Merge branch '44447-expose-deploy-token-to-ci-cd' into 'master'

Expose Deploy Token info as environment variables to CI/CD jobs Closes #44447 See merge request gitlab-org/gitlab-ce!18414
author: Grzegorz Bizon <grzegorz@gitlab.com> 2018-04-24 11:06:49 +0300
committer: Grzegorz Bizon <grzegorz@gitlab.com> 2018-04-24 11:06:49 +0300
commit: 92cb6d63543c75ec39570699ffbe958845472da9 (patch)
tree: 167eb079481ecec3d6d483145d23c8f27c4b96ba /app/models
parent: 8a726a0842f4a8e5b86d2a44c7c16219632f4249 (diff)
parent: 82d66ac96d03a4caf6d4c3c86c51009e2a4fe9fb (diff)
3 files changed, 20 insertions, 0 deletions
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index b0c02cdeec7..9000ad860e9 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -27,6 +27,7 @@ module Ci
 
     has_one :metadata, class_name: 'Ci::BuildMetadata'
     delegate :timeout, to: :metadata, prefix: true, allow_nil: true
+    delegate :gitlab_deploy_token, to: :project
 
     ##
     # The "environment" field for builds is a String, and is the unexpanded name!
@@ -604,6 +605,7 @@ module Ci
           .append(key: 'CI_REGISTRY_USER', value: CI_REGISTRY_USER)
           .append(key: 'CI_REGISTRY_PASSWORD', value: token, public: false)
           .append(key: 'CI_REPOSITORY_URL', value: repo_url, public: false)
+          .concat(deploy_token_variables)
       end
     end
 
@@ -654,6 +656,15 @@ module Ci
       end
     end
 
+    def deploy_token_variables
+      Gitlab::Ci::Variables::Collection.new.tap do |variables|
+        break variables unless gitlab_deploy_token
+
+        variables.append(key: 'CI_DEPLOY_USER', value: gitlab_deploy_token.name)
+        variables.append(key: 'CI_DEPLOY_PASSWORD', value: gitlab_deploy_token.token, public: false)
+      end
+    end
+
     def environment_url
       options&.dig(:environment, :url) || persisted_environment&.external_url
     end
diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb
index 979e9232fda..5082dc45368 100644
--- a/app/models/deploy_token.rb
+++ b/app/models/deploy_token.rb
@@ -4,6 +4,7 @@ class DeployToken < ActiveRecord::Base
   add_authentication_token_field :token
 
   AVAILABLE_SCOPES = %i(read_repository read_registry).freeze
+  GITLAB_DEPLOY_TOKEN_NAME = 'gitlab-deploy-token'.freeze
 
   default_value_for(:expires_at) { Forever.date }
 
@@ -17,6 +18,10 @@ class DeployToken < ActiveRecord::Base
 
   scope :active, -> { where("revoked = false AND expires_at >= NOW()") }
 
+  def self.gitlab_deploy_token
+    active.find_by(name: GITLAB_DEPLOY_TOKEN_NAME)
+  end
+
   def revoke!
     update!(revoked: true)
   end
diff --git a/app/models/project.rb b/app/models/project.rb
index cec1e705aa8..c293b0b8cf4 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -1879,6 +1879,10 @@ class Project < ActiveRecord::Base
     []
   end
 
+  def gitlab_deploy_token
+    @gitlab_deploy_token ||= deploy_tokens.gitlab_deploy_token
+  end
+
   private
 
   def storage
author	Grzegorz Bizon <grzegorz@gitlab.com>	2018-04-24 11:06:49 +0300
committer	Grzegorz Bizon <grzegorz@gitlab.com>	2018-04-24 11:06:49 +0300
commit	92cb6d63543c75ec39570699ffbe958845472da9 (patch)
tree	167eb079481ecec3d6d483145d23c8f27c4b96ba /app/models
parent	8a726a0842f4a8e5b86d2a44c7c16219632f4249 (diff)
parent	82d66ac96d03a4caf6d4c3c86c51009e2a4fe9fb (diff)