From e6460418e6f1846f16474f6cadab2b935be556e7 Mon Sep 17 00:00:00 2001 From: Timo Furrer <tfurrer@gitlab.com> Date: Tue, 29 Oct 2024 15:41:18 +0100 Subject: [PATCH] Support specifying image digests Refs https://gitlab.com/components/opentofu/-/issues/34 Changelog: feature --- .gitlab/release-notes.md.template | 4 ++++ templates/apply.yml | 7 ++++++- templates/custom-command.yml | 7 ++++++- templates/destroy.yml | 7 ++++++- templates/fmt.yml | 7 ++++++- templates/full-pipeline.yml | 11 +++++++++++ templates/graph.yml | 7 ++++++- templates/job-templates.yml | 11 +++++++++++ templates/plan.yml | 7 ++++++- templates/test.yml | 7 ++++++- templates/validate-plan-apply.yml | 9 +++++++++ templates/validate-plan-destroy.yml | 9 +++++++++ templates/validate-plan.yml | 8 ++++++++ templates/validate.yml | 7 ++++++- 14 files changed, 100 insertions(+), 8 deletions(-) diff --git a/.gitlab/release-notes.md.template b/.gitlab/release-notes.md.template index 6a3da5b..d9edef9 100644 --- a/.gitlab/release-notes.md.template +++ b/.gitlab/release-notes.md.template @@ -52,6 +52,10 @@ cosign verify \ --certificate-oidc-issuer "https://gitlab.com" ``` +The `image_digest` input can be used to strictly pull by the image digest. +The `image_digest` input value needs to have the format of `@<type>:<hash>` +where `<type>:<hash>` is the `digest` value from the images list above. + > **Note:** > > When using the component with the inputs `version` and `opentofu_version`,<br> diff --git a/templates/apply.yml b/templates/apply.yml index 8e99206..ed26796 100644 --- a/templates/apply.yml +++ b/templates/apply.yml @@ -58,6 +58,11 @@ spec: default: 'gitlab-opentofu' description: 'Image name for the job images. Hosted under `image_registry_base`.' + image_digest: + default: '' + regex: '^(@sha256:[a-z0-9]{64})?$' + description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.' + # Configuration root_dir: default: ${CI_PROJECT_DIR} @@ -101,6 +106,6 @@ spec: TF_APPLY_NO_PLAN: $[[ inputs.no_plan ]] TF_PLAN_NAME: $[[ inputs.plan_name ]] image: - name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]' + name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]$[[ inputs.image_digest ]]' script: - gitlab-tofu apply diff --git a/templates/custom-command.yml b/templates/custom-command.yml index 8d705ab..16ce8d5 100644 --- a/templates/custom-command.yml +++ b/templates/custom-command.yml @@ -58,6 +58,11 @@ spec: default: 'gitlab-opentofu' description: 'Image name for the job images. Hosted under `image_registry_base`.' + image_digest: + default: '' + regex: '^(@sha256:[a-z0-9]{64})?$' + description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.' + # Configuration root_dir: default: ${CI_PROJECT_DIR} @@ -80,7 +85,7 @@ spec: __CACHE_KEY_HACK: "$[[ inputs.root_dir ]]" TF_ROOT: $[[ inputs.root_dir ]] image: - name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]' + name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]' script: - gitlab-tofu $[[ inputs.command ]] diff --git a/templates/destroy.yml b/templates/destroy.yml index a224964..d91c490 100644 --- a/templates/destroy.yml +++ b/templates/destroy.yml @@ -58,6 +58,11 @@ spec: default: 'gitlab-opentofu' description: 'Image name for the job images. Hosted under `image_registry_base`.' + image_digest: + default: '' + regex: '^(@sha256:[a-z0-9]{64})?$' + description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.' + # Configuration root_dir: default: ${CI_PROJECT_DIR} @@ -100,6 +105,6 @@ spec: TF_APPLY_NO_PLAN: $[[ inputs.no_plan ]] TF_PLAN_NAME: $[[ inputs.plan_name ]] image: - name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]' + name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]' script: - gitlab-tofu apply -destroy diff --git a/templates/fmt.yml b/templates/fmt.yml index 45219cc..c9ca935 100644 --- a/templates/fmt.yml +++ b/templates/fmt.yml @@ -58,6 +58,11 @@ spec: default: 'gitlab-opentofu' description: 'Image name for the job images. Hosted under `image_registry_base`.' + image_digest: + default: '' + regex: '^(@sha256:[a-z0-9]{64})?