diff options
Diffstat (limited to 'lib/gitlab/ci/jwt_v2.rb')
-rw-r--r-- | lib/gitlab/ci/jwt_v2.rb | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/lib/gitlab/ci/jwt_v2.rb b/lib/gitlab/ci/jwt_v2.rb index aff30455d09..9e71a9e8e91 100644 --- a/lib/gitlab/ci/jwt_v2.rb +++ b/lib/gitlab/ci/jwt_v2.rb @@ -42,11 +42,36 @@ module Gitlab end def custom_claims - super.merge( + additional_claims = { runner_id: runner&.id, runner_environment: runner_environment, sha: pipeline.sha + } + + if Feature.enabled?(:ci_jwt_v2_ref_uri_claim, pipeline.project) + additional_claims[:ci_config_ref_uri] = ci_config_ref_uri + end + + super.merge(additional_claims) + end + + def ci_config_ref_uri + project_config = Gitlab::Ci::ProjectConfig.new( + project: project, + sha: pipeline.sha, + pipeline_source: pipeline.source&.to_sym, + pipeline_source_bridge: pipeline.source_bridge ) + + return unless project_config&.source == :repository_source + + "#{project_config.url}@#{pipeline.source_ref_path}" + + # Errors are rescued to mitigate risk. This can be removed if no errors are observed. + # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117923#note_1387660746 for context. + rescue StandardError => e + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e, pipeline_id: pipeline.id) + nil end def runner_environment |