// This module is included in the following assembly: // // *openshift-docs/cicd/pipelines/authenticating-pipelines-using-git-secret.adoc :_mod-docs-content-type: PROCEDURE [id="op-configuring-basic-authentication-for-git_{context}"] = Configuring basic authentication for Git [role="_abstract"] For a pipeline to retrieve resources from password-protected repositories, you must configure the basic authentication for that pipeline. To configure basic authentication for a pipeline, update the `secret.yaml`, `serviceaccount.yaml`, and `run.yaml` files with the credentials from the Git secret for the specified repository. When you complete this process, {pipelines-shortname} can use that information to retrieve the specified pipeline resources. [NOTE] ==== For GitHub, authentication using plain password is deprecated. Instead, use a link:https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token[personal access token]. ==== .Procedure . In the `secret.yaml` file, specify the username and password or link:https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token[GitHub personal access token] to access the target Git repository. + [source,yaml,subs="attributes+"] ---- apiVersion: v1 kind: Secret metadata: name: basic-user-pass <1> annotations: tekton.dev/git-0: https://github.com type: kubernetes.io/basic-auth stringData: username: <2> password: <3> ---- <1> Name of the secret. In this example, `basic-user-pass`. <2> Username for the Git repository. <3> Password for the Git repository. + . In the `serviceaccount.yaml` file, associate the secret with the appropriate service account. + [source,yaml,subs="attributes+"] ---- apiVersion: v1 kind: ServiceAccount metadata: name: build-bot <1> secrets: - name: basic-user-pass <2> ---- <1> Name of the service account. In this example, `build-bot`. <2> Name of the secret. In this example, `basic-user-pass`. + . In the `run.yaml` file, associate the service account with a task run or a pipeline run. + * Associate the service account with a task run: + [source,yaml,subs="attributes+"] ---- apiVersion: tekton.dev/v1beta1 kind: TaskRun metadata: name: build-push-task-run-2 <1> spec: serviceAccountName: build-bot <2> taskRef: name: build-push <3> ---- <1> Name of the task run. In this example, `build-push-task-run-2`. <2> Name of the service account. In this example, `build-bot`. <3> Name of the task. In this example, `build-push`. + * Associate the service account with a `PipelineRun` resource: + [source,yaml,subs="attributes+"] ---- apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: name: demo-pipeline <1> namespace: default spec: serviceAccountName: build-bot <2> pipelineRef: name: demo-pipeline <3> ---- <1> Name of the pipeline run. In this example, `demo-pipeline`. <2> Name of the service account. In this example, `build-bot`. <3> Name of the pipeline. In this example, `demo-pipeline`. + . Apply the changes. + [source,terminal] ---- $ oc apply --filename secret.yaml,serviceaccount.yaml,run.yaml ----