linode · srodenhuis · Nov 7, 2024 · Nov 8, 2024 · merll · Nov 13, 2024
diff --git a/docs/for-devs/console/builds.md b/docs/for-devs/console/builds.md
@@ -4,8 +4,6 @@ title: Team Builds
 sidebar_label: Builds
 ---
 
-<!-- ![Console: new service](img/team-builds.png) -->
-
 A Build is a self-service feature for building OCI compliant images based on application source code and store the image in a private Team registry in Harbor.
 
 :::info
@@ -30,44 +28,43 @@ All Builds of the team are listed here.
 
 ## Create a build
 
-1. Enter a name for the build
+1. Enter a name for the build. The name of the build will be used for the registry name of the image (`harbor.<domainSuffix>/team-name/build-name`).
 
-The name of the build will be used for the registry name of the image (`harbor.<domainSuffix>/team-name/build-name`)
+2. (optional) Adjust the tag. The tag will be used to tag the image  (`harbor.<domainSuffix>/team-name/build-name:tag`).
 
-2. (optional) Adjust the tag
+4. Select the `Repository type`. Select `internal` if you want to use a Git repository hosted in the local Git service (Gitea), or `external` if you want to use an external repository (like one hosted in Github). Select `private` if the external repo requires authentication and select the (`basic-auth` or `ssh-auth`) secret that contains the credentials. Read more about Git authentication [here](https://tekton.dev/docs/how-to-guides/clone-repository/#git-authentication).
 
-The tag will be used to tag the image  (`harbor.<domainSuffix>/team-name/build-name:tag`)
+3. Choose the type of the build:
 
-Now choose the type of the build:
+- Use `Docker` to build an image using the `./Dockerfile` in your code repository.
 
-- Use `Docker` to build an image using the `./Dockerfile` in your code repository
-- Use `Buildpacks` to build an image from application source using Buildpacks
+- Use `Buildpacks` to build an image from application source using Buildpacks.
 
 ### Docker
 
-1. Add the URL of the repository that contains the application source code.
+1. If the repository is of type `internal`, then select one of the available repositories from the list. If the repository is of type `external`, then add the URL of the external repository that contains the application source code.
 
 2. (optional) Change the path of the `Dockerfile`. Default is `./Dockerfile`. To use a Dockerfile is a specific folder, use `./folder/Dockerfile`.
 
 3. (optional) Change the revision. This can be a commit, a tag, or a branch.
 
-4. (Optional) Select `External Repo` if the repository used for the Build is not a public or a private Git repo in the local Gitea. When selected, fill in the secret name that contains the required SSH credentials. Read more [here](https://tekton.dev/docs/how-to-guides/clone-repository/#git-authentication) about how to setup SSH authentication with your Git provider.
-
-5. (optional) Select to create an event listener to trigger the build based on a Gitea webhook.
+5. (optional) Select `Trigger` to create an event listener to trigger the build based on a Gitea webhook.
 
+6. (optional) Select `Scan source` to scan the source code for vulnerabilities.
+
 ### Buildpacks
 
-1. Add the URL of the Git repository that contains the application source code
+1. Add the URL of the Git repository that contains the application source code.
 
-2. (optional) Add the path. This is a subpath within the repo where the source to build is located
+2. (optional) Add the path. This is a subpath within the repo where the source to build is located.
 
-3. (optional) Change the revision. This can be a commit, a tag, or a branch
+3. (optional) Change the revision. This can be a commit, a tag, or a branch.
 
-4. (optional) Add Environment variables to set during build-time
+4. (optional) Add Environment variables to set during build-time.
 
-5. (Optional) Select `External Repo` if the repository used for the Build is not a public or a private Git repo in the local Gitea. When selected, fill in the secret name that contains the required SSH credentials. Read more [here](https://tekton.dev/docs/how-to-guides/clone-repository/#git-authentication) about how to setup SSH authentication with your Git provider.
+5. (optional) Select `Trigger` to create an event listener to trigger the build based on a Gitea webhook.
 
-6. (optional) Select to create an event listener to trigger the build based on a Gitea webhook.
+6. (optional) Select `Scan source` to scan the source code for vulnerabilities.
 
 ### Build status details
 

diff --git a/docs/get-started/labs/build-images.md b/docs/get-started/labs/build-images.md
@@ -18,13 +18,15 @@ When your team is using Harbor for private image registries, you can build image
 
 3. Fill in the name `blue` for your build and a tag (default tag is latest).
 
-4. Choose `Docker` and fill in the repo URL for the `blue` repo created in the previous lab.
+4. Use the default `internal` Repository type.
 
-5. Click `Submit`.
+5. Use the `Docker` mode and select the `blue` repo URL for the Git repo created in the previous lab.
 
