Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
Configures Harness Code repositories with workflows, push/PR/tag triggers, PR validation pipelines, branch protection, and GitOps for AWS EKS deployments via YAML.
npx claudepluginhub markus41/claude --plugin aws-eks-helm-keycloakHow this skill is triggered — by the user, by Claude, or both
Slash command
/aws-eks-helm-keycloak:harness-code-integrationThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Manage Harness Code repositories, triggers, PR pipelines, and GitOps workflows.
Constructs GitOps workflows using ArgoCD or Flux for Kubernetes. Generates manifests, sync policies, multi-environment promotion, RBAC, notifications, and CI updates for secure continuous deployment.
Orchestrates Harness CD pipelines for Kubernetes, Helm, Terraform, ECS, and serverless deployments with GitOps, approval gates, rollback strategies, and multi-environment promotion.
Implements GitOps continuous delivery with Argo CD or Flux: app-of-apps patterns, automated sync policies, drift detection, multi-environment promotion. For declarative Kubernetes management from Git.
Share bugs, ideas, or general feedback.
Manage Harness Code repositories, triggers, PR pipelines, and GitOps workflows.
my-app/ # Harness Code repository
├── src/ # Application source
├── charts/
│ └── my-service/
│ ├── Chart.yaml
│ ├── values.yaml
│ ├── values-dev.yaml
│ ├── values-staging.yaml
│ ├── values-prod.yaml
│ └── templates/
├── .harness/
│ ├── pipelines/
│ │ ├── build.yaml
│ │ ├── deploy-dev.yaml
│ │ ├── deploy-staging.yaml
│ │ └── deploy-prod.yaml
│ └── inputsets/
│ ├── dev-inputs.yaml
│ └── prod-inputs.yaml
└── keycloak/
└── realm-export.json
connector:
name: Harness Code
identifier: harness_code
type: HarnessCode
spec:
authentication:
type: Http
spec:
type: UsernameToken
spec:
username: <+secrets.getValue("harness_code_user")>
tokenRef: harness_code_token
trigger:
name: Main Branch Push
identifier: main_push
enabled: true
encryptedWebhookSecretIdentifier: ""
description: "Deploy on push to main"
source:
type: Webhook
spec:
type: HarnessCode
spec:
repoName: my-app
events:
- Push
actions: []
payloadConditions:
- key: targetBranch
operator: Equals
value: main
pipelineIdentifier: deploy_pipeline
inputSetRefs:
- main_inputs
stagesToExecute: []
trigger:
name: PR Validation
identifier: pr_validation
enabled: true
source:
type: Webhook
spec:
type: HarnessCode
spec:
repoName: my-app
events:
- PullRequest
actions:
- Open
- Reopen
- Edit
- Synchronize
payloadConditions:
- key: targetBranch
operator: In
value: main, develop
pipelineIdentifier: pr_validation_pipeline
trigger:
name: Release Tag
identifier: release_tag
enabled: true
source:
type: Webhook
spec:
type: HarnessCode
spec:
repoName: my-app
events:
- Push
payloadConditions:
- key: ref
operator: StartsWith
value: refs/tags/v
pipelineIdentifier: release_pipeline
inputYaml: |
pipeline:
identifier: release_pipeline
variables:
- name: version
type: String
value: <+trigger.payload.ref>.replace("refs/tags/", "")
pipeline:
name: PR Validation
identifier: pr_validation_pipeline
stages:
- stage:
name: Validate
type: CI
spec:
cloneCodebase: true
infrastructure:
type: KubernetesDirect
spec:
connectorRef: eks_connector
namespace: ci-runners
execution:
steps:
- step:
type: Run
name: Lint Helm Chart
spec:
shell: Bash
command: |
helm lint charts/my-service
helm template charts/my-service --debug
- step:
type: Run
name: Security Scan
spec:
shell: Bash
command: |
trivy config charts/my-service
checkov -d charts/my-service
- step:
type: Run
name: Unit Tests
spec:
shell: Bash
command: npm test
- step:
type: Plugin
name: PR Comment
spec:
connectorRef: harness_code
image: plugins/github-comment
settings:
message: "✅ All checks passed!"
