Merge branch 'expose-deployment-variables' into 'master' 25743-clean-up-css-for-project-alerts-and-flash-notifications

Pass variables from deployment project services to CI runner

## What does this MR do?

This commit introduces the concept of deployment variables - variables
that are collected from deployment services and passed to CI runner
during a deployment build.
Deployment services specify the variables by overriding
"predefined_variables" method.

This commit also configures variables for KubernetesService

## Why was this MR needed?

We need these values for https://gitlab.com/gitlab-org/gitlab-ce/issues/23580

## Does this MR meet the acceptance criteria?

- [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- ~~[ ] API support added~~
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?

Refers to https://gitlab.com/gitlab-org/gitlab-ce/issues/23580

See merge request !8107

10 files changed, 116 insertions, 1 deletions

diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index fdbf28a1d68..591aba6bdc9 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -155,7 +155,7 @@ module Ci
     end
 
     def has_environment?
-      self.environment.present?
+      environment.present?
     end
 
     def starts_environment?
@@ -221,6 +221,7 @@ module Ci
       variables += pipeline.predefined_variables
       variables += runner.predefined_variables if runner
       variables += project.container_registry_variables
+      variables += project.deployment_variables if has_environment?
       variables += yaml_variables
       variables += user_variables
       variables += project.secret_variables
diff --git a/app/models/project.rb b/app/models/project.rb
index 5d092ca42c2..5d5d6737dad 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -1230,6 +1230,12 @@ class Project < ActiveRecord::Base
     end
   end
 
+  def deployment_variables
+    return [] unless deployment_service
+
+    deployment_service.predefined_variables
+  end
+
   def append_or_update_attribute(name, value)
     old_values = public_send(name.to_s)
 
diff --git a/app/models/project_services/deployment_service.rb b/app/models/project_services/deployment_service.rb
index 55e98c31251..da6be9dd7b7 100644
--- a/app/models/project_services/deployment_service.rb
+++ b/app/models/project_services/deployment_service.rb
@@ -8,4 +8,8 @@ class DeploymentService < Service
   def supported_events
     []
   end
+
+  def predefined_variables
+    []
+  end
 end
diff --git a/app/models/project_services/kubernetes_service.rb b/app/models/project_services/kubernetes_service.rb
index 80ae1191108..f5fbf8b353b 100644
--- a/app/models/project_services/kubernetes_service.rb
+++ b/app/models/project_services/kubernetes_service.rb
@@ -83,6 +83,16 @@ class KubernetesService < DeploymentService
     { success: false, result: err }
   end
 
+  def predefined_variables
+    variables = [
+      { key: 'KUBE_URL', value: api_url, public: true },
+      { key: 'KUBE_TOKEN', value: token, public: false },
+      { key: 'KUBE_NAMESPACE', value: namespace, public: true }
+    ]
+    variables << { key: 'KUBE_CA_PEM', value: ca_pem, public: true } if ca_pem.present?
+    variables
+  end
+
   private
 
   def build_kubeclient(api_path = '/api', api_version = 'v1')
diff --git a/changelogs/unreleased/expose-deployment-variables.yml b/changelogs/unreleased/expose-deployment-variables.yml
new file mode 100644
index 00000000000..7663d5b6ae5
--- /dev/null
+++ b/changelogs/unreleased/expose-deployment-variables.yml
@@ -0,0 +1,4 @@
+---
+title: Pass variables from deployment project services to CI runner
+merge_request: 8107
+author:
diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md
index eb540a50606..baa5fc67816 100644
--- a/doc/ci/variables/README.md
+++ b/doc/ci/variables/README.md
@@ -13,6 +13,7 @@ this order:
 1. [Secret variables](#secret-variables)
 1. YAML-defined [job-level variables](../yaml/README.md#job-variables)
 1. YAML-defined [global variables](../yaml/README.md#variables)
+1. [Deployment variables](#deployment-variables)
 1. [Predefined variables](#predefined-variables-environment-variables) (are the
    lowest in the chain)
 
@@ -148,6 +149,20 @@ Secret variables can be added by going to your project's
 
 Once you set them, they will be available for all subsequent builds.
 
