From 43dc507564a30804a379d8b323bfc1a66735c228 Mon Sep 17 00:00:00 2001
From: Xin Jiang <xjiang@redhat.com>
Date: Thu, 27 Nov 2025 11:22:01 +0800
Subject: [PATCH] fix gitiops_auth_password when using jenkins as pipeline
 provider

---
 integration-tests/config/testplan.json        | 13 ++++++++--
 .../core/integration/git/baseGitProvider.ts   |  7 ++++++
 .../core/integration/git/gitInterface.ts      |  2 ++
 src/rhtap/modification/jenkinsfile.ts         | 24 +++++++++++++++++++
 .../commands/addJenkinsSecretsCommand.ts      |  4 +++-
 ...eAndEnvModificationsOnGitopsRepoCommand.ts |  2 --
 ...eAndEnvModificationsOnSourceRepoCommand.ts |  1 -
 7 files changed, 47 insertions(+), 6 deletions(-)

diff --git a/integration-tests/config/testplan.json b/integration-tests/config/testplan.json
index f1ef3f50..cac3f856 100644
--- a/integration-tests/config/testplan.json
+++ b/integration-tests/config/testplan.json
@@ -3,7 +3,8 @@
       {
         "name": "backend-tests",
         "templates": ["go"],
-        "tssc": [{
+        "tssc": [
+        {
           "git": "github",
           "ci": "tekton",
           "registry": "quay",
@@ -51,7 +52,15 @@
           "registry": "quay",
           "tpa": "remote",
           "acs": "remote"
-        }],
+        },
+        {
+          "git": "bitbucket",
+          "ci": "jenkins",
+          "registry": "quay",
+          "tpa": "remote",
+          "acs": "remote"
+        }
+      ],
         "tests": ["full_workflow.test.ts"]
       }
     ]
diff --git a/src/rhtap/core/integration/git/baseGitProvider.ts b/src/rhtap/core/integration/git/baseGitProvider.ts
index e666958d..49ad7b4a 100644
--- a/src/rhtap/core/integration/git/baseGitProvider.ts
+++ b/src/rhtap/core/integration/git/baseGitProvider.ts
@@ -165,4 +165,11 @@ export abstract class BaseGitProvider implements Git {
   ): Promise<string>;
 
   public abstract getToken(): string;
+
+  public getUsername(): string {
+    if (!this.secret?.username) {
+      throw new Error('Username not found in the secret. Please ensure the username is provided.');
+    }
+    return this.secret.username;
+  }
 }
diff --git a/src/rhtap/core/integration/git/gitInterface.ts b/src/rhtap/core/integration/git/gitInterface.ts
index 872e6aad..c312d51f 100644
--- a/src/rhtap/core/integration/git/gitInterface.ts
+++ b/src/rhtap/core/integration/git/gitInterface.ts
@@ -115,4 +115,6 @@ export interface Git extends IntegrationSecret {
   ): Promise<string>;
 
   getToken(): string;
+
+  getUsername(): string;
 }
diff --git a/src/rhtap/modification/jenkinsfile.ts b/src/rhtap/modification/jenkinsfile.ts
index 6a2888ef..fe80f763 100644
--- a/src/rhtap/modification/jenkinsfile.ts
+++ b/src/rhtap/modification/jenkinsfile.ts
@@ -109,6 +109,19 @@ export class EnableTPAVariablesModification implements JenkinsfileModification {
     };
   }
 }
+
+export class EnableGitoAuthUsernameModification implements JenkinsfileModification {
+  getModification(): ContentModifications {
+    return {
+      Jenkinsfile: [
+        {
+          oldContent: "/* GITOPS_AUTH_USERNAME = credentials('GITOPS_AUTH_USERNAME') */",
+          newContent: "GITOPS_AUTH_USERNAME = credentials('GITOPS_AUTH_USERNAME')",
+        },
+      ],
+    };
+  }
+}
 /**
  * Enum of available Jenkinsfile modification types
  */
@@ -119,6 +132,7 @@ export enum JenkinsfileModificationType {
   DISABLE_QUAY_CREDENTIALS = 'DISABLE_QUAY_CREDENTIALS',
   ENABLE_COSIGN_PUBLIC_KEY = 'ENABLE_COSIGN_PUBLIC_KEY',
   ENABLE_TPA_VARIABLES = 'ENABLE_TPA_VARIABLES',
+  GITOPS_AUTH_USERNAME = 'GITOPS_AUTH_USERNAME',
 }
 
