Options
config
Configuration of Nix-GitLab-CI itself.
Type:
submodule
Default value:
{ }
config.nixJobsByDefault
Whether to transform all jobs to nix-configured jobs by default.
If false, you need to set nix.enable
for each job you want to be transformed.
Type:
boolean
Default value:
true
config.soonix
Configure the soonix .gitlab-ci.yml generation.
Type:
submodule
Default value:
{ }
config.soonix.componentInputs
Extra inputs to pass to the CI/CD component.
Type:
attribute set
Default value:
{ }
config.soonix.componentUrl
CI/CD component url.
Type:
string
Default value:
"gitlab.com/TECHNOFAB/nix-gitlab-ci/nix-gitlab-ci"
config.soonix.componentVersion
CI/CD component version. Also get's passed to inputs → version.
Type:
string
Default value:
"3.0.0"
config.soonix.extraData
Extra data to include in the .gitlab-ci.yml file.
Type:
attribute set
Default value:
{ }
packages
Final packages for use in CI. (readonly)
Type:
attribute set of package
pipelines
Defines all pipelines.
Type:
attribute set of (submodule)
Default value:
{ }
pipelines.<name>.default
Custom default values for job keywords.
Type:
anything
Default value:
unset
Declared in:
pipelines.<name>.default.after_script
Note
Moved from top level to default: GitLab Docs.
Type:
list of string
Default value:
unset
Declared in:
pipelines.<name>.default.before_script
Note
Moved from top level to default: GitLab Docs.
Type:
list of string
Default value:
unset
Declared in:
pipelines.<name>.default.cache
Note
Moved from top level to default: GitLab Docs.
Type:
(list of (attribute set)) or (attribute set)
Default value:
unset
Declared in:
pipelines.<name>.default.image
Default image to use for this entire pipeline.
Note
Moved from top level to default: GitLab Docs.
Type:
string
Default value:
unset
Declared in:
pipelines.<name>.default.services
Note
Moved from top level to default: GitLab Docs.
Type:
list of anything
Default value:
unset
Declared in:
pipelines.<name>.finalConfig
Final config of the pipeline. (readonly)
Type:
attribute set
Declared in:
pipelines.<name>.include
Import configuration from other YAML files.
Type:
attribute set
Default value:
unset
Declared in:
pipelines.<name>.jobs
Jobs for this pipeline.
Type:
attribute set of (submodule)
Default value:
{ }
Declared in:
pipelines.<name>.jobs.<name>.after_script
Override a set of commands that are executed after job.
Type:
list of string
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.allow_failure
Allow job to fail. A failed job does not cause the pipeline to fail.
Type:
boolean or (submodule)
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.allow_failure.exit_codes
Use allow_failure.exit_codes to control when a job should be allowed to fail.
The job is allow_failure = true for any of the listed exit codes, and allow_failure = false for any other exit code.
Type:
signed integer or floating point number or list of (signed integer or floating point number)
Default value:
unset
pipelines.<name>.jobs.<name>.artifacts
List of files and directories to attach to a job on success.
Type:
submodule
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.artifacts.access
Use access to determine who can access the job artifacts from the GitLab UI or API.
This option does not prevent you from forwarding artifacts to downstream pipelines.
Type:
one of "all", "developer", "maintainer", "none"
Default value:
unset
pipelines.<name>.jobs.<name>.artifacts.excludes
Use exclude to prevent files from being added to an artifacts archive.
Type:
list of string
Default value:
unset
pipelines.<name>.jobs.<name>.artifacts.expire_in
Use expire_in to specify how long job artifacts are stored before they expire and are deleted.
Type:
string
Default value:
unset
pipelines.<name>.jobs.<name>.artifacts.expose_as
Use the expose_as keyword to expose artifacts in the merge request UI.
Type:
string
Default value:
unset
pipelines.<name>.jobs.<name>.artifacts.name
Use the name keyword to define the name of the created artifacts archive. You can specify a unique name for every archive.
Type:
string
Default value:
unset
pipelines.<name>.jobs.<name>.artifacts.paths
Paths are relative to the project directory ($CI_PROJECT_DIR) and can’t directly link outside it.
Type:
list of string
Default value:
unset
pipelines.<name>.jobs.<name>.artifacts.public
Use public to determine whether the job artifacts should be publicly available.
Type:
boolean
Default value:
unset
pipelines.<name>.jobs.<name>.artifacts.reports
Use reports to collect artifacts generated by included templates in jobs.
Type:
attribute set
Default value:
unset
pipelines.<name>.jobs.<name>.artifacts.untracked
Use untracked to add all Git untracked files as artifacts (along with the paths defined in paths).
untracked ignores configuration in the repository’s .gitignore, so matching artifacts in .gitignore are included.
Type:
boolean
Default value:
unset
pipelines.<name>.jobs.<name>.artifacts.when
Use when to upload artifacts on job failure or despite the failure.
Type:
one of "on_success", "on_failure", "always"
Default value:
unset
pipelines.<name>.jobs.<name>.before_script
Override a set of commands that are executed before job.
Type:
list of string
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.cache
List of files that should be cached between subsequent runs.
