Introduce default global CI config for id_tokens (!129592) · Merge requests · GitLab.org / GitLab

Dmytro Biryukov requested to merge dbiryukov_introduce_global_ci_config_id_tokens_mr-419750 into master Aug 17, 2023

What does this MR do and why?

Related to: #419750 (closed)

We should add id_tokens to the default keyword possible inputs. Doing this will add the same id_tokens configuration automatically to every job. Then every job that uses the secrets keyword will already have an id_token set up for them to use.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before

`.gitlab-ci.yml` - Job with defaults part	Output - Job with defaults

After

`.gitlab-ci.yml` - Job with_id_tokens part	Output - Job job_with_id_tokens (overriding)

`.gitlab-ci.yml`	Output - Job job_with_defaults

How to set up and validate locally

Create a project.
Add .gitlab-ci.yml

default:
  id_tokens:
    ID_TOKEN_1:
      aud: https://gitlab.com/111
    ID_TOKEN_3:
      aud: http:://gcp.com
job_with_id_tokens:
  script:
    - echo $ID_TOKEN_1
    - echo $ID_TOKEN_2 
    - echo $ID_TOKEN_3

Validate pipeline output with $ID_TOKEN_1, $ID_TOKEN_2

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Sep 05, 2023 by Dmytro Biryukov

Introduce default global CI config for id_tokens