Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
c4dded59
Commit
c4dded59
authored
May 31, 2017
by
Lin Jen-Shin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update docs and use protected secret variable as the name
parent
afc1fac0
Changes
9
Show whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
48 additions
and
29 deletions
+48
-29
app/models/ci/build.rb
app/models/ci/build.rb
+1
-1
app/models/ci/variable.rb
app/models/ci/variable.rb
+1
-0
app/models/project.rb
app/models/project.rb
+10
-9
app/views/projects/variables/_content.html.haml
app/views/projects/variables/_content.html.haml
+3
-2
app/views/projects/variables/_form.html.haml
app/views/projects/variables/_form.html.haml
+1
-1
db/schema.rb
db/schema.rb
+1
-1
doc/ci/variables/README.md
doc/ci/variables/README.md
+8
-7
spec/models/ci/build_spec.rb
spec/models/ci/build_spec.rb
+21
-6
spec/models/project_spec.rb
spec/models/project_spec.rb
+2
-2
No files found.
app/models/ci/build.rb
View file @
c4dded59
...
...
@@ -185,7 +185,7 @@ module Ci
variables
+=
project
.
deployment_variables
if
has_environment?
variables
+=
yaml_variables
variables
+=
user_variables
variables
+=
project
.
variables_for
(
ref
)
variables
+=
project
.
secret_variables_for
(
ref
).
map
(
&
:to_runner_variable
)
variables
+=
trigger_request
.
user_variables
if
trigger_request
variables
end
...
...
app/models/ci/variable.rb
View file @
c4dded59
...
...
@@ -12,6 +12,7 @@ module Ci
message:
"can contain only letters, digits and '_'."
}
scope
:order_key_asc
,
->
{
reorder
(
key: :asc
)
}
scope
:unprotected
,
->
{
where
(
protected:
false
)
}
attr_encrypted
:value
,
mode: :per_attribute_iv_and_salt
,
...
...
app/models/project.rb
View file @
c4dded59
...
...
@@ -1253,16 +1253,17 @@ class Project < ActiveRecord::Base
variables
end
def
variables_for
(
ref
)
vars
=
if
ProtectedBranch
.
protected?
(
self
,
ref
)
||
ProtectedTag
.
protected?
(
self
,
ref
)
variables
.
to_a
def
secret_variables_for
(
ref
)
if
protected_for?
(
ref
)
variables
else
variables
.
to_a
.
reject
(
&
:protected?
)
variables
.
unprotected
end
end
vars
.
map
(
&
:to_runner_variable
)
def
protected_for?
(
ref
)
ProtectedBranch
.
protected?
(
self
,
ref
)
||
ProtectedTag
.
protected?
(
self
,
ref
)
end
def
deployment_variables
...
...
app/views/projects/variables/_content.html.haml
View file @
c4dded59
%h4
.prepend-top-0
Secret and protected variables
Secret variables
=
link_to
icon
(
'question-circle'
),
help_page_path
(
'ci/variables/README'
,
anchor:
'secret-variables'
),
target:
'_blank'
%p
These variables will be set to environment by the runner.
These variables will be set to environment by the runner
, and could be protected by exposing only to protected branches or tags
.
%p
So you can use them for passwords, secret keys or whatever you want.
%p
...
...
app/views/projects/variables/_form.html.haml
View file @
c4dded59
...
...
@@ -14,6 +14,6 @@
%strong
Protected
.help-block
This variable will be passed only to pipelines running on protected branches and tags
=
link_to
icon
(
'question-circle'
),
help_page_path
(
'ci/variables/README'
,
anchor:
'protected-variables'
),
target:
'_blank'
=
link_to
icon
(
'question-circle'
),
help_page_path
(
'ci/variables/README'
,
anchor:
'protected-
secret-
variables'
),
target:
'_blank'
=
f
.
submit
btn_text
,
class:
"btn btn-save"
db/schema.rb
View file @
c4dded59
doc/ci/variables/README.md
View file @
c4dded59
...
...
@@ -154,24 +154,23 @@ storing things like passwords, secret keys and credentials.
Secret variables can be added by going to your project's
**Settings ➔ Pipelines**
, then finding the section called
**Secret
and protected
variables**
.
