Gitlab-ci won't replace my variable in the ssh command

Question

In my gitlab-ci.yml, I have a command that create a release in gitlab via a curl post

# create release
    - >- 
        curl --request POST -H 'PRIVATE-TOKEN: ${GITLABAPI_TOKEN}' -H 'Content-Type: application/json' --data "{\"description\": \"`git log $(git describe --tags --abbrev=0)..HEAD --oneline`\"}" https://gitlab.unc.nc/api/v4/projects/${APP_GITLAB_NUMBER}/repository/tags/${CI_COMMIT_TAG}/release

This request get a '401 unauthorized' because, I suspect, the -H 'PRIVATE-TOKEN: ${GITLABAPI_TOKEN}' is not replaced with the variable value. same with: ${GITLABAPI_TOKEN} $GITLABAPI_TOKEN "${GITLABAPI_TOKEN}"

If I display the value like this, the value is ok:

 ssh root@devsb01 "echo $GITLABAPI_TOKEN"

If I launch the post with the password value directly it works:

    - >- 
        curl --request POST -H 'PRIVATE-TOKEN: xkwMyRealPwdùwsx' -H 'Content-Type: application/json' --data "{\"description\": \"`git log $(git describe --tags --abbrev=0)..HEAD --oneline`\"}" https://gitlab.unc.nc/api/v4/projects/${APP_GITLAB_NUMBER}/repository/tags/${CI_COMMIT_TAG}/release

I think I need to add something to the command so it replace it... But I can't how...

PS: notice that the url variable: ${APP_GITLAB_NUMBER} and ${CI_COMMIT_TAG} are correctly replaced

Answer 1

Inside single-quotes, the shell expands nothing. Please put the PRIVATE-TOKEN into double quote :

curl --request POST -H "PRIVATE-TOKEN: ${GITLABAPI_TOKEN}" -H 'Content-Type: application/json' --data "{\"description\": \"`git log $(git describe --tags --abbrev=0)..HEAD --oneline`\"}" https://gitlab.unc.nc/api/v4/projects/${APP_GITLAB_NUMBER}/repository/tags/${CI_COMMIT_TAG}/release