Fail to decode secrets
Describe the bug
Using the vault variant of the component, semantic-release jobs are not able to retrieve secrets from Vault.
Expected behavior
The semantic-release jobs should print a message like '[INFO] Successfully fetched secret S3_REVIEW_ACCESS_KEY'
Actual behavior
Semantic-release-info job outputs an error message.
Logs and/or screenshots
/scripts-414440-175057513/step_script: line 594: : No such file or directory
sed: can't read : No such file or directory
[WARN] Failed getting secret S3_REVIEW_SECRET_KEY:Context & Configuration
Link to a project, pipeline or job facing the bug: (please provide one if possible)
The issue was reproduced using:
- Version of the template: 3.11.3
- GitLab server(s): Self-managed server, GitLab Community Edition v17.4.3
- GitLab runner(s): (type in any relevant information about the GitLab runner(s) you used)
Here is the .gitlab-ci.yml file:
include:
# Semantic release template
- component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel@3.11.3
inputs:
changelog-enabled: true
image: docker.io/library/node:lts-slim
info-on: protected
# Vault variant
- component: $CI_SERVER_FQDN/to-be-continuous/semantic-release/gitlab-ci-semrel-vault@3.11.3
variables:
S3_REVIEW_SECRET_KEY: "@url@http://vault-secrets-provider/api/secrets/${VAULT_PROJECT_UID}/secret/${VAULT_PROJECT_UID}/dev/ucncm/s3?field=secret_key"(If useful, list configured GitLab CI project and/or group variables.)
Configured GitLab CI project or group variables:
S3_REVIEW_SECRET_KEYVAULT_BASE_URLVAULT_PROJECT_UIDVAULT_OIDC_AUD
I think the issue resides in the eval_secret function:
https://gitlab.com/to-be-continuous/semantic-release/-/blame/master/templates/gitlab-ci-semrel.yml?ref_type=heads#L381
When using node to decode the secret, the shell variables decoded and errors are not assigned.