ci: fix unbound variable error for OIDC vars on stock Gitea
Some checks failed
Deploy to K8s / deploy (push) Failing after 3s
Some checks failed
Deploy to K8s / deploy (push) Failing after 3s
Use ${VAR:-} default-empty syntax so set -u doesn't abort when
ACTIONS_ID_TOKEN_REQUEST_TOKEN/URL are absent (stock Gitea runners
don't set them).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jan Novak
@@ -14,9 +14,9 @@ jobs:
|
|||||||
- name: Get Vault token
|
- name: Get Vault token
|
||||||
run: |
|
run: |
|
||||||
set -euxo pipefail
|
set -euxo pipefail
|
||||||
|
|
||||||
IDTOKEN=$(curl -sS -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
|
IDTOKEN=$(curl -sS -H "Authorization: bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN:-}" \
|
||||||
"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://vault.hrajfrisbee.cz/")
|
"${ACTIONS_ID_TOKEN_REQUEST_URL:-}&audience=https://vault.hrajfrisbee.cz/")
|
||||||
|
|
||||||
TOKEN=$(echo "$IDTOKEN" | jq -r '.value')
|
TOKEN=$(echo "$IDTOKEN" | jq -r '.value')
|
||||||
|
|
||||||
@@ -32,8 +32,8 @@ jobs:
|
|||||||
env | sort
|
env | sort
|
||||||
echo ""
|
echo ""
|
||||||
echo "=== ID Token (decoded) ==="
|
echo "=== ID Token (decoded) ==="
|
||||||
IDTOKEN=$(curl -sS -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
|
IDTOKEN=$(curl -sS -H "Authorization: bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN:-}" \
|
||||||
"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://vault.hrajfrisbee.cz/")
|
"${ACTIONS_ID_TOKEN_REQUEST_URL:-}&audience=https://vault.hrajfrisbee.cz/")
|
||||||
echo "$IDTOKEN" | jq -r '.value' | cut -d. -f2 | base64 -d 2>/dev/null | jq .
|
echo "$IDTOKEN" | jq -r '.value' | cut -d. -f2 | base64 -d 2>/dev/null | jq .
|
||||||
|
|
||||||
- name: Read secret from Vault
|
- name: Read secret from Vault
|
||||||
|
|||||||
Reference in New Issue
Block a user