$' + description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.' + # Configuration root_dir: default: ${CI_PROJECT_DIR} @@ -88,6 +93,6 @@ spec: __CACHE_KEY_HACK: "$[[ inputs.root_dir ]]" TF_ROOT: $[[ inputs.root_dir ]] image: - name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]' + name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]' script: - gitlab-tofu fmt diff --git a/templates/full-pipeline.yml b/templates/full-pipeline.yml index fece43f..4261b77 100644 --- a/templates/full-pipeline.yml +++ b/templates/full-pipeline.yml @@ -67,6 +67,11 @@ spec: default: 'gitlab-opentofu' description: 'Image name for the job images. Hosted under `image_registry_base`.' + image_digest: + default: '' + regex: '^(@sha256:[a-z0-9]{64})?$' + description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.' + # Configuration root_dir: default: ${CI_PROJECT_DIR} @@ -98,6 +103,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] - local: '/templates/validate.yml' inputs: @@ -108,6 +114,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] - local: '/templates/test.yml' @@ -119,6 +126,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] rules: @@ -133,6 +141,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] artifacts_access: $[[ inputs.plan_artifacts_access ]] @@ -145,6 +154,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] auto_apply: $[[ inputs.auto_apply ]] @@ -157,6 +167,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] auto_destroy: $[[ inputs.auto_destroy ]] diff --git a/templates/graph.yml b/templates/graph.yml index fa6c21f..3ec38af 100644 --- a/templates/graph.yml +++ b/templates/graph.yml @@ -58,6 +58,11 @@ spec: default: 'gitlab-opentofu' description: 'Image name for the job images. Hosted under `image_registry_base`.' + image_digest: + default: '' + regex: '^(@sha256:[a-z0-9]{64})?$' + description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.' + # Configuration root_dir: default: ${CI_PROJECT_DIR} @@ -86,7 +91,7 @@ spec: TF_ROOT: $[[ inputs.root_dir ]] TF_STATE_NAME: $[[ inputs.state_name ]] image: - name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]' + name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]' script: - gitlab-tofu graph > "$[[ inputs.graph_file ]]" artifacts: diff --git a/templates/job-templates.yml b/templates/job-templates.yml index 93ced34..8767a31 100644 --- a/templates/job-templates.yml +++ b/templates/job-templates.yml @@ -67,6 +67,11 @@ spec: default: 'gitlab-opentofu' description: 'Image name for the job images. Hosted under `image_registry_base`.' + image_digest: + default: '' + regex: '^(@sha256:[a-z0-9]{64})?$' + description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.' + # Configuration job_name_prefix: default: '.opentofu:' @@ -98,6 +103,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] - local: '/templates/validate.yml' inputs: @@ -108,6 +114,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] - local: '/templates/graph.yml' @@ -129,6 +136,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] - local: '/templates/plan.yml' @@ -140,6 +148,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] - local: '/templates/apply.yml' @@ -151,6 +160,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] auto_apply: $[[ inputs.auto_apply ]] @@ -163,6 +173,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] auto_destroy: $[[ inputs.auto_destroy ]] diff --git a/templates/plan.yml b/templates/plan.yml index a62a546..3fd49ec 100644 --- a/templates/plan.yml +++ b/templates/plan.yml @@ -58,6 +58,11 @@ spec: default: 'gitlab-opentofu' description: 'Image name for the job images. Hosted under `image_registry_base`.' + image_digest: + default: '' + regex: '^(@sha256:[a-z0-9]{64})?$' + description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.' + # Configuration root_dir: default: ${CI_PROJECT_DIR} @@ -110,7 +115,7 @@ spec: TF_STATE_NAME: $[[ inputs.state_name ]] TF_PLAN_NAME: $[[ inputs.plan_name ]] image: - name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]' + name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]' script: - "args=\"\"\nif [ \"$[[ inputs.destroy ]]\" == \"true\" ]; then \n echo \"Planning for a destroy\"\n args=\"-destroy\"\nfi\n" - gitlab-tofu plan $args diff --git a/templates/test.yml b/templates/test.yml index 37e659a..f11343f 100644 --- a/templates/test.yml +++ b/templates/test.yml @@ -58,6 +58,11 @@ spec: default: 'gitlab-opentofu' description: 'Image name for the job images. Hosted under `image_registry_base`.' + image_digest: + default: '' + regex: '^(@sha256:[a-z0-9]{64})?