Aller au contenu principal

GitLab Environment Export

Use this helper when migrating from GitLab CI variables to encrypted SOPS environment files.

Script:

scripts/export-gitlab-env.mjs

Requirements

a GitLab personal access token with permission to read project CI/CD variables
the target project id or project path

Recommended env var:

export GITLAB_TOKEN=glpat-...

Examples

Export staging variables:

node scripts/export-gitlab-env.mjs \
  --environment staging \
  --project-path maximegd/aaperture \
  --output infra/env/staging.from-gitlab.env

Export production variables:

node scripts/export-gitlab-env.mjs \
  --environment production \
  --project-path maximegd/aaperture \
  --output infra/env/production.from-gitlab.env

Scope resolution

The script resolves variables like GitLab environments do:

exact environment scope wins
wildcard scopes also match
* is used as fallback

Example:

DOMAIN scoped to production wins for production
DOMAIN scoped to * is used only if no more specific scope matches

Intended workflow

export GitLab variables into infra/env/*.from-gitlab.env
compare them with infra/env/*.plain.env
clean up any placeholders or outdated values
encrypt into *.env.enc with SOPS
remove the exported plain file

Requirements
Examples
Scope resolution
Intended workflow