diff --git a/templates/gitlab-ci-semrel.yml b/templates/gitlab-ci-semrel.yml index 3d28c55d5a8708994ede071cfc0202f1faf9d57d..48121768a3907e7ad9e3e460d0a4f18597ead49d 100644 --- a/templates/gitlab-ci-semrel.yml +++ b/templates/gitlab-ci-semrel.yml @@ -790,6 +790,12 @@ stages: log_info "Commit signing setup complete." } + function clear_vault_env() { + # unset service container env when Vault variant is enabled (SemRel censors them all due to 'SECRET' in the name) + # shellcheck disable=SC2046 + unset $(env | awk -F '=' '/^VAULT_SECRETS_PROVIDER_/{print $1}' | xargs) + } + unscope_variables eval_all_secrets @@ -809,6 +815,7 @@ stages: - cd "${SEMREL_CONFIG_DIR}" - prepare_semantic_release - install_semantic_release_plugins + - clear_vault_env variables: # download cache XDG_CACHE_HOME: "$CI_PROJECT_DIR/.cache"