**Description** After upgrading from Gitlab 17 to 18 one of our pipeline jobs creating a release stopped working. No code change, release jobs were always successful before (latest 2h before) the upgrade and starting on the first job after (earliest 1h after) the upgrade they all failed. It would seem that the content of the `$ADDITIONAL_CA_CERT_BUNDLE` variable is now lost in the `release` step. However, setting that variable as a CI variable overcomes the issue (temporary workaround). P.S: when troubleshooting I was able to verify that the `$ADDITIONAL_CA_CERT_BUNDLE` variable had the proper content from within the `script` section of the job, but it's somehow either lost or unset in the `release` step. ### Edit The change in behaviour seems to be linked the change in this file: [releaser.rb](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/build/releaser.rb?ref_type=heads), which now explicitly refers to `$ADDITIONAL_CA_CERT_BUNDLE` to set the CA certificate. **tls error** `tls: failed to verify certificate: x509: certificate signed by unknown authority` **release step output** ```bash Executing "step_release" stage of the job script 00:01 $ if command -v glab &> /dev/null; then # collapsed multi-line command A new version of glab has been released: v1.58.0 -> v1.68.0 https://gitlab.com/gitlab-org/cli/-/releases/v1.68.0 Setting CA certificate for gitlab.foo.com • Creating or updating release repo=x_te/project/x_project tag=1.8.13 x release failed after 0.01 seconds. error=Get "https://gitlab.foo.com/api/v4/projects/x_te%2Fproject%2Fx_project/releases/1%2E8%2E13": tls: failed to verify certificate: x509: certificate signed by unknown authority ``` **job** ```yaml .create_release: extends: .before_script stage: release_and_changelog image: registry.gitlab.com/gitlab-org/release-cli:latest variables: ADDITIONAL_CA_CERT_BUNDLE: foo-ca.pem needs: - job: prepare_release artifacts: true rules: - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/' script: - echo "Creating release" release: name: 'Release $CI_COMMIT_TAG' description: release_notes.md tag_name: '$CI_COMMIT_TAG' ref: '$CI_COMMIT_SHA ```