[release-1.10] RHDHBUGS-2702: defaultEnvironment parameters (#2327)

* RHDHBUGS-2702

* RHDHBUGS-2702

* Apply suggestion from @themr0c

* Update modules/shared/ref-default-environment-parameters-and-secrets.adoc

Co-authored-by: Patrick Knight <pknight@redhat.com>

* Update modules/shared/ref-default-environment-parameters-and-secrets.adoc

Co-authored-by: Patrick Knight <pknight@redhat.com>

* RHDHBUGS-2702

---------

Co-authored-by: deerskindoll <jvrbkova@redhat.com>
Co-authored-by: Fabrice Flore-Thébault <ffloreth@redhat.com>
Co-authored-by: Patrick Knight <pknight@redhat.com>

Author: 4 people

assemblies/configure_customizing-rhdh/assembly-standardize-project-development-with-software-templates.adoc

@@ -14,11 +14,13 @@ include::../modules/shared/con-software-templates-in-rhdh.adoc[leveloffset=+1]
 
 include::../modules/shared/proc-create-a-basic-software-template.adoc[leveloffset=+1]
 
+include::../modules/shared/ref-default-environment-parameters-and-secrets.adoc[leveloffset=+1]
+
 include::../modules/shared/ref-sample-software-template.adoc[leveloffset=+1]
 
 include::../modules/shared/proc-share-software-templates-with-your-organization.adoc[leveloffset=+1]
 
-include::../modules/shared/ref-extending-software-templates-for-complex-project-requirements.adoc[leveloffset=+1] 
+include::../modules/shared/ref-extending-software-templates-for-complex-project-requirements.adoc[leveloffset=+1]
 
 :context: {previouscontext}
 :!previouscontext:

modules/shared/ref-default-environment-parameters-and-secrets.adoc

@@ -0,0 +1,88 @@
+:_mod-docs-content-type: REFERENCE
+
+[id="default-environment-parameters-and-secrets_{context}"]
+= Default environment parameters and secrets
+
+[role="_abstract"]
+The scaffolder supports a `defaultEnvironment` configuration
+that provides default parameters and secrets to all templates.
+Use this configuration in your {my-app-config-file} file to reduce template complexity and improve security by centralizing common values.
+
+Example of an {my-app-config-file} configured for default parameters and secrets::
+[source,yaml]
+----
+scaffolder:
+  defaultEnvironment:
+    parameters:
+      githubOrg: my-org
+      defaultOwner: platform-team
+    secrets:
+      GITHUB_TOKEN: ${GITHUB_TOKEN}
+----
+
+[NOTE]
+====
+Default parameters are isolated in their own context to avoid naming conflicts.
+====
+
+Default parameters are accessible via `${{ environment.parameters.* }}` in templates.
+
+Example of default parameters configuration for application deployment::
+
+[source,yaml]
+----
+spec:
+  parameters:
+    - title: Project details
+      required:
+        - name
+      properties:
+        name:
+          title: Name
+          type: string
+          description: Unique name for the new repository.
+
+  steps:
+    - id: fetch-base
+      name: Fetch skeleton
+      action: fetch:template
+      input:
+        url: ./skeleton
+        values:
+          name: ${{ parameters.name }} # Resolves to frontend input value
+          owner: ${{ environment.parameters.defaultOwner }} # Resolves to defaultEnvironment.parameters.defaultOwner
+----
+
+Default secrets are resolved from environment variables and accessible via `${{ environment.secrets.* }}` in template actions.
+
+Example of a default secret configuration::
+
+[source,yaml]
+----
+spec:
+  parameters:
+    - title: Project details
+      required:
+        - name
+      properties:
+        name:
+          title: Name
+          type: string
+          description: Unique name for the new repository.
+
+  steps:
+    - id: publish
+      name: Publish to GitHub
+      action: publish:github
+      input:
+        allowedHosts: ['github.com']
+        description: ${{ parameters.name }}
+        repoUrl: github.com?owner=${{ environment.parameters.githubOrg }}&repo=${{ parameters.name }}
+        token: ${{ environment.secrets.GITHUB_TOKEN }} # Resolves to defaultEnvironment.secrets.GITHUB_TOKEN
+----
+
+[IMPORTANT]
+====
+Secrets are automatically masked in logs. They are only available to backend actions, never exposed to the frontend.
+====
+