update docs and fix publish job

defenseunicorns · Sep 20, 2023 · db8d1e3 · db8d1e3
1 parent f25b6a2
commit db8d1e3
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 4 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -67,10 +67,11 @@ jobs:
       - name: Build Software Factory Dependencies Packages
         run: |
           mkdir -p build
-          zarf package create packages/idam-dns    --confirm --no-progress --output-directory build
-          zarf package create packages/idam-gitlab --confirm --no-progress --output-directory build
-          zarf package create packages/idam-realm  --confirm --no-progress --output-directory build
-          zarf package create packages/namespaces  --confirm --no-progress --output-directory build
+          zarf package create packages/idam-dns       --confirm --no-progress --output-directory build
+          zarf package create packages/idam-gitlab    --confirm --no-progress --output-directory build
+          zarf package create packages/idam-sonarqube --confirm --no-progress --output-directory build
+          zarf package create packages/idam-realm     --confirm --no-progress --output-directory build
+          zarf package create packages/namespaces     --confirm --no-progress --output-directory build
 
       - name: Build software factory bundle
         run: uds bundle create --confirm --no-progress

diff --git a/doc/idam.md b/doc/idam.md
@@ -25,3 +25,31 @@ bundle:
           # Change the allowed sso to match whats in `gitlab-sso-saml.json`
           IDAM_ALLOWED_SSOS: "['saml']"
 ```
+
+## Sonarqube
+
+Configuring IDAM for SonarQube is done solely via package variables. Below is an example `uds-config.yaml` that configures sonarqube for IDAM. SonarQube is configured by default to use the built in baby-yoda realm. There are more variables for the SonarQube capability documented in [it's repo](https://github.com/defenseunicorns/uds-capability-sonarqube/blob/main/docs/idam.md).
+
+The `software-factory-idam-sonarqube` package retrieves the `SONARQUBE_IDAM_SAML_CERT` directly from the keycloak endpoint as an example of how to do so.
+
+```yaml
+bundle:
+  deploy:
+    zarf-packages:
+      sonarqube:
+        set:
+          # Enable SSO for SonarQube
+          SONARQUBE_IDAM_ENABLED: "true"
+          # The client id created in IDAM for SonarQube
+          SONARQUBE_IDAM_CLIENT_ID: "some_client_id"
+          # The displayed name of sso on the SonarQube login page
+          SONARQUBE_IDAM_PROVIDER_NAME: example-sso
+          # The realm endpoint to auth against
+          SONARQUBE_IDAM_REALM_URL: https://keycloak.exmaple.com/auth/realms/exampleRealm
+          # The SAML attribute to parse login from
+          SONARQUBE_IDAM_ATTR_LOGIN: login_name_attribute
+          # The SAML attribute to parse account name from
+          SONARQUBE_IDAM_ATTR_NAME: account_name_attribute
+          # The SAML attribute to parse email from
+          SONARQUBE_IDAM_PROVIDER_EMAIL: account_email_attribute
+```