+## Deployment variables
+
+>**Note:**
+This feature requires GitLab CI 8.15 or higher.
+
+[Project services](../../project_services/project_services.md) that are
+responsible for deployment configuration may define their own variables that
+are set in the build environment. These variables are only defined for
+[deployment builds](../environments.md). Please consult the documentation of
+the project services that you are using to learn which variables they define.
+
+An example project service that defines deployment variables is
+[Kubernetes Service](../../project_services/kubernetes.md).
+
 ## Debug tracing
 
 > Introduced in GitLab Runner 1.7.
diff --git a/doc/project_services/kubernetes.md b/doc/project_services/kubernetes.md
index cb577b608b4..fda364b864e 100644
--- a/doc/project_services/kubernetes.md
+++ b/doc/project_services/kubernetes.md
@@ -36,3 +36,14 @@ to create one. You can also view or create service tokens in the
 Fill in the service token and namespace according to the values you just got.
 If the API is using a self-signed TLS certificate, you'll also need to include
 the `ca.crt` contents as the `Custom CA bundle`.
+
+## Deployment variables
+
+The Kubernetes service exposes following
+[deployment variables](../ci/variables/README.md#deployment-variables) in the
+GitLab CI build environment:
+
+- `KUBE_URL` - equal to the API URL
+- `KUBE_TOKEN`
+- `KUBE_NAMESPACE`
+- `KUBE_CA_PEM` - only if a custom CA bundle was specified
diff --git a/spec/models/build_spec.rb b/spec/models/build_spec.rb
index d5f2ffcff59..6f1c2ae0fd8 100644
--- a/spec/models/build_spec.rb
+++ b/spec/models/build_spec.rb
@@ -506,6 +506,17 @@ describe Ci::Build, models: true do
       it { is_expected.to include({ key: 'CI_RUNNER_TAGS', value: 'docker, linux', public: true }) }
     end
 
+    context 'when build is for a deployment' do
+      let(:deployment_variable) { { key: 'KUBERNETES_TOKEN', value: 'TOKEN', public: false } }
+
+      before do
+        build.environment = 'production'
+        allow(project).to receive(:deployment_variables).and_return([deployment_variable])
+      end
+
+      it { is_expected.to include(deployment_variable) }
+    end
+
     context 'returns variables in valid order' do
       before do
         allow(build).to receive(:predefined_variables) { ['predefined'] }
diff --git a/spec/models/project_services/kubernetes_service_spec.rb b/spec/models/project_services/kubernetes_service_spec.rb
index ffb92012b89..3603602e41d 100644
--- a/spec/models/project_services/kubernetes_service_spec.rb
+++ b/spec/models/project_services/kubernetes_service_spec.rb
@@ -123,4 +123,37 @@ describe KubernetesService, models: true do
       end
     end
   end
+
+  describe '#predefined_variables' do
+    before do
+      subject.api_url = 'https://kube.domain.com'
+      subject.token = 'token'
+      subject.namespace = 'my-project'
+      subject.ca_pem = 'CA PEM DATA'
+    end
+
+    it 'sets KUBE_URL' do
+      expect(subject.predefined_variables).to include(
+        { key: 'KUBE_URL', value: 'https://kube.domain.com', public: true }
+      )
+    end
+
+    it 'sets KUBE_TOKEN' do
+      expect(subject.predefined_variables).to include(
+        { key: 'KUBE_TOKEN', value: 'token', public: false }
+      )
+    end
+
+    it 'sets KUBE_NAMESPACE' do
+      expect(subject.predefined_variables).to include(
+        { key: 'KUBE_NAMESPACE', value: 'my-project', public: true }
+      )
+    end
+
+    it 'sets KUBE_CA_PEM' do
+      expect(subject.predefined_variables).to include(
+        { key: 'KUBE_CA_PEM', value: 'CA PEM DATA', public: true }
+      )
+    end
+  end
 end
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index bab3c3dbb02..ed6b2c6a22b 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -1697,6 +1697,26 @@ describe Project, models: true do
     end
   end
 
+  describe '#deployment_variables' do
+    context 'when project has no deployment service' do
+      let(:project) { create(:empty_project) }
+
+      it 'returns an empty array' do
+        expect(project.deployment_variables).to eq []
+      end
+    end
+
+    context 'when project has a deployment service' do
+      let(:project) { create(:kubernetes_project) }
+
+      it 'returns variables from this service' do
+        expect(project.deployment_variables).to include(
+          { key: 'KUBE_TOKEN', value: project.kubernetes_service.token, public: false }
+        )
+      end
+    end
+  end
+
   def enable_lfs
     allow(Gitlab.config.lfs).to receive(:enabled).and_return(true)
   end