From bd66bf08b5b9a2cea9320100a91240e93f1c06e5 Mon Sep 17 00:00:00 2001 From: Lin Jen-Shin Date: Thu, 25 May 2017 19:49:46 +0800 Subject: API and doc for protected variables --- doc/api/build_variables.md | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) (limited to 'doc') diff --git a/doc/api/build_variables.md b/doc/api/build_variables.md index 2aaf1c93705..d4f00256ed3 100644 --- a/doc/api/build_variables.md +++ b/doc/api/build_variables.md @@ -61,11 +61,12 @@ Create a new build variable. POST /projects/:id/variables ``` -| Attribute | Type | required | Description | -|-----------|---------|----------|-----------------------| -| `id` | integer/string | yes | The ID of a project or [urlencoded NAMESPACE/PROJECT_NAME of the project](README.md#namespaced-path-encoding) owned by the authenticated user | -| `key` | string | yes | The `key` of a variable; must have no more than 255 characters; only `A-Z`, `a-z`, `0-9`, and `_` are allowed | -| `value` | string | yes | The `value` of a variable | +| Attribute | Type | required | Description | +|-------------|---------|----------|-----------------------| +| `id` | integer/string | yes | The ID of a project or [urlencoded NAMESPACE/PROJECT_NAME of the project](README.md#namespaced-path-encoding) owned by the authenticated user | +| `key` | string | yes | The `key` of a variable; must have no more than 255 characters; only `A-Z`, `a-z`, `0-9`, and `_` are allowed | +| `value` | string | yes | The `value` of a variable | +| `protected` | boolean | no | Whether the variable is protected | ``` curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v4/projects/1/variables" --form "key=NEW_VARIABLE" --form "value=new value" @@ -74,7 +75,8 @@ curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitl ```json { "key": "NEW_VARIABLE", - "value": "new value" + "value": "new value", + "protected": false } ``` @@ -86,11 +88,12 @@ Update a project's build variable. PUT /projects/:id/variables/:key ``` -| Attribute | Type | required | Description | -|-----------|---------|----------|-------------------------| -| `id` | integer/string | yes | The ID of a project or [urlencoded NAMESPACE/PROJECT_NAME of the project](README.md#namespaced-path-encoding) owned by the authenticated user | -| `key` | string | yes | The `key` of a variable | -| `value` | string | yes | The `value` of a variable | +| Attribute | Type | required | Description | +|-------------|---------|----------|-------------------------| +| `id` | integer/string | yes | The ID of a project or [urlencoded NAMESPACE/PROJECT_NAME of the project](README.md#namespaced-path-encoding) owned by the authenticated user | +| `key` | string | yes | The `key` of a variable | +| `value` | string | yes | The `value` of a variable | +| `protected` | boolean | no | Whether the variable is protected | ``` curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v4/projects/1/variables/NEW_VARIABLE" --form "value=updated value" @@ -99,7 +102,8 @@ curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitla ```json { "key": "NEW_VARIABLE", - "value": "updated value" + "value": "updated value", + "protected": true } ``` -- cgit v1.2.1 From ef10f4c53139ead567b12a2daf8832f02240d0fa Mon Sep 17 00:00:00 2001 From: Lin Jen-Shin Date: Thu, 25 May 2017 20:29:12 +0800 Subject: Add docs for protected variables --- doc/ci/variables/README.md | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md index 0d4d08106f8..2f2023c02ae 100644 --- a/doc/ci/variables/README.md +++ b/doc/ci/variables/README.md @@ -11,6 +11,7 @@ this order: 1. [Trigger variables][triggers] (take precedence over all) 1. [Secret variables](#secret-variables) +1. [Protected variables](#protected-variables) 1. YAML-defined [job-level variables](../yaml/README.md#job-variables) 1. YAML-defined [global variables](../yaml/README.md#variables) 1. [Deployment variables](#deployment-variables) @@ -153,9 +154,26 @@ storing things like passwords, secret keys and credentials. Secret variables can be added by going to your project's **Settings ➔ Pipelines**, then finding the section called -**Secret Variables**. +**Secret and protected variables**. -Once you set them, they will be available for all subsequent jobs. +Once you set them, they will be available for all subsequent pipelines. + +## Protected variables + +>**Notes:** +- This feature requires GitLab Runner 0.4.0 or higher. +- A protected variable is a secret variable which is protected. + +All secret variables could be protected. Whenever a secret variable is +protected, it would only be securely passed to pipelines running on the +protected branches or protected tags. The other pipelines would not get any +protected variables. + +Protected variables can be added by going to your project's +**Settings ➔ Pipelines**, then finding the section called +**Secret and protected variables**, and check *Protected*. + +Once you set them, they will be available for all subsequent pipelines. ## Deployment variables @@ -381,7 +399,6 @@ export CI_REGISTRY_USER="gitlab-ci-token" export CI_REGISTRY_PASSWORD="longalfanumstring" ``` -[ce-13784]: https://gitlab.com/gitlab-org/gitlab-ce/issues/13784 [runner]: https://docs.gitlab.com/runner/ [triggered]: ../triggers/README.md [triggers]: ../triggers/README.md#pass-job-variables-to-a-trigger -- cgit v1.2.1 From 9cc918a5caca931887026d258ea1dcd6499d7c2f Mon Sep 