{"id":807,"date":"2026-03-25T09:47:11","date_gmt":"2026-03-25T08:47:11","guid":{"rendered":"https:\/\/secure-pipelines.com\/uncategorized\/lab-securing-gitlab-ci-pipelines-protected-variables-runners-environments\/"},"modified":"2026-03-25T09:47:11","modified_gmt":"2026-03-25T08:47:11","slug":"lab-securing-gitlab-ci-pipelines-protected-variables-runners-environments","status":"publish","type":"post","link":"https:\/\/secure-pipelines.com\/ar\/ci-cd-security\/lab-securing-gitlab-ci-pipelines-protected-variables-runners-environments\/","title":{"rendered":"\u062a\u0645\u0631\u064a\u0646 \u0639\u0645\u0644\u064a: \u062a\u0623\u0645\u064a\u0646 \u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 GitLab CI \u2014 Protected Variables \u0648 Runners \u0648 Environments"},"content":{"rendered":"<h2>\u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629<\/h2>\n<p>\u064a\u064f\u0639\u062f GitLab CI \u062b\u0627\u0646\u064a \u0623\u0643\u062b\u0631 \u0645\u0646\u0635\u0627\u062a CI\/CD \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u064b\u0627 \u0641\u064a \u0627\u0644\u0642\u0637\u0627\u0639\u060c \u062d\u064a\u062b \u064a\u064f\u0634\u063a\u0651\u0644 \u0645\u0644\u0627\u064a\u064a\u0646 \u062e\u0637\u0648\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0639\u0628\u0631 \u0645\u0624\u0633\u0633\u0627\u062a \u0628\u0645\u062e\u062a\u0644\u0641 \u0627\u0644\u0623\u062d\u062c\u0627\u0645. \u064a\u062c\u0639\u0644 \u062a\u0643\u0627\u0645\u0644\u0647 \u0627\u0644\u0648\u062b\u064a\u0642 \u0645\u0639 \u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u062d\u0643\u0645 \u0628\u0627\u0644\u0645\u0635\u0627\u062f\u0631 \u0645\u0646\u0647 \u0623\u062f\u0627\u0629 \u0645\u0631\u064a\u062d\u0629 \u0644\u0644\u063a\u0627\u064a\u0629 \u2014 \u0644\u0643\u0646 \u0647\u0630\u0627 \u0627\u0644\u062a\u0643\u0627\u0645\u0644 \u0630\u0627\u062a\u0647 \u064a\u064f\u0646\u0634\u0626 \u0633\u0637\u062d \u0647\u062c\u0648\u0645 \u0648\u0627\u0633\u0639\u064b\u0627 \u0625\u0630\u0627 \u0644\u0645 \u064a\u062a\u0645 \u062a\u0642\u0648\u064a\u0629 \u062e\u0637\u0648\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0628\u0634\u0643\u0644 \u0645\u062a\u0639\u0645\u062f.<\/p>\n<p>\u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u062a\u0645\u0631\u064a\u0646 \u0627\u0644\u0639\u0645\u0644\u064a \u0633\u062a\u0645\u0631 \u0628\u0633\u062a\u0629 \u062a\u0645\u0627\u0631\u064a\u0646 \u062a\u064f\u0624\u0645\u0651\u0646 \u062e\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 GitLab CI \u0628\u0634\u0643\u0644 \u062a\u062f\u0631\u064a\u062c\u064a. \u0633\u062a\u0628\u062f\u0623 \u0628\u062a\u0643\u0648\u064a\u0646 \u063a\u064a\u0631 \u0622\u0645\u0646 \u0639\u0645\u062f\u064b\u0627 \u062d\u064a\u062b \u062a\u0643\u0648\u0646 \u062c\u0645\u064a\u0639 \u0627\u0644\u0645\u062a\u063a\u064a\u0631\u0627\u062a \u0645\u0631\u0626\u064a\u0629 \u0644\u0643\u0644 \u0641\u0631\u0639\u060c \u0648\u062a\u062a\u0639\u0627\u0645\u0644 shared runners \u0645\u0639 \u062c\u0645\u064a\u0639 \u0627\u0644\u0645\u0647\u0627\u0645\u060c \u0648\u0644\u0627 \u062a\u0648\u062c\u062f \u0628\u0648\u0627\u0628\u0627\u062a \u0628\u064a\u0626\u064a\u0629. \u0628\u0646\u0647\u0627\u064a\u0629 \u0627\u0644\u062a\u0645\u0631\u064a\u0646 \u0633\u064a\u0643\u0648\u0646 \u0644\u062f\u064a\u0643 \u062e\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 \u064a\u0641\u0631\u0636 <strong>\u0648\u0635\u0648\u0644\u064b\u0627 \u0645\u062d\u062f\u0648\u062f\u064b\u0627 \u0644\u0644\u0645\u062a\u063a\u064a\u0631\u0627\u062a \u0648\u0641\u0642 \u0645\u0628\u062f\u0623 \u0627\u0644\u062d\u062f \u0627\u0644\u0623\u062f\u0646\u0649 \u0645\u0646 \u0627\u0644\u0635\u0644\u0627\u062d\u064a\u0627\u062a<\/strong>\u060c \u0648<strong>runners \u0645\u062e\u0635\u0635\u0629 \u0627\u0644\u0646\u0637\u0627\u0642<\/strong>\u060c \u0648<strong>\u0628\u064a\u0626\u0627\u062a \u0645\u062d\u0645\u064a\u0629 \u0645\u0639 \u0645\u0648\u0627\u0641\u0642\u0627\u062a \u0639\u0644\u0649 \u0627\u0644\u0646\u0634\u0631<\/strong>\u060c \u0648<strong>\u062a\u0642\u064a\u064a\u062f \u0648\u0635\u0648\u0644 CI_JOB_TOKEN<\/strong>\u060c \u0648<strong>\u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 merge request \u0622\u0645\u0646\u0629<\/strong>\u060c \u0648<strong>\u0636\u0648\u0627\u0628\u0637 \u062a\u0642\u0648\u064a\u0629 \u0625\u0636\u0627\u0641\u064a\u0629<\/strong> \u062a\u0634\u0645\u0644 \u0643\u0634\u0641 \u0627\u0644\u0623\u0633\u0631\u0627\u0631.<\/p>\n<p>\u0643\u0644 \u0623\u0645\u0631 \u0648\u0645\u0642\u0637\u0639 YAML \u0648\u0645\u0633\u0627\u0631 \u0648\u0627\u062c\u0647\u0629 \u0645\u0633\u062a\u062e\u062f\u0645 \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u062a\u0645\u0631\u064a\u0646 \u0645\u0628\u0646\u064a \u0639\u0644\u0649 GitLab 16.x \/ 17.x \u0648\u064a\u0639\u0645\u0644 \u0639\u0644\u0649 \u0627\u0644\u0637\u0628\u0642\u0629 \u0627\u0644\u0645\u062c\u0627\u0646\u064a\u0629 \u0645\u0646 GitLab.com.