Delete early access token when code is published

Technically this is not necessary because the token expires in one week
after creation, and new code would have got there only one week before
the next public release, but better be safe than sorry.

Catch is, after_script gets executed even if a job fails or is
canceled. Delete distros token only if publication succeeded.

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index dc1bc57efd4e981cdbf428e3ab3d22cbaf15a003..43c3c82f0276a6f2938a065141170bf5d0bda0bb 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1947,6 +1947,8 @@ publish:
   variables:
     SSH_SCRIPT_CLIENT: |-
       ssh "${STAGING_USER_ACTIONS}@${STAGING_HOST}" "publish ${CI_COMMIT_TAG}"
+  after_script:
+    - if [ "${CI_JOB_STATUS}" = "success" ]; then "$CI_PROJECT_DIR"/bind9-qa/releng/manage_distros_token.py delete; fi
   artifacts:
     paths:
       - publish-${CI_COMMIT_TAG}.log