Support environment-specific values for secure variables.

Description

In using GitLab-CI as a Continuous Deployment pipeline, I find myself wanting to set different values for some variables for development environments versus production or staging environments. At the moment, the only ways I can accomplish this are by storing the values in an external repository that the job can read; hard-coding values in the CI script, requiring code changes and a new push to change the values; or prefixing all my variable names in the Secure Variables section so I have something like DEV_REQUIRED_MEMORY, STAGING_REQUIRED_MEMORY, PROD_REQUIRED_MEMORY, etc.

It would be nice to have a system similar to Rails or Puppet's Hiera where it loads environment-specific configuration from a YAML file, falling back to a default if no value is defined for a particular environment.

Proposal

Allow secure variable configuration via YAML, reserving the keyword default for base values and allowing overrides of those variables for target environments. An example for a service deployed as a container on Amazon's ECS service might be:

default:
  RESERVED_MEMORY: 128
  RESERVED_CPU: 512
  ECS_CLUSTER: my-dev-cluster
  MIN_TASKS: 1
  MAX_TASKS: 10
  AUTOSCALE: false

staging:
  RESERVED_MEMORY: 512
  AUTOSCALE: true
  ECS_CLUSTER: my-staging-cluster

production:
  MAX_MEMORY: 1024
  RESERVED_MEMORY: 512
  AUTOSCALE: true
  MIN_TASKS: 10
  MAX_TASKS: 50
  ECS_CLUSTER: my-production-cluster

Prior to running the script, the runner would identify the appropriate values based on the job's environment, falling back to default if no environment was configured, and load them into the environment for the job's script.