Secure Files Runner Support MVC
The approach proposed in #350934 (closed) for Runner integration is fairly complex, so I think it would make sense to design a smaller MVC that could be extended in the future to support the more fine-grained control proposed in #350934 (closed).
Proposal
The MVC for Secure Files Runner Support would function much like the load-secure-files
script, but would be built in to the Runner as a supported helper called secure-files-downloader
.
The helper would only be activated if the SECURE_FILES_DOWNLOAD_PATH
environment variable is defined. When that variable is defined the helper would simply download all project-level secure files to the path specified in the variable, and all files would be set to read-only mode (the same behavior as load-secure-files
).
This change would make it easier to set up Secure Files, and it would remove the dependency on the load-secure-files
script. The secure-files-downloader
helper could then be extended later to add support for more fine-grained controls.
I'm looking for some feedback on this proposal, so please add any thoughts you have in the comments below.
@tmaczukin @morefice @fabiopitino @erushton @DarrenEastman
Update (Dec 2022)
Instead of adding Secure Files support directly to the GitLab Runner, we will prepare for this feature to become a CI/CD component when the component capabilities are released.
Until then, we will move forward with an updated downloader tool that can be added to a CI job. More details are available in the download-secure-files
project. Please add any issues or feedback to that project.