home / skills / markus41 / claude / harness-code-integration
/plugins/aws-eks-helm-keycloak/skills/harness-code-integration
This skill helps you manage Harness Code repositories, triggers, PR pipelines, and GitOps workflows for AWS EKS deployments.
npx playbooks add skill markus41/claude --skill harness-code-integrationReview the files below or copy the command above to add this skill to your agents.
---
name: harness-code-integration
description: Harness Code repository workflows, triggers, PR pipelines, branch protection, and GitOps integration for AWS EKS deployments
allowed-tools:
- Bash
- Read
- Write
- Edit
- Glob
- Grep
- Task
- WebFetch
triggers:
- harness code
- harness repo
- harness git
- pr pipeline
- branch protection
- code trigger
- gitops
---
# Harness Code Integration Skill
Manage Harness Code repositories, triggers, PR pipelines, and GitOps workflows.
## Use For
- Repository setup, branch protection, PR validation pipelines
- Triggers (push, PR, tag), GitOps workflows, code policies
## Repository Structure for EKS Deployments
```
my-app/ # Harness Code repository
├── src/ # Application source
├── charts/
│ └── my-service/
│ ├── Chart.yaml
│ ├── values.yaml
│ ├── values-dev.yaml
│ ├── values-staging.yaml
│ ├── values-prod.yaml
│ └── templates/
├── .harness/
│ ├── pipelines/
│ │ ├── build.yaml
│ │ ├── deploy-dev.yaml
│ │ ├── deploy-staging.yaml
│ │ └── deploy-prod.yaml
│ └── inputsets/
│ ├── dev-inputs.yaml
│ └── prod-inputs.yaml
└── keycloak/
└── realm-export.json
```
## Harness Code Connector
```yaml
connector:
name: Harness Code
identifier: harness_code
type: HarnessCode
spec:
authentication:
type: Http
spec:
type: UsernameToken
spec:
username: <+secrets.getValue("harness_code_user")>
tokenRef: harness_code_token
```
## Triggers
### Push Trigger (Main Branch)
```yaml
trigger:
name: Main Branch Push
identifier: main_push
enabled: true
encryptedWebhookSecretIdentifier: ""
description: "Deploy on push to main"
source:
type: Webhook
spec:
type: HarnessCode
spec:
repoName: my-app
events:
- Push
actions: []
payloadConditions:
- key: targetBranch
operator: Equals
value: main
pipelineIdentifier: deploy_pipeline
inputSetRefs:
- main_inputs
stagesToExecute: []
```
### Pull Request Trigger
```yaml
trigger:
name: PR Validation
identifier: pr_validation
enabled: true
source:
type: Webhook
spec:
type: HarnessCode
spec:
repoName: my-app
events:
- PullRequest
actions:
- Open
- Reopen
- Edit
- Synchronize
payloadConditions:
- key: targetBranch
operator: In
value: main, develop
pipelineIdentifier: pr_validation_pipeline
```
### Tag Trigger (Release)
```yaml
trigger:
name: Release Tag
identifier: release_tag
enabled: true
source:
type: Webhook
spec:
type: HarnessCode
spec:
repoName: my-app
events:
- Push
payloadConditions:
- key: ref
operator: StartsWith
value: refs/tags/v
pipelineIdentifier: release_pipeline
inputYaml: |
pipeline:
identifier: release_pipeline
variables:
- name: version
type: String
value: <+trigger.payload.ref>.replace("refs/tags/", "")
```
## PR Validation Pipeline
```yaml
pipeline:
name: PR Validation
identifier: pr_validation_pipeline
stages:
- stage:
name: Validate
type: CI
spec:
cloneCodebase: true
infrastructure:
type: KubernetesDirect
spec:
connectorRef: eks_connector
namespace: ci-runners
execution:
steps:
- step:
type: Run
name: Lint Helm Chart
spec:
shell: Bash
command: |
helm lint charts/my-service
helm template charts/my-service --debug
- step:
type: Run
name: Security Scan
spec:
shell: Bash
command: |
trivy config charts/my-service
checkov -d charts/my-service
- step:
type: Run
name: Unit Tests
spec:
shell: Bash
command: npm test
- step:
type: Plugin
name: PR Comment
spec:
connectorRef: harness_code
image: plugins/github-comment
settings:
message: "✅ All checks passed!"
