From 712331d42158dc9611ea11755f486da8e5d4f8e6 Mon Sep 17 00:00:00 2001
From: Pierre Smeyers <pierre.smeyers@gmail.com>
Date: Sun, 23 Mar 2025 14:36:33 +0100
Subject: [PATCH] fix: unset vault variables for semrel

Fixes #54
---
 templates/gitlab-ci-semrel.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/templates/gitlab-ci-semrel.yml b/templates/gitlab-ci-semrel.yml
index 3d28c55..4812176 100644
--- a/templates/gitlab-ci-semrel.yml
+++ b/templates/gitlab-ci-semrel.yml
@@ -790,6 +790,12 @@ stages:
     log_info "Commit signing setup complete."
   }
 
+  function clear_vault_env() {
+    # unset service container env when Vault variant is enabled (SemRel censors them all due to 'SECRET' in the name)
+    # shellcheck disable=SC2046
+    unset $(env | awk -F '=' '/^VAULT_SECRETS_PROVIDER_/{print $1}' | xargs)
+  }
+
   unscope_variables
   eval_all_secrets
 
@@ -809,6 +815,7 @@ stages:
     - cd "${SEMREL_CONFIG_DIR}"
     - prepare_semantic_release
     - install_semantic_release_plugins
+    - clear_vault_env
   variables:
     # download cache
     XDG_CACHE_HOME: "$CI_PROJECT_DIR/.cache"
-- 
GitLab