Merge branch 'variables' into 'master'

Implementation of secret variables

https://dev.gitlab.org/gitlab/gitlab-ci/issues/246

@ayufan It will return variables like an array:

API call - POST `builds/register`

```
variables:[{"key": "KEY", "value": "VALUE"}]
```

![joxi_screenshot_1433524410263](https://gitlab.com/gitlab-org/gitlab-ci/uploads/04c2442b939d58c432f7b3fb72a2baa8/joxi_screenshot_1433524410263.png)

/cc @dzaporozhets @ayufan

See merge request !125

14 files changed, 135 insertions, 2 deletions

diff --git a/CHANGELOG b/CHANGELOG
index cfccbc2..dcaca23 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -6,6 +6,7 @@ v7.12.0
   - Increase default timeout for builds to 60 minutes
   - Using .gitlab-ci.yml file instead of jobs
   - Link to the runner from the build page for admin user
+  - Ability to set secret variables for runner
 
 v7.11.0
   - Deploy Jobs API calls
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 2ddd1aa..5916df4 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -128,6 +128,7 @@ class ProjectsController < ApplicationController
   def project_params
     params.require(:project).permit(:path, :timeout, :timeout_in_minutes, :default_ref, :always_build,
       :polling_interval, :public, :ssh_url_to_repo, :allow_git_fetch, :email_recipients,
-      :email_add_pusher, :email_only_broken_builds, :coverage_regex, :shared_runners_enabled, :token)
+      :email_add_pusher, :email_only_broken_builds, :coverage_regex, :shared_runners_enabled, :token,
+      { variables_attributes: [:id, :key, :value, :_destroy] })
   end
 end
diff --git a/app/controllers/variables_controller.rb b/app/controllers/variables_controller.rb
new file mode 100644
index 0000000..6eb908e
--- /dev/null
+++ b/app/controllers/variables_controller.rb
@@ -0,0 +1,17 @@
+class VariablesController < ApplicationController
+  before_filter :authenticate_user!
+  before_filter :project
+  before_filter :authorize_access_project!
+  before_filter :authorize_manage_project!
+
+  layout 'project'
+
+  def index
+  end
+
+  private
+
+  def project
+    @project ||= Project.find(params[:project_id])
+  end
+end
diff --git a/app/models/build.rb b/app/models/build.rb
index 162f6be..2ffb80c 100644
--- a/app/models/build.rb
+++ b/app/models/build.rb
@@ -149,6 +149,10 @@ class Build < ActiveRecord::Base
     project.timeout
   end
 
+  def variables
+    project.variables
+  end
+
   def duration
     if started_at && finished_at
       finished_at - started_at
diff --git a/app/models/project.rb b/app/models/project.rb
index 7aceeca..308fde4 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -33,6 +33,7 @@ class Project < ActiveRecord::Base
   has_many :runners, through: :runner_projects
   has_many :web_hooks, dependent: :destroy
   has_many :events, dependent: :destroy
+  has_many :variables, dependent: :destroy
 
   # Project services
   has_many :services, dependent: :destroy
@@ -40,6 +41,8 @@ class Project < ActiveRecord::Base
   has_one :slack_service, dependent: :destroy
   has_one :mail_service, dependent: :destroy
 
+  accepts_nested_attributes_for :variables, allow_destroy: true
+
   #
   # Validations
   #
diff --git a/app/models/variable.rb b/app/models/variable.rb
new file mode 100644
index 0000000..a53a27f
--- /dev/null
+++ b/app/models/variable.rb
@@ -0,0 +1,3 @@
+class Variable < ActiveRecord::Base
+  belongs_to :project
+end
diff --git a/app/views/layouts/_nav_project.html.haml b/app/views/layouts/_nav_project.html.haml
index 3097e41..103b1c8 100644
--- a/app/views/layouts/_nav_project.html.haml
+++ b/app/views/layouts/_nav_project.html.haml
@@ -12,6 +12,10 @@
     = link_to project_runners_path(@project) do
       %i.icon-cog
       Runners
+  = nav_link path: 'variables#index' do
+    = link_to project_variables_path(@project) do
+      %i.icon-code
+      Variables
   = nav_link path: 'web_hooks#index' do
     = link_to project_web_hooks_path(@project) do
       %i.icon-link
diff --git a/app/views/variables/index.html.haml b/app/views/variables/index.html.haml
new file mode 100644
index 0000000..64a4451
--- /dev/null
+++ b/app/views/variables/index.html.haml
@@ -0,0 +1,37 @@
+%h3 Secret Variables
+%p.light 
+  These variables will be set to environment by the runner and will be hidden in the build log.
+  %br
+  So you can use them for passwords, secret keys or whatever you want.  
+
+%hr
+
+
+= nested_form_for @project, html: { class: 'form-horizontal' } do |f|
+  - if @project.errors.any?
+    #error_explanation
+      %p.lead= "#{pluralize(@project.errors.count, "error")} prohibited this project from being saved:"
+      .alert.alert-error
+        %ul
+          - @project.errors.full_messages.each do |msg|
+            %li= msg
+
+  = f.fields_for :variables do |variable_form|
+    .form-group
+      = variable_form.label :key, 'Key', class: 'control-label'
+      .col-sm-10
+        = variable_form.text_field :key, class: 'form-control', placeholder: "PROJECT_VARIABLE"
+
+    .form-group
+      = variable_form.label :value, 'Value', class: 'control-label'
+      .col-sm-10
+        = variable_form.text_area :value, class: 'form-control', rows: 2, placeholder: ""
+
+        = variable_form.link_to_remove "Remove this variable", class: 'btn btn-danger pull-right prepend-top-10'
+    %hr
+  %p
+    .clearfix
+      = f.link_to_add "Add a variable", :variables, class: 'btn btn-success pull-right'
+
+  .form-actions
+    = f.submit 'Save changes', class: 'btn btn-save', return_to: request.original_url
diff --git a/config/routes.rb b/config/routes.rb
index 593797a..7ad8220 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -63,6 +63,7 @@ Rails.application.routes.draw do
     resources :runner_projects, only: [:create, :destroy]
 
