VladPolskiy/gitlab-foss
1
0
Fork 0
mirror of https://gitlab.com/gitlab-org/gitlab-foss.git synced 2025-07-21 23:43:41 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

Update from merge request

Browse Source
This commit is contained in:
root
2025-07-18 15:14:24 +00:00
parent c467ae2b64
commit 5233b9bf52
2 changed files with 27 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/gitlab/ci/variables/builder.rb
View File

@ -301,7 +301,7 @@ module Gitlab
def protected_ref?
strong_memoize(:protected_ref) do
project.protected_for?(pipeline.jobs_git_ref)
pipeline.protected_ref?
end
end

45
spec/lib/gitlab/ci/variables/builder_spec.rb
View File

@ -815,6 +815,13 @@ RSpec.describe Gitlab::Ci::Variables::Builder, :clean_gitlab_redis_cache, featur
end
shared_examples "secret CI variables" do
before do
# Clear memoization to ensure test isolation and prevent cached values
# from affecting test results across different scenarios
pipeline.clear_memoization(:protected_ref)
pipeline.clear_memoization(:git_ref)
end
let(:protected_variable_item) do
Gitlab::Ci::Variables::Collection::Item.fabricate(protected_variable)
end
@ -861,17 +868,21 @@ RSpec.describe Gitlab::Ci::Variables::Builder, :clean_gitlab_redis_cache, featur
let_it_be(:pipeline) { merge_request.pipelines_for_merge_request.first }
let_it_be(:job) { create(:ci_build, ref: merge_request.source_branch, tag: false, pipeline: pipeline) }
context 'when ref is protected' do
context 'when the pipeline is protected' do
before do
create(:protected_branch, :developers_can_merge, name: merge_request.source_branch, project: project)
allow(pipeline).to receive(:protected_ref?).and_return(true)
end
it 'does not return protected variables as it is not supported for merge request pipelines' do
is_expected.to contain_exactly(unprotected_variable_item)
it 'returns protected variables' do
is_expected.to contain_exactly(protected_variable_item, unprotected_variable_item)
end
end
context 'when ref is not protected' do
context 'when the pipeline is not protected' do
before do
allow(pipeline).to receive(:protected_ref?).and_return(false)
end
it { is_expected.to contain_exactly(unprotected_variable_item) }
end
end
@ -902,10 +913,9 @@ RSpec.describe Gitlab::Ci::Variables::Builder, :clean_gitlab_redis_cache, featur
context 'with protected environments' do
it 'memoizes the result by environment' do
expect(pipeline.project)
.to receive(:protected_for?)
.with(pipeline.jobs_git_ref)
.once.and_return(true)
expect(pipeline)
.to receive(:protected_ref?)
.once.and_return(true)
expect_next_instance_of(described_class::Group) do |group_variables_builder|
expect(group_variables_builder)
@ -924,10 +934,9 @@ RSpec.describe Gitlab::Ci::Variables::Builder, :clean_gitlab_redis_cache, featur
context 'with unprotected environments' do
it 'memoizes the result by environment' do
expect(pipeline.project)
.to receive(:protected_for?)
.with(pipeline.jobs_git_ref)
.once.and_return(false)
expect(pipeline)
.to receive(:protected_ref?)
.once.and_return(false)
expect_next_instance_of(described_class::Group) do |group_variables_builder|
expect(group_variables_builder)
@ -972,9 +981,8 @@ RSpec.describe Gitlab::Ci::Variables::Builder, :clean_gitlab_redis_cache, featur
context 'with protected environments' do
it 'memoizes the result by environment' do
expect(pipeline.project)
.to receive(:protected_for?)
.with(pipeline.jobs_git_ref)
expect(pipeline)
.to receive(:protected_ref?)
.once.and_return(true)
expect_next_instance_of(described_class::Project) do |project_variables_builder|
@ -994,9 +1002,8 @@ RSpec.describe Gitlab::Ci::Variables::Builder, :clean_gitlab_redis_cache, featur
context 'with unprotected environments' do
it 'memoizes the result by environment' do
expect(pipeline.project)
.to receive(:protected_for?)
.with(pipeline.jobs_git_ref)
expect(pipeline)
.to receive(:protected_ref?)
.once.and_return(false)
expect_next_instance_of(described_class::Project) do |project_variables_builder|