Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
c4dded59
Commit
c4dded59
authored
May 31, 2017
by
Lin Jen-Shin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update docs and use protected secret variable as the name
parent
afc1fac0
Changes
9
Show whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
48 additions
and
29 deletions
+48
-29
app/models/ci/build.rb
app/models/ci/build.rb
+1
-1
app/models/ci/variable.rb
app/models/ci/variable.rb
+1
-0
app/models/project.rb
app/models/project.rb
+10
-9
app/views/projects/variables/_content.html.haml
app/views/projects/variables/_content.html.haml
+3
-2
app/views/projects/variables/_form.html.haml
app/views/projects/variables/_form.html.haml
+1
-1
db/schema.rb
db/schema.rb
+1
-1
doc/ci/variables/README.md
doc/ci/variables/README.md
+8
-7
spec/models/ci/build_spec.rb
spec/models/ci/build_spec.rb
+21
-6
spec/models/project_spec.rb
spec/models/project_spec.rb
+2
-2
No files found.
app/models/ci/build.rb
View file @
c4dded59
...
@@ -185,7 +185,7 @@ module Ci
...
@@ -185,7 +185,7 @@ module Ci
variables
+=
project
.
deployment_variables
if
has_environment?
variables
+=
project
.
deployment_variables
if
has_environment?
variables
+=
yaml_variables
variables
+=
yaml_variables
variables
+=
user_variables
variables
+=
user_variables
variables
+=
project
.
variables_for
(
ref
)
variables
+=
project
.
secret_variables_for
(
ref
).
map
(
&
:to_runner_variable
)
variables
+=
trigger_request
.
user_variables
if
trigger_request
variables
+=
trigger_request
.
user_variables
if
trigger_request
variables
variables
end
end
...
...
app/models/ci/variable.rb
View file @
c4dded59
...
@@ -12,6 +12,7 @@ module Ci
...
@@ -12,6 +12,7 @@ module Ci
message:
"can contain only letters, digits and '_'."
}
message:
"can contain only letters, digits and '_'."
}
scope
:order_key_asc
,
->
{
reorder
(
key: :asc
)
}
scope
:order_key_asc
,
->
{
reorder
(
key: :asc
)
}
scope
:unprotected
,
->
{
where
(
protected:
false
)
}
attr_encrypted
:value
,
attr_encrypted
:value
,
mode: :per_attribute_iv_and_salt
,
mode: :per_attribute_iv_and_salt
,
...
...
app/models/project.rb
View file @
c4dded59
...
@@ -1253,16 +1253,17 @@ class Project < ActiveRecord::Base
...
@@ -1253,16 +1253,17 @@ class Project < ActiveRecord::Base
variables
variables
end
end
def
variables_for
(
ref
)
def
secret_variables_for
(
ref
)
vars
=
if
protected_for?
(
ref
)
if
ProtectedBranch
.
protected?
(
self
,
ref
)
||
variables
ProtectedTag
.
protected?
(
self
,
ref
)
variables
.
to_a
else
else
variables
.
to_a
.
reject
(
&
:protected?
)
variables
.
unprotected
end
end
end
vars
.
map
(
&
:to_runner_variable
)
def
protected_for?
(
ref
)
ProtectedBranch
.
protected?
(
self
,
ref
)
||
ProtectedTag
.
protected?
(
self
,
ref
)
end
end
def
deployment_variables
def
deployment_variables
...
...
app/views/projects/variables/_content.html.haml
View file @
c4dded59
%h4
.prepend-top-0
%h4
.prepend-top-0
Secret and protected variables
Secret variables
=
link_to
icon
(
'question-circle'
),
help_page_path
(
'ci/variables/README'
,
anchor:
'secret-variables'
),
target:
'_blank'
%p
%p
These variables will be set to environment by the runner.
These variables will be set to environment by the runner
, and could be protected by exposing only to protected branches or tags
.
%p
%p
So you can use them for passwords, secret keys or whatever you want.
So you can use them for passwords, secret keys or whatever you want.
%p
%p
...
...
app/views/projects/variables/_form.html.haml
View file @
c4dded59
...
@@ -14,6 +14,6 @@
...
@@ -14,6 +14,6 @@
%strong
Protected
%strong
Protected
.help-block
.help-block
This variable will be passed only to pipelines running on protected branches and tags
This variable will be passed only to pipelines running on protected branches and tags
=
link_to
icon
(
'question-circle'
),
help_page_path
(
'ci/variables/README'
,
anchor:
'protected-variables'
),
target:
'_blank'
=
link_to
icon
(
'question-circle'
),
help_page_path
(
'ci/variables/README'
,
anchor:
'protected-
secret-
variables'
),
target:
'_blank'
=
f
.
submit
btn_text
,
class:
"btn btn-save"
=
f
.
submit
btn_text
,
class:
"btn btn-save"
db/schema.rb
View file @
c4dded59
doc/ci/variables/README.md
View file @
c4dded59
...
@@ -154,24 +154,23 @@ storing things like passwords, secret keys and credentials.
...
@@ -154,24 +154,23 @@ storing things like passwords, secret keys and credentials.
Secret variables can be added by going to your project's
Secret variables can be added by going to your project's
**Settings ➔ Pipelines**
, then finding the section called
**Settings ➔ Pipelines**
, then finding the section called
**Secret
and protected
variables**
.