<\/p>\n<h2>\u0627\u0644\u0645\u062a\u0637\u0644\u0628\u0627\u062a \u0627\u0644\u0623\u0633\u0627\u0633\u064a\u0629<\/h2>\n<ul>\n<li><strong>\u062d\u0633\u0627\u0628 GitLab<\/strong> \u2014 \u0627\u0644\u0637\u0628\u0642\u0629 \u0627\u0644\u0645\u062c\u0627\u0646\u064a\u0629 \u0639\u0644\u0649 <a href=\"https:\/\/gitlab.com\" target=\"_blank\" rel=\"noopener\">gitlab.com<\/a> \u0643\u0627\u0641\u064a\u0629 \u0644\u062c\u0645\u064a\u0639 \u0627\u0644\u062a\u0645\u0627\u0631\u064a\u0646.<\/li>\n<li><strong>\u0645\u0634\u0631\u0648\u0639 \u062a\u062c\u0631\u064a\u0628\u064a<\/strong> \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u062a\u0637\u0628\u064a\u0642 \u0628\u0633\u064a\u0637 (\u062d\u062a\u0649 \u0645\u0644\u0641 <code>index.html<\/code> \u0648\u0627\u062d\u062f \u064a\u0643\u0641\u064a) \u0648\u0645\u0644\u0641 <code>.gitlab-ci.yml<\/code> \u0641\u064a \u062c\u0630\u0631 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639.<\/li>\n<li>\u0625\u0644\u0645\u0627\u0645 \u0623\u0633\u0627\u0633\u064a \u0628\u0640<strong>\u0635\u064a\u063a\u0629 GitLab CI<\/strong>: \u0627\u0644\u0645\u0631\u0627\u062d\u0644 (stages)\u060c \u0648\u0627\u0644\u0645\u0647\u0627\u0645 (jobs)\u060c \u0648\u0627\u0644\u0633\u0643\u0631\u0628\u062a\u0627\u062a (scripts)\u060c \u0648\u0627\u0644\u0642\u0648\u0627\u0639\u062f (rules).<\/li>\n<li>(\u0627\u062e\u062a\u064a\u0627\u0631\u064a) \u062c\u0647\u0627\u0632 Linux \u0623\u0648 macOS \u0625\u0630\u0627 \u0643\u0646\u062a \u062a\u062e\u0637\u0637 \u0644\u062a\u0633\u062c\u064a\u0644 GitLab Runner \u062e\u0627\u0635 \u0628\u0643 \u0641\u064a \u0627\u0644\u062a\u0645\u0631\u064a\u0646 2.<\/li>\n<\/ul>\n<h2>\u0625\u0639\u062f\u0627\u062f \u0627\u0644\u0628\u064a\u0626\u0629<\/h2>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 1 \u2014 \u0625\u0646\u0634\u0627\u0621 \u0645\u0634\u0631\u0648\u0639 GitLab \u062c\u062f\u064a\u062f<\/h3>\n<ol>\n<li>\u0627\u0646\u062a\u0642\u0644 \u0625\u0644\u0649 <strong>GitLab &gt; New Project &gt; Create blank project<\/strong>.<\/li>\n<li>\u0633\u0645\u0651\u0647 <code>secure-pipeline-lab<\/code>\u060c \u0648\u0627\u0636\u0628\u0637 \u0627\u0644\u0631\u0624\u064a\u0629 \u0639\u0644\u0649 <strong>Private<\/strong>\u060c \u0648\u0642\u0645 \u0628\u062a\u0647\u064a\u0626\u062a\u0647 \u0645\u0639 \u0645\u0644\u0641 README.<\/li>\n<li>\u062a\u062d\u062a <strong>Settings &gt; Repository &gt; Protected branches<\/strong>\u060c \u062a\u0623\u0643\u062f \u0623\u0646 <code>main<\/code> \u0645\u064f\u062f\u0631\u062c \u0643\u0641\u0631\u0639 \u0645\u062d\u0645\u064a (\u0647\u0630\u0627 \u0647\u0648 \u0627\u0644\u0625\u0639\u062f\u0627\u062f \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a).<\/li>\n<\/ol>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 2 \u2014 \u0625\u0636\u0627\u0641\u0629 \u062a\u0637\u0628\u064a\u0642 \u0628\u0633\u064a\u0637<\/h3>\n<p>\u0623\u0646\u0634\u0626 \u0645\u0644\u0641 <code>index.html<\/code> \u0641\u064a \u062c\u0630\u0631 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639:<\/p>\n<pre><code>&lt;!DOCTYPE html&gt;\n&lt;html lang=\"en\"&gt;\n&lt;head&gt;&lt;meta charset=\"UTF-8\"&gt;&lt;title&gt;Secure Pipeline Lab&lt;\/title&gt;&lt;\/head&gt;\n&lt;body&gt;&lt;h1&gt;Hello, GitLab CI!&lt;\/h1&gt;&lt;\/body&gt;\n&lt;\/html&gt;<\/code><\/pre>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 3 \u2014 \u0625\u0646\u0634\u0627\u0621 \u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0627\u0644\u0623\u0648\u0644\u064a (\u063a\u064a\u0631 \u0627\u0644\u0622\u0645\u0646)<\/h3>\n<p>\u0623\u0636\u0641 \u0645\u0644\u0641 <code>.gitlab-ci.yml<\/code> \u0627\u0644\u062a\u0627\u0644\u064a. \u0647\u0630\u0627 <em>\u063a\u064a\u0631 \u0622\u0645\u0646 \u0639\u0645\u062f\u064b\u0627<\/em> \u2014 \u0625\u0646\u0647 \u0646\u0642\u0637\u0629 \u0627\u0644\u0628\u062f\u0627\u064a\u0629 \u0627\u0644\u062a\u064a \u0633\u0646\u0642\u0648\u0645 \u0628\u062a\u0642\u0648\u064a\u062a\u0647\u0627 \u062e\u0644\u0627\u0644 \u0627\u0644\u062a\u0645\u0631\u064a\u0646:<\/p>\n<pre><code># .gitlab-ci.yml \u2014 INSECURE starting point\nstages:\n  - build\n  - test\n  - deploy\n\nbuild-job:\n  stage: build\n  script:\n    - echo \"Building the application...\"\n    - echo \"DB_PASSWORD is $DB_PASSWORD\"   # Variable printed to logs!\n\ntest-job:\n  stage: test\n  script:\n    - echo \"Running tests...\"\n    - echo \"API_KEY is $API_KEY\"            # Variable printed to logs!\n\ndeploy-job:\n  stage: deploy\n  script:\n    - echo \"Deploying to production...\"\n    - echo \"DEPLOY_TOKEN is $DEPLOY_TOKEN\" # Variable printed to logs!\n<\/code><\/pre>\n<p>\u064a\u0639\u0627\u0646\u064a \u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0647\u0630\u0627 \u0645\u0646 \u0639\u062f\u0629 \u0645\u0634\u0627\u0643\u0644:<\/p>\n<ul>\n<li>\u062c\u0645\u064a\u0639 \u0645\u062a\u063a\u064a\u0631\u0627\u062a CI\/CD \u0645\u062a\u0627\u062d\u0629 \u0644\u0640<strong>\u0643\u0644 \u0641\u0631\u0639<\/strong>\u060c \u0628\u0645\u0627 \u0641\u064a \u0630\u0644\u0643 \u0627\u0644\u0641\u0631\u0648\u0639 \u0627\u0644\u062a\u064a \u064a\u0646\u0634\u0626\u0647\u0627 \u0645\u0633\u0627\u0647\u0645\u0648\u0646 \u062e\u0627\u0631\u062c\u064a\u0648\u0646.