An error occurred while fetching the assigned iteration of the selected issue.
[backend] Handle pipeline execution policy variables
The new policy type we want to introduce with #452379 (closed) will inject jobs into the project CI configuration.
To avoid conflicts with variables defined on the project CI config, variables defined in pipeline execution policies should be scoped down to single jobs. We discussed this in a pairing session: https://youtu.be/p0JL-xrgWy0?feature=shared&t=1326
Verification steps
- Create a project with Pipeline execution policy
- Define variables in policy CI. Example:
variables: TEST_TOKEN: 'policy token' project_policy::test job: variables: POLICY_JOB_VAR: 'policy job variable' stage: .pipeline-policy-pre script: - echo "TEST_TOKEN = $TEST_TOKEN" - echo "POLICY_JOB_VAR = $POLICY_JOB_VAR" project_policy::coverage: stage: .pipeline-policy-post script: - echo "TEST_TOKEN = $TEST_TOKEN" - echo "POLICY_JOB_VAR = $POLICY_JOB_VAR"
- Create
.gitlab-ci.yml
in the project:variables: TEST_TOKEN: 'global token' build: stage: build script: - echo "TEST_TOKEN = $TEST_TOKEN, POLICY_JOB_VAR = $POLICY_JOB_VAR" rspec: stage: test variables: TEST_TOKEN: "rspec token" script: - echo "Running RSpec..." - echo "TEST_TOKEN = $TEST_TOKEN, POLICY_JOB_VAR = $POLICY_JOB_VAR"
- Run pipeline
- Verify that policy variables don't leak into project jobs
- Verify that all policy jobs have correct variables
- Go to Settings -> CI/CD -> Variables and create the same variables as in the policy
- Run pipeline
- Verify that policy variables are unaffected and are not overridden. Variables in project jobs should be overridden.