Type:
(list of (attribute set)) or (attribute set)
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.coverage
Code coverage settings for a given job.
Type:
string
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.dast_configuration
Use configuration from DAST profiles on a job level.
Type:
attribute set
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.dependencies
Restrict which artifacts are passed to a specific job by providing a list of jobs to fetch artifacts from.
Type:
list of string
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.environment
Name of an environment to which the job deploys. See the implementation for nested options, or check out the docs:
Type:
string or (submodule)
Default value:
unset
Example value:
{
action = "stop";
auto_stop_in = "1 day";
deployment_tier = "staging";
name = "review/$CI_COMMIT_REF_SLUG";
url = "https://$CI_COMMIT_REF_SLUG.review.example.com";
}
Declared in:
pipelines.<name>.jobs.<name>.environment.action
Use the action keyword to specify how the job interacts with the environment.
Type:
one of "start", "prepare", "stop", "verify", "access"
Default value:
unset
pipelines.<name>.jobs.<name>.environment.auto_stop_in
The auto_stop_in keyword specifies the lifetime of the environment.
When an environment expires, GitLab automatically stops it.
Type:
string
Default value:
unset
pipelines.<name>.jobs.<name>.environment.deployment_tier
Use the deployment_tier keyword to specify the tier of the deployment environment.
Type:
one of "production", "staging", "testing", "development", "other"
Default value:
unset
pipelines.<name>.jobs.<name>.environment.kubernetes
Use the kubernetes keyword to configure the
dashboard for Kubernetes and
GitLab-managed Kubernetes resources
for an environment.
Type:
attribute set
Default value:
unset
pipelines.<name>.jobs.<name>.environment.name
Set a name for an environment.
Type:
string
Default value:
unset
Example value:
"production"
pipelines.<name>.jobs.<name>.environment.on_stop
Closing (stopping) environments can be achieved with the on_stop keyword defined under environment.
It declares a different job that runs to close the environment.
Type:
string
Default value:
unset
Example value:
"down"
pipelines.<name>.jobs.<name>.environment.url
Set a URL for an environment.
Type:
string
Default value:
unset
Example value:
"https://prod.example.com"
pipelines.<name>.jobs.<name>.extends
Configuration entries that this job inherits from.
Type:
string or list of string
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.hooks
Use hooks to specify lists of commands to execute on the runner at certain stages of job execution,
like before retrieving the Git repository.
Type:
attribute set
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.id_tokens
Use id_tokens to create ID tokens to authenticate with third party services
Type:
attribute set
Default value:
unset
Example value:
{
ID_TOKEN_1 = {
aud = "https://vault.example.com";
};
ID_TOKEN_2 = {
aud = [
"https://gcp.com"
"https://aws.com"
];
};
SIGSTORE_ID_TOKEN = {
aud = "sigstore";
};
}
Declared in:
pipelines.<name>.jobs.<name>.identity
Authenticate with third party services using identity federation.
Type:
string
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.image
Container/OCI image to use for this job.
Warning
Setting this will mess with Nix-GitLab-CI, so be careful and only use for non-nix jobs.
Type:
string or (attribute set)
Default value:
"$NIX_CI_IMAGE"
Example value:
{
docker = {
platform = "arm64/v8";
user = "dave";
};
entrypoint = [
""
];
kubernetes = {
user = "1001";
};
name = "super/sql:experimental";
pull_policy = "if-not-present";
}
Declared in:
pipelines.<name>.jobs.<name>.inherit
Select which global defaults all jobs inherit.
Type:
submodule
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.inherit.default
Use inherit.default to control the inheritance of default keywords.
Type:
boolean or list of string
Default value:
unset
pipelines.<name>.jobs.<name>.inherit.variables
Use inherit.variables to control the inheritance of default variables.
Type:
boolean or list of string
Default value:
unset
pipelines.<name>.jobs.<name>.interruptible
Defines if a job can be canceled when made redundant by a newer run.
Type:
boolean
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.manual_confirmation
Define a custom confirmation message for a manual job.
Type:
string
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.needs
Execute jobs earlier than the stage ordering.
Type:
list of (string or (attribute set))
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.nix
Nix-GitLab-CI config options for this job.
Type:
submodule
Default value:
{ }
Declared in:
pipelines.<name>.jobs.<name>.nix.deps
Dependencies to inject into the job before running it.
Type:
list of package
Default value:
[ ]
Declared in:
pipelines.<name>.jobs.<name>.nix.enable
Transform this job to a nix-configured one.
Type:
boolean
Default value:
true
Declared in:
pipelines.<name>.jobs.<name>.nix.enableRunnerCache
Cache this job using the GitLab Runner cache.
Warning
useful for tiny jobs, but most of the time it just takes an eternity.
Type:
boolean
Default value:
false
Declared in:
pipelines.<name>.jobs.<name>.nix.runnerCacheKey
Cache key to use for the runner nix cache. Requires enableRunnerCache = true.
Type:
string
Default value:
"$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
Declared in:
pipelines.<name>.jobs.<name>.pages
Upload the result of a job to use with GitLab Pages.