<\/li>\n<li>\u064a\u062a\u0645 \u0637\u0628\u0627\u0639\u0629 \u0627\u0644\u0645\u062a\u063a\u064a\u0631\u0627\u062a \u0645\u0628\u0627\u0634\u0631\u0629 \u0641\u064a \u0633\u062c\u0644\u0627\u062a \u0627\u0644\u0645\u0647\u0627\u0645 \u2014 \u0623\u064a \u0634\u062e\u0635 \u0644\u062f\u064a\u0647 \u0648\u0635\u0648\u0644 \u0644\u0644\u0633\u062c\u0644\u0627\u062a \u064a\u0645\u0643\u0646\u0647 \u0642\u0631\u0627\u0621\u062a\u0647\u0627.<\/li>\n<li>\u062a\u0639\u0645\u0644 \u0627\u0644\u0645\u0647\u0627\u0645 \u0639\u0644\u0649 <strong>shared runners<\/strong> \u0628\u062f\u0648\u0646 \u0636\u0645\u0627\u0646\u0627\u062a \u0639\u0632\u0644.<\/li>\n<li>\u0644\u0627 \u062a\u0648\u062c\u062f <strong>\u0628\u0648\u0627\u0628\u0627\u062a \u0628\u064a\u0626\u064a\u0629<\/strong> \u2014 \u062a\u0639\u0645\u0644 \u0645\u0647\u0645\u0629 \u0627\u0644\u0646\u0634\u0631 \u062a\u0644\u0642\u0627\u0626\u064a\u064b\u0627 \u0639\u0646\u062f \u0643\u0644 \u062f\u0641\u0639.<\/li>\n<\/ul>\n<p>\u0642\u0645 \u0628\u0625\u064a\u062f\u0627\u0639 \u0647\u0630\u0627 \u0627\u0644\u0645\u0644\u0641 \u0641\u064a <code>main<\/code> \u0648\u062a\u062d\u0642\u0642 \u0645\u0646 \u062a\u0634\u063a\u064a\u0644 \u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628. \u0627\u0644\u0622\u0646 \u0644\u0646\u0642\u0645 \u0628\u0625\u0635\u0644\u0627\u062d \u0643\u0644 \u0645\u0646 \u0647\u0630\u0647 \u0627\u0644\u0645\u0634\u0627\u0643\u0644.<\/p>\n<h2>\u0627\u0644\u062a\u0645\u0631\u064a\u0646 1: Protected Variables \u0648 Masked Variables<\/h2>\n<p>\u062a\u062f\u0639\u0645 \u0645\u062a\u063a\u064a\u0631\u0627\u062a GitLab CI\/CD \u062b\u0644\u0627\u062b \u0639\u0644\u0627\u0645\u0627\u062a \u062d\u0645\u0627\u064a\u0629 \u062a\u0642\u0644\u0644 \u0628\u0634\u0643\u0644 \u0643\u0628\u064a\u0631 \u0645\u0646 \u0646\u0637\u0627\u0642 \u0627\u0644\u0636\u0631\u0631 \u0641\u064a \u062d\u0627\u0644\u0629 \u0627\u062e\u062a\u0631\u0627\u0642 \u0641\u0631\u0639 \u0623\u0648 fork.<\/p>\n<h3>\u0641\u0647\u0645 \u0627\u0644\u0639\u0644\u0627\u0645\u0627\u062a \u0627\u0644\u062b\u0644\u0627\u062b<\/h3>\n<table>\n<thead>\n<tr>\n<th>\u0627\u0644\u0639\u0644\u0627\u0645\u0629<\/th>\n<th>\u0627\u0644\u062a\u0623\u062b\u064a\u0631<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Protected<\/strong><\/td>\n<td>\u064a\u062a\u0645 \u062d\u0642\u0646 \u0627\u0644\u0645\u062a\u063a\u064a\u0631 <em>\u0641\u0642\u0637<\/em> \u0641\u064a \u062e\u0637\u0648\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0627\u0644\u062a\u064a \u062a\u0639\u0645\u0644 \u0639\u0644\u0649 <strong>\u0627\u0644\u0641\u0631\u0648\u0639 \u0623\u0648 \u0627\u0644\u0648\u0633\u0648\u0645 \u0627\u0644\u0645\u062d\u0645\u064a\u0629<\/strong>. \u0644\u0646 \u064a\u0631\u0649 \u062e\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 \u064a\u0639\u0645\u0644 \u0645\u0646 \u0641\u0631\u0639 \u0645\u064a\u0632\u0629 \u0623\u0648 fork \u0627\u0644\u0642\u064a\u0645\u0629 \u0623\u0628\u062f\u064b\u0627.<\/td>\n<\/tr>\n<tr>\n<td><strong>Masked<\/strong><\/td>\n<td>\u064a\u062d\u062c\u0628 GitLab \u0642\u064a\u0645\u0629 \u0627\u0644\u0645\u062a\u063a\u064a\u0631 \u0645\u0646 \u0633\u062c\u0644\u0627\u062a \u0627\u0644\u0645\u0647\u0627\u0645. \u0625\u0630\u0627 \u0637\u0628\u0639 \u0633\u0643\u0631\u0628\u062a \u0627\u0644\u0642\u064a\u0645\u0629 \u0639\u0646 \u0637\u0631\u064a\u0642 \u0627\u0644\u062e\u0637\u0623\u060c \u064a\u0639\u0631\u0636 \u0627\u0644\u0633\u062c\u0644 <code>[MASKED]<\/code> \u0628\u062f\u0644\u0627\u064b \u0645\u0646\u0647\u0627.<\/td>\n<\/tr>\n<tr>\n<td><strong>Hidden<\/strong> (GitLab 17+)<\/td>\n<td>\u0644\u0627 \u064a\u0645\u0643\u0646 \u0643\u0634\u0641 \u0642\u064a\u0645\u0629 \u0627\u0644\u0645\u062a\u063a\u064a\u0631 \u0641\u064a \u0648\u0627\u062c\u0647\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0628\u0639\u062f \u0625\u0646\u0634\u0627\u0626\u0647 \u2014 \u062d\u062a\u0649 \u0645\u0646 \u0642\u0628\u0644 \u0645\u0634\u0631\u0641\u064a \u0627\u0644\u0645\u0634\u0631\u0648\u0639. \u0645\u0641\u064a\u062f \u0644\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u062a\u064a \u064a\u062f\u064a\u0631\u0647\u0627 \u0641\u0631\u064a\u0642 \u0627\u0644\u0645\u0646\u0635\u0629 \u0648\u0627\u0644\u062a\u064a \u0644\u0627 \u064a\u062c\u0628 \u0623\u0646 \u064a\u0631\u0627\u0647\u0627 \u0627\u0644\u0645\u0637\u0648\u0631\u0648\u0646 \u0628\u0646\u0635 \u0648\u0627\u0636\u062d \u0623\u0628\u062f\u064b\u0627.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 1 \u2014 \u0625\u0646\u0634\u0627\u0621 \u0627\u0644\u0645\u062a\u063a\u064a\u0631\u0627\u062a<\/h3>\n<ol>\n<li>\u0627\u0630\u0647\u0628 \u0625\u0644\u0649 <strong>Settings &gt; CI\/CD &gt; Variables &gt; Expand &gt; Add variable<\/strong>.