From 95dabeb03bddc01dcb0f6ba3a9b22786e9c6ecec Mon Sep 17 00:00:00 2001
From: Xin Jiang <xjiang@redhat.com>
Date: Thu, 27 Nov 2025 11:22:01 +0800
Subject: [PATCH 1/2] fix gitiops_auth_password when using jenkins as pipeline
 provider

---
 integration-tests/config/testplan.json        | 13 ++++++++--
 .../core/integration/git/baseGitProvider.ts   |  7 ++++++
 .../core/integration/git/gitInterface.ts      |  2 ++
 src/rhtap/modification/jenkinsfile.ts         | 24 +++++++++++++++++++
 .../commands/addJenkinsSecretsCommand.ts      |  4 +++-
 ...eAndEnvModificationsOnGitopsRepoCommand.ts |  3 +--
 ...eAndEnvModificationsOnSourceRepoCommand.ts |  2 +-
 7 files changed, 49 insertions(+), 6 deletions(-)

diff --git a/integration-tests/config/testplan.json b/integration-tests/config/testplan.json
index f1ef3f50..cac3f856 100644
--- a/integration-tests/config/testplan.json
+++ b/integration-tests/config/testplan.json
@@ -3,7 +3,8 @@
       {
         "name": "backend-tests",
         "templates": ["go"],
-        "tssc": [{
+        "tssc": [
+        {
           "git": "github",
           "ci": "tekton",
           "registry": "quay",
@@ -51,7 +52,15 @@
           "registry": "quay",
           "tpa": "remote",
           "acs": "remote"
-        }],
+        },
+        {
+          "git": "bitbucket",
+          "ci": "jenkins",
+          "registry": "quay",
+          "tpa": "remote",
+          "acs": "remote"
+        }
+      ],
         "tests": ["full_workflow.test.ts"]
       }
     ]
diff --git a/src/rhtap/core/integration/git/baseGitProvider.ts b/src/rhtap/core/integration/git/baseGitProvider.ts
index e666958d..7430fe3e 100644
--- a/src/rhtap/core/integration/git/baseGitProvider.ts
+++ b/src/rhtap/core/integration/git/baseGitProvider.ts
@@ -165,4 +165,11 @@ export abstract class BaseGitProvider implements Git {
   ): Promise<string>;
 
   public abstract getToken(): string;
+
+  public getUsername(): string {
+    if (!this.secret?.username) {
+      throw new Error(`Username not found in ${this.getGitType()} secret. Please ensure the username is provided.`);
+    }
+    return this.secret.username;
+  }
 }
diff --git a/src/rhtap/core/integration/git/gitInterface.ts b/src/rhtap/core/integration/git/gitInterface.ts
index 872e6aad..c312d51f 100644
--- a/src/rhtap/core/integration/git/gitInterface.ts
+++ b/src/rhtap/core/integration/git/gitInterface.ts
@@ -115,4 +115,6 @@ export interface Git extends IntegrationSecret {
   ): Promise<string>;
 
   getToken(): string;
+
+  getUsername(): string;
 }
diff --git a/src/rhtap/modification/jenkinsfile.ts b/src/rhtap/modification/jenkinsfile.ts
index 6a2888ef..fe80f763 100644
--- a/src/rhtap/modification/jenkinsfile.ts
+++ b/src/rhtap/modification/jenkinsfile.ts
@@ -109,6 +109,19 @@ export class EnableTPAVariablesModification implements JenkinsfileModification {
     };
   }
 }
+
+export class EnableGitoAuthUsernameModification implements JenkinsfileModification {
+  getModification(): ContentModifications {
+    return {
+      Jenkinsfile: [
+        {
+          oldContent: "/* GITOPS_AUTH_USERNAME = credentials('GITOPS_AUTH_USERNAME') */",
+          newContent: "GITOPS_AUTH_USERNAME = credentials('GITOPS_AUTH_USERNAME')",
+        },
+      ],
+    };
+  }
+}
 /**
  * Enum of available Jenkinsfile modification types
  */
@@ -119,6 +132,7 @@ export enum JenkinsfileModificationType {
   DISABLE_QUAY_CREDENTIALS = 'DISABLE_QUAY_CREDENTIALS',
   ENABLE_COSIGN_PUBLIC_KEY = 'ENABLE_COSIGN_PUBLIC_KEY',
   ENABLE_TPA_VARIABLES = 'ENABLE_TPA_VARIABLES',
+  GITOPS_AUTH_USERNAME = 'GITOPS_AUTH_USERNAME',
 }
 
 /**
@@ -144,6 +158,8 @@ export class JenkinsfileModificationFactory {
         return new EnableCosignPublicKeyModification();
       case JenkinsfileModificationType.ENABLE_TPA_VARIABLES:
         return new EnableTPAVariablesModification();
+      case JenkinsfileModificationType.GITOPS_AUTH_USERNAME:
+        return new EnableGitoAuthUsernameModification();
       default:
         throw new Error(`Unknown Jenkinsfile modification type: ${type}`);
     }
@@ -218,6 +234,14 @@ export class JenkinsfileModifier {
     return this;
   }
 
