gitlab-org--gitlab-foss/doc/ci/variables/where_variables_can_be_used.md

---
stage: Verify
group: Continuous Integration
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
type: reference
---

# Where variables can be used

As it's described in the [CI/CD variables](README.md) docs, you can
define many different variables. Some of them can be used for all GitLab CI/CD
features, but some of them are more or less limited.

This document describes where and how the different types of variables can be used.

## Variables usage

There are two places defined variables can be used. On the:

1. GitLab side, in `.gitlab-ci.yml`.
1. The GitLab Runner side, in `config.toml`.

### `.gitlab-ci.yml` file

| Definition                                 | Can be expanded? | Expansion place        | Description                                                                                                                                                                                                                                                                                                                                                                                                                       |
|:-------------------------------------------|:-----------------|:-----------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `environment:url`                          | yes              | GitLab                 | The variable expansion is made by GitLab's [internal variable expansion mechanism](#gitlab-internal-variable-expansion-mechanism).<br/><br/>Supported are all variables defined for a job (project/group variables, variables from `.gitlab-ci.yml`, variables from triggers, variables from pipeline schedules).<br/><br/>Not supported are variables defined in the GitLab Runner `config.toml` and variables created in the job's `script`. |
| `environment:name`                         | yes              | GitLab                 | Similar to `environment:url`, but the variables expansion doesn't support the following:<br/><br/>- Variables that are based on the environment's name (`CI_ENVIRONMENT_NAME`, `CI_ENVIRONMENT_SLUG`).<br/>- Any other variables related to environment (currently only `CI_ENVIRONMENT_URL`).<br/>- [Persisted variables](#persisted-variables).                                                                                 |
| `resource_group`                           | yes              | GitLab                 | Similar to `environment:url`, but the variables expansion doesn't support the following:<br/><br/>- Variables that are based on the environment's name (`CI_ENVIRONMENT_NAME`, `CI_ENVIRONMENT_SLUG`).<br/>- Any other variables related to environment (currently only `CI_ENVIRONMENT_URL`).<br/>- [Persisted variables](#persisted-variables).                                                                                 |
| `variables`                                | yes              | Runner                 | The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism)                                                                                                                                                                                                                                                                                   |
| `image`                                    | yes              | Runner                 | The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism)                                                                                                                                                                                                                                                                                   |
| `services:[]`                              | yes              | Runner                 | The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism)                                                                                                                                                                                                                                                                                   |
| `services:[]:name`                         | yes              | Runner                 | The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism)                                                                                                                                                                                                                                                                                   |
| `cache:key`                                | yes              | Runner                 | The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism)                                                                                                                                                                                                                                                                                   |
| `artifacts:name`                           | yes              | Runner                 | The variable expansion is made by GitLab Runner's shell environment                                                                                                                                                                                                                                                                                                                                                               |
| `script`, `before_script`, `after_script`  | yes              | Script execution shell | The variable expansion is made by the [execution shell environment](#execution-shell-environment)                                                                                                                                                                                                                                                                                                                                 |
| `only:variables:[]`, `except:variables:[]` | no               | n/a                    | The variable must be in the form of `$variable`. Not supported are the following:<br/><br/>- Variables that are based on the environment's name (`CI_ENVIRONMENT_NAME`, `CI_ENVIRONMENT_SLUG`).<br/>- Any other variables related to environment (currently only `CI_ENVIRONMENT_URL`).<br/>- [Persisted variables](#persisted-variables).                                                                                            |

### `config.toml` file

NOTE: **Note:**
You can read more about `config.toml` in the [GitLab Runner docs](https://docs.gitlab.com/runner/configuration/advanced-configuration.html).

| Definition                           | Can be expanded? | Description                                                                                                                                  |
|:-------------------------------------|:-----------------|:---------------------------------------------------------------------------------------------------------------------------------------------|
| `runners.environment`                | yes              | The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism) |
| `runners.kubernetes.pod_labels`      | yes              | The Variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism) |
| `runners.kubernetes.pod_annotations` | yes              | The Variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism) |

## Expansion mechanisms

There are three expansion mechanisms:

- GitLab
- GitLab Runner
- Execution shell environment

### GitLab internal variable expansion mechanism

The expanded part needs to be in a form of `$variable`, or `${variable}` or `%variable%`.
Each form is handled in the same way, no matter which OS/shell will finally handle the job,
since the expansion is done in GitLab before any runner will get the job.

