Add support for ADDITIONAL_CA_CERT_BUNDLE in glab releases
What does this MR do and why?
The release-cli tool supports the ADDITIONAL_CA_CERT_BUNDLE variable
for SSL certificate verification with custom CA certificates. Now, we
are adding an equivalent functionality to the glab CLI implementation.
When the ADDITIONAL_CA_CERT_BUNDLE environment variable is present:
- The certificate content is written to a file named
ca_cert_for_releasing_with_glab.pem - The glab config is updated to use this certificate file for the specific GitLab instance
- This configuration happens before authentication and release creation
This ensures both release-cli and glab CLI methods support
the same custom CA certificate functionality, maintaining parity as
we transition from release-cli to glab.
This change also updates the version requirement of glab to v1.58.0.
References
Related to #543021 (closed)
This MR also fixes cli#7882 (closed).
Screenshots or screen recordings
- Setup SSL: https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/howto/nginx.md
- Add a new Runner to the
https:instance
release_job:
tags: [docker]
image: registry.gitlab.com/gitlab-org/cli:latest
rules:
- if: $CI_COMMIT_TAG
variables:
FF_SCRIPT_SECTIONS: true
script:
- echo "Running the release job."
release:
tag_name: $CI_COMMIT_TAG
name: 'Release $CI_COMMIT_TAG'
description: 'Release created using the cli.'Before:
After:
windows result
windows-glab-version-match:
tags: [saas-windows-medium-amd64]
# rules:
# - if: $CI_COMMIT_TAG
variables:
FF_SCRIPT_SECTIONS: true
RELEASE_VERSION: 4.11.1
script:
- wget "https://gitlab.com/gitlab-org/cli/-/releases/v1.58.0/downloads/glab.exe" -OutFile "glab.exe"
- Set-Alias -Name glab -Value "./glab.exe"
- |
if (Get-Command glab -ErrorAction SilentlyContinue) {
$glabVersionOutput = (glab --version | Select-Object -First 1) -as [string]
if ($glabVersionOutput -match 'glab (\d+\.\d+\.\d+)') {
if ([version]$matches[1] -ge [version]"1.58.0") {
$env:GITLAB_HOST = $env:CI_SERVER_URL
if ($env:ADDITIONAL_CA_CERT_BUNDLE) {
Write-Output "Setting CA certificate for $env:CI_SERVER_FQDN"
"$env:ADDITIONAL_CA_CERT_BUNDLE" > "ca_cert_for_releasing_with_glab.pem"
glab config set ca_cert "ca_cert_for_releasing_with_glab.pem" --host "$env:CI_SERVER_FQDN"
}
glab auth login --job-token $env:CI_JOB_TOKEN --hostname "$env:CI_SERVER_FQDN" --api-protocol $env:CI_SERVER_PROTOCOL
glab -R $env:CI_PROJECT_PATH release create "$RELEASE_VERSION" --name "Release" --experimental-notes-text-or-file "Release created using the cli." --ref "$env:CI_COMMIT_SHA" --no-update --no-close-milestone
if (Test-Path "ca_cert_for_releasing_with_glab.pem") {
Remove-Item -Force "ca_cert_for_releasing_with_glab.pem"
}
}
else {
Write-Output "Warning: release-cli will not be supported after 19.0. Please use glab version >= 1.58.0. Troubleshooting: http://gdk.test:3000/help/user/project/releases/_index.md#gitlab-cli-version-requirement"
release-cli create --name "Release" --description "Release created using the cli." --tag-name "$RELEASE_VERSION"
}
}
else {
Write-Output "Warning: release-cli will not be supported after 19.0. Please use glab version >= 1.58.0. Troubleshooting: http://gdk.test:3000/help/user/project/releases/_index.md#gitlab-cli-version-requirement"
release-cli create --name "Release" --description "Release created using the cli." --tag-name "$RELEASE_VERSION"
}
}
else {
Write-Output "Warning: release-cli will not be supported after 19.0. Please use glab version >= 1.58.0. Troubleshooting: http://gdk.test:3000/help/user/project/releases/_index.md#gitlab-cli-version-requirement"
release-cli create --name "Release" --description "Release created using the cli." --tag-name "$RELEASE_VERSION"
}
windows-glab-version-not-match:
tags: [saas-windows-medium-amd64]
# rules:
# - if: $CI_COMMIT_TAG
variables:
FF_SCRIPT_SECTIONS: true
RELEASE_VERSION: 4.11.1
script:
- wget "https://gitlab.com/gitlab-org/cli/-/releases/v1.57.0/downloads/glab.exe" -OutFile "glab.exe"
- Set-Alias -Name glab -Value "./glab.exe"
- |
if (Get-Command glab -ErrorAction SilentlyContinue) {
$glabVersionOutput = (glab --version | Select-Object -First 1) -as [string]
if ($glabVersionOutput -match 'glab (\d+\.\d+\.\d+)') {
if ([version]$matches[1] -ge [version]"1.58.0") {
$env:GITLAB_HOST = $env:CI_SERVER_URL
if ($env:ADDITIONAL_CA_CERT_BUNDLE) {
Write-Output "Setting CA certificate for $env:CI_SERVER_FQDN"
"$env:ADDITIONAL_CA_CERT_BUNDLE" > "ca_cert_for_releasing_with_glab.pem"
glab config set ca_cert "ca_cert_for_releasing_with_glab.pem" --host "$env:CI_SERVER_FQDN"
}
glab auth login --job-token $env:CI_JOB_TOKEN --hostname "$env:CI_SERVER_FQDN" --api-protocol $env:CI_SERVER_PROTOCOL
glab -R $env:CI_PROJECT_PATH release create "$RELEASE_VERSION" --name "Release" --experimental-notes-text-or-file "Release created using the cli." --ref "$env:CI_COMMIT_SHA" --no-update --no-close-milestone
if (Test-Path "ca_cert_for_releasing_with_glab.pem") {
Remove-Item -Force "ca_cert_for_releasing_with_glab.pem"
}
}
else {
Write-Output "Warning: release-cli will not be supported after 19.0. Please use glab version >= 1.58.0. Troubleshooting: http://gdk.test:3000/help/user/project/releases/_index.md#gitlab-cli-version-requirement"
release-cli create --name "Release" --description "Release created using the cli." --tag-name "$RELEASE_VERSION"
}
}
else {
Write-Output "Warning: release-cli will not be supported after 19.0. Please use glab version >= 1.58.0. Troubleshooting: http://gdk.test:3000/help/user/project/releases/_index.md#gitlab-cli-version-requirement"
release-cli create --name "Release" --description "Release created using the cli." --tag-name "$RELEASE_VERSION"
}
}
else {
Write-Output "Warning: release-cli will not be supported after 19.0. Please use glab version >= 1.58.0. Troubleshooting: http://gdk.test:3000/help/user/project/releases/_index.md#gitlab-cli-version-requirement"
release-cli create --name "Release" --description "Release created using the cli." --tag-name "$RELEASE_VERSION"
}
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Furkan Ayhan