+  enableGitoAuthUsername(): JenkinsfileModifier {
+    const modification = JenkinsfileModificationFactory.create(
+      JenkinsfileModificationType.GITOPS_AUTH_USERNAME
+    ).getModification();
+    this.container.merge(modification);
+    return this;
+  }
+
   getModifications(): ContentModifications {
     return this.container.getModifications();
   }
diff --git a/src/rhtap/postcreation/strategies/commands/addJenkinsSecretsCommand.ts b/src/rhtap/postcreation/strategies/commands/addJenkinsSecretsCommand.ts
index 30c2a5e6..b8f941c7 100644
--- a/src/rhtap/postcreation/strategies/commands/addJenkinsSecretsCommand.ts
+++ b/src/rhtap/postcreation/strategies/commands/addJenkinsSecretsCommand.ts
@@ -64,11 +64,12 @@ export class AddJenkinsSecretsCommand extends BaseCommand {
   }
 
   private async addGitAuthSecrets(): Promise<void> {
+    const username = this.git.getUsername();
     const password = this.getGitOpsAuthPassword();
     await this.jenkinsCI.addCredential(
       this.folderName,
       Credential.GITOPS_AUTH_PASSWORD,
-      `fakeUsername:${password}`,
+      `${username}:${password}`,
       CredentialType.USERNAME_PASSWORD
     );
   }
@@ -134,6 +135,7 @@ export class AddJenkinsSecretsCommand extends BaseCommand {
         throw new Error('Unsupported Git type');
     }
   }
+
   //add ROX_CENTRAL_ENDPOINT
   private async addRoxCentralEndpointSecrets(): Promise<void> {
     await this.jenkinsCI.addCredential(
diff --git a/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnGitopsRepoCommand.ts b/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnGitopsRepoCommand.ts
index bbf0c8e0..f1782dd9 100644
--- a/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnGitopsRepoCommand.ts
+++ b/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnGitopsRepoCommand.ts
@@ -37,10 +37,9 @@ export class JenkinsfileAndEnvModificationsOnGitopsRepoCommand extends BaseComma
 
     modificationsContainer.merge(
       JenkinsfileModifier.create()
-        .updateKubernetesAgentConfig()
         .enableRegistryPassword()
         .disableQuayCredentials()
-        .enableTPAVariables()
+        .enableGitoAuthUsername()
         .getModifications()
     );
 
diff --git a/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnSourceRepoCommand.ts b/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnSourceRepoCommand.ts
index 161694f1..97972943 100644
--- a/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnSourceRepoCommand.ts
+++ b/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnSourceRepoCommand.ts
@@ -43,9 +43,9 @@ export class JenkinsfileAndEnvModificationsOnSourceRepoCommand extends BaseComma
 
     modificationsContainer.merge(
       JenkinsfileModifier.create()
-        .updateKubernetesAgentConfig()
         .enableRegistryPassword()
         .disableQuayCredentials()
+        .enableGitoAuthUsername()
         .getModifications()
     );
 

From 6056bdf13817470f46d5fe1159f8346629ce50e5 Mon Sep 17 00:00:00 2001
From: Xin Jiang <xjiang@redhat.com>
Date: Wed, 4 Feb 2026 16:17:44 +0800
Subject: [PATCH 2/2] added jenkins variable GITOPS_AUTH_USERNAME

---
 .../postcreation/strategies/Credentials.ts    |  1 +
 .../commands/addJenkinsSecretsCommand.ts      | 19 ++++++++++++-------
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/rhtap/postcreation/strategies/Credentials.ts b/src/rhtap/postcreation/strategies/Credentials.ts
index 90289785..cd8753c4 100644
--- a/src/rhtap/postcreation/strategies/Credentials.ts
+++ b/src/rhtap/postcreation/strategies/Credentials.ts
@@ -11,6 +11,7 @@ export enum Credential {
   COSIGN_SECRET_KEY = 'COSIGN_SECRET_KEY',
   COSIGN_SECRET_PASSWORD = 'COSIGN_SECRET_PASSWORD',
   GITOPS_AUTH_PASSWORD = 'GITOPS_AUTH_PASSWORD',
+  GITOPS_AUTH_USERNAME = 'GITOPS_AUTH_USERNAME',
   IMAGE_REGISTRY_PASSWORD = 'IMAGE_REGISTRY_PASSWORD',
   TRUSTIFICATION_BOMBASTIC_API_URL = 'TRUSTIFICATION_BOMBASTIC_API_URL',
   TRUSTIFICATION_OIDC_ISSUER_URL = 'TRUSTIFICATION_OIDC_ISSUER_URL',
diff --git a/src/rhtap/postcreation/strategies/commands/addJenkinsSecretsCommand.ts b/src/rhtap/postcreation/strategies/commands/addJenkinsSecretsCommand.ts
index b8f941c7..e654d2c7 100644
--- a/src/rhtap/postcreation/strategies/commands/addJenkinsSecretsCommand.ts
+++ b/src/rhtap/postcreation/strategies/commands/addJenkinsSecretsCommand.ts
@@ -1,4 +1,3 @@
-import { CredentialType } from '../../../../api/jenkins';
 import { Component } from '../../../core/component';
 import { JenkinsCI } from '../../../core/integration/ci';
 import { GitType } from '../../../core/integration/git';
@@ -66,12 +65,18 @@ export class AddJenkinsSecretsCommand extends BaseCommand {
   private async addGitAuthSecrets(): Promise<void> {
     const username = this.git.getUsername();
     const password = this.getGitOpsAuthPassword();
-    await this.jenkinsCI.addCredential(
-      this.folderName,
-      Credential.GITOPS_AUTH_PASSWORD,
-      `${username}:${password}`,
-      CredentialType.USERNAME_PASSWORD
-    );
+    await Promise.all([
+      this.jenkinsCI.addCredential(
+        this.folderName,
+        Credential.GITOPS_AUTH_USERNAME,
+        username
+      ),
+      this.jenkinsCI.addCredential(
+        this.folderName,
+        Credential.GITOPS_AUTH_PASSWORD,
+        password
+      ),
+    ]);
   }
 
   private async addImageRegistrySecrets(): Promise<void> {