ci: fix unbound variable error for OIDC vars on stock Gitea
Some checks failed
Deploy to K8s / deploy (push) Failing after 3s
Some checks failed
Deploy to K8s / deploy (push) Failing after 3s
Use ${VAR:-} default-empty syntax so set -u doesn't abort when
ACTIONS_ID_TOKEN_REQUEST_TOKEN/URL are absent (stock Gitea runners
don't set them).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jan Novak
@@ -14,9 +14,9 @@ jobs:
|
||||
- name: Get Vault token
|
||||
run: |
|
||||
set -euxo pipefail
|
||||
|
||||
IDTOKEN=$(curl -sS -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
|
||||
"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://vault.hrajfrisbee.cz/")
|
||||
|
||||
IDTOKEN=$(curl -sS -H "Authorization: bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN:-}" \
|
||||
"${ACTIONS_ID_TOKEN_REQUEST_URL:-}&audience=https://vault.hrajfrisbee.cz/")
|
||||
|
||||
TOKEN=$(echo "$IDTOKEN" | jq -r '.value')
|
||||
|
||||
@@ -32,8 +32,8 @@ jobs:
|
||||
env | sort
|
||||
echo ""
|
||||
echo "=== ID Token (decoded) ==="
|
||||
IDTOKEN=$(curl -sS -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
|
||||
"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://vault.hrajfrisbee.cz/")
|
||||
IDTOKEN=$(curl -sS -H "Authorization: bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN:-}" \
|
||||
"${ACTIONS_ID_TOKEN_REQUEST_URL:-}&audience=https://vault.hrajfrisbee.cz/")
|
||||
echo "$IDTOKEN" | jq -r '.value' | cut -d. -f2 | base64 -d 2>/dev/null | jq .
|
||||
|
||||
- name: Read secret from Vault
|
||||
|
||||
Reference in New Issue
Block a user