Harness Code repository workflows, triggers, PR pipelines, branch protection, and GitOps integration for AWS EKS deployments
/plugin marketplace add Lobbi-Docs/claude/plugin install lobbi-docs-aws-eks-helm-keycloak-plugins-aws-eks-helm-keycloak@Lobbi-Docs/claudeThis skill is limited to using the following tools:
Manage Harness Code repositories, triggers, PR pipelines, and GitOps workflows.
my-app/ # Harness Code repository
├── src/ # Application source
├── charts/
│ └── my-service/
│ ├── Chart.yaml
│ ├── values.yaml
│ ├── values-dev.yaml
│ ├── values-staging.yaml
│ ├── values-prod.yaml
│ └── templates/
├── .harness/
│ ├── pipelines/
│ │ ├── build.yaml
│ │ ├── deploy-dev.yaml
│ │ ├── deploy-staging.yaml
│ │ └── deploy-prod.yaml
│ └── inputsets/
│ ├── dev-inputs.yaml
│ └── prod-inputs.yaml
└── keycloak/
└── realm-export.json
connector:
name: Harness Code
identifier: harness_code
type: HarnessCode
spec:
authentication:
type: Http
spec:
type: UsernameToken
spec:
username: <+secrets.getValue("harness_code_user")>
tokenRef: harness_code_token
trigger:
name: Main Branch Push
identifier: main_push
enabled: true
encryptedWebhookSecretIdentifier: ""
description: "Deploy on push to main"
source:
type: Webhook
spec:
type: HarnessCode
spec:
repoName: my-app
events:
- Push
actions: []
payloadConditions:
- key: targetBranch
operator: Equals
value: main
pipelineIdentifier: deploy_pipeline
inputSetRefs:
- main_inputs
stagesToExecute: []
trigger:
name: PR Validation
identifier: pr_validation
enabled: true
source:
type: Webhook
spec:
type: HarnessCode
spec:
repoName: my-app
events:
- PullRequest
actions:
- Open
- Reopen
- Edit
- Synchronize
payloadConditions:
- key: targetBranch
operator: In
value: main, develop
pipelineIdentifier: pr_validation_pipeline
trigger:
name: Release Tag
identifier: release_tag
enabled: true
source:
type: Webhook
spec:
type: HarnessCode
spec:
repoName: my-app
events:
- Push
payloadConditions:
- key: ref
operator: StartsWith
value: refs/tags/v
pipelineIdentifier: release_pipeline
inputYaml: |
pipeline:
identifier: release_pipeline
variables:
- name: version
type: String
value: <+trigger.payload.ref>.replace("refs/tags/", "")
pipeline:
name: PR Validation
identifier: pr_validation_pipeline
stages:
- stage:
name: Validate
type: CI
spec:
cloneCodebase: true
infrastructure:
type: KubernetesDirect
spec:
connectorRef: eks_connector
namespace: ci-runners
execution:
steps:
- step:
type: Run
name: Lint Helm Chart
spec:
shell: Bash
command: |
helm lint charts/my-service
helm template charts/my-service --debug
- step:
type: Run
name: Security Scan
spec:
shell: Bash
command: |
trivy config charts/my-service
checkov -d charts/my-service
- step:
type: Run
name: Unit Tests
spec:
shell: Bash
command: npm test
- step:
type: Plugin
name: PR Comment
spec:
connectorRef: harness_code
image: plugins/github-comment
settings:
message: "✅ All checks passed!"
Configure via Harness Code UI or API:
branchProtection:
pattern: main
rules:
- requirePullRequest: true
- requireReviews:
count: 1
dismissStaleReviews: true
requireCodeOwners: true
- requireStatusChecks:
strict: true
contexts:
- "pr_validation_pipeline"
- requireSignedCommits: false
- restrictPushes:
allowedUsers: []
allowedTeams:
- platform-team
- restrictDeletions: true
- requireLinearHistory: false
- step:
type: GitOpsUpdateReleaseRepo
name: Update GitOps Repo
identifier: update_gitops
spec:
connectorRef: harness_code
repoName: gitops-config
filePath: apps/<+service.name>/<+env.name>/values.yaml
fileContent: |
image:
repository: <+artifact.image>
tag: <+artifact.tag>
keycloak:
clientId: <+service.name>-client
- step:
type: GitOpsSync
name: Sync Application
identifier: gitops_sync
spec:
applicationIdentifier: <+service.name>-<+env.name>
prune: true
dryRun: false
manifests:
- manifest:
identifier: main_chart
type: HelmChart
spec:
store:
type: HarnessCode
spec:
repoName: my-app
branch: <+pipeline.variables.branch>
folderPath: charts/my-service
chartName: my-service
helmVersion: V3
manifests:
- manifest:
identifier: values_override
type: Values
spec:
store:
type: HarnessCode
spec:
repoName: my-app
branch: main
paths:
- charts/my-service/values-<+env.name>.yaml
manifests:
- manifest:
identifier: kustomize
type: Kustomize
spec:
store:
type: HarnessCode
spec:
repoName: my-app
branch: main
folderPath: k8s/overlays/<+env.name>
- step:
type: Run
name: Quality Gate
spec:
shell: Bash
command: |
# Helm lint
helm lint charts/my-service --strict
# Security scan
trivy config charts/my-service --severity HIGH,CRITICAL --exit-code 1
# Keycloak realm validation
if [ -f keycloak/realm-export.json ]; then
jq -e '.realm' keycloak/realm-export.json > /dev/null
fi
envVariables:
TRIVY_SEVERITY: HIGH,CRITICAL
| Expression | Purpose |
|---|---|
<+trigger.payload.repository.name> | Repository name |
<+trigger.payload.ref> | Git reference (branch/tag) |
<+trigger.payload.pullRequest.number> | PR number |
<+trigger.payload.pullRequest.sourceBranch> | PR source branch |
<+trigger.payload.pullRequest.targetBranch> | PR target branch |
<+trigger.payload.sender.login> | User who triggered |
<+codebase.commitSha> | Full commit SHA |
<+codebase.shortCommitSha> | Short commit SHA |
<+codebase.branch> | Branch name |
<+codebase.tag> | Tag name (if tagged) |
{
"ref": "refs/heads/main",
"before": "abc123",
"after": "def456",
"repository": {
"name": "my-app",
"full_name": "org/my-app"
},
"commits": [
{
"id": "def456",
"message": "feat: add new endpoint",
"author": { "name": "Developer" }
}
]
}
{
"action": "opened",
"number": 42,
"pullRequest": {
"title": "Add Keycloak integration",
"sourceBranch": "feature/keycloak",
"targetBranch": "main",
"state": "open"
}
}
| Issue | Solution |
|---|---|
| Trigger not firing | Check webhook configuration, verify event type |
| Clone failed | Verify connector credentials, check repo access |
| Branch not found | Confirm branch exists, check payload conditions |
| PR comment failed | Verify connector has write permissions |
| GitOps sync timeout | Check ArgoCD health, verify manifest validity |
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.