 /**
@@ -144,6 +158,8 @@ export class JenkinsfileModificationFactory {
         return new EnableCosignPublicKeyModification();
       case JenkinsfileModificationType.ENABLE_TPA_VARIABLES:
         return new EnableTPAVariablesModification();
+      case JenkinsfileModificationType.GITOPS_AUTH_USERNAME:
+        return new EnableGitoAuthUsernameModification();
       default:
         throw new Error(`Unknown Jenkinsfile modification type: ${type}`);
     }
@@ -218,6 +234,14 @@ export class JenkinsfileModifier {
     return this;
   }
 
+  enableGitoAuthUsername(): JenkinsfileModifier {
+    const modification = JenkinsfileModificationFactory.create(
+      JenkinsfileModificationType.GITOPS_AUTH_USERNAME
+    ).getModification();
+    this.container.merge(modification);
+    return this;
+  }
+
   getModifications(): ContentModifications {
     return this.container.getModifications();
   }
diff --git a/src/rhtap/postcreation/strategies/commands/addJenkinsSecretsCommand.ts b/src/rhtap/postcreation/strategies/commands/addJenkinsSecretsCommand.ts
index e3cbd937..70a3ecbf 100644
--- a/src/rhtap/postcreation/strategies/commands/addJenkinsSecretsCommand.ts
+++ b/src/rhtap/postcreation/strategies/commands/addJenkinsSecretsCommand.ts
@@ -63,11 +63,12 @@ export class AddJenkinsSecretsCommand extends BaseCommand {
   }
 
   private async addGitAuthSecrets(): Promise<void> {
+    const username = this.git.getUsername();
     const password = this.getGitOpsAuthPassword();
     await this.jenkinsCI.addCredential(
       this.folderName,
       Credential.GITOPS_AUTH_PASSWORD,
-      `fakeUsername:${password}`,
+      `${username}:${password}`,
       CredentialType.USERNAME_PASSWORD
     );
   }
@@ -133,6 +134,7 @@ export class AddJenkinsSecretsCommand extends BaseCommand {
         throw new Error('Unsupported Git type');
     }
   }
+
   //add ROX_CENTRAL_ENDPOINT
   private async addRoxCentralEndpointSecrets(): Promise<void> {
     await this.jenkinsCI.addCredential(
diff --git a/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnGitopsRepoCommand.ts b/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnGitopsRepoCommand.ts
index 258d3dd8..4d408d4b 100644
--- a/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnGitopsRepoCommand.ts
+++ b/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnGitopsRepoCommand.ts
@@ -33,10 +33,8 @@ export class JenkinsfileAndEnvModificationsOnGitopsRepoCommand extends BaseComma
 
     modificationsContainer.merge(
       JenkinsfileModifier.create()
-        .updateKubernetesAgentConfig()
         .enableRegistryPassword()
         .disableQuayCredentials()
-        .enableTPAVariables()
         .getModifications()
     );
 
diff --git a/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnSourceRepoCommand.ts b/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnSourceRepoCommand.ts
index c0cc4770..e19b8c31 100644
--- a/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnSourceRepoCommand.ts
+++ b/src/rhtap/postcreation/strategies/commands/jenkinsfileAndEnvModificationsOnSourceRepoCommand.ts
@@ -39,7 +39,6 @@ export class JenkinsfileAndEnvModificationsOnSourceRepoCommand extends BaseComma
 
     modificationsContainer.merge(
       JenkinsfileModifier.create()
-        .updateKubernetesAgentConfig()
         .enableRegistryPassword()
         .disableQuayCredentials()
         .getModifications()