### GitLab Runner internal variable expansion mechanism

- Supported: project/group variables, `.gitlab-ci.yml` variables, `config.toml` variables, and
  variables from triggers, pipeline schedules, and manual pipelines.
- Not supported: variables defined inside of scripts (e.g., `export MY_VARIABLE="test"`).

The runner uses Go's `os.Expand()` method for variable expansion. It means that it will handle
only variables defined as `$variable` and `${variable}`. What's also important, is that
the expansion is done only once, so nested variables may or may not work, depending on the
ordering of variables definitions.

### Execution shell environment

This is an expansion that takes place during the `script` execution.
How it works depends on the used shell (`bash`, `sh`, `cmd`, PowerShell). For example, if the job's
`script` contains a line `echo $MY_VARIABLE-${MY_VARIABLE_2}`, it should be properly handled
by bash/sh (leaving empty strings or some values depending whether the variables were
defined or not), but will not work with Windows' `cmd` or PowerShell, since these shells
are using a different variables syntax.

Supported:

- The `script` may use all available variables that are default for the shell (e.g., `$PATH` which
  should be present in all bash/sh shells) and all variables defined by GitLab CI/CD (project/group variables,
  `.gitlab-ci.yml` variables, `config.toml` variables, and variables from triggers and pipeline schedules).
- The `script` may also use all variables defined in the lines before. So, for example, if you define
  a variable `export MY_VARIABLE="test"`:
  - In `before_script`, it will work in the following lines of `before_script` and
    all lines of the related `script`.
  - In `script`, it will work in the following lines of `script`.
  - In `after_script`, it will work in following lines of `after_script`.

In the case of `after_script` scripts, they can:

- Only use variables defined before the script within the same `after_script`
  section.
- Not use variables defined in `before_script` and `script`.

These restrictions are because `after_script` scripts are executed in a
[separated shell context](../yaml/README.md#before_script-and-after_script).

## Persisted variables

NOTE: **Note:**
Some of the persisted variables contain tokens and cannot be used by some definitions
due to security reasons.

The following variables are known as "persisted":

- `CI_PIPELINE_ID`
- `CI_JOB_ID`
- `CI_JOB_TOKEN`
- `CI_BUILD_ID`
- `CI_BUILD_TOKEN`
- `CI_REGISTRY_USER`
- `CI_REGISTRY_PASSWORD`
- `CI_REPOSITORY_URL`
- `CI_DEPLOY_USER`
- `CI_DEPLOY_PASSWORD`

They are:

- Supported for definitions where the ["Expansion place"](#gitlab-ciyml-file) is:
  - Runner.
  - Script execution shell.
- Not supported:
  - For definitions where the ["Expansion place"](#gitlab-ciyml-file) is GitLab.
  - In the `only` and `except` [variables expressions](README.md#environment-variables-expressions).

## Variables with an environment scope

Variables defined with an environment scope are supported. Given that
there is a variable `$STAGING_SECRET` defined in a scope of
`review/staging/*`, the following job that is using dynamic environments
is going to be created, based on the matching variable expression:

```yaml
my-job:
  stage: staging
  environment:
    name: review/$CI_JOB_STAGE/deploy
  script:
    - 'deploy staging'
  only:
    variables:
      - $STAGING_SECRET == 'something'
```
Delete proposed paragraph TBA to a different MR/issue 2019-06-05 06:08:30 -04:00			`---`
Add latest changes from gitlab-org/gitlab@master 2020-05-29 14:08:26 -04:00			`stage: Verify`
			`group: Continuous Integration`
			`info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers`
Delete proposed paragraph TBA to a different MR/issue 2019-06-05 06:08:30 -04:00			`type: reference`
			`---`

Add documentation about variables usage in GitLab CI 2018-05-29 13:33:48 -04:00			`# Where variables can be used`

