fix: support objects in variables

[pbnj]

Enables support for prefilled variables in manual pipelines:

variables:
  DEPLOY_ENVIRONMENT:
    value: "staging"  # Deploy to staging by default
    description: "The deployment target. Change this variable to 'canary' or 'production' if needed."

https://docs.gitlab.com/ee/ci/yaml/#prefill-variables-in-manual-pipelines
Signed-off-by: Peter Benjamin petermbenjamin@gmail.com

[madskristensen]

Thanks

[contrivable]

@AKorezin For src/schemas/json/gitlab-ci.json and for .gitlab-ci.yml 's job:secrets: What was the reason to have two layers of additionalProperties between secrets and vault?

I know this has since been moved to the GitLab project but appears to be simply taken over in good faith. So I rather ask here.

According to GitLab docs for secrets the following should be valid (disregarding missing siblings of secrets):

job:
  secrets:
    DATABASE_PASSWORD:
      vault: production/db/password

The above has vault of type string which the schema prohibits and instead expects a value of type object. Furthermore the key "vault" is not required at that level but one level below where one of types string and object is allowed - shortened:

"secrets": {
  "type": "object",
  "additionalProperties": {
    "type": "object",
    "additionalProperties": {
      "type": "object",
      "properties": {
        "vault": {
          "oneOf": [
            {
              "type": "string",
            },
            {
              "type": "object",
            }
          ]
        }
      },
      "required": ["vault"]

Looks to me like the other examples in GitLab docs also indicate, that schema should not have the outer additionalParameters (the one without required).

Additionally, GitLab's built-in CI linter is unhappy with the extra layer.

job:
  secrets:
    DATABASE_PASSWORD:  # Store the path to the secret in this CI/CD variable
      foo:
        vault:
          engine:
            name: kv-v2
            path: ops
          path: production/db
          field: password
  script:
      echo "bar"

is deemed invalid with warnings

jobs:job:secrets:database_password config contains unknown keys: foo
jobs:job:secrets:database_password config missing required keys: vault

All that given, I thought I would ask here and learn something.
(It has been an interesting hunt to get here.)

[AKorezin]

@contrivable oops it seems I missed this.
By the way I think it's not very useful to comment errors about gitlab-ci in this repo anymore, because of #1901 the scheme maintenance is moved to gitlab.
So I can recommend writing a bug report there.

By the way there are no more tests, as decribed in this this issue.

Some additional links

• https://gitlab.com/gitlab-org/gitlab/-/issues/344894
• https://gitlab.com/gitlab-org/gitlab/-/issues/218473

[contrivable]

@AKorezin I have seen the move but I assumed the answer to my question was only available here.

Thank you for the links and your timely answer. I will raise the bug on the GitLab side.

[contrivable]

https://gitlab.com/gitlab-org/gitlab/-/issues/345868