From 0dfabce2d74eb0e01d6b1bc5a4cc34e12f653f08 Mon Sep 17 00:00:00 2001
From: andresanaya21 <alvaroandres.anayaamariles@telefonica.com>
Date: Wed, 15 Jan 2025 13:22:01 +0100
Subject: [PATCH] refactor: comment out unused CI variables and update docker
 login command for security

---
 capif/.gitlab-ci.yml                              | 10 +++++-----
 capif/templates/cd-deploy-ocf.gitlab-ci.yml       |  4 ++--
 capif/templates/ci_dev.gitlab-ci.yml              |  1 -
 capif/templates/ci_staging.gitlab-ci.yml          |  8 ++++----
 capif/templates/ci_unit_test.gitlab-ci.yml        |  8 ++++----
 capif/templates/cicd-deploy-release.gitlab-ci.yml |  8 ++++----
 6 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml
index c521998..7c6935a 100644
--- a/capif/.gitlab-ci.yml
+++ b/capif/.gitlab-ci.yml
@@ -30,13 +30,13 @@ stages:
 
 variables:
   GITLAB_API: "https://labs.etsi.org/api/v4"
-  CI_JOB_TOKEN: $CI_JOB_TOKEN
+#  CI_JOB_TOKEN: $CI_JOB_TOKEN
   CI_DEBUG_TRACE: "true"
   PROJECT_ID: "294"
   SAST_EXCLUDED_ANALYZERS: "nodejs-scan"
-  CI_REGISTRY_USER: $CI_REGISTRY_USER
-  CI_REGISTRY: $CI_REGISTRY
-  CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY
+#  CI_REGISTRY_USER: $CI_REGISTRY_USER
+#  CI_REGISTRY: $CI_REGISTRY
+#  CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY
 
 
 .main_common: &main_common
@@ -230,7 +230,7 @@ main_build_and_push:
    - export TMP_PWD=$PWD
    - echo "TMP_PWD=$TMP_PWD"
    - echo "### docker login###"
-   - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY
+   - echo "$CI_JOB_TOKEN" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin
    - echo "----------------------------------------------------"
    - echo "### build and push nginx image###"
    - cd $TMP_PWD/services/nginx/
diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml
index d41a760..b715118 100644
--- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml
+++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml
@@ -11,13 +11,13 @@ variables:
   DOMAIN_STAGING: ocf.validation
   DOMAIN_DEV: ocf.develop
   DOMAIN_PROD: prod.int
-  CI_JOB_TOKEN: $CI_JOB_TOKEN
+#  CI_JOB_TOKEN: $CI_JOB_TOKEN
   IMAGE_TAG_DEV: $CI_COMMIT_REF_SLUG
   IMAGE_TAG_STAGING: $CI_COMMIT_REF_SLUG
   VAULT_HOSTNAME: $VAULT_HOSTNAME
   VAULT_PORT: $VAULT_PORT
   VAULT_ACCESS_TOKEN: $VAULT_ACCESS_TOKEN
-  CI_REGISTRY: $CI_REGISTRY
+#  CI_REGISTRY: $CI_REGISTRY
 
 .staging_common: &staging_common
   only:
diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml
index 3f6825a..40b392c 100644
--- a/capif/templates/ci_dev.gitlab-ci.yml
+++ b/capif/templates/ci_dev.gitlab-ci.yml
@@ -128,7 +128,6 @@ dev_build_and_push:
    - export TMP_PWD=$PWD
    - echo "TMP_PWD=$TMP_PWD"
    - echo "### docker login###"
-#   - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY
    - echo "$CI_JOB_TOKEN" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin
    - echo "----------------------------------------------------"
    - echo "### build and push nginx image###"
diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml
index b34f0b0..0c39c89 100644
--- a/capif/templates/ci_staging.gitlab-ci.yml
+++ b/capif/templates/ci_staging.gitlab-ci.yml
@@ -10,11 +10,11 @@ stages:
   - staging_build_and_push_mr
 
 variables:
-  CI_JOB_TOKEN: $CI_JOB_TOKEN
+#  CI_JOB_TOKEN: $CI_JOB_TOKEN
   CI_DEBUG_TRACE: "false"
-  CI_REGISTRY_USER: $CI_REGISTRY_USER
-  CI_REGISTRY: $CI_REGISTRY
-  CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY
+#  CI_REGISTRY_USER: $CI_REGISTRY_USER
+#  CI_REGISTRY: $CI_REGISTRY
+#  CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY
 
 .staging_common: &staging_common
   only:
diff --git a/capif/templates/ci_unit_test.gitlab-ci.yml b/capif/templates/ci_unit_test.gitlab-ci.yml
index 32f606f..74288a5 100644
--- a/capif/templates/ci_unit_test.gitlab-ci.yml
+++ b/capif/templates/ci_unit_test.gitlab-ci.yml
@@ -2,11 +2,11 @@ stages:
   - staging_unit_tests
 
 variables:
-  CI_JOB_TOKEN: $CI_JOB_TOKEN
+#  CI_JOB_TOKEN: $CI_JOB_TOKEN
   CI_DEBUG_TRACE: "false"
-  CI_REGISTRY_USER: $CI_REGISTRY_USER
-  CI_REGISTRY: $CI_REGISTRY
-  CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY
+#  CI_REGISTRY_USER: $CI_REGISTRY_USER
+#  CI_REGISTRY: $CI_REGISTRY
+#  CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY
 
 .staging_common: &staging_common
   only:
diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml
index 5b98508..9408eb8 100644
--- a/capif/templates/cicd-deploy-release.gitlab-ci.yml
+++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml
@@ -3,10 +3,10 @@ stages:
   - deploy_ocf_prod
 
 variables:
-  CI_JOB_TOKEN: $CI_JOB_TOKEN
+#  CI_JOB_TOKEN: $CI_JOB_TOKEN
   CI_DEBUG_TRACE: "false"
-  CI_REGISTRY_USER: $CI_REGISTRY_USER
-  CI_REGISTRY: $CI_REGISTRY
+#  CI_REGISTRY_USER: $CI_REGISTRY_USER
+#  CI_REGISTRY: $CI_REGISTRY
   CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY
   NAMESPACE_PROD: "ocf-prod"
   DOMAIN_PROD: prod.int
@@ -33,7 +33,7 @@ prod_build_and_push:
    - export TMP_PWD=$PWD
    - echo "TMP_PWD=$TMP_PWD"
    - echo "### docker login###"
-   - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY
+   - echo "$CI_JOB_TOKEN" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin
    - echo "----------------------------------------------------"
    - echo "### build and push nginx image###"
    - cd $TMP_PWD/services/nginx/
-- 
GitLab