UI for adding/updating variable scope

app/controllers/projects/variables_controller.rb

@@ -14,7 +14,7 @@ class Projects::VariablesController < Projects::ApplicationController
   def update
     @variable = @project.variables.find(params[:id])
 
-    if @variable.update_attributes(project_params)
+    if @variable.update_attributes(variable_params)
       redirect_to namespace_project_variables_path(project.namespace, project), notice: 'Variable was successfully updated.'
     else
       render action: "show"
@@ -22,7 +22,7 @@ class Projects::VariablesController < Projects::ApplicationController
   end
 
   def create
-    @variable = Ci::Variable.new(project_params)
+    @variable = Ci::Variable.new(variable_params)
 
     if @variable.valid? && @project.variables << @variable
       flash[:notice] = 'Variables were successfully updated.'
@@ -43,8 +43,16 @@ class Projects::VariablesController < Projects::ApplicationController
 
   private
 
-  def project_params
+  def variable_params
     params.require(:variable)
-      .permit([:id, :key, :value, :protected, :_destroy])
+      .permit(variable_params_ce.concat(variable_params_ee))
+  end
+
+  def variable_params_ce
+    %i[id key value protected _destroy]
+  end
+
+  def variable_params_ee
+    %i[scope]
   end
 end

app/views/projects/variables/_content.html.haml

@@ -2,7 +2,7 @@
   Secret variables
   = link_to icon('question-circle'), help_page_path('ci/variables/README', anchor: 'secret-variables'), target: '_blank'
 %p
-  These variables will be set to environment by the runner, and could be protected by exposing only to protected branches or tags.
+  These variables will be set to environment by the runner, and could be protected by exposing only to protected branches or tags, or some particular environments.
 %p
   So you can use them for passwords, secret keys or whatever you want.
 %p

app/views/projects/variables/_form.html.haml

@@ -7,6 +7,12 @@
   .form-group
     = f.label :value, "Value", class: "label-light"
     = f.text_area :value, class: "form-control", placeholder: "PROJECT_VARIABLE"
+  .form-group
+    = f.label :scope, "Scope", class: "label-light"
+    = f.text_field :scope, class: "form-control", placeholder: "*"
+    .help-block
+      This variable will be passed only to jobs with a matching environment name. * is a wildcard
+      = link_to icon('question-circle'), help_page_path('ci/variables/README', anchor: 'scope'), target: '_blank'
   .form-group
     .checkbox
       = f.label :protected do

app/views/projects/variables/_table.html.haml

@@ -9,6 +9,7 @@
       %th Key
       %th Value
       %th Protected
+      %th Scope
       %th
     %tbody
       - @project.variables.order_key_asc.each do |variable|
@@ -17,6 +18,7 @@
             %td.variable-key= variable.key
             %td.variable-value{ "data-value" => variable.value }******
             %td.variable-protected= Gitlab::Utils.boolean_to_yes_no(variable.protected)
+            %td.variable-scope= variable.scope
             %td.variable-menu
               = link_to namespace_project_variable_path(@project.namespace, @project, variable), class: "btn btn-transparent btn-variable-edit" do
                 %span.sr-only

spec/features/variables_spec.rb

@@ -55,6 +55,20 @@ describe 'Project variables', js: true do
     end
   end
 
+  # EE
+  it 'adds new variable with a special scope' do
+    fill_in('variable_key', with: 'key')
+    fill_in('variable_value', with: 'value')
+    fill_in('variable_scope', with: 'review/*')
+    click_button('Add new variable')
+
+    expect(page).to have_content('Variables were successfully updated.')
+    page.within('.variables-table') do
+      expect(page).to have_content('key')
+      expect(page).to have_content('review/*')
+    end
+  end
+
   it 'reveals and hides new variable' do
     fill_in('variable_key', with: 'key')
     fill_in('variable_value', with: 'key value')
@@ -142,4 +156,18 @@ describe 'Project variables', js: true do
     expect(page).to have_content('Variable was successfully updated.')
     expect(project.variables(true).first).not_to be_protected
   end
+
+  # EE
+  it 'edits variable to be another scope' do
+    page.within('.variables-table') do
+      find('.btn-variable-edit').click
+    end
+
+    expect(page).to have_content('Update variable')
+    fill_in('variable_scope', with: 'review/*')
+    click_button('Save variable')
+
+    expect(page).to have_content('Variable was successfully updated.')
+    expect(project.variables(true).first.scope).to eq('review/*')
+  end
 end