Type:
boolean or (submodule)
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.pages.expire_in
Use expire_in to specify how long a deployment should be available before it expires.
After the deployment is expired, it’s deactivated by a cron job running every 10 minutes.
Type:
string
Default value:
unset
pipelines.<name>.jobs.<name>.pages.path_prefix
Use pages.path_prefix to configure a path prefix for parallel deployments of GitLab Pages.
Type:
string
Default value:
unset
pipelines.<name>.jobs.<name>.pages.publish
Use pages.publish to configure the content directory of a pages job.
Type:
string
Default value:
unset
pipelines.<name>.jobs.<name>.parallel
How many instances of a job should be run in parallel.
Type:
signed integer or floating point number or list of (submodule)
Default value:
unset
Example value:
{
matrix = [
{
PROVIDER = "aws";
STACK = [
"monitoring"
"app1"
"app2"
];
}
{
PROVIDER = "ovh";
STACK = [
"monitoring"
"backup"
"app"
];
}
{
PROVIDER = [
"gcp"
"vultr"
];
STACK = [
"data"
"processing"
];
}
];
}
Declared in:
pipelines.<name>.jobs.<name>.parallel.*.matrix
Use parallel.matrix to run a job multiple times in parallel in a single pipeline, but with different variable values for each instance of the job.
Type:
attribute set
Default value:
unset
pipelines.<name>.jobs.<name>.release
Instructs the runner to generate a release object.
Type:
attribute set
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.resource_group
Limit job concurrency.
Type:
string
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.retry
When and how many times a job can be auto-retried in case of a failure.
Type:
integer between 0 and 2 (both inclusive) or (submodule)
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.retry.exit_codes
Use retry.exit_codes with retry.max to retry jobs for only specific failure cases.
Type:
signed integer or list of signed integer
Default value:
unset
pipelines.<name>.jobs.<name>.retry.max
retry.max is the maximum number of retries, like retry, and can be 0, 1, or 2.
Type:
integer between 0 and 2 (both inclusive)
Default value:
unset
pipelines.<name>.jobs.<name>.retry.when
Use retry.when with retry.max to retry jobs for only specific failure cases.
Type:
string or list of string
Default value:
unset
pipelines.<name>.jobs.<name>.rules
List of conditions to evaluate and determine selected attributes of a job, and whether or not it’s created.
Type:
list of (attribute set)
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.script
Shell script that is executed by a runner.
Type:
list of string
Declared in:
pipelines.<name>.jobs.<name>.secrets
The CI/CD secrets the job needs.
Type:
attribute set
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.services
Use Docker services images.
Type:
attribute set
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.stage
Defines a job stage.
Type:
string
Declared in:
pipelines.<name>.jobs.<name>.tags
List of tags that are used to select a runner.
Type:
list of string
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.timeout
Define a custom job-level timeout that takes precedence over the project-wide setting.
Type:
string
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.trigger
Defines a downstream pipeline trigger.
Type:
string or (attribute set)
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.variables
You can use job variables in commands in the job’s script, before_script, or after_script sections, and also with some job keywords.
Check the Supported values section of each job keyword to see if it supports variables.
Type:
attribute set of string
Default value:
unset
Declared in:
pipelines.<name>.jobs.<name>.when
When to run job. See also manual_confirmation
Type:
one of "on_success", "on_failure", "never", "always", "manual", "delayed"
Default value:
unset
Declared in:
pipelines.<name>.nix
Nix-GitLab-CI config options for this pipeline.
Type:
submodule
Default value:
{ }
Declared in:
pipelines.<name>.nix.nixJobsByDefault
Whether to transform all jobs to nix-configured jobs by default.
If false, you need to set nix.enable for each job you want to be transformed.
Type:
boolean
Default value:
true
Declared in:
pipelines.<name>.packages
Final packages for use in CI. (readonly)
Type:
attribute set of package
Declared in:
pipelines.<name>.stages
The names and order of the pipeline stages.
Note
.pre and .post are added automatically.
Type:
list of string
Default value:
[ ]
Declared in:
pipelines.<name>.variables
Define default CI/CD variables for all jobs in the pipeline. Supports strings or attrs as values, for more info see here.
Type:
attribute set of (string or (submodule))
Default value:
unset
Declared in:
pipelines.<name>.variables.<name>.description
Use the description keyword to define a description for a default variable.
Type:
string
Default value:
unset
pipelines.<name>.variables.<name>.expand
Use the expand keyword to configure a variable to be expandable or not.
Type:
boolean
Default value:
unset
pipelines.<name>.variables.<name>.options
Use options to define an array of values that are selectable in the UI when running a pipeline manually.
Type:
list of string
Default value:
unset
pipelines.<name>.variables.<name>.value
Use the value keyword to define a pipeline-level (default) variable’s value.
Type:
string
Default value:
unset
pipelines.<name>.workflow
Control what types of pipeline run.
Type:
attribute set
Default value:
unset
Declared in:
soonix
Soonix config for generating .gitlab-ci.yml. (readonly)
See config.soonix for configuring this.
Type:
attribute set