kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Expose deploy token to CI/CD jobs as environment variable 

- If a deploy token with a name 'gitlab-deploy-token' is exists for the
  project, CI_DEPLOY_USER and CI_DEPLOY_PASSWORD variables will be
expose
This commit is contained in:
Mayra Cabrera 2018-04-16 15:47:35 -05:00
parent 3c3cab8b32
commit 0903456a07
6 changed files with 80 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/models/ci/build.rb
View File

@ -624,6 +624,7 @@ module Ci
variables.append(key: "CI_PIPELINE_TRIGGERED", value: 'true') if trigger_request
variables.append(key: "CI_JOB_MANUAL", value: 'true') if action?
variables.concat(legacy_variables)
variables.concat(deploy_token_variables) if project.gitlab_deploy_token
end
end
@ -654,6 +655,13 @@ module Ci
end
end
def deploy_token_variables
Gitlab::Ci::Variables::Collection.new.tap do |variables|
variables.append(key: 'CI_DEPLOY_USER', value: DeployToken::GITLAB_DEPLOY_TOKEN)
variables.append(key: 'CI_DEPLOY_PASSWORD', value: project.gitlab_deploy_token.token)
end
end
def environment_url
options&.dig(:environment, :url) || persisted_environment&.external_url
end

1
app/models/deploy_token.rb
View File

@ -4,6 +4,7 @@ class DeployToken < ActiveRecord::Base
add_authentication_token_field :token
AVAILABLE_SCOPES = %i(read_repository read_registry).freeze
GITLAB_DEPLOY_TOKEN = 'gitlab-deploy-token'.freeze
default_value_for(:expires_at) { Forever.date }

5
app/models/project.rb
View File

@ -1879,6 +1879,11 @@ class Project < ActiveRecord::Base
[]
end
def gitlab_deploy_token
@gitlab_deploy_token ||=
deploy_tokens.active.find_by(name: DeployToken::GITLAB_DEPLOY_TOKEN)
end
private
def storage

8
spec/factories/deploy_tokens.rb
View File

@ -10,5 +10,13 @@ FactoryBot.define do
trait :revoked do
revoked true
end
trait :gitlab_deploy_token do
name DeployToken::GITLAB_DEPLOY_TOKEN
end
trait :expired do
expires_at { Date.today - 1.month }
end
end
end

31
spec/models/ci/build_spec.rb
View File

@ -2035,6 +2035,37 @@ describe Ci::Build do
expect(build).not_to be_persisted
end
end
context 'for deploy tokens' do
let(:deploy_token) { create(:deploy_token, :gitlab_deploy_token) }
let(:deploy_token_variables) do
[
{ key: 'CI_DEPLOY_USER', value: DeployToken::GITLAB_DEPLOY_TOKEN, public: true },
{ key: 'CI_DEPLOY_PASSWORD', value: deploy_token.token, public: true }
]
end
context 'when gitlab-deploy-token exist' do
before do
project.deploy_tokens << deploy_token
end
it 'should include deploy token variables' do
deploy_token_variables.each do |deploy_token_variable|
is_expected.to include(deploy_token_variable)
end
end
end
context 'when gitlab-deploy-token does not exist' do
it 'should not include deploy token variables' do
deploy_token_variables.each do |deploy_token_variable|
is_expected.not_to include(deploy_token_variable)
end
end
end
end
end
describe '#scoped_variables' do

27
spec/models/project_spec.rb
View File

@ -3585,4 +3585,31 @@ describe Project do
it { is_expected.not_to be_valid }
end
end
describe '#gitlab_deploy_token' do
let(:project) { create(:project) }
subject { project.gitlab_deploy_token }
context 'when there is a gitlab deploy token associated' do
let!(:deploy_token) { create(:deploy_token, :gitlab_deploy_token, projects: [project]) }
it { is_expected.to eq(deploy_token) }
end
context 'when there is no a gitlab deploy token associated' do
it { is_expected.to be_nil }
end
context 'when there is a gitlab deploy token associated but is has been revoked' do
let!(:deploy_token) { create(:deploy_token, :gitlab_deploy_token, :revoked, projects: [project]) }
it { is_expected.to be_nil }
end
context 'when there is a gitlab deploy token associated but it has expired' do
let!(:deploy_token) { create(:deploy_token, :gitlab_deploy_token, :expired, projects: [project]) }
it { is_expected.to be_nil }
end
end
end