mirror of
https://gitlab.com/gitlab-org/gitlab-foss.git
synced 2025-08-01 16:04:19 +00:00
37 lines
1.6 KiB
Ruby
37 lines
1.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module Gitlab
|
|
module BackgroundMigration
|
|
# This migration is backwards compatible and no behavior change is expected.
|
|
#
|
|
# The settings `restrict_user_defined_variables` and `pipeline_variables_minimum_override_role` are
|
|
# expected to work together. We only consider `pipeline_variables_minimum_override_role` when
|
|
# `restrict_user_defined_variables: true`:
|
|
# * When `restrict_user_defined_variables: false` (default behavior at the time of this migration)
|
|
# we allow Developer+ roles to use pipeline variables in CI pipelines.
|
|
# * When `restrict_user_defined_variables: true` we allow the roles base on the setting
|
|
# `pipeline_variables_minimum_override_role` (developer, maintainer, owner, no_one_allowed).
|
|
#
|
|
# The goal of this migration is to enable `restrict_user_defined_variables` everywhere so we can
|
|
# rely solely on `pipeline_variables_minimum_override_role` as SSoT setting. In order to do that
|
|
# we need to set `pipeline_variables_minimum_override_role: :developer` to maintain backwards
|
|
# compatibility.
|
|
class EnableRestrictUserDefinedVariables < BatchedMigrationJob
|
|
operation_name :enable_restrict_user_defined_variables
|
|
feature_category :ci_variables
|
|
|
|
DEVELOPER_ROLE = 2
|
|
|
|
def perform
|
|
each_sub_batch do |sub_batch|
|
|
sub_batch
|
|
.where(restrict_user_defined_variables: false)
|
|
.update_all(
|
|
restrict_user_defined_variables: true,
|
|
pipeline_variables_minimum_override_role: DEVELOPER_ROLE)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|