<\/li>\n<li>\u0623\u0646\u0634\u0626 \u0627\u0644\u0645\u062a\u063a\u064a\u0631\u0627\u062a \u0627\u0644\u062a\u0627\u0644\u064a\u0629:<\/li>\n<\/ol>\n<table>\n<thead>\n<tr>\n<th>\u0627\u0644\u0645\u0641\u062a\u0627\u062d<\/th>\n<th>\u0627\u0644\u0642\u064a\u0645\u0629 (\u0645\u062b\u0627\u0644)<\/th>\n<th>Protected<\/th>\n<th>Masked<\/th>\n<th>Hidden<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><code>DEPLOY_TOKEN<\/code><\/td>\n<td><code>glpat-xxxxxxxxxxxxxxxxxxxx<\/code><\/td>\n<td>\u0646\u0639\u0645<\/td>\n<td>\u0646\u0639\u0645<\/td>\n<td>\u0644\u0627<\/td>\n<\/tr>\n<tr>\n<td><code>DB_PASSWORD<\/code><\/td>\n<td><code>S3cur3P@ssw0rd!2024<\/code><\/td>\n<td>\u0646\u0639\u0645<\/td>\n<td>\u0646\u0639\u0645<\/td>\n<td>\u0646\u0639\u0645<\/td>\n<\/tr>\n<tr>\n<td><code>API_KEY<\/code><\/td>\n<td><code>sk-test-abc123def456<\/code><\/td>\n<td>\u0644\u0627<\/td>\n<td>\u0646\u0639\u0645<\/td>\n<td>\u0644\u0627<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 2 \u2014 \u062a\u062d\u062f\u064a\u062b \u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628<\/h3>\n<pre><code># .gitlab-ci.yml \u2014 Exercise 1\nstages:\n  - build\n  - test\n  - deploy\n\nbuild-job:\n  stage: build\n  script:\n    - echo \"Building the application...\"\n    - echo \"API_KEY value length = ${#API_KEY}\"  # Safe: prints length, not value\n\ntest-job:\n  stage: test\n  script:\n    - echo \"Running tests...\"\n    # Attempting to print a masked variable:\n    - echo \"DB_PASSWORD is $DB_PASSWORD\"\n    # Output will show: DB_PASSWORD is [MASKED]\n\ndeploy-job:\n  stage: deploy\n  script:\n    - echo \"Deploying with DEPLOY_TOKEN...\"\n    - echo \"Token is $DEPLOY_TOKEN\"\n    # On main (protected): Token is [MASKED]\n    # On feature branch: Token is &lt;empty \u2014 variable not injected&gt;\n  rules:\n    - if: $CI_COMMIT_BRANCH == \"main\"\n<\/code><\/pre>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 3 \u2014 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0633\u0644\u0648\u0643 \u0627\u0644\u062d\u0645\u0627\u064a\u0629<\/h3>\n<ol>\n<li><strong>\u0627\u062f\u0641\u0639 \u0639\u0644\u0649 <code>main<\/code><\/strong> \u2014 \u062a\u0639\u0645\u0644 \u0645\u0647\u0645\u0629 \u0627\u0644\u0646\u0634\u0631 \u0648\u064a\u062a\u0645 \u062d\u0642\u0646 <code>DEPLOY_TOKEN<\/code> (\u064a\u0639\u0631\u0636 \u0627\u0644\u0633\u062c\u0644 <code>[MASKED]<\/code>).<\/li>\n<li><strong>\u0623\u0646\u0634\u0626 \u0641\u0631\u0639\u064b\u0627<\/strong> <code>feature\/test-vars<\/code>\u060c \u0648\u0627\u062f\u0641\u0639 \u0625\u064a\u062f\u0627\u0639\u064b\u0627 \u2014 \u0644\u0627 \u062a\u0639\u0645\u0644 \u0645\u0647\u0645\u0629 \u0627\u0644\u0646\u0634\u0631 (\u0627\u0644\u0642\u0648\u0627\u0639\u062f \u062a\u0642\u064a\u062f\u0647\u0627 \u0628\u0640 <code>main<\/code>). \u062d\u062a\u0649 \u0644\u0648 \u0639\u062f\u0651\u0644\u062a \u0627\u0644\u0642\u0648\u0627\u0639\u062f \u0644\u0644\u0633\u0645\u0627\u062d \u0628\u062a\u0634\u063a\u064a\u0644\u0647\u0627\u060c \u0641\u0625\u0646 <code>DEPLOY_TOKEN<\/code> \u0648<code>DB_PASSWORD<\/code> <strong>\u0641\u0627\u0631\u063a\u0627\u0646<\/strong> \u0644\u0623\u0646 \u0627\u0644\u0641\u0631\u0639 \u063a\u064a\u0631 \u0645\u062d\u0645\u064a.<\/li>\n<li><code>API_KEY<\/code>\u060c \u0627\u0644\u0645\u062d\u062c\u0648\u0628 \u0644\u0643\u0646 <em>\u063a\u064a\u0631<\/em> \u0627\u0644\u0645\u062d\u0645\u064a\u060c \u0645\u062a\u0627\u062d \u0639\u0644\u0649 \u0643\u0644\u0627 \u0627\u0644\u0641\u0631\u0639\u064a\u0646 \u2014 \u064a\u062a\u0645 \u062a\u0646\u0642\u064a\u062d \u0642\u064a\u0645\u062a\u0647 \u0641\u064a \u0627\u0644\u0633\u062c\u0644\u0627\u062a.<\/li>\n<\/ol>\n<p><strong>\u0627\u0644\u062f\u0631\u0633 \u0627\u0644\u0623\u0633\u0627\u0633\u064a:<\/strong> \u0642\u0645 \u062f\u0627\u0626\u0645\u064b\u0627 \u0628\u062a\u0639\u064a\u064a\u0646 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0639\u062a\u0645\u0627\u062f \u0627\u0644\u0646\u0634\u0631 \u0639\u0644\u0649 \u0623\u0646\u0647\u0627 <strong>Protected<\/strong> \u0648<strong>Masked<\/strong> \u0645\u0639\u064b\u0627. \u0627\u0633\u062a\u062e\u062f\u0645 <strong>Hidden<\/strong> \u0644\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u062a\u064a \u0644\u0627 \u064a\u062c\u0628 \u0623\u0646 \u064a\u0633\u062a\u0631\u062f\u0647\u0627 \u0627\u0644\u0645\u0637\u0648\u0631\u0648\u0646 \u0645\u0646 \u0648\u0627\u062c\u0647\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0623\u0628\u062f\u064b\u0627.<\/p>\n<h2>\u0627\u0644\u062a\u0645\u0631\u064a\u0646 2: \u0623\u0645\u0627\u0646 Runner \u0648\u062a\u062d\u062f\u064a\u062f \u0627\u0644\u0646\u0637\u0627\u0642<\/h2>\n<p>\u062a\u064f\u0639\u062f Runners \u0645\u062d\u0631\u0643\u0627\u062a \u0627\u0644\u062d\u0648\u0633\u0628\u0629 \u0627\u0644\u062a\u064a \u062a\u0646\u0641\u0630 \u0645\u0647\u0627\u0645 CI \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0643. \u0627\u062e\u062a\u064a\u0627\u0631 \u0646\u0648\u0639 Runner \u0627\u0644\u0645\u0646\u0627\u0633\u0628 \u2014 \u0648\u062a\u062d\u062f\u064a\u062f \u0646\u0637\u0627\u0642\u0647 \u0628\u0634\u0643\u0644 \u0635\u062d\u064a\u062d \u2014 \u0647\u0648 \u0623\u062d\u062f \u0623\u0643\u062b\u0631 \u0627\u0644\u0642\u0631\u0627\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u062a\u0623\u062b\u064a\u0631\u064b\u0627 \u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646\u0643 \u0627\u062a\u062e\u0627\u0630\u0647\u0627.