Merge branch 'release-cli-ca-cert-bundle' into 'master'

Add ADDITIONAL_CA_CERT_BUNDLE to release See merge request gitlab-org/gitlab!57184

Merge branch 'release-cli-ca-cert-bundle' into 'master'
Add ADDITIONAL_CA_CERT_BUNDLE to release See merge request gitlab-org/gitlab!57184
b7c2f1ed · Achilleas Pipinellis · 3335bd82 · b865427e · b7c2f1ed
Commit b7c2f1ed authored Apr 09, 2021 by Achilleas Pipinellis
Hide whitespace changes
Inline Side-by-side

Showing with 32 additions and 1 deletion

doc/ci/yaml/README.md doc/ci/yaml/README.md +32 -1

No files found.
--- a/doc/ci/yaml/README.md
+++ b/doc/ci/yaml/README.md
@@ -4184,7 +4184,8 @@ finishes.
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/19298) in GitLab 13.2.

 Use `release` to create a [release](../../user/project/releases/index.md).
-Requires the `release-cli` to be available in your GitLab Runner Docker or shell executor.
+Requires the [`release-cli`](https://gitlab.com/gitlab-org/release-cli/-/tree/master/docs)
+to be available in your GitLab Runner Docker or shell executor.

 These keywords are supported:

@@ -4269,6 +4270,36 @@ Once installed, the `release` keyword should be available to you.
  release-cli version 0.6.0
  ```

+#### Use a custom SSL CA certificate authority
+
+You can use the `ADDITIONAL_CA_CERT_BUNDLE` CI/CD variable to configure a custom SSL CA certificate authority,
+which is used to verify the peer when the `release-cli` creates a release through the API using HTTPS with custom certificates.
+The `ADDITIONAL_CA_CERT_BUNDLE` value should contain the
+[text representation of the X.509 PEM public-key certificate](https://tools.ietf.org/html/rfc7468#section-5.1)
+or the `path/to/file` containing the certificate authority.
+For example, to configure this value in the `.gitlab-ci.yml` file, use the following:
+
+```yaml
+release:
+  variables:
+    ADDITIONAL_CA_CERT_BUNDLE: |
+        -----BEGIN CERTIFICATE-----
+        MIIGqTCCBJGgAwIBAgIQI7AVxxVwg2kch4d56XNdDjANBgkqhkiG9w0BAQsFADCB
+        ...
+        jWgmPqF3vUbZE0EyScetPJquRFRKIesyJuBFMAs=
+        -----END CERTIFICATE-----
+  script:
+    - echo "Create release"
+  release:
+    name: 'My awesome release'
+    tag_name: '$CI_COMMIT_TAG'
+```
+
+The `ADDITIONAL_CA_CERT_BUNDLE` value can also be configured as a
+[custom variable in the UI](../variables/README.md#custom-cicd-variables),
+either as a `file`, which requires the path to the certificate, or as a variable,
+which requires the text representation of the certificate.
+
 #### `script`

 All jobs except [trigger](#trigger) jobs must have the `script` keyword. A `release`