diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5584f7d4a9f8b5050d45ac40f4141f356712d33c..4533fe2564c2b02f6ca49adf8544a508e22b6272 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -269,6 +269,57 @@ test-init-with-reconfigure: EOF - gitlab-terraform init +test-init-with-prepared-registry-token: + extends: + - .test + stage: test-init + variables: + TERRAFORM_VERSION: $STABLE_VERSION + script: + - apk add --update $PKG + - | + cat <<'EOF' > test.sh + set -x + export TF_TOKEN_gitlab_com=mysecrettoken + . $(which gitlab-terraform) + terraform_authenticate_private_registry + test "$TF_TOKEN_gitlab_com" = "mysecrettoken" + EOF + - $SHELL test.sh + parallel: + matrix: + - SHELL: "bash" + PKG: "bash" + - SHELL: "zsh" + PKG: "zsh" + - SHELL: "ksh" + PKG: "loksh" + +test-init-without-prepared-registry-token: + extends: + - .test + stage: test-init + variables: + TERRAFORM_VERSION: $STABLE_VERSION + script: + - apk add --update $PKG + - | + cat <<'EOF' > test.sh + set -x + . $(which gitlab-terraform) + terraform_authenticate_private_registry + test -n "$TF_TOKEN_gitlab_com" + EOF + - $SHELL test.sh + parallel: + matrix: + - SHELL: "bash" + PKG: "bash" + - SHELL: "zsh" + PKG: "zsh" + - SHELL: "ksh" + PKG: "loksh" + test-fmt: extends: - .test diff --git a/src/bin/gitlab-terraform.sh b/src/bin/gitlab-terraform.sh index 6c01144dc052b9f0203ccbc5742ae3ae1002f008..68c5cfaee10d7129dc934eeb8866aabaf772b6f6 100755 --- a/src/bin/gitlab-terraform.sh +++ b/src/bin/gitlab-terraform.sh @@ -13,13 +13,13 @@ terraform_is_at_least() { # Evaluate if this script is being sourced or executed directly. # See https://stackoverflow.com/a/28776166 sourced=0 -if [ -n "$ZSH_VERSION" ]; then +if [ -n "$ZSH_VERSION" ]; then case $ZSH_EVAL_CONTEXT in *:file) sourced=1;; esac elif [ -n "$KSH_VERSION" ]; then # shellcheck disable=SC2296 [ "$(cd -- "$(dirname -- "$0")" && pwd -P)/$(basename -- "$0")" != "$(cd -- "$(dirname -- "${.sh.file}")" && pwd -P)/$(basename -- "${.sh.file}")" ] && sourced=1 elif [ -n "$BASH_VERSION" ]; then - (return 0 2>/dev/null) && sourced=1 + (return 0 2>/dev/null) && sourced=1 else # All other shells: examine $0 for known shell binary filenames. # Detects `sh` and `dash`; add additional shell filenames as needed. case ${0##*/} in sh|-sh|dash|-dash) sourced=1;; esac @@ -108,7 +108,10 @@ terraform_authenticate_private_registry() { # For more info, see https://www.terraform.io/cli/config/config-file#environment-variable-credentials if [ "${CI_SERVER_PROTOCOL}" = "https" ] && [ -n "${CI_SERVER_HOST}" ]; then tf_token_var_name=TF_TOKEN_$(idn2 "${CI_SERVER_HOST}" | sed 's/\./_/g' | sed 's/-/__/g') - export "${tf_token_var_name}"="${CI_JOB_TOKEN}" + # If TF_TOKEN_ for the Gitlab domain is not set then use the CI_JOB_TOKEN + if [ -z "$(eval "echo \${${tf_token_var_name}:-}")" ]; then + export "${tf_token_var_name}"="${CI_JOB_TOKEN}" + fi fi else # If we have a version older than 1.2.0, we use the credentials file. @@ -189,4 +192,4 @@ else # This variable can be used if the script is sourced # shellcheck disable=SC2034 TF_GITLAB_SOURCED=true -fi \ No newline at end of file +fi