**Secret variables**
.
Once you set them, they will be available for all subsequent pipelines.
## Protected variables
## Protected
secret
variables
>**Notes:**
-
This feature requires GitLab Runner 0.4.0 or higher.
-
A protected variable is a secret variable which is protected.
-
This feature requires GitLab 9.3 or higher, and GitLab Runner 0.4.0 or higher.
All s
ecret variables could be protected. Whenever a secret variable is
S
ecret variables could be protected. Whenever a secret variable is
protected, it would only be securely passed to pipelines running on the
protected branches or protected tags
. The other pipelines would not get any
[protected branches] or [protected tags]
. The other pipelines would not get any
protected variables.
Protected variables can be added by going to your project's
**Settings ➔ Pipelines**
, then finding the section called
**Secret
and protected
variables**
, and check
*Protected*
.
**Secret variables**
, and check
*Protected*
.
Once you set them, they will be available for all subsequent pipelines.
...
...
@@ -403,3 +402,5 @@ export CI_REGISTRY_PASSWORD="longalfanumstring"
[
runner
]:
https://docs.gitlab.com/runner/
[
triggered
]:
../triggers/README.md
[
triggers
]:
../triggers/README.md#pass-job-variables-to-a-trigger
[
protected branches
]:
../../user/project/protected_branches.md
[
protected tags
]:
../../user/project/protected_tags.md
spec/models/ci/build_spec.rb
View file @
c4dded59
...
...
@@ -1379,15 +1379,30 @@ describe Ci::Build, :models do
end
context
'returns variables in valid order'
do
let
(
:build_pre_var
)
{
{
key:
'build'
,
value:
'value'
}
}
let
(
:project_pre_var
)
{
{
key:
'project'
,
value:
'value'
}
}
let
(
:pipeline_pre_var
)
{
{
key:
'pipeline'
,
value:
'value'
}
}
let
(
:build_yaml_var
)
{
{
key:
'yaml'
,
value:
'value'
}
}
before
do
allow
(
build
).
to
receive
(
:predefined_variables
)
{
[
'predefined'
]
}
allow
(
project
).
to
receive
(
:predefined_variables
)
{
[
'project'
]
}
allow
(
pipeline
).
to
receive
(
:predefined_variables
)
{
[
'pipeline'
]
}
allow
(
build
).
to
receive
(
:yaml_variables
)
{
[
'yaml'
]
}
allow
(
project
).
to
receive
(
:variables_for
).
with
(
build
.
ref
)
{
[
'secret'
]
}
allow
(
build
).
to
receive
(
:predefined_variables
)
{
[
build_pre_var
]
}
allow
(
project
).
to
receive
(
:predefined_variables
)
{
[
project_pre_var
]
}
allow
(
pipeline
).
to
receive
(
:predefined_variables
)
{
[
pipeline_pre_var
]
}
allow
(
build
).
to
receive
(
:yaml_variables
)
{
[
build_yaml_var
]
}
allow
(
project
).
to
receive
(
:secret_variables_for
).
with
(
build
.
ref
)
do
[
create
(
:ci_variable
,
key:
'secret'
,
value:
'value'
)]
end
end
it
{
is_expected
.
to
eq
(
%w[predefined project pipeline yaml secret]
)
}
it
do
is_expected
.
to
eq
(
[
build_pre_var
,
project_pre_var
,
pipeline_pre_var
,
build_yaml_var
,
{
key:
'secret'
,
value:
'value'
,
public:
false
}])
end
end
end
...
...
spec/models/project_spec.rb
View file @
c4dded59
...
...
@@ -1735,7 +1735,7 @@ describe Project, models: true do
end
end
describe
'#variables_for'
do
describe
'#
secret_
variables_for'
do
let
(
:project
)
{
create
(
:empty_project
)
}
let!
(
:secret_variable
)
do
...
...
@@ -1746,7 +1746,7 @@ describe Project, models: true do
create
(
:ci_variable
,
:protected
,
value:
'protected'
,
project:
project
)
end
subject
{
project
.
variables_for
(
'ref'
)
}
subject
{
project
.
secret_
variables_for
(
'ref'
)
}
shared_examples
'ref is protected'
do
it
'contains all the variables'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment