Dependency-scanning job can't use group level variable
Summary
Dependency-scanning job failing being not able to get ${NPM_TOKEN} variable from group level variables.
Steps to reproduce
- Run
dependency-scanning job
against a JS project, which is using private NPM repos. - Store ${NPM_TOKEN} variable in group level variables
Example Project
https://gitlab.com/new10/services/gandalf/-/jobs/349334979
What is the current bug behavior?
The dependency-scanning job
job fails and produces no report, with following log
Installing dependencies... yarn install v1.17.3 error An unexpected error occurred: "Failed to replace env in config: ${NPM_TOKEN}". info If you think this is a bug, please open a bug report with the information provided in "/tmp/app/yarn-error.log". info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
What is the expected correct behavior?
The dependency-scanning job
job should be be able to use env variable ${NPM_TOKEN} from group level variables.