```
## Branch Protection Rules
Configure via Harness Code UI or API:
```yaml
branchProtection:
pattern: main
rules:
- requirePullRequest: true
- requireReviews:
count: 1
dismissStaleReviews: true
requireCodeOwners: true
- requireStatusChecks:
strict: true
contexts:
- "pr_validation_pipeline"
- requireSignedCommits: false
- restrictPushes:
allowedUsers: []
allowedTeams:
- platform-team
- restrictDeletions: true
- requireLinearHistory: false
```
## GitOps Integration (ArgoCD via Harness)
### Update Release Repo
```yaml
- step:
type: GitOpsUpdateReleaseRepo
name: Update GitOps Repo
identifier: update_gitops
spec:
connectorRef: harness_code
repoName: gitops-config
filePath: apps/<+service.name>/<+env.name>/values.yaml
fileContent: |
image:
repository: <+artifact.image>
tag: <+artifact.tag>
keycloak:
clientId: <+service.name>-client
```
### GitOps Sync
```yaml
- step:
type: GitOpsSync
name: Sync Application
identifier: gitops_sync
spec:
applicationIdentifier: <+service.name>-<+env.name>
prune: true
dryRun: false
```
## Manifest Sources from Harness Code
### Helm Chart from Repo
```yaml
manifests:
- manifest:
identifier: main_chart
type: HelmChart
spec:
store:
type: HarnessCode
spec:
repoName: my-app
branch: <+pipeline.variables.branch>
folderPath: charts/my-service
chartName: my-service
helmVersion: V3
```
### Values Override
```yaml
manifests:
- manifest:
identifier: values_override
type: Values
spec:
store:
type: HarnessCode
spec:
repoName: my-app
branch: main
paths:
- charts/my-service/values-<+env.name>.yaml
```
### Kustomize from Repo
```yaml
manifests:
- manifest:
identifier: kustomize
type: Kustomize
spec:
store:
type: HarnessCode
spec:
repoName: my-app
branch: main
folderPath: k8s/overlays/<+env.name>
```
## Code Quality Gates
```yaml
- step:
type: Run
name: Quality Gate
spec:
shell: Bash
command: |
# Helm lint
helm lint charts/my-service --strict
# Security scan
trivy config charts/my-service --severity HIGH,CRITICAL --exit-code 1
# Keycloak realm validation
if [ -f keycloak/realm-export.json ]; then
jq -e '.realm' keycloak/realm-export.json > /dev/null
fi
envVariables:
TRIVY_SEVERITY: HIGH,CRITICAL
```
## Expressions for Harness Code
| Expression | Purpose |
|------------|---------|
| `<+trigger.payload.repository.name>` | Repository name |
| `<+trigger.payload.ref>` | Git reference (branch/tag) |
| `<+trigger.payload.pullRequest.number>` | PR number |
| `<+trigger.payload.pullRequest.sourceBranch>` | PR source branch |
| `<+trigger.payload.pullRequest.targetBranch>` | PR target branch |
| `<+trigger.payload.sender.login>` | User who triggered |
| `<+codebase.commitSha>` | Full commit SHA |
| `<+codebase.shortCommitSha>` | Short commit SHA |
| `<+codebase.branch>` | Branch name |
| `<+codebase.tag>` | Tag name (if tagged) |
## Webhook Payload Examples
### Push Event
```json
{
"ref": "refs/heads/main",
"before": "abc123",
"after": "def456",
"repository": {
"name": "my-app",
"full_name": "org/my-app"
},
"commits": [
{
"id": "def456",
"message": "feat: add new endpoint",
"author": { "name": "Developer" }
}
]
}
```
### Pull Request Event
```json
{
"action": "opened",
"number": 42,
"pullRequest": {
"title": "Add Keycloak integration",
"sourceBranch": "feature/keycloak",
"targetBranch": "main",
"state": "open"
}
}
```
## Troubleshooting
| Issue | Solution |
|-------|----------|
| Trigger not firing | Check webhook configuration, verify event type |
| Clone failed | Verify connector credentials, check repo access |
| Branch not found | Confirm branch exists, check payload conditions |
| PR comment failed | Verify connector has write permissions |
| GitOps sync timeout | Check ArgoCD health, verify manifest validity |
## References
- [Harness Code Triggers](https://developer.harness.io/docs/platform/triggers/triggering-pipelines/)
- [GitOps with Harness](https://developer.harness.io/docs/continuous-delivery/gitops/)
This skill manages Harness Code repositories, triggers, PR validation pipelines, branch protection, and GitOps integration for AWS EKS deployments. It provides prebuilt pipeline stages, trigger templates (push, PR, tag), and GitOps update/sync steps to automate release flows. Use it to standardize CI/CD for Helm charts, values overlays, and ArgoCD-driven environments.
The skill inspects repository layout (charts/, .harness/, keycloak/) and wires Harness Code connectors to clone and run CI steps on a Kubernetes runner. It creates triggers that map webhook payload conditions to pipelines, runs lint/security/unit steps for PR validation, and updates a GitOps repo before invoking ArgoCD sync. Manifests can be sourced directly from the repository (Helm, Values, Kustomize) and variables are injected from trigger payloads and pipeline inputs.
What connector type is required to access Harness Code?
Use a Harness Code connector with Http UsernameToken auth and a scoped token stored as a secret.
How do I ensure a trigger only fires for a specific branch or tag?
Add payloadConditions to the trigger that check targetBranch, ref, or other payload fields with Equals, In, or StartsWith operators.