<\/p>\n<h3>\u0623\u0646\u0648\u0627\u0639 Runner<\/h3>\n<table>\n<thead>\n<tr>\n<th>\u0627\u0644\u0646\u0648\u0639<\/th>\n<th>\u0627\u0644\u0646\u0637\u0627\u0642<\/th>\n<th>\u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0623\u0645\u0646\u064a<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Instance (shared)<\/strong><\/td>\n<td>\u0645\u062a\u0627\u062d \u0644\u0643\u0644 \u0645\u0634\u0631\u0648\u0639 \u0639\u0644\u0649 \u0646\u0633\u062e\u0629 GitLab<\/td>\n<td>\u0645\u062a\u0639\u062f\u062f \u0627\u0644\u0645\u0633\u062a\u0623\u062c\u0631\u064a\u0646. \u0642\u062f \u062a\u0639\u0645\u0644 \u0645\u0647\u0627\u0645 \u0645\u0634\u0627\u0631\u064a\u0639 \u0623\u062e\u0631\u0649 \u0639\u0644\u0649 \u0646\u0641\u0633 \u0627\u0644\u062c\u0647\u0627\u0632. \u062e\u0637\u0631 \u062a\u0633\u0631\u0628 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0639\u0628\u0631 \u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0645\u0634\u062a\u0631\u0643 \u0623\u0648 Docker socket \u0623\u0648 \u0627\u0644\u0637\u0628\u0642\u0627\u062a \u0627\u0644\u0645\u062e\u0632\u0646\u0629 \u0645\u0624\u0642\u062a\u064b\u0627.<\/td>\n<\/tr>\n<tr>\n<td><strong>Group<\/strong><\/td>\n<td>\u0645\u062a\u0627\u062d \u0644\u0643\u0644 \u0645\u0634\u0631\u0648\u0639 \u0641\u064a \u0645\u062c\u0645\u0648\u0639\u0629 \u0645\u062d\u062f\u062f\u0629<\/td>\n<td>\u0639\u0632\u0644 \u0623\u0641\u0636\u0644 \u0645\u0646 instance runners\u060c \u0644\u0643\u0646\u0647 \u0644\u0627 \u064a\u0632\u0627\u0644 \u0645\u0634\u062a\u0631\u0643\u064b\u0627 \u0639\u0628\u0631 \u0627\u0644\u0645\u0634\u0627\u0631\u064a\u0639 \u062f\u0627\u062e\u0644 \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0629.<\/td>\n<\/tr>\n<tr>\n<td><strong>Project<\/strong><\/td>\n<td>\u0645\u062a\u0627\u062d \u0644\u0645\u0634\u0631\u0648\u0639 \u0648\u0627\u062d\u062f \u0641\u0642\u0637<\/td>\n<td>\u0623\u0641\u0636\u0644 \u0639\u0632\u0644. \u0623\u0646\u062a \u062a\u062a\u062d\u0643\u0645 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0648\u062a\u0643\u0648\u064a\u0646 Docker \u0648\u0627\u0644\u0648\u0635\u0648\u0644 \u0644\u0644\u0634\u0628\u0643\u0629.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 1 \u2014 \u062a\u0633\u062c\u064a\u0644 Runner \u062e\u0627\u0635 \u0628\u0627\u0644\u0645\u0634\u0631\u0648\u0639<\/h3>\n<p>\u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u062a\u062a\u062d\u0643\u0645 \u0641\u064a\u0647 (\u062c\u0647\u0627\u0632 \u0627\u0641\u062a\u0631\u0627\u0636\u064a \u0623\u0648 \u062e\u0627\u062f\u0645 \u0627\u062d\u062a\u064a\u0627\u0637\u064a \u0623\u0648 \u062d\u062a\u0649 \u0645\u0636\u064a\u0641 Docker \u0645\u062d\u0644\u064a)\u060c \u0642\u0645 \u0628\u062a\u062b\u0628\u064a\u062a GitLab Runner \u0648\u062a\u0633\u062c\u064a\u0644\u0647:<\/p>\n<pre><code># Install GitLab Runner (Linux amd64)\nsudo curl -L --output \/usr\/local\/bin\/gitlab-runner \\\n  https:\/\/gitlab-runner-downloads.s3.amazonaws.com\/latest\/binaries\/gitlab-runner-linux-amd64\nsudo chmod +x \/usr\/local\/bin\/gitlab-runner\nsudo gitlab-runner install --user=gitlab-runner --working-directory=\/home\/gitlab-runner\nsudo gitlab-runner start\n\n# Register the runner\n# Find your registration token: Settings > CI\/CD > Runners > Expand > New project runner\nsudo gitlab-runner register \\\n  --non-interactive \\\n  --url https:\/\/gitlab.com\/ \\\n  --token \"$RUNNER_TOKEN\" \\\n  --executor docker \\\n  --docker-image alpine:latest \\\n  --description \"secure-deploy-runner\" \\\n  --tag-list \"secure-deploy\" \\\n  --access-level ref_protected\n<\/code><\/pre>\n<p>\u0627\u0644\u0639\u0644\u0627\u0645\u0629 \u0627\u0644\u062d\u0627\u0633\u0645\u0629 \u0647\u064a <code>--access-level ref_protected<\/code>. \u062a\u064f\u062e\u0628\u0631 \u0647\u0630\u0647 GitLab \u0623\u0646 Runner \u0633\u064a\u0642\u0648\u0645 <strong>\u0641\u0642\u0637 \u0628\u0627\u0644\u062a\u0642\u0627\u0637 \u0627\u0644\u0645\u0647\u0627\u0645 \u0645\u0646 \u0627\u0644\u0641\u0631\u0648\u0639 \u0623\u0648 \u0627\u0644\u0648\u0633\u0648\u0645 \u0627\u0644\u0645\u062d\u0645\u064a\u0629<\/strong>. \u0644\u0646 \u064a\u062a\u0645 \u062c\u062f\u0648\u0644\u0629 \u062e\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 \u064a\u064f\u0634\u063a\u064e\u0651\u0644 \u0628\u0648\u0627\u0633\u0637\u0629 \u0641\u0631\u0639 \u0645\u064a\u0632\u0629 \u0623\u0648 merge request \u0645\u0646 fork \u0639\u0644\u0649 \u0647\u0630\u0627 \u0627\u0644\u0640 Runner \u0623\u0628\u062f\u064b\u0627.