			`As it's described in the [CI/CD variables](README.md) docs, you can`
			`define many different variables. Some of them can be used for all GitLab CI/CD`
			`features, but some of them are more or less limited.`

			`This document describes where and how the different types of variables can be used.`

			`## Variables usage`

Document how to specify environment variables during manual pipeline run and more 2018-09-07 16:40:44 -04:00			`There are two places defined variables can be used. On the:`
Add documentation about variables usage in GitLab CI 2018-05-29 13:33:48 -04:00
Document how to specify environment variables during manual pipeline run and more 2018-09-07 16:40:44 -04:00			1. GitLab side, in `.gitlab-ci.yml`.
Add latest changes from gitlab-org/gitlab@master 2020-08-20 23:10:16 -04:00			1. The GitLab Runner side, in `config.toml`.
Add documentation about variables usage in GitLab CI 2018-05-29 13:33:48 -04:00
			### `.gitlab-ci.yml` file

Work around lack of HTML list support in topic 2019-04-04 06:22:13 -04:00			\| Definition \| Can be expanded? \| Expansion place \| Description \|
			\|:-------------------------------------------\|:-----------------\|:-----------------------\|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\|
Add latest changes from gitlab-org/gitlab@master 2020-08-20 23:10:16 -04:00			\| `environment:url` \| yes \| GitLab \| The variable expansion is made by GitLab's [internal variable expansion mechanism](#gitlab-internal-variable-expansion-mechanism).<br/><br/>Supported are all variables defined for a job (project/group variables, variables from `.gitlab-ci.yml`, variables from triggers, variables from pipeline schedules).<br/><br/>Not supported are variables defined in the GitLab Runner `config.toml` and variables created in the job's `script`. \|
Work around lack of HTML list support in topic 2019-04-04 06:22:13 -04:00			\| `environment:name` \| yes \| GitLab \| Similar to `environment:url`, but the variables expansion doesn't support the following:<br/><br/>- Variables that are based on the environment's name (`CI_ENVIRONMENT_NAME`, `CI_ENVIRONMENT_SLUG`).<br/>- Any other variables related to environment (currently only `CI_ENVIRONMENT_URL`).<br/>- [Persisted variables](#persisted-variables). \|
Add latest changes from gitlab-org/gitlab@master 2020-02-18 04:09:24 -05:00			\| `resource_group` \| yes \| GitLab \| Similar to `environment:url`, but the variables expansion doesn't support the following:<br/><br/>- Variables that are based on the environment's name (`CI_ENVIRONMENT_NAME`, `CI_ENVIRONMENT_SLUG`).<br/>- Any other variables related to environment (currently only `CI_ENVIRONMENT_URL`).<br/>- [Persisted variables](#persisted-variables). \|
Work around lack of HTML list support in topic 2019-04-04 06:22:13 -04:00			\| `variables` \| yes \| Runner \| The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism) \|
			\| `image` \| yes \| Runner \| The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism) \|
			\| `services:[]` \| yes \| Runner \| The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism) \|
			\| `services:[]:name` \| yes \| Runner \| The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism) \|
			\| `cache:key` \| yes \| Runner \| The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism) \|
			\| `artifacts:name` \| yes \| Runner \| The variable expansion is made by GitLab Runner's shell environment \|
			\| `script`, `before_script`, `after_script` \| yes \| Script execution shell \| The variable expansion is made by the [execution shell environment](#execution-shell-environment) \|
			\| `only:variables:[]`, `except:variables:[]` \| no \| n/a \| The variable must be in the form of `$variable`. Not supported are the following:<br/><br/>- Variables that are based on the environment's name (`CI_ENVIRONMENT_NAME`, `CI_ENVIRONMENT_SLUG`).<br/>- Any other variables related to environment (currently only `CI_ENVIRONMENT_URL`).<br/>- [Persisted variables](#persisted-variables). \|
Add documentation about variables usage in GitLab CI 2018-05-29 13:33:48 -04:00
			### `config.toml` file

