use absolute paths

.gitlab-ci.yml

@@ -42,8 +42,8 @@ variables:
 cache:
   key: "${CI_ENVIRONMENT_SLUG}-${CI_COMMIT_REF_SLUG}"
   paths:
-    - "ci/sp-key.pem"
-    - ".config/helm/registry.json"
+    - "${CI_PROJECT_DIR}/ci/sp-key.pem"
+    - "${CI_PROJECT_DIR}/.config/helm/registry.json"
 
 stages:
   # on commit to main
@@ -85,12 +85,12 @@ prepare:
     - test -n "${VAULT_PASSWORD}" || missing_vars="${missing_vars} VAULT_PASSWORD"
     - if test -n "${missing_vars}"; then echo "Required environment variable(s) not set:${missing_vars} - check CI / CD variables in the project settings" >&2; exit 1; fi;
     # apparently ash can't do process substitution, so we have to write this to a file temporarily
-    - echo "${VAULT_PASSWORD}" > ".vault_password"
+    - echo "${VAULT_PASSWORD}" > "${CI_PROJECT_DIR}/.vault_password"
   script:
     # can't do this in the deploy step, because we have no ansible there
-    - ansible-vault view --vault-password-file ".vault_password" "ci/sp-key.pem.vault" > "ci/sp-key.pem"
+    - ansible-vault view --vault-password-file "${CI_PROJECT_DIR}/.vault_password" "${CI_PROJECT_DIR}/ci/sp-key.pem.vault" > "${CI_PROJECT_DIR}/ci/sp-key.pem"
   after_script:
-    - rm -f ".vault_password"
+    - rm -f "${CI_PROJECT_DIR}/.vault_password"
 
 # just in case there's some left overs for some reason - because if so, the next job will fail
 # we always want to perform an install (rather than an upgrade) in order to ensure the pre-install hooks work
@@ -111,11 +111,11 @@ deploy:
     - main
   interruptible: true
   script:
-    - kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" create secret tls shibboleth-sp-helm-chart-certs --cert="ci/sp-cert.pem" --key="ci/sp-key.pem"
+    - kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" create secret tls shibboleth-sp-helm-chart-certs --cert="${CI_PROJECT_DIR}/ci/sp-cert.pem" --key="${CI_PROJECT_DIR}/ci/sp-key.pem"
     # thanks to --atomic, this command won't just install the chart but also ensure it works
-    - helm install "${HELM_RELEASE}" chart --values="ci/values.yaml" --atomic --debug
+    - helm install "${HELM_RELEASE}" "${CI_PROJECT_DIR}/chart" --values="${CI_PROJECT_DIR}/ci/values.yaml" --atomic --debug
     # remove from cache
-    - rm -f "ci/sp-key.pem"
+    - rm -f "${CI_PROJECT_DIR}/ci/sp-key.pem"
 
 verify:
   stage: verify
@@ -148,10 +148,10 @@ package:
     - main
   interruptible: true
   script:
-    - helm package chart
+    - helm package "${CI_PROJECT_DIR}/chart"
   artifacts:
     paths:
-      - /builds/maps/shibboleth-sp-helm-chart/*.tgz
+      - ${CI_PROJECT_DIR}/*.tgz
 
 upload:
   stage: upload
@@ -162,6 +162,6 @@ upload:
       - $CI_COMMIT_TAG
   interruptible: true
   script:
-    - echo "${SHIBBOLETH_SP_HELM_CHART_REGISTRY_TOKEN}" | helm registry login "${CI_REGISTRY}/maps/shibboleth-sp-helm-chart/" -u "gitlab-ci-shibboleth-sp-helm-chart" --password-stdin
-    - helm chart save chart "cr.gitlab-int.switch.ch/maps/shibboleth-sp-helm-chart"
-    - helm chart push "cr.gitlab-int.switch.ch/maps/shibboleth-sp-helm-chart:${CI_COMMIT_TAG}"
+    - echo "${SHIBBOLETH_SP_HELM_CHART_REGISTRY_TOKEN}" | helm registry login "${CI_REGISTRY_IMAGE}" -u "gitlab-ci-shibboleth-sp-helm-chart" --password-stdin
+    - helm chart save "${CI_PROJECT_DIR}/chart" "${CI_REGISTRY_IMAGE}"
+    - helm chart push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}"