Configure via Harness Code UI or API:
branchProtection:
pattern: main
rules:
- requirePullRequest: true
- requireReviews:
count: 1
dismissStaleReviews: true
requireCodeOwners: true
- requireStatusChecks:
strict: true
contexts:
- "pr_validation_pipeline"
- requireSignedCommits: false
- restrictPushes:
allowedUsers: []
allowedTeams:
- platform-team
- restrictDeletions: true
- requireLinearHistory: false
- step:
type: GitOpsUpdateReleaseRepo
name: Update GitOps Repo
identifier: update_gitops
spec:
connectorRef: harness_code
repoName: gitops-config
filePath: apps/<+service.name>/<+env.name>/values.yaml
fileContent: |
image:
repository: <+artifact.image>
tag: <+artifact.tag>
keycloak:
clientId: <+service.name>-client
- step:
type: GitOpsSync
name: Sync Application
identifier: gitops_sync
spec:
applicationIdentifier: <+service.name>-<+env.name>
prune: true
dryRun: false
manifests:
- manifest:
identifier: main_chart
type: HelmChart
spec:
store:
type: HarnessCode
spec:
repoName: my-app
branch: <+pipeline.variables.branch>
folderPath: charts/my-service
chartName: my-service
helmVersion: V3
manifests:
- manifest:
identifier: values_override
type: Values
spec:
store:
type: HarnessCode
spec:
repoName: my-app
branch: main
paths:
- charts/my-service/values-<+env.name>.yaml
manifests:
- manifest:
identifier: kustomize
type: Kustomize
spec:
store:
type: HarnessCode
spec:
repoName: my-app
branch: main
folderPath: k8s/overlays/<+env.name>
- step:
type: Run
name: Quality Gate
spec:
shell: Bash
command: |
# Helm lint
helm lint charts/my-service --strict
# Security scan
trivy config charts/my-service --severity HIGH,CRITICAL --exit-code 1
# Keycloak realm validation
if [ -f keycloak/realm-export.json ]; then
jq -e '.realm' keycloak/realm-export.json > /dev/null
fi
envVariables:
TRIVY_SEVERITY: HIGH,CRITICAL
| Expression | Purpose |
|---|---|
<+trigger.payload.repository.name> | Repository name |
<+trigger.payload.ref> | Git reference (branch/tag) |
<+trigger.payload.pullRequest.number> | PR number |
<+trigger.payload.pullRequest.sourceBranch> | PR source branch |
<+trigger.payload.pullRequest.targetBranch> | PR target branch |
<+trigger.payload.sender.login> | User who triggered |
<+codebase.commitSha> | Full commit SHA |
<+codebase.shortCommitSha> | Short commit SHA |
<+codebase.branch> | Branch name |
<+codebase.tag> | Tag name (if tagged) |
{
"ref": "refs/heads/main",
"before": "abc123",
"after": "def456",
"repository": {
"name": "my-app",
"full_name": "org/my-app"
},
"commits": [
{
"id": "def456",
"message": "feat: add new endpoint",
"author": { "name": "Developer" }
}
]
}
{
"action": "opened",
"number": 42,
"pullRequest": {
"title": "Add Keycloak integration",
"sourceBranch": "feature/keycloak",
"targetBranch": "main",
"state": "open"
}
}
| Issue | Solution |
|---|---|
| Trigger not firing | Check webhook configuration, verify event type |
| Clone failed | Verify connector credentials, check repo access |
| Branch not found | Confirm branch exists, check payload conditions |
| PR comment failed | Verify connector has write permissions |
| GitOps sync timeout | Check ArgoCD health, verify manifest validity |