			`NOTE: Note:`
Add latest changes from gitlab-org/gitlab@master 2020-08-20 23:10:16 -04:00			You can read more about `config.toml` in the [GitLab Runner docs](https://docs.gitlab.com/runner/configuration/advanced-configuration.html).
Add documentation about variables usage in GitLab CI 2018-05-29 13:33:48 -04:00
Work around lack of HTML list support in topic 2019-04-04 06:22:13 -04:00			`\| Definition \| Can be expanded? \| Description \|`
			`\|:-------------------------------------\|:-----------------\|:---------------------------------------------------------------------------------------------------------------------------------------------\|`
Add latest changes from gitlab-org/gitlab@master 2020-08-20 23:10:16 -04:00			\| `runners.environment` \| yes \| The variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism) \|
			\| `runners.kubernetes.pod_labels` \| yes \| The Variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism) \|
			\| `runners.kubernetes.pod_annotations` \| yes \| The Variable expansion is made by GitLab Runner's [internal variable expansion mechanism](#gitlab-runner-internal-variable-expansion-mechanism) \|
Add documentation about variables usage in GitLab CI 2018-05-29 13:33:48 -04:00
			`## Expansion mechanisms`

			`There are three expansion mechanisms:`

			`- GitLab`
			`- GitLab Runner`
			`- Execution shell environment`

			`### GitLab internal variable expansion mechanism`

			The expanded part needs to be in a form of `$variable`, or `${variable}` or `%variable%`.
			`Each form is handled in the same way, no matter which OS/shell will finally handle the job,`
Add latest changes from gitlab-org/gitlab@master 2020-08-20 23:10:16 -04:00			`since the expansion is done in GitLab before any runner will get the job.`
Add documentation about variables usage in GitLab CI 2018-05-29 13:33:48 -04:00
			`### GitLab Runner internal variable expansion mechanism`

Fix documentation for variables 2018-10-05 14:37:31 -04:00			- Supported: project/group variables, `.gitlab-ci.yml` variables, `config.toml` variables, and
Document how to specify environment variables during manual pipeline run and more 2018-09-07 16:40:44 -04:00			`variables from triggers, pipeline schedules, and manual pipelines.`
Fix documentation for variables 2018-10-05 14:37:31 -04:00			- Not supported: variables defined inside of scripts (e.g., `export MY_VARIABLE="test"`).
Add documentation about variables usage in GitLab CI 2018-05-29 13:33:48 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-08-20 23:10:16 -04:00			The runner uses Go's `os.Expand()` method for variable expansion. It means that it will handle
Add documentation about variables usage in GitLab CI 2018-05-29 13:33:48 -04:00			only variables defined as `$variable` and `${variable}`. What's also important, is that
			`the expansion is done only once, so nested variables may or may not work, depending on the`
			`ordering of variables definitions.`

			`### Execution shell environment`

			This is an expansion that takes place during the `script` execution.
Add latest changes from gitlab-org/gitlab@master 2020-06-09 23:08:17 -04:00			How it works depends on the used shell (`bash`, `sh`, `cmd`, PowerShell). For example, if the job's
Add documentation about variables usage in GitLab CI 2018-05-29 13:33:48 -04:00			`script` contains a line `echo $MY_VARIABLE-${MY_VARIABLE_2}`, it should be properly handled
			`by bash/sh (leaving empty strings or some values depending whether the variables were`
Add latest changes from gitlab-org/gitlab@master 2020-06-09 23:08:17 -04:00			defined or not), but will not work with Windows' `cmd` or PowerShell, since these shells
Add documentation about variables usage in GitLab CI 2018-05-29 13:33:48 -04:00			`are using a different variables syntax.`

