Harness Code Integration Skill

Manage Harness Code repositories, triggers, PR pipelines, and GitOps workflows.

Use For

• Repository setup, branch protection, PR validation pipelines
• Triggers (push, PR, tag), GitOps workflows, code policies

Repository Structure for EKS Deployments

my-app/                          # Harness Code repository
├── src/                         # Application source
├── charts/
│   └── my-service/
│       ├── Chart.yaml
│       ├── values.yaml
│       ├── values-dev.yaml
│       ├── values-staging.yaml
│       ├── values-prod.yaml
│       └── templates/
├── .harness/
│   ├── pipelines/
│   │   ├── build.yaml
│   │   ├── deploy-dev.yaml
│   │   ├── deploy-staging.yaml
│   │   └── deploy-prod.yaml
│   └── inputsets/
│       ├── dev-inputs.yaml
│       └── prod-inputs.yaml
└── keycloak/
    └── realm-export.json

Harness Code Connector

connector:
  name: Harness Code
  identifier: harness_code
  type: HarnessCode
  spec:
    authentication:
      type: Http
      spec:
        type: UsernameToken
        spec:
          username: <+secrets.getValue("harness_code_user")>
          tokenRef: harness_code_token

Triggers

Push Trigger (Main Branch)

trigger:
  name: Main Branch Push
  identifier: main_push
  enabled: true
  encryptedWebhookSecretIdentifier: ""
  description: "Deploy on push to main"
  source:
    type: Webhook
    spec:
      type: HarnessCode
      spec:
        repoName: my-app
        events:
          - Push
        actions: []
        payloadConditions:
          - key: targetBranch
            operator: Equals
            value: main
  pipelineIdentifier: deploy_pipeline
  inputSetRefs:
    - main_inputs
  stagesToExecute: []

Pull Request Trigger

trigger:
  name: PR Validation
  identifier: pr_validation
  enabled: true
  source:
    type: Webhook
    spec:
      type: HarnessCode
      spec:
        repoName: my-app
        events:
          - PullRequest
        actions:
          - Open
          - Reopen
          - Edit
          - Synchronize
        payloadConditions:
          - key: targetBranch
            operator: In
            value: main, develop
  pipelineIdentifier: pr_validation_pipeline

Tag Trigger (Release)

trigger:
  name: Release Tag
  identifier: release_tag
  enabled: true
  source:
    type: Webhook
    spec:
      type: HarnessCode
      spec:
        repoName: my-app
        events:
          - Push
        payloadConditions:
          - key: ref
            operator: StartsWith
            value: refs/tags/v
  pipelineIdentifier: release_pipeline
  inputYaml: |
    pipeline:
      identifier: release_pipeline
      variables:
        - name: version
          type: String
          value: <+trigger.payload.ref>.replace("refs/tags/", "")

PR Validation Pipeline

pipeline:
  name: PR Validation
  identifier: pr_validation_pipeline
  stages:
    - stage:
        name: Validate
        type: CI
        spec:
          cloneCodebase: true
          infrastructure:
            type: KubernetesDirect
            spec:
              connectorRef: eks_connector
              namespace: ci-runners
          execution:
            steps:
              - step:
                  type: Run
                  name: Lint Helm Chart
                  spec:
                    shell: Bash
                    command: |
                      helm lint charts/my-service
                      helm template charts/my-service --debug
              - step:
                  type: Run
                  name: Security Scan
                  spec:
                    shell: Bash
                    command: |
                      trivy config charts/my-service
                      checkov -d charts/my-service
              - step:
                  type: Run
                  name: Unit Tests
                  spec:
                    shell: Bash
                    command: npm test
              - step:
                  type: Plugin
                  name: PR Comment
                  spec:
                    connectorRef: harness_code
                    image: plugins/github-comment
                    settings:
                      message: "✅ All checks passed!"

Branch Protection Rules

Configure via Harness Code UI or API:

branchProtection:
  pattern: main
  rules:
    - requirePullRequest: true
    - requireReviews:
        count: 1
        dismissStaleReviews: true
        requireCodeOwners: true
    - requireStatusChecks:
        strict: true
        contexts:
          - "pr_validation_pipeline"
    - requireSignedCommits: false
    - restrictPushes:
        allowedUsers: []
        allowedTeams:
          - platform-team
    - restrictDeletions: true
    - requireLinearHistory: false

GitOps Integration (ArgoCD via Harness)

Update Release Repo

- step:
    type: GitOpsUpdateReleaseRepo
    name: Update GitOps Repo
    identifier: update_gitops
    spec:
      connectorRef: harness_code
      repoName: gitops-config
      filePath: apps/<+service.name>/<+env.name>/values.yaml
      fileContent: |
        image:
          repository: <+artifact.image>
          tag: <+artifact.tag>
        keycloak:
          clientId: <+service.name>-client

GitOps Sync

- step:
    type: GitOpsSync
    name: Sync Application
    identifier: gitops_sync
    spec:
      applicationIdentifier: <+service.name>-<+env.name>
      prune: true
      dryRun: false

Manifest Sources from Harness Code

Helm Chart from Repo

manifests:
  - manifest:
      identifier: main_chart
      type: HelmChart
      spec:
        store:
          type: HarnessCode
          spec:
            repoName: my-app
            branch: <+pipeline.variables.branch>
            folderPath: charts/my-service
        chartName: my-service
        helmVersion: V3

Values Override

manifests:
  - manifest:
      identifier: values_override
      type: Values
      spec:
        store:
          type: HarnessCode
          spec:
            repoName: my-app
            branch: main
            paths:
              - charts/my-service/values-<+env.name>.yaml

Kustomize from Repo

manifests:
  - manifest:
      identifier: kustomize
      type: Kustomize
      spec:
        store:
          type: HarnessCode
          spec:
            repoName: my-app
            branch: main
            folderPath: k8s/overlays/<+env.name>

Code Quality Gates

- step:
    type: Run
    name: Quality Gate
    spec:
      shell: Bash
      command: |
        # Helm lint
        helm lint charts/my-service --strict

        # Security scan
        trivy config charts/my-service --severity HIGH,CRITICAL --exit-code 1

        # Keycloak realm validation
        if [ -f keycloak/realm-export.json ]; then
          jq -e '.realm' keycloak/realm-export.json > /dev/null
        fi
      envVariables:
        TRIVY_SEVERITY: HIGH,CRITICAL

Expressions for Harness Code

<+trigger.payload.repository.name>

<+trigger.payload.ref>

<+trigger.payload.pullRequest.number>

<+trigger.payload.pullRequest.sourceBranch>

<+trigger.payload.pullRequest.targetBranch>

<+trigger.payload.sender.login>

<+codebase.commitSha>

<+codebase.shortCommitSha>

<+codebase.branch>

<+codebase.tag>

Webhook Payload Examples

Push Event

{
  "ref": "refs/heads/main",
  "before": "abc123",
  "after": "def456",
  "repository": {
    "name": "my-app",
    "full_name": "org/my-app"
  },
  "commits": [
    {
      "id": "def456",
      "message": "feat: add new endpoint",
      "author": { "name": "Developer" }
    }
  ]
}

Pull Request Event

{
  "action": "opened",
  "number": 42,
  "pullRequest": {
    "title": "Add Keycloak integration",
    "sourceBranch": "feature/keycloak",
    "targetBranch": "main",
    "state": "open"
  }
}

Troubleshooting

References

• Harness Code Triggers
• GitOps with Harness