Skip to content

Make environment variables set in before_script available for expanding in .gitlab-ci.yml

This issue has been moved to the GitLab Runner Project

This is extracted from https://gitlab.com/gitlab-org/gitlab-ce/issues/25554#note_19890566

The original report was fixed in !8088 (merged), however the example in above specific comment was talking about the other issue, which we haven't solved. The example could be simplified to:

before_script:
  - export DYNAMIC_ENV_VAR=whoami

job:
  script: echo $DYNAMIC_ENV_VAR
  environment:
    name: $DYNAMIC_ENV_VAR
    url: http://$DYNAMIC_ENV_VAR.example.com

The script would echo the value of whoami because it's running on the runner, but the environment name and URL cannot see the value because they're evaluated on GitLab instance rather than on the runner. In order to make this work, the runner would require to pass the ENV back to GitLab via some kind of API, and we'll need to re-evaluate the environment based on the passed values.

This is not trivial to do and could be considered a limitation for now. Personally I could understand the use case, but I am not very sure if we should really implement this feature, because we cannot know which ENV should be set by looking at .gitlab-ci.yml, therefore we're forced to pass all the ENV from runner, which could contain a lot of random values, and which are also depending on the runner which runs the job. The result could be surprising and unexpected, and could also risk some security concern. For example, some secrets might be passed to GitLab unconsciously.

Labeled as customer because the original issue was.

/cc @dblessing @grzesiek @ayufan /cc @peay @mikelehner

Edited by Tim Poffenbarger