Fix documentation for variables 2018-10-05 14:37:31 -04:00			`Supported:`
Add documentation about variables usage in GitLab CI 2018-05-29 13:33:48 -04:00
			- The `script` may use all available variables that are default for the shell (e.g., `$PATH` which
Rename Secret variables -> variables 2018-05-31 12:41:37 -04:00			`should be present in all bash/sh shells) and all variables defined by GitLab CI/CD (project/group variables,`
Add documentation about variables usage in GitLab CI 2018-05-29 13:33:48 -04:00			`.gitlab-ci.yml` variables, `config.toml` variables, and variables from triggers and pipeline schedules).
			- The `script` may also use all variables defined in the lines before. So, for example, if you define
			a variable `export MY_VARIABLE="test"`:
Document how to specify environment variables during manual pipeline run and more 2018-09-07 16:40:44 -04:00			- In `before_script`, it will work in the following lines of `before_script` and
			all lines of the related `script`.
			- In `script`, it will work in the following lines of `script`.
			- In `after_script`, it will work in following lines of `after_script`.
Add documentation about variables usage in GitLab CI 2018-05-29 13:33:48 -04:00
Edit after script context text 2019-06-16 17:21:06 -04:00			In the case of `after_script` scripts, they can:
Leave clear notices about after_script execution context We frequently see new issues mentioning that something defined in `before_script` or `script` doesn't work with `after_script`. Our documentation mentions that first two are concatenated and executed together, why the third one is executed in a separated shell context. But it looks like it's not clear enough. Since this misunderstanding of how scripts are being executed is repeated frequently, let's make it more clear in docs. 2019-06-11 17:31:44 -04:00
Edit after script context text 2019-06-16 17:21:06 -04:00			- Only use variables defined before the script within the same `after_script`
			`section.`
Leave clear notices about after_script execution context We frequently see new issues mentioning that something defined in `before_script` or `script` doesn't work with `after_script`. Our documentation mentions that first two are concatenated and executed together, why the third one is executed in a separated shell context. But it looks like it's not clear enough. Since this misunderstanding of how scripts are being executed is repeated frequently, let's make it more clear in docs. 2019-06-11 17:31:44 -04:00			- Not use variables defined in `before_script` and `script`.

Edit after script context text 2019-06-16 17:21:06 -04:00			These restrictions are because `after_script` scripts are executed in a
			`[separated shell context](../yaml/README.md#before_script-and-after_script).`
Leave clear notices about after_script execution context We frequently see new issues mentioning that something defined in `before_script` or `script` doesn't work with `after_script`. Our documentation mentions that first two are concatenated and executed together, why the third one is executed in a separated shell context. But it looks like it's not clear enough. Since this misunderstanding of how scripts are being executed is repeated frequently, let's make it more clear in docs. 2019-06-11 17:31:44 -04:00
Add documentation about variables usage in GitLab CI 2018-05-29 13:33:48 -04:00			`## Persisted variables`

			`NOTE: Note:`
			`Some of the persisted variables contain tokens and cannot be used by some definitions`
			`due to security reasons.`

			`The following variables are known as "persisted":`

			- `CI_PIPELINE_ID`
			- `CI_JOB_ID`
			- `CI_JOB_TOKEN`
			- `CI_BUILD_ID`
			- `CI_BUILD_TOKEN`
			- `CI_REGISTRY_USER`
			- `CI_REGISTRY_PASSWORD`
			- `CI_REPOSITORY_URL`
			- `CI_DEPLOY_USER`
			- `CI_DEPLOY_PASSWORD`

			`They are:`

Docs: Fix CI/CD related anchors 2019-03-10 21:47:01 -04:00			`- Supported for definitions where the ["Expansion place"](#gitlab-ciyml-file) is:`
Fix documentation for variables 2018-10-05 14:37:31 -04:00			`- Runner.`
			`- Script execution shell.`
			`- Not supported:`
Docs: Fix CI/CD related anchors 2019-03-10 21:47:01 -04:00			`- For definitions where the ["Expansion place"](#gitlab-ciyml-file) is GitLab.`
Docs: Fix anchors related to variables doc 2019-04-08 08:32:38 -04:00			- In the `only` and `except` [variables expressions](README.md#environment-variables-expressions).
Docs: Merge EE doc/ci to CE 2019-05-05 11:06:37 -04:00
			`## Variables with an environment scope`

			`Variables defined with an environment scope are supported. Given that`
			there is a variable `$STAGING_SECRET` defined in a scope of
			`review/staging/*`, the following job that is using dynamic environments
			`is going to be created, based on the matching variable expression:`

			```yaml
			`my-job:`
			`stage: staging`
			`environment:`
			`name: review/$CI_JOB_STAGE/deploy`
			`script:`
			`- 'deploy staging'`
			`only:`
			`variables:`
			`- $STAGING_SECRET == 'something'`
			```