<\/p>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 2 \u2014 \u062a\u0639\u0637\u064a\u0644 Shared Runners \u0644\u0644\u0645\u0647\u0627\u0645 \u0627\u0644\u062d\u0633\u0627\u0633\u0629<\/h3>\n<p>\u0627\u0630\u0647\u0628 \u0625\u0644\u0649 <strong>Settings &gt; CI\/CD &gt; Runners<\/strong> \u0648\u0642\u0645 \u0628\u062a\u0628\u062f\u064a\u0644 <strong>Enable shared runners for this project<\/strong> \u0625\u0644\u0649 \u0625\u064a\u0642\u0627\u0641 \u2014 \u0623\u0648 \u0627\u062a\u0631\u0643\u0647\u0627 \u0645\u0641\u0639\u0644\u0629 \u0644\u0644\u0645\u0631\u0627\u062d\u0644 \u063a\u064a\u0631 \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0648\u0627\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0648\u0633\u0648\u0645 \u0644\u062a\u0648\u062c\u064a\u0647 \u0627\u0644\u0645\u0647\u0627\u0645 \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0625\u0644\u0649 runner \u0627\u0644\u0645\u0634\u0631\u0648\u0639 \u0627\u0644\u062e\u0627\u0635 \u0628\u0643.<\/p>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 3 \u2014 \u062a\u062d\u062f\u064a\u062b \u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0645\u0639 \u0627\u062e\u062a\u064a\u0627\u0631 Runner \u0628\u0646\u0627\u0621\u064b \u0639\u0644\u0649 \u0627\u0644\u0648\u0633\u0648\u0645<\/h3>\n<pre><code># .gitlab-ci.yml \u2014 Exercise 2\nstages:\n  - build\n  - test\n  - deploy\n\nbuild-job:\n  stage: build\n  # Runs on any available runner (shared is fine for builds)\n  script:\n    - echo \"Building the application...\"\n\ntest-job:\n  stage: test\n  script:\n    - echo \"Running tests...\"\n\ndeploy-job:\n  stage: deploy\n  tags:\n    - secure-deploy            # Only runs on runner(s) with this tag\n  script:\n    - echo \"Deploying with DEPLOY_TOKEN...\"\n    - |\n      curl --fail --silent --header \"PRIVATE-TOKEN: $DEPLOY_TOKEN\" \\\n        https:\/\/gitlab.com\/api\/v4\/projects\/$CI_PROJECT_ID\/releases\n  rules:\n    - if: $CI_COMMIT_BRANCH == \"main\"\n<\/code><\/pre>\n<p>\u0628\u0645\u0627 \u0623\u0646 runner <code>secure-deploy<\/code> \u0645\u0633\u062c\u0644 \u0628\u0648\u0635\u0648\u0644 <code>ref_protected<\/code>\u060c \u0641\u0625\u0646 \u0645\u0647\u0645\u0629 \u0627\u0644\u0646\u0634\u0631 \u0647\u0630\u0647 \u0633\u062a\u0639\u0645\u0644 \u0641\u0642\u0637 \u0639\u0644\u0649 runner \u0627\u0644\u0645\u0634\u0631\u0648\u0639 \u0627\u0644\u0645\u062e\u0635\u0635 <strong>\u0648<\/strong> \u0641\u0642\u0637 \u0639\u0646\u062f\u0645\u0627 \u064a\u0646\u0634\u0623 \u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0645\u0646 \u0645\u0631\u062c\u0639 \u0645\u062d\u0645\u064a.<\/p>\n<h2>\u0627\u0644\u062a\u0645\u0631\u064a\u0646 3: Protected Environments \u0648\u0645\u0648\u0627\u0641\u0642\u0627\u062a \u0627\u0644\u0646\u0634\u0631<\/h2>\n<p>\u062d\u062a\u0649 \u0645\u0639 protected variables \u0648runners \u0645\u062d\u062f\u062f\u0629 \u0627\u0644\u0646\u0637\u0627\u0642\u060c \u0642\u062f \u062a\u0631\u063a\u0628 \u0641\u064a \u0628\u0648\u0627\u0628\u0629 \u0628\u0634\u0631\u064a\u0629 \u0642\u0628\u0644 \u0648\u0635\u0648\u0644 \u0627\u0644\u0643\u0648\u062f \u0625\u0644\u0649 \u0627\u0644\u0625\u0646\u062a\u0627\u062c. \u062a\u0648\u0641\u0631 <strong>protected environments<\/strong> \u0641\u064a GitLab \u0630\u0644\u0643 \u0628\u0627\u0644\u0636\u0628\u0637.<\/p>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 1 \u2014 \u0625\u0646\u0634\u0627\u0621 \u0627\u0644\u0628\u064a\u0626\u0627\u062a<\/h3>\n<ol>\n<li>\u0627\u0646\u062a\u0642\u0644 \u0625\u0644\u0649 <strong>Operate &gt; Environments &gt; New environment<\/strong>.<\/li>\n<li>\u0623\u0646\u0634\u0626 \u0628\u064a\u0626\u062a\u064a\u0646: <code>staging<\/code> \u0648<code>production<\/code>.<\/li>\n<\/ol>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 2 \u2014 \u062d\u0645\u0627\u064a\u0629 \u0628\u064a\u0626\u0629 Production<\/h3>\n<ol>\n<li>\u0627\u0630\u0647\u0628 \u0625\u0644\u0649 <strong>Settings &gt; CI\/CD &gt; Protected environments<\/strong> (\u0645\u062a\u0627\u062d \u0639\u0644\u0649 Premium\/Ultimate\u060c \u0623\u0648 \u0639\u0644\u0649 \u0627\u0644\u0646\u0633\u062e\u0629 \u0627\u0644\u0645\u064f\u062f\u0627\u0631\u0629 \u0630\u0627\u062a\u064a\u064b\u0627 \u0627\u0644\u0645\u062c\u0627\u0646\u064a\u0629).<\/li>\n<li>\u0627\u062e\u062a\u0631 <code>production<\/code>.<\/li>\n<li>\u062a\u062d\u062a <strong>Allowed to deploy<\/strong>\u060c \u0642\u064a\u0651\u062f \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 <code>Maintainers<\/code> (\u0623\u0648 \u0645\u0633\u062a\u062e\u062f\u0645 \u0645\u062d\u062f\u062f).<\/li>\n<li>\u062a\u062d\u062a <strong>Required approvals<\/strong>\u060c \u0627\u0636\u0628\u0637\u0647\u0627 \u0639\u0644\u0649 <strong>1<\/strong> (\u0623\u0648 \u0623\u0643\u062b\u0631\u060c \u062d\u0633\u0628 \u0633\u064a\u0627\u0633\u062a\u0643).<\/li>\n<li>\u0623\u0636\u0641 \u0627\u0644\u0645\u064f\u0648\u0627\u0641\u0650\u0642 (\u0627\u0644\u0645\u064f\u0648\u0627\u0641\u0650\u0642\u064a\u0646) \u0627\u0644\u0645\u0639\u064a\u0651\u0646\u064a\u0646.