Delete early access token when code is published

Technically this is not necessary because the token expires in one week
after creation, and new code would have got there only one week before
the next public release, but better be safe than sorry.

Catch is, after_script gets executed even if a job fails or is
canceled. Delete distros token only if publication succeeded.

(cherry picked from commit 98cbde5233c788936f8aeb6231c65db74d9f7fbc)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ce902251c091886a6634234069dbf85e86fca765..76374b3532af8aa305ca1632d681dfb28831e654 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2027,6 +2027,8 @@ publish:
   variables:
     SSH_SCRIPT_CLIENT: |-
       ssh "${STAGING_USER_ACTIONS}@${STAGING_HOST}" "publish ${CI_COMMIT_TAG}"
+  after_script:
+    - if [ "${CI_JOB_STATUS}" = "success" ]; then "$CI_PROJECT_DIR"/bind9-qa/releng/manage_distros_token.py delete; fi
   artifacts:
     paths:
       - publish-${CI_COMMIT_TAG}.log