Skip to content

Inject Secret into CI service

GitLab doesn't expose secrets to services in a CI jobs. To inject it nonetheless, a env variable for this jobs has to be created with the secret referenced in it, because env variables from a job are inherited by a service.
Before the version 15.7, when a file type secret is referenced the content of the file will be injected into the new environment file instead of the path to the temporary file due to a bug in the gitlab-runner.
I build the current .gitlab-ci.yml build on top of this bug without knowing it. Since the release of the version 15.7 of the gitlab-runner the CI breaks since it relies on this bug. I changed the CI in #34 (closed) such that the mock OIDC provider takes the path to the config file as an argument instead of the content. Somehow this worked for once pipeline run although it shouldn't have since secret files are not injected into services.

The solution is simple. Just revert the changes to the .gitlab-ci.yml file and change the type of the gitlab secret from file to variable.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information