<\/li>\n<\/ol>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 3 \u2014 \u062a\u062d\u062f\u064a\u062b \u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0645\u0639 \u062a\u0639\u0631\u064a\u0641\u0627\u062a \u0627\u0644\u0628\u064a\u0626\u0629<\/h3>\n<pre><code># .gitlab-ci.yml \u2014 Exercise 3\nstages:\n  - build\n  - test\n  - deploy\n\nbuild-job:\n  stage: build\n  script:\n    - echo \"Building the application...\"\n\ntest-job:\n  stage: test\n  script:\n    - echo \"Running tests...\"\n\ndeploy-staging:\n  stage: deploy\n  environment:\n    name: staging\n    url: https:\/\/staging.example.com\n  script:\n    - echo \"Deploying to staging...\"\n  rules:\n    - if: $CI_COMMIT_BRANCH == \"main\"\n\ndeploy-production:\n  stage: deploy\n  tags:\n    - secure-deploy\n  environment:\n    name: production\n    url: https:\/\/prod.example.com\n  script:\n    - echo \"Deploying to production...\"\n  rules:\n    - if: $CI_COMMIT_BRANCH == \"main\"\n      when: manual           # Requires a human click\n  allow_failure: false        # Pipeline stays blocked until approved\n<\/code><\/pre>\n<h3>\u0643\u064a\u0641 \u062a\u0639\u0645\u0644 \u0627\u0644\u0645\u0648\u0627\u0641\u0642\u0629<\/h3>\n<ol>\n<li>\u062f\u0641\u0639 \u0625\u0644\u0649 <code>main<\/code> \u064a\u064f\u0634\u063a\u0651\u0644 \u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628.<\/li>\n<li><code>deploy-staging<\/code> \u064a\u0639\u0645\u0644 \u062a\u0644\u0642\u0627\u0626\u064a\u064b\u0627.<\/li>\n<li><code>deploy-production<\/code> \u064a\u064f\u0638\u0647\u0631 \u0632\u0631 <strong>Play<\/strong> \u0641\u064a \u0648\u0627\u062c\u0647\u0629 \u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628.<\/li>\n<li>\u0627\u0644\u0646\u0642\u0631 \u0639\u0644\u0649 <strong>Play<\/strong> \u0644\u0627 \u064a\u064f\u0634\u063a\u0651\u0644 \u0627\u0644\u0645\u0647\u0645\u0629 \u0641\u0648\u0631\u064b\u0627 \u2014 \u064a\u062a\u062d\u0642\u0642 GitLab \u0645\u0646 \u0642\u0648\u0627\u0639\u062f \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0628\u064a\u0626\u0629 \u0648\u064a\u0639\u0631\u0636 <strong>\u0645\u0631\u0628\u0639 \u062d\u0648\u0627\u0631 \u0627\u0644\u0645\u0648\u0627\u0641\u0642\u0629<\/strong> \u0639\u0644\u0649 \u0627\u0644\u0645\u064f\u0648\u0627\u0641\u0650\u0642 (\u0627\u0644\u0645\u064f\u0648\u0627\u0641\u0650\u0642\u064a\u0646) \u0627\u0644\u0645\u0639\u064a\u0651\u0646\u064a\u0646.<\/li>\n<li>\u0641\u0642\u0637 \u0628\u0639\u062f \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0627\u0644\u0639\u062f\u062f \u0627\u0644\u0645\u0637\u0644\u0648\u0628 \u0645\u0646 \u0627\u0644\u0645\u0648\u0627\u0641\u0642\u0627\u062a \u062a\u0628\u062f\u0623 \u0627\u0644\u0645\u0647\u0645\u0629.<\/li>\n<\/ol>\n<p>\u0647\u0630\u0647 \u0627\u0644\u0628\u0648\u0627\u0628\u0629 \u0630\u0627\u062a \u0627\u0644\u0637\u0628\u0642\u062a\u064a\u0646 \u2014 <code>when: manual<\/code> \u0628\u0627\u0644\u0625\u0636\u0627\u0641\u0629 \u0625\u0644\u0649 \u0645\u0648\u0627\u0641\u0642\u0629 \u0627\u0644\u0628\u064a\u0626\u0629 \u2014 \u062a\u0636\u0645\u0646 \u0623\u0646\u0647 \u0644\u0627 \u064a\u0645\u0643\u0646 \u0644\u0634\u062e\u0635 \u0648\u0627\u062d\u062f \u062f\u0641\u0639 \u0627\u0644\u0643\u0648\u062f \u0645\u0628\u0627\u0634\u0631\u0629 \u0625\u0644\u0649 \u0627\u0644\u0625\u0646\u062a\u0627\u062c \u062f\u0648\u0646 \u0645\u0631\u0627\u062c\u0639\u0629.<\/p>\n<h2>\u0627\u0644\u062a\u0645\u0631\u064a\u0646 4: \u062a\u062d\u062f\u064a\u062f \u0646\u0637\u0627\u0642 CI_JOB_TOKEN<\/h2>\n<p>\u062a\u062d\u0635\u0644 \u0643\u0644 \u0645\u0647\u0645\u0629 \u0641\u064a GitLab CI \u0639\u0644\u0649 \u0631\u0645\u0632 \u062a\u0644\u0642\u0627\u0626\u064a \u0641\u064a \u0645\u062a\u063a\u064a\u0631 <code>CI_JOB_TOKEN<\/code>. \u064a\u064f\u0635\u0627\u062f\u0642 \u0647\u0630\u0627 \u0627\u0644\u0631\u0645\u0632 \u0637\u0644\u0628\u0627\u062a API \u0648Git <em>\u0628\u0627\u0633\u0645 \u0645\u0634\u0631\u0648\u0639 \u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628<\/em>. \u0628\u0634\u0643\u0644 \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u060c \u0646\u0637\u0627\u0642\u0647 \u0648\u0627\u0633\u0639 \u0628\u0634\u0643\u0644 \u062e\u0637\u064a\u0631.<\/p>\n<h3>\u0627\u0644\u0645\u062e\u0627\u0637\u0631<\/h3>\n<p>\u0628\u062f\u0648\u0646 \u0642\u064a\u0648\u062f\u060c \u064a\u0645\u0643\u0646 \u0644\u0645\u0647\u0645\u0629 \u0641\u064a \u0627\u0644\u0645\u0634\u0631\u0648\u0639 A \u0627\u0633\u062a\u062e\u062f\u0627\u0645 <code>CI_JOB_TOKEN<\/code> \u0644\u0627\u0633\u062a\u0646\u0633\u0627\u062e \u0623\u0648 \u0627\u0633\u062a\u062f\u0639\u0627\u0621 API \u0644\u0640<em>\u0623\u064a \u0645\u0634\u0631\u0648\u0639 \u0622\u062e\u0631<\/em> \u0641\u064a \u0646\u0641\u0633 \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0629 (\u0623\u0648 \u0627\u0644\u0646\u0633\u062e\u0629\u060c \u062d\u0633\u0628 \u0627\u0644\u0625\u0639\u062f\u0627\u062f\u0627\u062a). \u0625\u0630\u0627 \u062d\u0642\u0646 \u0645\u0633\u0627\u0647\u0645 \u062e\u0628\u064a\u062b \u0633\u0643\u0631\u0628\u062a\u064b\u0627 \u0641\u064a \u0645\u0647\u0645\u0629 CI\u060c \u064a\u0645\u0643\u0646\u0647 \u062a\u0633\u0631\u064a\u0628 \u0627\u0644\u0643\u0648\u062f \u0645\u0646 \u0645\u0633\u062a\u0648\u062f\u0639\u0627\u062a \u063a\u064a\u0631 \u0630\u0627\u062a \u0635\u0644\u0629.