harness-code-integration | aws-eks-helm-keycloak | ClaudePluginHub

Skill

harness-code-integration

From aws-eks-helm-keycloak

Harness Code repository workflows, triggers, PR pipelines, branch protection, and GitOps integration for AWS EKS deployments

Install

$

npx claudepluginhub markus41/claude --plugin aws-eks-helm-keycloak

Tool Access

This skill is limited to using the following tools:

BashReadWriteEditGlobGrepTaskWebFetch

Preview

Manage Harness Code repositories, triggers, PR pipelines, and GitOps workflows.

SKILL.md

Similar Skills

design-system

Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.

team-skills-platform

163.7k

ui-demo

Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.

team-skills-platform

163.7k

kotlin-patterns

Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.

team-skills-platform

163.7k

Stats

Parent Repo Stars9

Parent Repo Forks0

Last CommitJan 7, 2026

Actions

View Source View Plugin View on GitHub View README

Harness Code Integration Skill

Manage Harness Code repositories, triggers, PR pipelines, and GitOps workflows.

Use For

Repository setup, branch protection, PR validation pipelines
Triggers (push, PR, tag), GitOps workflows, code policies

Repository Structure for EKS Deployments

my-app/                          # Harness Code repository
├── src/                         # Application source
├── charts/
│   └── my-service/
│       ├── Chart.yaml
│       ├── values.yaml
│       ├── values-dev.yaml
│       ├── values-staging.yaml
│       ├── values-prod.yaml
│       └── templates/
├── .harness/
│   ├── pipelines/
│   │   ├── build.yaml
│   │   ├── deploy-dev.yaml
│   │   ├── deploy-staging.yaml
│   │   └── deploy-prod.yaml
│   └── inputsets/
│       ├── dev-inputs.yaml
│       └── prod-inputs.yaml
└── keycloak/
    └── realm-export.json

Harness Code Connector

connector:
  name: Harness Code
  identifier: harness_code
  type: HarnessCode
  spec:
    authentication:
      type: Http
      spec:
        type: UsernameToken
        spec:
          username: <+secrets.getValue("harness_code_user")>
          tokenRef: harness_code_token

Triggers

Push Trigger (Main Branch)

trigger:
  name: Main Branch Push
  identifier: main_push
  enabled: true
  encryptedWebhookSecretIdentifier: ""
  description: "Deploy on push to main"
  source:
    type: Webhook
    spec:
      type: HarnessCode
      spec:
        repoName: my-app
        events:
          - Push
        actions: []
        payloadConditions:
          - key: targetBranch
            operator: Equals
            value: main
  pipelineIdentifier: deploy_pipeline
  inputSetRefs:
    - main_inputs
  stagesToExecute: []

Pull Request Trigger

trigger:
  name: PR Validation
  identifier: pr_validation
  enabled: true
  source:
    type: Webhook
    spec:
      type: HarnessCode
      spec:
        repoName: my-app
        events:
          - PullRequest
        actions:
          - Open
          - Reopen
          - Edit
          - Synchronize
        payloadConditions:
          - key: targetBranch
            operator: In
            value: main, develop
  pipelineIdentifier: pr_validation_pipeline

Tag Trigger (Release)

trigger:
  name: Release Tag
  identifier: release_tag
  enabled: true
  source:
    type: Webhook
    spec:
      type: HarnessCode
      spec:
        repoName: my-app
        events:
          - Push
        payloadConditions:
          - key: ref
            operator: StartsWith
            value: refs/tags/v
  pipelineIdentifier: release_pipeline
  inputYaml: |
    pipeline:
      identifier: release_pipeline
      variables:
        - name: version
          type: String
          value: <+trigger.payload.ref>.replace("refs/tags/", "")

PR Validation Pipeline

pipeline:
  name: PR Validation
  identifier: pr_validation_pipeline
  stages:
    - stage:
        name: Validate
        type: CI
        spec:
          cloneCodebase: true
          infrastructure:
            type: KubernetesDirect
            spec:
              connectorRef: eks_connector
              namespace: ci-runners
          execution:
            steps:
              - step:
                  type: Run
                  name: Lint Helm Chart
                  spec:
                    shell: Bash
                    command: |
                      helm lint charts/my-service
                      helm template charts/my-service --debug
              - step:
                  type: Run
                  name: Security Scan
                  spec:
                    shell: Bash
                    command: |
                      trivy config charts/my-service
                      checkov -d charts/my-service
              - step:
                  type: Run
                  name: Unit Tests
                  spec:
                    shell: Bash
                    command: npm test
              - step:
                  type: Plugin
                  name: PR Comment
                  spec:
                    connectorRef: harness_code
                    image: plugins/github-comment
                    settings:
                      message: "✅ All checks passed!"

