harness-code-integration
SKILL.md
Harness Code Integration Skill
Manage Harness Code repositories, triggers, PR pipelines, and GitOps workflows.
Use For
- Repository setup, branch protection, PR validation pipelines
- Triggers (push, PR, tag), GitOps workflows, code policies
Repository Structure for EKS Deployments
my-app/ # Harness Code repository
├── src/ # Application source
├── charts/
│ └── my-service/
│ ├── Chart.yaml
│ ├── values.yaml
│ ├── values-dev.yaml
│ ├── values-staging.yaml
│ ├── values-prod.yaml
│ └── templates/
├── .harness/
│ ├── pipelines/
│ │ ├── build.yaml
│ │ ├── deploy-dev.yaml
│ │ ├── deploy-staging.yaml
│ │ └── deploy-prod.yaml
│ └── inputsets/
│ ├── dev-inputs.yaml
│ └── prod-inputs.yaml
└── keycloak/
└── realm-export.json
Harness Code Connector
connector:
name: Harness Code
identifier: harness_code
type: HarnessCode
spec:
authentication:
type: Http
spec:
type: UsernameToken
spec:
username: <+secrets.getValue("harness_code_user")>
tokenRef: harness_code_token
Triggers
Push Trigger (Main Branch)
trigger:
name: Main Branch Push
identifier: main_push
enabled: true
encryptedWebhookSecretIdentifier: ""
description: "Deploy on push to main"
source:
type: Webhook
spec:
type: HarnessCode
spec:
repoName: my-app
events:
- Push
actions: []
payloadConditions:
- key: targetBranch
operator: Equals
value: main
pipelineIdentifier: deploy_pipeline
inputSetRefs:
- main_inputs
stagesToExecute: []
Pull Request Trigger
trigger:
name: PR Validation
identifier: pr_validation
enabled: true
source:
type: Webhook
spec:
type: HarnessCode
spec:
repoName: my-app
events:
- PullRequest
actions:
- Open
- Reopen
- Edit
- Synchronize
payloadConditions:
- key: targetBranch
operator: In
value: main, develop
pipelineIdentifier: pr_validation_pipeline
Tag Trigger (Release)
trigger:
name: Release Tag
identifier: release_tag
enabled: true
source:
type: Webhook
spec:
type: HarnessCode
spec:
repoName: my-app
events:
- Push
payloadConditions:
- key: ref
operator: StartsWith
value: refs/tags/v
pipelineIdentifier: release_pipeline
inputYaml: |
pipeline:
identifier: release_pipeline
variables:
- name: version
type: String
value: <+trigger.payload.ref>.replace("refs/tags/", "")
PR Validation Pipeline
pipeline:
name: PR Validation
identifier: pr_validation_pipeline
stages:
- stage:
name: Validate
type: CI
spec:
cloneCodebase: true
infrastructure:
type: KubernetesDirect
spec:
connectorRef: eks_connector
namespace: ci-runners
execution:
steps:
- step:
type: Run
name: Lint Helm Chart
spec:
shell: Bash
command: |
helm lint charts/my-service
helm template charts/my-service --debug
- step:
type: Run
name: Security Scan
spec:
shell: Bash
command: |
trivy config charts/my-service
checkov -d charts/my-service
- step:
type: Run
name: Unit Tests
spec:
shell: Bash
command: npm test
- step:
type: Plugin
name: PR Comment
spec:
connectorRef: harness_code
image: plugins/github-comment
settings:
message: "✅ All checks passed!"
Branch Protection Rules
Configure via Harness Code UI or API:
branchProtection:
pattern: main
rules:
- requirePullRequest: true
- requireReviews:
count: 1
dismissStaleReviews: true
requireCodeOwners: true
- requireStatusChecks:
strict: true
contexts:
- "pr_validation_pipeline"
- requireSignedCommits: false
- restrictPushes:
allowedUsers: []
allowedTeams:
- platform-team
- restrictDeletions: true
- requireLinearHistory: false
GitOps Integration (ArgoCD via Harness)
Update Release Repo
- step:
type: GitOpsUpdateReleaseRepo
name: Update GitOps Repo
identifier: update_gitops
spec:
connectorRef: harness_code
repoName: gitops-config
filePath: apps/<+service.name>/<+env.name>/values.yaml
fileContent: |
image:
repository: <+artifact.image>
tag: <+artifact.tag>
keycloak:
clientId: <+service.name>-client
GitOps Sync
- step:
type: GitOpsSync
name: Sync Application
identifier: gitops_sync
spec:
applicationIdentifier: <+service.name>-<+env.name>
prune: true
dryRun: false
Manifest Sources from Harness Code
Helm Chart from Repo
manifests:
- manifest:
identifier: main_chart
type: HelmChart
spec:
store:
type: HarnessCode
spec:
repoName: my-app
branch: <+pipeline.variables.branch>
folderPath: charts/my-service
chartName: my-service
helmVersion: V3
Values Override
manifests:
- manifest:
identifier: values_override
type: Values
spec:
store:
type: HarnessCode
spec:
repoName: my-app
branch: main
paths:
- charts/my-service/values-<+env.name>.yaml
Kustomize from Repo
manifests:
- manifest:
identifier: kustomize
type: Kustomize
spec:
store:
type: HarnessCode
spec:
repoName: my-app
branch: main
folderPath: k8s/overlays/<+env.name>
Code Quality Gates
- step:
type: Run
name: Quality Gate
spec:
shell: Bash
command: |
# Helm lint
helm lint charts/my-service --strict
# Security scan
trivy config charts/my-service --severity HIGH,CRITICAL --exit-code 1
# Keycloak realm validation
if [ -f keycloak/realm-export.json ]; then
jq -e '.realm' keycloak/realm-export.json > /dev/null
fi
envVariables:
TRIVY_SEVERITY: HIGH,CRITICAL
Expressions for Harness Code
| Expression | Purpose |
|---|---|
<+trigger.payload.repository.name> |
Repository name |
<+trigger.payload.ref> |
Git reference (branch/tag) |
<+trigger.payload.pullRequest.number> |
PR number |
<+trigger.payload.pullRequest.sourceBranch> |
PR source branch |
<+trigger.payload.pullRequest.targetBranch> |
PR target branch |
<+trigger.payload.sender.login> |
User who triggered |
<+codebase.commitSha> |
Full commit SHA |
<+codebase.shortCommitSha> |
Short commit SHA |
<+codebase.branch> |
Branch name |
<+codebase.tag> |
Tag name (if tagged) |
Webhook Payload Examples
Push Event
{
"ref": "refs/heads/main",
"before": "abc123",
"after": "def456",
"repository": {
"name": "my-app",
"full_name": "org/my-app"
},
"commits": [
{
"id": "def456",
"message": "feat: add new endpoint",
"author": { "name": "Developer" }
}
]
}
Pull Request Event
{
"action": "opened",
"number": 42,
"pullRequest": {
"title": "Add Keycloak integration",
"sourceBranch": "feature/keycloak",
"targetBranch": "main",
"state": "open"
}
}
Troubleshooting
| Issue | Solution |
|---|---|
| Trigger not firing | Check webhook configuration, verify event type |
| Clone failed | Verify connector credentials, check repo access |
| Branch not found | Confirm branch exists, check payload conditions |
| PR comment failed | Verify connector has write permissions |
| GitOps sync timeout | Check ArgoCD health, verify manifest validity |
References
Weekly Installs
5
Repository
lobbi-docs/claudeGitHub Stars
9
First Seen
Feb 27, 2026
Security Audits
Installed on
opencode5
gemini-cli5
codebuddy5
github-copilot5
codex5
kimi-cli5