Add secret variables support in services command
When using secret variables in the services
-> command
, they seem to always evaluate to nothing. Is it possible? Do they work as intended?
Note: All variables will be passed to all services containers. It's not designed to distinguish which variable should go where.
https://docs.gitlab.com/ce/ci/docker/using_docker_images.html#configuring-services
❌ Using secret variable in services
-> command
In project settings -> CI / CD -> Secret variables -> Add DOCKER_REGISTRY: foo
test-secret-variables-in-service:
stage: build
image: docker:latest
variables:
DOCKER_DRIVER: overlay2
script:
- docker info
services:
- name: docker:dind
command:
- "--insecure-registry"
- $DOCKER_REGISTRY
tags:
- docker
- shared
CI job log output
See what is listed under "Insecure Registries" (nothing)
Running with gitlab-ci-multi-runner 9.5.0 (413da38)
on some-docker-runner1 (9b33cf2f)
Using Docker executor with image docker:latest ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
Using docker image docker:dind ID=sha256:1ab52967778e46d72867aa7cc962fa5aff6fc2fa56cf0564d49e392531853f7a for docker service...
Waiting for services to be up and running...
Using docker image sha256:88cb9ae058930a0d92951184c0d54d0b25fb0789214505f6fef72cb7891f6461 for predefined container...
Pulling docker image docker:latest ...
Using docker image docker:latest ID=sha256:5b7585e8dd70eadf71435f10a6490d8d17a950c49e86f48810b5bdc6219b2765 for build container...
Running on runner-9b33cf2f-project-88-concurrent-0 via eric-macbook...
Fetching changes...
Removing node_modules/
HEAD is now at c463d3f Use static value in services command
Checking out c463d3f5 as master...
Skipping Git submodules setup
Checking cache for default...
Successfully extracted cache
$ docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 17.07.0-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3addd840653146c90a254301d6c3a663c7fd6429
runc version: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 4.9.41-moby
Operating System: Alpine Linux v3.6 (containerized)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 1.952GiB
Name: e177b56d8cb5
ID: TTAO:PPHX:EGBC:VGEY:FZVL:VVST:S5SK:DF6W:WDH6:UXSF:UYGU:QLOG
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
No Proxy: *.local, 169.254/16
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
Live Restore Enabled: false
✅ Using a static value in services
-> command
test-secret-variables-in-service:
stage: build
image: docker:latest
variables:
DOCKER_DRIVER: overlay2
script:
- docker info
services:
- name: docker:dind
command:
- "--insecure-registry"
- foo
tags:
- docker
- shared
CI job log output
See what is listed under "Insecure Registries" (foo
, 127.0.0.0/8
)
Running with gitlab-ci-multi-runner 9.5.0 (413da38)
on some-docker-runner1 (9b33cf2f)
Using Docker executor with image docker:latest ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
Using docker image docker:dind ID=sha256:1ab52967778e46d72867aa7cc962fa5aff6fc2fa56cf0564d49e392531853f7a for docker service...
Waiting for services to be up and running...
Using docker image sha256:88cb9ae058930a0d92951184c0d54d0b25fb0789214505f6fef72cb7891f6461 for predefined container...
Pulling docker image docker:latest ...
Using docker image docker:latest ID=sha256:5b7585e8dd70eadf71435f10a6490d8d17a950c49e86f48810b5bdc6219b2765 for build container...
Running on runner-9b33cf2f-project-88-concurrent-0 via eric-macbook...
Fetching changes...
Removing node_modules/
HEAD is now at c463d3f Use static value in services command
Checking out c463d3f5 as master...
Skipping Git submodules setup
Checking cache for default...
Successfully extracted cache
$ docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 17.07.0-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3addd840653146c90a254301d6c3a663c7fd6429
runc version: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 4.9.41-moby
Operating System: Alpine Linux v3.6 (containerized)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 1.952GiB
Name: f661ba7577da
ID: PB45:3YTJ:TVLZ:3LD3:BPD2:WWA4:YECG:356R:LKWD:A3SM:TN23:JHQK
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
No Proxy: *.local, 169.254/16
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
foo
127.0.0.0/8
Live Restore Enabled: false
❌ Using YAML-defined variables in services
-> command
Based on the following
The YAML-defined variables are also set to all created service containers, thus allowing to fine tune them.
https://docs.gitlab.com/ee/ci/variables/#gitlab-ci-yaml-defined-variables
I tried using $ASDF
and $QWER
defined in YAML but same empty result.
test-secret-variables-in-service:
stage: build
image: docker:latest
variables:
DOCKER_DRIVER: overlay2
ASDF: $DOCKER_REGISTRY
QWER: qwer
script:
# $DOCKER_REGISTRY = registry.gitlab.com or docker.for.mac.localhost:5063
- docker info
services:
- name: docker:dind
command:
- "--insecure-registry"
- <$QWER or $ASDF>
tags:
- docker
- shared
Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/38136 and https://gitlab.com/gitlab-org/gitlab-ce/issues/38325
Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/18214 but doesn't seem very explicit on usage to me.
Possibly related to https://gitlab.com/gitlab-org/gitlab-ce/issues/27921