation min_len=1
     name: ""
+    #@schema/desc "The namespace of the Secret holding the credentials to access the OCI registry."
+    #@schema/validation min_len=1
+    namespace: ""
 
 #@schema/desc "Settings for Cosign, used for signing and verifying OCI artifacts."
 cosign:
@@ -40,4 +43,4 @@ git:
   secret:
     #@schema/desc "The name of the Secret holding the Git credentials."
     #@schema/validation when=lambda _, ctx: ctx.root["git"]["credentials"]["username"] != "" and ctx.root["git"]["credentials"]["password"] != ""
-    name: ""
+    name: supply-chain-git-credentials

test/integration/default/config/values.yml

@@ -11,3 +11,4 @@ stringData:
     oci_registry:
       secret:
         name: supply-chain-registry-credentials
+        namespace: kadras-packages

test/unit/config/values.yml

@@ -2,3 +2,4 @@
 oci_registry:
   secret:
     name: supply-chain-registry-credentials
+    namespace: kadras-packages