Delete git-clone basic-auth secret when deleting a pipelinerun

When deleting a pipelinerun, the git-clone basic-auth secret should be deleted as well, but in some cases of conflicts and the ownerRef not being set, the secret is not deleted and we need to delete it manually. Fixes #1297
openshift-pipelines · Jun 29, 2023 · 1c02d06 · 1c02d06
1 parent 1e915d3
commit 1c02d06
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/pkg/kubeinteraction/cleanups.go b/pkg/kubeinteraction/cleanups.go
@@ -16,9 +16,7 @@ import (
 
 func (k Interaction) CleanupPipelines(ctx context.Context, logger *zap.SugaredLogger, repo *v1alpha1.Repository, pr *tektonv1.PipelineRun, maxKeep int) error {
 	if _, ok := pr.GetAnnotations()[keys.OriginalPRName]; !ok {
-		return fmt.Errorf("generate pipelienrun should have had the %s label for selection set but we could not find"+
-			" it",
-			keys.OriginalPRName)
+		return fmt.Errorf("generated pipelinerun should have had the %s label for selection set but we could not find it", keys.OriginalPRName)
 	}
 
 	// Select PR by repository and by its true pipelineRun name (not auto generated one)
@@ -45,6 +43,12 @@ func (k Interaction) CleanupPipelines(ctx context.Context, logger *zap.SugaredLo
 			if err != nil {
 				return err
 			}
+
+			// Try to Delete the secret created for git-clone basic-auth, it should have been created with a owneref on the pipelinerun and due being deleted when the pipelinerun is deleted
+			// but in some cases of conflicts and the ownerRef not being set, the secret is not deleted and we need to delete it manually.
+			if secretName, ok := pr.GetAnnotations()[keys.GitAuthSecret]; ok {
+				_ = k.Run.Clients.Kube.CoreV1().Secrets(repo.GetNamespace()).Delete(ctx, secretName, metav1.DeleteOptions{})
+			}
 		}
 	}