{"id":49469,"date":"2025-05-26T19:00:44","date_gmt":"2025-05-26T19:00:44","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=49469"},"modified":"2025-05-26T19:00:44","modified_gmt":"2025-05-26T19:00:44","slug":"gitlab-method-to-define-variables-in-gitlab","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/gitlab-method-to-define-variables-in-gitlab\/","title":{"rendered":"Gitlab: Method to Define Variables in GitLab"},"content":{"rendered":"\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd0d Example You Gave:<\/h2>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">DOCKER_IMAGE: <span class=\"hljs-string\">\"$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG\"<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd39 Explanation:<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Variable<\/th><th>Purpose<\/th><\/tr><\/thead><tbody><tr><td><code>CI_REGISTRY_IMAGE<\/code><\/td><td>Built-in CI variable \u2014 the full image path for your project\u2019s Container Registry (e.g., <code>registry.gitlab.com\/mygroup\/myproject<\/code>)<\/td><\/tr><tr><td><code>CI_COMMIT_REF_SLUG<\/code><\/td><td>Built-in CI variable \u2014 a simplified, URL-safe version of your branch\/tag name (e.g., <code>main<\/code>, <code>feature-login<\/code>)<\/td><\/tr><tr><td><code>DOCKER_IMAGE<\/code><\/td><td>Custom variable created <strong>inside <code>gitlab-ci.yml<\/code><\/strong> by using other variables<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>\u27a1\ufe0f This means you&#8217;re building something like:<\/p>\n\n\n<pre class=\"wp-block-code\"><span><code class=\"hljs\">DOCKER_IMAGE=registry.gitlab.com\/mygroup\/myproject:main\n<\/code><\/span><\/pre>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udce6 Ways to Define Variables in GitLab<\/h2>\n\n\n\n<p>Here are all the places where you can define and use <strong>GitLab CI\/CD variables<\/strong>, and how they behave:<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">1. \ud83e\uddfe <code>gitlab-ci.yml<\/code> (Project-Level Static)<\/h3>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">variables:\n  ENV: <span class=\"hljs-string\">\"production\"<\/span>\n  <span class=\"hljs-attr\">DOCKER_IMAGE<\/span>: <span class=\"hljs-string\">\"$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG\"<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>| \u2705 Use Case | Fixed values used across the pipeline (e.g., timeouts, env labels) |<br>| \u26a0\ufe0f Security | Not encrypted; not for secrets |<br>| \ud83d\udd01 Scope | Global or job-specific |<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">2. \ud83d\udd12 <strong>GitLab UI \u2192 Project Settings &gt; CI\/CD &gt; Variables<\/strong><\/h3>\n\n\n\n<p><strong>GitLab.com path<\/strong>: <code>Project \u2192 Settings \u2192 CI\/CD \u2192 Variables<\/code><\/p>\n\n\n\n<p>| \u2705 Use Case | Store <strong>secrets<\/strong>, API keys, tokens, passwords |<br>| \ud83d\udd12 Security | Encrypted at rest, not visible in job logs by default |<br>| \ud83e\udde0 Scope | Project, group, or environment |<br>| \ud83d\udd04 Runtime options | Protect (only runs on protected branches\/tags), Mask (hide value), File (export as file) |<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">3. \ud83c\udf0d <strong>Group-Level CI\/CD Variables<\/strong><\/h3>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><code>Group \u2192 Settings \u2192 CI\/CD \u2192 Variables<\/code><\/p>\n<\/blockquote>\n\n\n\n<p>| \u2705 Use Case | Share CI\/CD secrets across multiple projects in a group |<br>| \ud83d\udce6 Example | Docker credentials, shared API tokens |<br>| \ud83d\udccc Inherited by | All projects within the group\/subgroup (unless overridden) |<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">4. \ud83e\udde0 <strong>Environment-Specific Variables (Scoped)<\/strong><\/h3>\n\n\n\n<p>In the <strong>UI<\/strong>, add a variable and set its scope:<\/p>\n\n\n<pre class=\"wp-block-code\"><span><code class=\"hljs\">Key: AWS_KEY\nEnvironment scope: staging\n<\/code><\/span><\/pre>\n\n\n<p>| \u2705 Use Case | Different values for <code>dev<\/code>, <code>staging<\/code>, <code>production<\/code> |<br>| \u26a0\ufe0f Behavior | Used <strong>only<\/strong> in jobs running for that environment |<br>| \ud83d\udccc Tip | Use <code>environment:<\/code> keyword in job to match |<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">5. \ud83e\uddea <strong>Job-Level Variable Overrides<\/strong><\/h3>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">deploy_prod:\n  stage: deploy\n  script:\n    - <span class=\"hljs-keyword\">echo<\/span> $ENVIRONMENT\n  variables:\n    ENVIRONMENT: <span class=\"hljs-string\">\"production\"<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>| \u2705 Use Case | Override for one job only |<br>| \ud83d\udd01 Scope | Temporary within that job |<br>| \ud83e\udde9 Can override global\/project\/group variables \u2705 |<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">6. \u2328\ufe0f <strong>Trigger Pipeline Variables (via API or UI)<\/strong><\/h3>\n\n\n\n<p>Trigger pipeline with dynamic values:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-4\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">curl --request POST \\\n  --form token=TRIGGER_TOKEN \\\n  --form ref=main \\\n  --form <span class=\"hljs-string\">\"variables&#91;RELEASE_ENV]=staging\"<\/span> \\\n  <span class=\"hljs-attr\">https<\/span>:<span class=\"hljs-comment\">\/\/gitlab.com\/api\/v4\/projects\/123456\/trigger\/pipeline<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-4\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>| \u2705 Use Case | External scripts, GitOps, dynamic environments |<br>| \ud83d\udce9 Value injected | At pipeline run time |<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">7. \ud83e\uddf1 <strong><code>.gitlab-ci.yml<\/code> Includes + Templates<\/strong><\/h3>\n\n\n\n<p>Variables can also come from included YAML:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-5\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-keyword\">include<\/span>:\n  - project: <span class=\"hljs-string\">'common\/ci-templates'<\/span>\n    file: <span class=\"hljs-string\">'\/templates\/vars.yml'<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-5\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u2705 Summary Table<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Method<\/th><th>Encrypted?<\/th><th>Scope<\/th><th>Best For<\/th><\/tr><\/thead><tbody><tr><td><code>.gitlab-ci.yml<\/code><\/td><td>\u274c<\/td><td>Global\/Job<\/td><td>Static config vars, labels<\/td><\/tr><tr><td>Project UI Variables<\/td><td>\u2705<\/td><td>Project-wide<\/td><td>Secrets, tokens, credentials<\/td><\/tr><tr><td>Group Variables<\/td><td>\u2705<\/td><td>Multi-project<\/td><td>Shared cloud keys, API access<\/td><\/tr><tr><td>Environment-Scoped Variables<\/td><td>\u2705<\/td><td>Per environment<\/td><td>Per-env secrets (e.g., AWS creds)<\/td><\/tr><tr><td>Job-Level Variables<\/td><td>\u274c<\/td><td>Single job<\/td><td>Overrides, temp flags<\/td><\/tr><tr><td>Trigger Variables (API\/UI)<\/td><td>\u2705<\/td><td>Pipeline runtime<\/td><td>GitOps, external triggers<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Would you like:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A <strong>visual map<\/strong> of where each variable type fits in CI\/CD flow?<\/li>\n\n\n\n<li>A script or <code>.yml<\/code> template showing <strong>overrides<\/strong> in action?<\/li>\n\n\n\n<li>Best practices to <strong>secure variables in shared runners<\/strong>?<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ud83d\udd0d Example You Gave: \ud83d\udd39 Explanation: Variable Purpose CI_REGISTRY_IMAGE Built-in CI variable \u2014 the full image path for your project\u2019s Container Registry (e.g., registry.gitlab.com\/mygroup\/myproject) CI_COMMIT_REF_SLUG Built-in CI variable \u2014 a&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-49469","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/49469","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=49469"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/49469\/revisions"}],"predecessor-version":[{"id":49470,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/49469\/revisions\/49470"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=49469"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=49469"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=49469"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}