Merge branch '34716-environment-specific-variables-ce' into 'master'

Backports for ee-2112

Closes #34716

See merge request !12671

4 files changed, 63 insertions, 13 deletions

diff --git a/spec/lib/gitlab/sql/glob_spec.rb b/spec/lib/gitlab/sql/glob_spec.rb
new file mode 100644
index 00000000000..451c583310d
--- /dev/null
+++ b/spec/lib/gitlab/sql/glob_spec.rb
@@ -0,0 +1,53 @@
+require 'spec_helper'
+
+describe Gitlab::SQL::Glob, lib: true do
+  describe '.to_like' do
+    it 'matches * as %' do
+      expect(glob('apple', '*')).to be(true)
+      expect(glob('apple', 'app*')).to be(true)
+      expect(glob('apple', 'apple*')).to be(true)
+      expect(glob('apple', '*pple')).to be(true)
+      expect(glob('apple', 'ap*le')).to be(true)
+
+      expect(glob('apple', '*a')).to be(false)
+      expect(glob('apple', 'app*a')).to be(false)
+      expect(glob('apple', 'ap*l')).to be(false)
+    end
+
+    it 'matches % literally' do
+      expect(glob('100%', '100%')).to be(true)
+
+      expect(glob('100%', '%')).to be(false)
+    end
+
+    it 'matches _ literally' do
+      expect(glob('^_^', '^_^')).to be(true)
+
+      expect(glob('^A^', '^_^')).to be(false)
+    end
+  end
+
+  def glob(string, pattern)
+    match(string, subject.to_like(quote(pattern)))
+  end
+
+  def match(string, pattern)
+    value = query("SELECT #{quote(string)} LIKE #{pattern}")
+              .rows.flatten.first
+
+    case value
+    when 't', 1
+      true
+    else
+      false
+    end
+  end
+
+  def query(sql)
+    ActiveRecord::Base.connection.select_all(sql)
+  end
+
+  def quote(string)
+    ActiveRecord::Base.connection.quote(string)
+  end
+end
diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb
index a7ba3a7c43e..2b10791ad6d 100644
--- a/spec/models/ci/build_spec.rb
+++ b/spec/models/ci/build_spec.rb
@@ -1496,9 +1496,10 @@ describe Ci::Build, :models do
         allow(pipeline).to receive(:predefined_variables) { [pipeline_pre_var] }
         allow(build).to receive(:yaml_variables) { [build_yaml_var] }
 
-        allow(project).to receive(:secret_variables_for).with(build.ref) do
-          [create(:ci_variable, key: 'secret', value: 'value')]
-        end
+        allow(project).to receive(:secret_variables_for)
+          .with(ref: 'master', environment: nil) do
+            [create(:ci_variable, key: 'secret', value: 'value')]
+          end
       end
 
       it do
diff --git a/spec/models/ci/variable_spec.rb b/spec/models/ci/variable_spec.rb
index 50f7c029af8..4ffbfa6c130 100644
--- a/spec/models/ci/variable_spec.rb
+++ b/spec/models/ci/variable_spec.rb
@@ -8,10 +8,6 @@ describe Ci::Variable, models: true do
   describe 'validations' do
     it { is_expected.to include_module(HasVariable) }
     it { is_expected.to validate_uniqueness_of(:key).scoped_to(:project_id, :environment_scope) }
-    it { is_expected.to validate_length_of(:key).is_at_most(255) }
-    it { is_expected.to allow_value('foo').for(:key) }
-    it { is_expected.not_to allow_value('foo bar').for(:key) }
-    it { is_expected.not_to allow_value('foo/bar').for(:key) }
   end
 
   describe '.unprotected' do
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index 75fa2d2eb46..99bfab70088 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -1875,7 +1875,12 @@ describe Project, models: true do
       create(:ci_variable, :protected, value: 'protected', project: project)
     end
 
-    subject { project.secret_variables_for('ref') }
+    subject { project.secret_variables_for(ref: 'ref') }
+
+    before do
+      stub_application_setting(
+        default_branch_protection: Gitlab::Access::PROTECTION_NONE)
+    end
 
     shared_examples 'ref is protected' do
       it 'contains all the variables' do
@@ -1884,11 +1889,6 @@ describe Project, models: true do
     end
 
     context 'when the ref is not protected' do
-      before do
-        stub_application_setting(
-          default_branch_protection: Gitlab::Access::PROTECTION_NONE)
-      end
-
       it 'contains only the secret variables' do
         is_expected.to contain_exactly(secret_variable)
       end