-6. Click `Deploy changes`.
+6. Click `Submit`.
 
-Now a Tekton Pipeline and PipelineRun resource to build the image will be created. This will take around 30 seconds. Then the PipelineRun will start building the image. During this time the status will show `in progress`:
+7. Click `Deploy changes`.
+
+A Tekton Pipeline and PipelineRun resource to build the image will now be created. This will take around 30 seconds. Then the PipelineRun will start building the image. During this time the status will show `in progress`:
 
 ![build status](../../img/build-status.png)
 

diff --git a/docs/get-started/labs/create-sealed-secrets.md b/docs/get-started/labs/create-sealed-secrets.md
@@ -16,7 +16,7 @@ In this lab we will create sealed secrets and see how to securely sensitive info
 
 4. Select the secret type. In this lab we will create a secret of type `opaque`.
 
-5. Add the secret `data`. Add the following key-value pairs:
+5. Add the secret `Encrypted data`. Add the following key-value pairs:
 
 - `password=helloworld`
 - `username=labs-user`

diff --git a/docs/get-started/labs/labs-overview.md b/docs/get-started/labs/labs-overview.md
@@ -74,6 +74,8 @@ Welcome to the Application Platform for LKE labs! If you are going to use the Ap
 
 **Advanced Labs**
 
+### [Use external private Git repositories](use-external-private-repo.md)
+
 ### [Create network policies](create-netpols.md)
 
 ### [Tracing with OpenTelemetry](use-otel.md)

diff --git a/docs/get-started/labs/trigger-builds.md b/docs/get-started/labs/trigger-builds.md
@@ -14,9 +14,11 @@ In the previous lab we created a Build using the `blue` repo in Gitea. In this l
 
 3. Fill in the name `green` for your build.
 
-4. Choose `./Dockerfile` and fill in the repo URL for the `green` repo created in the previous lab: `https://gitea.<your-domain>/<gitea-username>/green`.
+4. Use the default `internal` Repository type.
 
-5. Enable `Trigger`.
+5. Use the `Docker` mode and select the `green` repo URL for the Git repo created in the previous lab.
+
+5. Select the `Trigger` checkbox.
 
 6. Click `Submit`.
 

diff --git a/docs/get-started/labs/use-external-private-repo.md b/docs/get-started/labs/use-external-private-repo.md
@@ -0,0 +1,60 @@
+---
+slug: use-external-private-repo
+title: Use an external private repository
+sidebar_label: Using external private repo's
+---
+
+:::info
+Harbor needs to be activated for this lab.
+:::
+
+The App Platform includes an `internal` self-hosted Git service powered by Gitea. When creating a Build, the repository type by default is set to `internal` so you can select one of the internally hosted Git repositories. In this lab we'll use the Build feature to build an image using an external private repository (Github) with `basic-auth` authentication.
+
+## Create a (Classic) Personal Access Token
+
+Create a Classic personal access token as documented on the [Github documentation site](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic) and add the token to your clipboard.
+
+## Create a SealedSecret
+
+1. In the left menu, click on `Sealed Secrets`.
+
+2. Click on `Create SealedSecret`.
+
+3. Fill in a name for your secret. In this lab we'll create a secret with the name `my-access-token`.
+
+4. Select the secret type. Because we're going to use `basic-auth` authentication, select `kubernetes.io/basic-auth`.
+
+5. Add the secret `Encrypted data`. Add the following key-value pairs:
+
+- `username=<your-github-account-name>`
+- `password=<your-personal-access-token>`
+
+6. Expand the `Metadata` section and add the following `Annotation`:
+
+- Key: `tekton.dev/git-0`
+- Value: `https://github.com`
+
+7. Click `Submit`.
+
+8. Click `Deploy changes`.
+
+## Create Build
+
+1. In the left menu, click on `Builds`.
+
+2. Click on `Create Build`.
+
+3. Fill in the name `my-private-repo` for your build and a tag (default tag is latest).
+
+4. Choose `external` for the `Repository type`
+
+5. Select `Private`.
+
+6. Select the secret you created in the previous step (my-access-token) from the list.
+
+7. Choose `Docker` and fill in the repo URL of your private Github repository.
+
+8. Click `Submit`.
+
+9. Click `Deploy changes`.
+
diff --git a/sidebar-docs.js b/sidebar-docs.js
@@ -43,6 +43,7 @@ module.exports = {
           "get-started/labs/view-metrics",
           "get-started/labs/monitor-services",
           "get-started/labs/custom-metrics",
+          "get-started/labs/use-external-private-repo",
           "get-started/labs/create-netpols",
           "get-started/labs/use-otel",
           "get-started/labs/canary-deployment",