     resources :events, only: [:index]
+    resources :variables, only: [:index]
   end
 
   resource :user_sessions do
diff --git a/db/migrate/20150605002131_create_variables.rb b/db/migrate/20150605002131_create_variables.rb
new file mode 100644
index 0000000..b70b7e2
--- /dev/null
+++ b/db/migrate/20150605002131_create_variables.rb
@@ -0,0 +1,11 @@
+class CreateVariables < ActiveRecord::Migration
+  def change
+    create_table :variables do |t|
+      t.integer :project_id, null: false
+      t.string :key
+      t.text :value
+    end
+
+    add_index :variables, :project_id
+  end
+end
\ No newline at end of file
diff --git a/db/schema.rb b/db/schema.rb
index 0d9482e..9e1a0df 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20150602000240) do
+ActiveRecord::Schema.define(version: 20150605002131) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -172,6 +172,14 @@ ActiveRecord::Schema.define(version: 20150602000240) do
 
   add_index "tags", ["name"], name: "index_tags_on_name", unique: true, using: :btree
 
+  create_table "variables", force: true do |t|
+    t.integer "project_id", null: false
+    t.string  "key"
+    t.text    "value"
+  end
+
+  add_index "variables", ["project_id"], name: "index_variables_on_project_id", using: :btree
+
   create_table "web_hooks", force: true do |t|
     t.string   "url",        null: false
     t.integer  "project_id", null: false
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index 2089e23..2f6565a 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -7,9 +7,15 @@ module API
       expose :builds
     end
 
+    class Variable < Grape::Entity
+      expose :key, :value
+    end
+
     class Build < Grape::Entity
       expose :id, :commands, :path, :ref, :sha, :project_id, :repo_url,
         :before_sha, :timeout, :allow_git_fetch, :project_name
+
+      expose :variables, using: Variable
     end
 
     class Runner < Grape::Entity
diff --git a/spec/features/variables_spec.rb b/spec/features/variables_spec.rb
new file mode 100644
index 0000000..21a7a11
--- /dev/null
+++ b/spec/features/variables_spec.rb
@@ -0,0 +1,26 @@
+require 'spec_helper'
+
+describe "Variables" do
+  before do
+    login_as :user
+  end
+
+  describe "specific runners" do
+    before do
+      @project = FactoryGirl.create :project
+      stub_js_gitlab_calls
+    end
+
+    it "creates variable", js: true do
+      visit project_variables_path(@project)
+      click_on "Add a variable"
+      fill_in "Key", with: "SECRET_KEY"
+      fill_in "Value", with: "SECRET_VALUE"
+      click_on "Save changes"
+      
+      page.should have_content("Project was successfully updated.")
+      @project.variables.count.should == 1
+    end
+
+  end
+end
diff --git a/spec/requests/api/builds_spec.rb b/spec/requests/api/builds_spec.rb
index 2dd6e01..1fece31 100644
--- a/spec/requests/api/builds_spec.rb
+++ b/spec/requests/api/builds_spec.rb
@@ -50,6 +50,17 @@ describe API::API do
 
         response.status.should == 404
       end
+
+      it "returns variables" do
+        commit = FactoryGirl.create(:commit, project: project)
+        commit.create_builds
+        project.variables << Variable.new(key: "SECRET_KEY", value: "secret_value")
+
+        post api("/builds/register"), token: runner.token, info: {platform: :darwin}
+
+        response.status.should == 201
+        json_response["variables"].should == [{"key" => "SECRET_KEY", "value" => "secret_value"}]
+      end
     end
 
     describe "PUT /builds/:id" do