Merge branch 'NOISSUE_quote-environment-variables-in-ci' into 'main'

fix(ci): quote all environment variables in scripts See merge request app/holi-app-donations!61

Merge branch 'NOISSUE_quote-environment-variables-in-ci' into 'main'
9ad04a62 · Ole Langbehn · 2174b17f · 212e048a · 9ad04a62
Commit 9ad04a62 authored 5 months ago by Ole Langbehn
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -29,15 +29,15 @@ variables:
    #when: on_failure
    expire_in: 1 week
  script:
-    - terraform/environments/scripts/create-or-update-env.sh $ENVIRONMENT_ID $CI_COMMIT_SHA
+    - terraform/environments/scripts/create-or-update-env.sh "$ENVIRONMENT_ID" "$CI_COMMIT_SHA"
-    - echo "$(terraform/environments/scripts/get-output.sh api_domain)" > $API_DOMAIN_PATH
+    - echo "$(terraform/environments/scripts/get-output.sh api_domain)" > "$API_DOMAIN_PATH"
  resource_group: $ENVIRONMENT_ID # never execute terraform in parallel on the same environment
  interruptible: false
 .smoketest:
  image: 'europe-north1-docker.pkg.dev/holi-shared/docker/holi-docker/holi-k6-builder'
  script:
-    - API_DOMAIN=$(cat $API_DOMAIN_PATH)
+    - API_DOMAIN=$(cat "$API_DOMAIN_PATH")
    - terraform/environments/scripts/wait-for-ssl.sh "https://${API_DOMAIN}"
    - BASE_URL="https://${API_DOMAIN}/graphql" k6 run smoketest/main.js
    # TODO should/could we roll back the service to the last working revision on test failure?
@@ -80,10 +80,10 @@ build_docker:
    # this could be fetched via terraform output ("gcr_location" in infra project), but then we would need an extra job for terraform
    GCR_IMAGE: europe-north1-docker.pkg.dev/holi-shared/docker/holi-donations-api
  script:
-    - docker pull $GCR_IMAGE || true # Allows us to use --cache-from, we need to tag with latest in the next command for this to work
+    - docker pull "$GCR_IMAGE" || true # Allows us to use --cache-from, we need to tag with latest in the next command for this to work
-    - docker build --cache-from $GCR_IMAGE -t $GCR_IMAGE:latest -t $GCR_IMAGE:$CI_COMMIT_SHA -t $GCR_IMAGE:$CI_COMMIT_REF_SLUG .
+    - docker build --cache-from "$GCR_IMAGE" -t "$GCR_IMAGE":latest -t "$GCR_IMAGE":"$CI_COMMIT_SHA" -t "$GCR_IMAGE":"$CI_COMMIT_REF_SLUG" .
-    - docker push $GCR_IMAGE:$CI_COMMIT_SHA # this is the tag that is used for deployment
+    - docker push "$GCR_IMAGE":"$CI_COMMIT_SHA" # this is the tag that is used for deployment
-    - docker push $GCR_IMAGE:$CI_COMMIT_REF_SLUG # just for easyly knowing which is the last image for a branch
+    - docker push "$GCR_IMAGE":"$CI_COMMIT_REF_SLUG" # just for easyly knowing which is the last image for a branch
 ## review environments
@@ -131,9 +131,9 @@ review_destroy:
    expire_in: 1 week
  script:
    # branch may have been deleted, so we clone and checkout main
-    - git clone $CI_REPOSITORY_URL main-clone
+    - git clone "$CI_REPOSITORY_URL" main-clone
    - cd main-clone
-    - terraform/environments/scripts/destroy-env.sh $CI_ENVIRONMENT_SLUG
+    - terraform/environments/scripts/destroy-env.sh "$CI_ENVIRONMENT_SLUG"
  # can't use rules here: https://gitlab.com/gitlab-org/gitlab/-/issues/34077
  when: manual
  allow_failure: true