Gitlab CI/CD error: script config should be a string or a nested array of strings up to 10 levels deep

Question

Guys, simple ci/cd definition:

image: ansible:latest

.assume-role: &assume-role
  id_tokens:
    GITLAB_OIDC_TOKEN:
      aud: https://gitlab.com
  script:
    - >
      STS=($(aws sts assume-role-with-web-identity --role-arn ${AWS_ROLE_ARN_TEST}
      --role-session-name "GitLabRunner-${CI_PROJECT_ID}-${CI_PIPELINE_ID}"
      --web-identity-token ${GITLAB_OIDC_TOKEN} --duration-seconds 3600 --query
      'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' --output text))
    - export AWS_ACCESS_KEY_ID="${STS[0]}"
    - export AWS_SECRET_ACCESS_KEY="${STS[1]}"
    - export AWS_SESSION_TOKEN="${STS[2]}"
    - aws sts get-caller-identity

stages:
  - check_sec

check_sec:
  stage: check_sec
  variables:
    AWS_ROLE_ARN: $AWS_ROLE_ARN_TEST
    AWS_DEFAULT_REGION: $TEST_AWS_DEFAULT_REGION
  script:
    - *assume-role
    - echo "${GITLAB_OIDC_TOKEN}"
    - aws sts get-caller-identity
    - aws s3 ls
  only:
    - web
  tags:
    - environment_test

Throwing to me error:

script config should be a string or a nested array of strings up to 10 levels deep

Please let me know what's wrong, I have checked syntax yaml using many yaml validators, but no luck, I have checked gitlab documentation, but seems all looks correct, maybe I'm tried and I don't see relevant section within documentation. Thanks

I have checked syntax yaml using many yaml validators, but no luck, I have checked gitlab documentation, but seems all looks correct.

Answer 1

Anchor should be placed on script section and not on the job definition:

.assume-role: 
  script: &assume-role
    - ...

check_sec:
  script:
    - *assume-role
    - ...

Also it is possible to use !reference:

.assume-role:
  script:
    - ...

check_sec:
  script:
    - !reference [.assume-role, script]
    - ...