**Secret variables**
.
Once you set them, they will be available for all subsequent pipelines.
Once you set them, they will be available for all subsequent pipelines.
## Protected variables
## Protected
secret
variables
>**Notes:**
>**Notes:**
-
This feature requires GitLab Runner 0.4.0 or higher.
-
This feature requires GitLab 9.3 or higher, and GitLab Runner 0.4.0 or higher.
-
A protected variable is a secret variable which is protected.
All s
ecret variables could be protected. Whenever a secret variable is
S
ecret variables could be protected. Whenever a secret variable is
protected, it would only be securely passed to pipelines running on the
protected, it would only be securely passed to pipelines running on the
protected branches or protected tags
. The other pipelines would not get any
[protected branches] or [protected tags]
. The other pipelines would not get any
protected variables.
protected variables.
Protected variables can be added by going to your project's
Protected variables can be added by going to your project's
**Settings ➔ Pipelines**
, then finding the section called
**Settings ➔ Pipelines**
, then finding the section called
**Secret
and protected
variables**
, and check
*Protected*
.
**Secret variables**
, and check
*Protected*
.
Once you set them, they will be available for all subsequent pipelines.
Once you set them, they will be available for all subsequent pipelines.
...
@@ -403,3 +402,5 @@ export CI_REGISTRY_PASSWORD="longalfanumstring"
...
@@ -403,3 +402,5 @@ export CI_REGISTRY_PASSWORD="longalfanumstring"
[
runner
]:
https://docs.gitlab.com/runner/
[
runner
]:
https://docs.gitlab.com/runner/
[
triggered
]:
../triggers/README.md
[
triggered
]:
../triggers/README.md
[
triggers
]:
../triggers/README.md#pass-job-variables-to-a-trigger
[
triggers
]:
../triggers/README.md#pass-job-variables-to-a-trigger
[
protected branches
]:
../../user/project/protected_branches.md
[
protected tags
]:
../../user/project/protected_tags.md
spec/models/ci/build_spec.rb
View file @
c4dded59
...
@@ -1379,15 +1379,30 @@ describe Ci::Build, :models do
...
@@ -1379,15 +1379,30 @@ describe Ci::Build, :models do
end
end
context
'returns variables in valid order'
do
context
'returns variables in valid order'
do
let
(
:build_pre_var
)
{
{
key:
'build'
,
value:
'value'
}
}
let
(
:project_pre_var
)
{
{
key:
'project'
,
value:
'value'
}
}
let
(
:pipeline_pre_var
)
{
{
key:
'pipeline'
,
value:
'value'
}
}
let
(
:build_yaml_var
)
{
{
key:
'yaml'
,
value:
'value'
}
}
before
do
before
do
allow
(
build
).
to
receive
(
:predefined_variables
)
{
[
'predefined'
]
}
allow
(
build
).
to
receive
(
:predefined_variables
)
{
[
build_pre_var
]
}
allow
(
project
).
to
receive
(
:predefined_variables
)
{
[
'project'
]
}
allow
(
project
).
to
receive
(
:predefined_variables
)
{
[
project_pre_var
]
}
allow
(
pipeline
).
to
receive
(
:predefined_variables
)
{
[
'pipeline'
]
}
allow
(
pipeline
).
to
receive
(
:predefined_variables
)
{
[
pipeline_pre_var
]
}
allow
(
build
).
to
receive
(
:yaml_variables
)
{
[
'yaml'
]
}
allow
(
build
).
to
receive
(
:yaml_variables
)
{
[
build_yaml_var
]
}
allow
(
project
).
to
receive
(
:variables_for
).
with
(
build
.
ref
)
{
[
'secret'
]
}
allow
(
project
).
to
receive
(
:secret_variables_for
).
with
(
build
.
ref
)
do
[
create
(
:ci_variable
,
key:
'secret'
,
value:
'value'
)]
end
end
end
it
{
is_expected
.
to
eq
(
%w[predefined project pipeline yaml secret]
)
}
it
do
is_expected
.
to
eq
(
[
build_pre_var
,
project_pre_var
,
pipeline_pre_var
,
build_yaml_var
,
{
key:
'secret'
,
value:
'value'
,
public:
false
}])
end
end
end
end
end
...
...
spec/models/project_spec.rb
View file @
c4dded59
...
@@ -1735,7 +1735,7 @@ describe Project, models: true do
...
@@ -1735,7 +1735,7 @@ describe Project, models: true do
end
end
end
end
describe
'#variables_for'
do
describe
'#
secret_
variables_for'
do
let
(
:project
)
{
create
(
:empty_project
)
}
let
(
:project
)
{
create
(
:empty_project
)
}
let!
(
:secret_variable
)
do
let!
(
:secret_variable
)
do
...
@@ -1746,7 +1746,7 @@ describe Project, models: true do
...
@@ -1746,7 +1746,7 @@ describe Project, models: true do
create
(
:ci_variable
,
:protected
,
value:
'protected'
,
project:
project
)
create
(
:ci_variable
,
:protected
,
value:
'protected'
,
project:
project
)
end
end
subject
{
project
.
variables_for
(
'ref'
)
}
subject
{
project
.
secret_
variables_for
(
'ref'
)
}
shared_examples
'ref is protected'
do
shared_examples
'ref is protected'
do
it
'contains all the variables'
do
it
'contains all the variables'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment