Class: Gitlab::Ci::Variables::Builder

Inherits:

Object

• Object
• Gitlab::Ci::Variables::Builder

Includes:

Utils::StrongMemoize

Defined in:

lib/gitlab/ci/variables/builder.rb,
lib/gitlab/ci/variables/builder/group.rb,
lib/gitlab/ci/variables/builder/project.rb,
lib/gitlab/ci/variables/builder/release.rb,
lib/gitlab/ci/variables/builder/instance.rb,
lib/gitlab/ci/variables/builder/pipeline.rb

Defined Under Namespace

Classes: Group, Instance, Pipeline, Project, Release

Instance Method Summary

• #config_variables ⇒ Object
• #deployment_variables(environment, kubernetes_namespace) ⇒ Object
• #initialize(pipeline) ⇒ Builder constructor

  A new instance of Builder.

• #kubeconfig_variables(environment, kubernetes_namespace, token, kubeconfig_yaml) ⇒ Object
• #kubernetes_variables(environment:, token:, kubernetes_namespace:) ⇒ Object
• #release_variables ⇒ Object
• #scoped_variables(job, environment:, dependencies:) ⇒ Object

  When adding new variables, consider either adding or commenting out them in the following methods: - unprotected_scoped_variables - scoped_variables_for_pipeline_seed.

• #scoped_variables_for_pipeline_seed(job_attr, environment:, kubernetes_namespace:, user:, trigger:) ⇒ Object
• #secret_group_variables(environment:, include_protected_vars: protected_ref?, , only: nil) ⇒ Object
• #secret_instance_variables(only: nil) ⇒ Object
• #secret_project_variables(environment:, include_protected_vars: protected_ref?, , only: nil) ⇒ Object
• #unprotected_scoped_variables(job, expose_project_variables:, expose_group_variables:, environment:, dependencies:) ⇒ Object
• #user_variables(user) ⇒ Object

Constructor Details

#initialize(pipeline) ⇒ Builder

Returns a new instance of Builder.

# File 'lib/gitlab/ci/variables/builder.rb', line 9

def initialize(pipeline)
  @pipeline = pipeline
  @pipeline_variables_builder = Builder::Pipeline.new(pipeline)
  @instance_variables_builder = Builder::Instance.new
  @project_variables_builder = Builder::Project.new(project)
  @group_variables_builder = Builder::Group.new(project&.group)
  @release_variables_builder = Builder::Release.new(release)
end

Instance Method Details

#config_variables ⇒ Object

# File 'lib/gitlab/ci/variables/builder.rb', line 116

def config_variables
  Gitlab::Ci::Variables::Collection.new.tap do |variables|
    break variables unless project
    next if pipeline.only_workload_variables?

    variables.concat(project.predefined_variables)
    variables.concat(pipeline_variables_builder.predefined_variables)
    variables.concat(user_defined_variables(options: {}, environment: nil))
  end
end

#deployment_variables(environment, kubernetes_namespace) ⇒ Object

# File 'lib/gitlab/ci/variables/builder.rb', line 137

def deployment_variables(environment, kubernetes_namespace)
  strong_memoize_with(:deployment_variables, environment, kubernetes_namespace) do
    next [] unless environment

    project.deployment_variables(
      environment: environment,
      kubernetes_namespace: kubernetes_namespace
    )
  end
end

#kubeconfig_variables(environment, kubernetes_namespace, token, kubeconfig_yaml) ⇒ Object

# File 'lib/gitlab/ci/variables/builder.rb', line 148

def kubeconfig_variables(environment, kubernetes_namespace, token, kubeconfig_yaml)
  # kubernetes_namespace is part of the cache key because the value of KUBECONFIG depends on it.
  # And we don't want to use `kubeconfig_yaml` in the cache key because it can be too large.
  strong_memoize_with(:kubeconfig_variables, environment, token, kubernetes_namespace) do
    template = ::Ci::GenerateKubeconfigService.new(pipeline, token: token, environment: environment).execute
    template.merge_yaml(kubeconfig_yaml) if kubeconfig_yaml.present?

    next [] unless template.valid?

    ::Gitlab::Ci::Variables::Collection.new.tap do |collection|
      collection.append(key: 'KUBECONFIG', value: template.to_yaml, public: false, file: true)
    end
  end
end

#kubernetes_variables(environment:, token:, kubernetes_namespace:) ⇒ Object

# File 'lib/gitlab/ci/variables/builder.rb', line 127

def kubernetes_variables(environment:, token:, kubernetes_namespace:)
  ::Gitlab::Ci::Variables::Collection.new.tap do |collection|
    # NOTE: deployment_variables will be removed as part of cleanup for
    # https://gitlab.com/groups/gitlab-org/configure/-/epics/8
    # Until then, we need to make both the old and the new KUBECONFIG contexts available
    collection.concat(deployment_variables(environment, kubernetes_namespace))
    collection.concat(kubeconfig_variables(environment, kubernetes_namespace, token, collection['KUBECONFIG']&.value))
  end
end

#release_variables ⇒ Object

# File 'lib/gitlab/ci/variables/builder.rb', line 203

def release_variables
  strong_memoize(:release_variables) do
    release_variables_builder.variables
  end
end

#scoped_variables(job, environment:, dependencies:) ⇒ Object

When adding new variables, consider either adding or commenting out them in the following methods:

• unprotected_scoped_variables

• scoped_variables_for_pipeline_seed

# File 'lib/gitlab/ci/variables/builder.rb', line 21

def scoped_variables(job, environment:, dependencies:)
  Gitlab::Ci::Variables::Collection.new.tap do |variables|
    if pipeline.only_workload_variables?
      # predefined_project_variables includes things like $CI_PROJECT_PATH which are used by the runner to clone
      # the repo
      variables.concat(project.predefined_project_variables)

      # yaml_variables is how we inject dynamic configuration into a workload
      variables.concat(job.yaml_variables)

      variables.concat(
        user_defined_variables(options: job.options, environment: environment, job_variables: job.manual_variables)
      )
      next
    end

    variables.concat(predefined_variables(job, environment))
    variables.concat(project.predefined_variables)
    variables.concat(pipeline_variables_builder.predefined_variables)
    variables.concat(job.runner.predefined_variables) if job.runnable? && job.runner
    variables.concat(kubernetes_variables_from_job(environment: environment, job: job))
    variables.concat(job.yaml_variables)
    variables.concat(user_variables(job.user))
    variables.concat(job.dependency_variables) if dependencies
    variables.concat(
      user_defined_variables(options: job.options, environment: environment, job_variables: job.manual_variables)
    )
    variables.concat(release_variables)
  end
end

#scoped_variables_for_pipeline_seed(job_attr, environment:, kubernetes_namespace:, user:, trigger:) ⇒ Object

# File 'lib/gitlab/ci/variables/builder.rb', line 88

def scoped_variables_for_pipeline_seed(job_attr, environment:, kubernetes_namespace:, user:, trigger:)
  Gitlab::Ci::Variables::Collection.new.tap do |variables|
    if pipeline.only_workload_variables?
      # predefined_project_variables includes things like $CI_PROJECT_PATH which are used by the runner to clone
      # the repo
      variables.concat(project.predefined_project_variables)

      # yaml_variables is how we inject dynamic configuration into a workload
      variables.concat(job_attr[:yaml_variables])

      # NOTE: We never include user_defined_variables in pipeline_seed as the workload object has not been
      # persisted yet
      next
    end

    variables.concat(predefined_variables_from_job_attr(job_attr, environment, trigger))
    variables.concat(project.predefined_variables)
    variables.concat(pipeline_variables_builder.predefined_variables)
    # job.runner.predefined_variables: No need because it's not available in the Seed step.
    variables.concat(kubernetes_variables_from_attr(environment: environment, kubernetes_namespace: kubernetes_namespace))
    variables.concat(job_attr[:yaml_variables])
    variables.concat(user_variables(user))
    # job.dependency_variables: No need because dependencies are not in the Seed step.
    variables.concat(user_defined_variables(options: job_attr[:options], environment: environment))
    variables.concat(release_variables)
  end
end

#secret_group_variables(environment:, include_protected_vars: protected_ref?, , only: nil) ⇒ Object

# File 'lib/gitlab/ci/variables/builder.rb', line 181

def secret_group_variables(environment:, include_protected_vars: protected_ref?, only: nil)
  strong_memoize_with(:secret_group_variables, environment, include_protected_vars) do
    group_variables_builder
      .secret_variables(
        environment: environment,
        protected_ref: include_protected_vars,
        only: only
      )
  end
end

#secret_instance_variables(only: nil) ⇒ Object

# File 'lib/gitlab/ci/variables/builder.rb', line 174

def secret_instance_variables(only: nil)
  strong_memoize(:secret_instance_variables) do
    instance_variables_builder
      .secret_variables(protected_ref: protected_ref?, only: only)
  end
end

#secret_project_variables(environment:, include_protected_vars: protected_ref?, , only: nil) ⇒ Object

# File 'lib/gitlab/ci/variables/builder.rb', line 192

def secret_project_variables(environment:, include_protected_vars: protected_ref?, only: nil)
  strong_memoize_with(:secret_project_variables, environment, include_protected_vars) do
    project_variables_builder
      .secret_variables(
        environment: environment,
        protected_ref: include_protected_vars,
        only: only
      )
  end
end

#unprotected_scoped_variables(job, expose_project_variables:, expose_group_variables:, environment:, dependencies:) ⇒ Object

# File 'lib/gitlab/ci/variables/builder.rb', line 52

def unprotected_scoped_variables(job, expose_project_variables:, expose_group_variables:, environment:, dependencies:)
  Gitlab::Ci::Variables::Collection.new.tap do |variables|
    if pipeline.only_workload_variables?
      # predefined_project_variables includes things like $CI_PROJECT_PATH which are used by the runner to clone
      # the repo
      variables.concat(project.predefined_project_variables)

      # yaml_variables is how we inject dynamic configuration into a workload
      variables.concat(job.yaml_variables)
      variables.concat(
        user_defined_variables(
          options: job.options, environment: environment, job_variables: job.manual_variables,
          expose_project_variables: expose_project_variables, expose_group_variables: expose_group_variables
        )
      )
      next
    end

    variables.concat(predefined_variables(job, environment))
    variables.concat(project.predefined_variables)
    variables.concat(pipeline_variables_builder.predefined_variables)
    variables.concat(job.runner.predefined_variables) if job.runnable? && job.runner
    variables.concat(kubernetes_variables_from_job(environment: environment, job: job))
    variables.concat(job.yaml_variables)
    variables.concat(user_variables(job.user))
    variables.concat(job.dependency_variables) if dependencies
    variables.concat(
      user_defined_variables(
        options: job.options, environment: environment, job_variables: job.manual_variables,
        expose_project_variables: expose_project_variables, expose_group_variables: expose_group_variables
      )
    )
    variables.concat(release_variables)
  end
end

#user_variables(user) ⇒ Object

# File 'lib/gitlab/ci/variables/builder.rb', line 163

def user_variables(user)
  Gitlab::Ci::Variables::Collection.new.tap do |variables|
    break variables if user.blank?

    variables.append(key: 'GITLAB_USER_ID', value: user.id.to_s)
    variables.append(key: 'GITLAB_USER_EMAIL', value: user.email)
    variables.append(key: 'GITLAB_USER_LOGIN', value: user.username)
    variables.append(key: 'GITLAB_USER_NAME', value: user.name)
  end
end