Add `ci_config_ref_uri` claim to Ci::JwtV2 for repository source
What does this MR do and why?
Add a new claim called ci_config_ref_uri to Ci::JwtV2.
The ci_config_ref_uri claim is only populated if the CI config is located in the repository. In a future iteration we will populate it for other config sources as well.
This MR was extracted from !121597 (closed) with a few changes. See !121597 (comment 1413086883) for context.
Related to #404722 (closed)
Screenshots or screen recordings
{
"namespace_id": "22",
"namespace_path": "gitlab-org",
"project_id": "2",
"project_path": "gitlab-org/gitlab-shell",
"user_id": "1",
"user_login": "root",
"user_email": "admin@example.com",
"pipeline_id": "13",
"pipeline_source": "push",
"job_id": "208",
"ref": "memory-limit",
"ref_type": "branch",
"ref_path": "refs/heads/memory-limit",
"ref_protected": "",
"runner_id": null,
"runner_environment": null,
"sha": "4e9b7dbc7e42626ca4f4676ad91f17951f97af9a",
"ci_config_ref_uri": "gitlab.localdev:3000/gitlab-org/gitlab-shell//.gitlab-ci.yml@refs/heads/memory-limit",
"jti": "4fd07b67-10e8-4fa5-8017-76307ad75a65",
"iss": "http://gitlab.localdev:3000",
"iat": 1686857681,
"nbf": 1686857676,
"exp": 1686857981,
"sub": "project_path:gitlab-org/gitlab-shell:ref_type:branch:ref:memory-limit",
"aud": "http://gitlab.localdev:3000"
}How to set up and validate locally
Feature.enable(:ci_jwt_v2_ref_uri_claim)
build = Ci::Build.last
Gitlab::Ci::Jwt.new(build, ttl: 1.hour).payload
Gitlab::Ci::JwtV2.new(build, aud: 'my-aud', ttl: 1.hour).payloadMR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Alishan Ladhani