gitlab-ci-local icon indicating copy to clipboard operation
gitlab-ci-local copied to clipboard
verified publisher icon firecow

Add mechanism to pass env vars from host into docker

Open mcintyre321 opened this issue 5 months ago • 4 comments

I am running into a problem with gitlab-ci-local's behaviour around env vars.

When you run a pipeline like

stages:
  - debug
debug:
  stage: debug
  script:
    - echo ${SOME_ENV_VAR}
debug_in_pyimage:
  stage: debug
  image: ghcr.io/astral-sh/uv:0.8.3-python3.11-alpine
  script:
    - echo ${SOME_ENV_VAR}

the SOME_ENV_VAR from the host is available in the first job, but not in the dockerised job:

$ export SOME_ENV_VAR=foo; gitlab-ci-local
parsing and downloads finished in 87 ms.
json schema validated in 185 ms
debug            starting shell (debug)
debug_in_pyimage starting ghcr.io/astral-sh/uv:0.8.3-python3.11-alpine (debug)
debug            $ echo ${SOME_ENV_VAR}
debug            > foo
debug            finished in 54 ms
debug_in_pyimage copied to docker volumes in 1.44 s
debug_in_pyimage $ echo ${SOME_ENV_VAR}
debug_in_pyimage >
debug_in_pyimage finished in 2.14 s

This creates a difference with gitlab executed pipelines- in gitlab , variables are always available to all jobs, as they have been defined as predefined variables. However, my users are defining variables locally, and, as they work locally in non-docker jobs they are surprised when they modify their pipelines to use docker, and the var is no longer available.

I understand that the correct way to pass in the vars is .gitlab-ci-local-variables.yml which I can do, but I am limited to static values - I can't check in secrets, and I can't have developers set their own env vars locally.

Describe the solution you'd like

I would like a mechanism to set variables from local env var values e.g.

An additional

.gitlab-ci-local-variables.host.yml

SOME_ENV_VAR
SOME_OTHER_VAR

These should get copied from the host into the context for all jobs, including the start and docker jobs.

Possibly I would like to restrict host env vars being passed to non-docker jobs so that the variables file is required, as this would eliminate the discrepancy in behaviour, but I think the ship has sailed

other solutions

Pass all host env vars to the docker stages without requiring additional config

mcintyre321 avatar Jul 29 '25 10:07 mcintyre321

gitlab-ci-local --env-from-host "SOME_ENV_VAR" --env-from-host "SOME_OTHER"

# .gitlab-ci-local-env
ENV_FROM_HOST=SOME_ENV_VAR,SOME_OTHER

Marking this as a feature request.

firecow avatar Jul 29 '25 12:07 firecow

@mcintyre321

You can achieve this using something like that

gitlab-ci-local --variable SOME_ENV_VAR=$SOME_ENV_VAR --variable FOO=BAR

I am limited to static values - I can't check in secrets, and I can't have developers set their own env vars locally.

i don't really understand what's the limitation you're facing with using .gitlab-ci-local-variables.yml.. isn't this a common practise done for most app that's using .env ?

ANGkeith avatar Aug 05 '25 14:08 ANGkeith

@ANGkeith People have all sorts of export in their .bashrc and they just want an easy way to pass these values to jobs, i think

firecow avatar Aug 06 '25 06:08 firecow

@mcintyre321 When running shell-executor jobs, you need to use the --shell-isolation option to prevent your hosts variables from entering the job, unless you have them in .bashrc ofcourse.

firecow avatar Aug 06 '25 06:08 firecow