3 files changed, 77 insertions, 0 deletions

diff --git a/app/models/concerns/ci/has_variable.rb b/app/models/concerns/ci/has_variable.rb
new file mode 100644
index 00000000000..9bf2b409080
--- /dev/null
+++ b/app/models/concerns/ci/has_variable.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Ci
+  module HasVariable
+    extend ActiveSupport::Concern
+
+    included do
+      enum variable_type: {
+        env_var: 1,
+        file: 2
+      }
+
+      validates :key,
+        presence: true,
+        length: { maximum: 255 },
+        format: { with: /\A[a-zA-Z0-9_]+\z/,
+                  message: "can contain only letters, digits and '_'." }
+
+      scope :order_key_asc, -> { reorder(key: :asc) }
+
+      attr_encrypted :value,
+        mode: :per_attribute_iv_and_salt,
+        insecure_mode: true,
+        key: Settings.attr_encrypted_db_key_base,
+        algorithm: 'aes-256-cbc'
+
+      def key=(new_key)
+        super(new_key.to_s.strip)
+      end
+    end
+
+    def to_runner_variable
+      { key: key, value: value, public: false, file: file? }
+    end
+  end
+end
diff --git a/app/models/concerns/ci/maskable.rb b/app/models/concerns/ci/maskable.rb
new file mode 100644
index 00000000000..15bc48bf964
--- /dev/null
+++ b/app/models/concerns/ci/maskable.rb
@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Ci
+  module Maskable
+    extend ActiveSupport::Concern
+
+    # * Single line
+    # * No escape characters
+    # * No variables
+    # * No spaces
+    # * Minimal length of 8 characters
+    # * Characters must be from the Base64 alphabet (RFC4648) with the addition of @ and :
+    # * Absolutely no fun is allowed
+    REGEX = /\A[a-zA-Z0-9_+=\/@:-]{8,}\z/.freeze
+
+    included do
+      validates :masked, inclusion: { in: [true, false] }
+      validates :value, format: { with: REGEX }, if: :masked?
+    end
+
+    def to_runner_variable
+      super.merge(masked: masked?)
+    end
+  end
+end
diff --git a/app/models/concerns/ci/new_has_variable.rb b/app/models/concerns/ci/new_has_variable.rb
new file mode 100644
index 00000000000..546d243e5de
--- /dev/null
+++ b/app/models/concerns/ci/new_has_variable.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Ci
+  module NewHasVariable
+    extend ActiveSupport::Concern
+    include Ci::HasVariable
+
+    included do
+      attr_encrypted :value,
+        mode: :per_attribute_iv,
+        algorithm: 'aes-256-gcm',
+        key: Settings.attr_encrypted_db_key_base_32,
+        insecure_mode: false
+    end
+  end
+end