17 00:00:00 2001 From: Lin Jen-Shin Date: Fri, 26 May 2017 15:35:30 +0800 Subject: Use be_truthy and add back missing link --- doc/ci/variables/README.md | 1 + 1 file changed, 1 insertion(+) (limited to 'doc') diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md index 2f2023c02ae..b431cb41f4c 100644 --- a/doc/ci/variables/README.md +++ b/doc/ci/variables/README.md @@ -399,6 +399,7 @@ export CI_REGISTRY_USER="gitlab-ci-token" export CI_REGISTRY_PASSWORD="longalfanumstring" ``` +[ce-13784]: https://gitlab.com/gitlab-org/gitlab-ce/issues/13784 [runner]: https://docs.gitlab.com/runner/ [triggered]: ../triggers/README.md [triggers]: ../triggers/README.md#pass-job-variables-to-a-trigger -- cgit v1.2.1 From c4dded593a9df770dd08051fc645f713ca295f13 Mon Sep 17 00:00:00 2001 From: Lin Jen-Shin Date: Wed, 31 May 2017 22:45:51 +0800 Subject: Update docs and use protected secret variable as the name --- doc/ci/variables/README.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'doc') diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md index b431cb41f4c..602e2aa5df1 100644 --- a/doc/ci/variables/README.md +++ b/doc/ci/variables/README.md @@ -154,24 +154,23 @@ storing things like passwords, secret keys and credentials. Secret variables can be added by going to your project's **Settings ➔ Pipelines**, then finding the section called -**Secret and protected variables**. +**Secret variables**. Once you set them, they will be available for all subsequent pipelines. -## Protected variables +## Protected secret variables >**Notes:** -- This feature requires GitLab Runner 0.4.0 or higher. -- A protected variable is a secret variable which is protected. +- This feature requires GitLab 9.3 or higher, and GitLab Runner 0.4.0 or higher. -All secret variables could be protected. Whenever a secret variable is +Secret variables could be protected. Whenever a secret variable is protected, it would only be securely passed to pipelines running on the -protected branches or protected tags. The other pipelines would not get any +[protected branches] or [protected tags]. The other pipelines would not get any protected variables. Protected variables can be added by going to your project's **Settings ➔ Pipelines**, then finding the section called -**Secret and protected variables**, and check *Protected*. +**Secret variables**, and check *Protected*. Once you set them, they will be available for all subsequent pipelines. @@ -403,3 +402,5 @@ export CI_REGISTRY_PASSWORD="longalfanumstring" [runner]: https://docs.gitlab.com/runner/ [triggered]: ../triggers/README.md [triggers]: ../triggers/README.md#pass-job-variables-to-a-trigger +[protected branches]: ../../user/project/protected_branches.md +[protected tags]: ../../user/project/protected_tags.md -- cgit v1.2.1 From 76e738fc0ec65513cb4d92a8206109184c74a381 Mon Sep 17 00:00:00 2001 From: Lin Jen-Shin Date: Wed, 31 May 2017 22:52:37 +0800 Subject: Fix doc table of contents --- doc/ci/variables/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md index 602e2aa5df1..71f2088be74 100644 --- a/doc/ci/variables/README.md +++ b/doc/ci/variables/README.md @@ -11,7 +11,7 @@ this order: 1. [Trigger variables][triggers] (take precedence over all) 1. [Secret variables](#secret-variables) -1. [Protected variables](#protected-variables) +1. [Protected secret variables](#protected-secret-variables) 1. YAML-defined [job-level variables](../yaml/README.md#job-variables) 1. YAML-defined [global variables](../yaml/README.md#variables) 1. [Deployment variables](#deployment-variables) -- cgit v1.2.1 From fb70cf077cbc3b4fe07fad930be67331d2e57817 Mon Sep 17 00:00:00 2001 From: Lin Jen-Shin Date: Thu, 1 Jun 2017 16:39:24 +0800 Subject: Merge two items into one in the doc --- doc/ci/variables/README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md index 71f2088be74..0a031578a18 100644 --- a/doc/ci/variables/README.md +++ b/doc/ci/variables/README.md @@ -10,8 +10,7 @@ The variables can be overwritten and they take precedence over each other in this order: 1. [Trigger variables][triggers] (take precedence over all) -1. [Secret variables](#secret-variables) -1. [Protected secret variables](#protected-secret-variables) +1. [Secret variables](#secret-variables) or [protected secret variables](#protected-secret-variables) 1. YAML-defined [job-level variables](../yaml/README.md#job-variables) 1. YAML-defined [global variables](../yaml/README.md#variables) 1. [Deployment variables](#deployment-variables) -- cgit v1.2.1 From 0ab8c852db118701ae5a1d105c1da74a0b88f60f Mon Sep 17 00:00:00 2001 From: Lin Jen-Shin Date: Thu, 1 Jun 2017 21:22:38 +0800 Subject: Just mention which GitLab version is required Feedback: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11688/diffs#note_31277454 --- doc/ci/variables/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md index 0a031578a18..76ad7c564a3 100644 --- a/doc/ci/variables/README.md +++ b/doc/ci/variables/README.md @@ -160,7 +160,7 @@ Once you set them, they will be available for all subsequent pipelines. ## Protected secret variables >**Notes:** -- This feature requires GitLab 9.3 or higher, and GitLab Runner 0.4.0 or higher. +This feature requires GitLab 9.3 or higher. Secret variables could be protected. Whenever a secret variable is protected, it would only be securely passed to pipelines running on the -- cgit v1.2.1