Branch Protection Rules

Configure via Harness Code UI or API:

branchProtection:
  pattern: main
  rules:
    - requirePullRequest: true
    - requireReviews:
        count: 1
        dismissStaleReviews: true
        requireCodeOwners: true
    - requireStatusChecks:
        strict: true
        contexts:
          - "pr_validation_pipeline"
    - requireSignedCommits: false
    - restrictPushes:
        allowedUsers: []
        allowedTeams:
          - platform-team
    - restrictDeletions: true
    - requireLinearHistory: false

GitOps Integration (ArgoCD via Harness)

Update Release Repo

- step:
    type: GitOpsUpdateReleaseRepo
    name: Update GitOps Repo
    identifier: update_gitops
    spec:
      connectorRef: harness_code
      repoName: gitops-config
      filePath: apps/<+service.name>/<+env.name>/values.yaml
      fileContent: |
        image:
          repository: <+artifact.image>
          tag: <+artifact.tag>
        keycloak:
          clientId: <+service.name>-client

GitOps Sync

- step:
    type: GitOpsSync
    name: Sync Application
    identifier: gitops_sync
    spec:
      applicationIdentifier: <+service.name>-<+env.name>
      prune: true
      dryRun: false

Manifest Sources from Harness Code

Helm Chart from Repo

manifests:
  - manifest:
      identifier: main_chart
      type: HelmChart
      spec:
        store:
          type: HarnessCode
          spec:
            repoName: my-app
            branch: <+pipeline.variables.branch>
            folderPath: charts/my-service
        chartName: my-service
        helmVersion: V3

Values Override

manifests:
  - manifest:
      identifier: values_override
      type: Values
      spec:
        store:
          type: HarnessCode
          spec:
            repoName: my-app
            branch: main
            paths:
              - charts/my-service/values-<+env.name>.yaml

Kustomize from Repo

manifests:
  - manifest:
      identifier: kustomize
      type: Kustomize
      spec:
        store:
          type: HarnessCode
          spec:
            repoName: my-app
            branch: main
            folderPath: k8s/overlays/<+env.name>

Code Quality Gates

- step:
    type: Run
    name: Quality Gate
    spec:
      shell: Bash
      command: |
        # Helm lint
        helm lint charts/my-service --strict

        # Security scan
        trivy config charts/my-service --severity HIGH,CRITICAL --exit-code 1

        # Keycloak realm validation
        if [ -f keycloak/realm-export.json ]; then
          jq -e '.realm' keycloak/realm-export.json > /dev/null
        fi
      envVariables:
        TRIVY_SEVERITY: HIGH,CRITICAL

Expressions for Harness Code

Expression	Purpose
`<+trigger.payload.repository.name>`	Repository name
`<+trigger.payload.ref>`	Git reference (branch/tag)
`<+trigger.payload.pullRequest.number>`	PR number
`<+trigger.payload.pullRequest.sourceBranch>`	PR source branch
`<+trigger.payload.pullRequest.targetBranch>`	PR target branch
`<+trigger.payload.sender.login>`	User who triggered
`<+codebase.commitSha>`	Full commit SHA
`<+codebase.shortCommitSha>`	Short commit SHA
`<+codebase.branch>`	Branch name
`<+codebase.tag>`	Tag name (if tagged)

Webhook Payload Examples

Push Event

{
  "ref": "refs/heads/main",
  "before": "abc123",
  "after": "def456",
  "repository": {
    "name": "my-app",
    "full_name": "org/my-app"
  },
  "commits": [
    {
      "id": "def456",
      "message": "feat: add new endpoint",
      "author": { "name": "Developer" }
    }
  ]
}

Pull Request Event

{
  "action": "opened",
  "number": 42,
  "pullRequest": {
    "title": "Add Keycloak integration",
    "sourceBranch": "feature/keycloak",
    "targetBranch": "main",
    "state": "open"
  }
}

Troubleshooting

Issue	Solution
Trigger not firing	Check webhook configuration, verify event type
Clone failed	Verify connector credentials, check repo access
Branch not found	Confirm branch exists, check payload conditions
PR comment failed	Verify connector has write permissions
GitOps sync timeout	Check ArgoCD health, verify manifest validity

References

Harness Code Triggers
GitOps with Harness