$' + description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.' + # Configuration root_dir: default: ${CI_PROJECT_DIR} @@ -86,6 +91,6 @@ spec: TF_ROOT: $[[ inputs.root_dir ]] TF_STATE_NAME: $[[ inputs.state_name ]] image: - name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]' + name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]' script: - gitlab-tofu test diff --git a/templates/validate-plan-apply.yml b/templates/validate-plan-apply.yml index a48b552..75d7a43 100644 --- a/templates/validate-plan-apply.yml +++ b/templates/validate-plan-apply.yml @@ -61,6 +61,11 @@ spec: default: 'gitlab-opentofu' description: 'Image name for the job images. Hosted under `image_registry_base`.' + image_digest: + default: '' + regex: '^(@sha256:[a-z0-9]{64})?$' + description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.' + # Configuration root_dir: default: ${CI_PROJECT_DIR} @@ -88,6 +93,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] - local: '/templates/validate.yml' inputs: @@ -98,6 +104,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] - local: '/templates/plan.yml' @@ -109,6 +116,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] artifacts_access: $[[ inputs.plan_artifacts_access ]] @@ -121,6 +129,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] auto_apply: $[[ inputs.auto_apply ]] diff --git a/templates/validate-plan-destroy.yml b/templates/validate-plan-destroy.yml index ac01f06..a801d93 100644 --- a/templates/validate-plan-destroy.yml +++ b/templates/validate-plan-destroy.yml @@ -61,6 +61,11 @@ spec: default: 'gitlab-opentofu' description: 'Image name for the job images. Hosted under `image_registry_base`.' + image_digest: + default: '' + regex: '^(@sha256:[a-z0-9]{64})?$' + description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.' + # Configuration root_dir: default: ${CI_PROJECT_DIR} @@ -91,6 +96,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] - local: '/templates/validate.yml' inputs: @@ -101,6 +107,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] - local: '/templates/plan.yml' @@ -112,6 +119,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] plan_name: $[[ inputs.plan_name ]] @@ -126,6 +134,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] no_plan: false diff --git a/templates/validate-plan.yml b/templates/validate-plan.yml index 69fe8cc..fd1eb1f 100644 --- a/templates/validate-plan.yml +++ b/templates/validate-plan.yml @@ -58,6 +58,11 @@ spec: default: 'gitlab-opentofu' description: 'Image name for the job images. Hosted under `image_registry_base`.' + image_digest: + default: '' + regex: '^(@sha256:[a-z0-9]{64})?$' + description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.' + # Configuration root_dir: default: ${CI_PROJECT_DIR} @@ -81,6 +86,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] - local: '/templates/validate.yml' inputs: @@ -91,6 +97,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] - local: '/templates/plan.yml' @@ -102,6 +109,7 @@ include: opentofu_version: $[[ inputs.opentofu_version ]] image_registry_base: $[[ inputs.image_registry_base ]] image_name: $[[ inputs.image_name ]] + image_digest: $[[ inputs.image_digest ]] root_dir: $[[ inputs.root_dir ]] state_name: $[[ inputs.state_name ]] artifacts_access: $[[ inputs.artifacts_access ]] diff --git a/templates/validate.yml b/templates/validate.yml index fb096b2..2f0306f 100644 --- a/templates/validate.yml +++ b/templates/validate.yml @@ -58,6 +58,11 @@ spec: default: 'gitlab-opentofu' description: 'Image name for the job images. Hosted under `image_registry_base`.' + image_digest: + default: '' + regex: '^(@sha256:[a-z0-9]{64})?$' + description: 'Image digest of the image you want to use. The format must be `@<image_digest>`, e.g. `@sha256:abc..`, see regex of this input. Please consult the release page at https://gitlab.com/components/opentofu/-/releases to obtain the image digests.' + # Configuration root_dir: default: ${CI_PROJECT_DIR} @@ -86,6 +91,6 @@ spec: TF_STATE_NAME: $[[ inputs.state_name ]] TF_IGNORE_INIT_ERRORS: 'true' # Tofu can report errors which might be the reason init failed. image: - name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]' + name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]' script: - gitlab-tofu validate -- GitLab