Backend: Change the priority of all predefined variables so that they can't be overwritten.
Summary
Users can overwrite CI_JOB_TOKEN
or JWT token, among others, which can cause issues as we've seen.
Proposal
This issue is to change the priority of all predefined variables so that they can't be overwritten.
- Change the order of variables in
lib/gitlab/ci/variables/builder.rb
, the priority is determined according to it.
NOTE: Technical details on the proposal should be placed here before moving to workflowready for development
Additional details
Some relevant technical details, if applicable, such as:
- Does this need a feature flag?
- Is there an example response showing the data structure that should be returned (new endpoints only)?
- What permissions should be used?
- Is this EE or CE?
-
EE -
CE
-
- Additional comments:
Links/References
Edited by Max Orefice