Using credentials for ansible-galaxy with private gitlab repo in a Jenkins Job
There is currently no support for passing credential parameters into ansible-galaxy at run time.
It is possible to add the credentials into the requirements.yml
, but generally adding credentials into code is not ideal due to the ease that others could one day exploit them.
The solution is to update requirements.yml
at run time.
Create a Gitlab Personal Access Token by viewing your profile and updating the settings:https://private.gitlab/profile/personal_access_tokens
Use the secrets manager of your choice to set the variable PAT_TOKEN with the token at run time.
In your Jenkins script use sed
to update requirements.yml
before ansible-galaxy install
sed -i "s#https://gitlab.private/#https://oauth2:$PAT_TOKEN@gitlab.private/#g requirements.yml
If you were using Gitlab-ci instead of Jenkins, it is possible to use the existing ci token:
sed -i "s#https://gitlab.private/#https://gitlab-ci-token:$CI_JOB_TOKEN@gitlab.private/#g requirements.yml