<\/p>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 1 \u2014 \u062a\u0642\u064a\u064a\u062f \u0646\u0637\u0627\u0642 \u0627\u0644\u0631\u0645\u0632<\/h3>\n<ol>\n<li>\u0627\u0630\u0647\u0628 \u0625\u0644\u0649 <strong>Settings &gt; CI\/CD &gt; Token Access<\/strong>.<\/li>\n<li>\u0628\u062f\u0651\u0644 <strong>Limit access to this project<\/strong> \u0625\u0644\u0649 <strong>Enabled<\/strong>.<\/li>\n<li>\u062a\u062d\u062a <strong>Allow CI job tokens from the following projects to access this project<\/strong>\u060c \u0623\u0636\u0641 \u0641\u0642\u0637 \u0627\u0644\u0645\u0634\u0627\u0631\u064a\u0639 \u0627\u0644\u062a\u064a \u062a\u062d\u062a\u0627\u062c \u0641\u0639\u0644\u0627\u064b \u0625\u0644\u0649 \u0627\u0644\u0648\u0635\u0648\u0644 (\u0646\u0645\u0648\u0630\u062c \u0627\u0644\u0642\u0627\u0626\u0645\u0629 \u0627\u0644\u0628\u064a\u0636\u0627\u0621).<\/li>\n<li>\u062a\u062d\u062a <strong>Limit CI_JOB_TOKEN access to the following projects<\/strong> (\u0627\u0644\u0635\u0627\u062f\u0631)\u060c \u0623\u0636\u0641 \u0641\u0642\u0637 \u0627\u0644\u0645\u0634\u0627\u0631\u064a\u0639 \u0627\u0644\u062a\u064a \u064a\u062d\u062a\u0627\u062c \u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0644\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u064a\u0647\u0627.<\/li>\n<\/ol>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 2 \u2014 \u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0648\u0635\u0648\u0644<\/h3>\n<pre><code># .gitlab-ci.yml \u2014 Exercise 4\nstages:\n  - test\n\ntest-token-allowed:\n  stage: test\n  script:\n    - echo \"Cloning an allowed project...\"\n    - git clone https:\/\/gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com\/my-group\/allowed-project.git\n    - echo \"Success \u2014 access permitted\"\n\ntest-token-denied:\n  stage: test\n  script:\n    - echo \"Cloning a non-allowed project...\"\n    - git clone https:\/\/gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com\/my-group\/restricted-project.git\n    # Expected output: remote: HTTP Basic: Access denied\n    # fatal: Authentication failed \u2014 403 Forbidden\n  allow_failure: true\n<\/code><\/pre>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 3 \u2014 \u0627\u0644\u062a\u062d\u0642\u0642<\/h3>\n<ol>\n<li>\u0634\u063a\u0651\u0644 \u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628. <code>test-token-allowed<\/code> \u064a\u0646\u062c\u062d \u0648\u064a\u0633\u062a\u0646\u0633\u062e \u0627\u0644\u0645\u0634\u0631\u0648\u0639 \u0627\u0644\u0645\u0633\u0645\u0648\u062d \u0628\u0647.<\/li>\n<li><code>test-token-denied<\/code> \u064a\u0641\u0634\u0644 \u0628\u062e\u0637\u0623 <strong>403 Forbidden<\/strong> \u0644\u0623\u0646 <code>restricted-project<\/code> \u0644\u064a\u0633 \u0641\u064a \u0627\u0644\u0642\u0627\u0626\u0645\u0629 \u0627\u0644\u0628\u064a\u0636\u0627\u0621.<\/li>\n<\/ol>\n<p><strong>\u0627\u0644\u062f\u0631\u0633 \u0627\u0644\u0623\u0633\u0627\u0633\u064a:<\/strong> \u0642\u0645 \u062f\u0627\u0626\u0645\u064b\u0627 \u0628\u062a\u0642\u064a\u064a\u062f <code>CI_JOB_TOKEN<\/code> \u0625\u0644\u0649 \u0623\u0635\u063a\u0631 \u0645\u062c\u0645\u0648\u0639\u0629 \u0645\u0646 \u0627\u0644\u0645\u0634\u0627\u0631\u064a\u0639 \u0627\u0644\u062a\u064a \u064a\u062d\u062a\u0627\u062c\u0647\u0627 \u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0641\u0639\u0644\u0627\u064b. \u062a\u0639\u0627\u0645\u0644 \u0645\u0639 \u0627\u0644\u0646\u0637\u0627\u0642 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a &#8220;\u0627\u0644\u0645\u0641\u062a\u0648\u062d&#8221; \u0643\u062e\u0637\u0623 \u0641\u064a \u0627\u0644\u062a\u0643\u0648\u064a\u0646.<\/p>\n<h2>\u0627\u0644\u062a\u0645\u0631\u064a\u0646 5: \u0623\u0645\u0627\u0646 \u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 Merge Request<\/h2>\n<p>\u062a\u0639\u0645\u0644 \u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 merge request (MR) \u0639\u0646\u062f\u0645\u0627 \u064a\u0641\u062a\u062d \u0645\u0633\u0627\u0647\u0645 \u0623\u0648 \u064a\u064f\u062d\u062f\u0651\u062b merge request. \u0648\u0647\u064a \u0636\u0631\u0648\u0631\u064a\u0629 \u0644\u062c\u0648\u062f\u0629 \u0627\u0644\u0643\u0648\u062f \u2014 \u0644\u0643\u0646\u0647\u0627 \u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0643\u0648\u0646 \u0623\u064a\u0636\u064b\u0627 \u0646\u0627\u0642\u0644 \u0647\u062c\u0648\u0645 \u0625\u0630\u0627 \u0644\u0645 \u064a\u062a\u0645 \u062a\u0643\u0648\u064a\u0646\u0647\u0627 \u0628\u0639\u0646\u0627\u064a\u0629.<\/p>\n<h3>\u0627\u0644\u0645\u062e\u0627\u0637\u0631<\/h3>\n<p>\u0639\u0646\u062f\u0645\u0627 \u064a\u0642\u0648\u0645 \u0645\u0633\u0627\u0647\u0645 \u062e\u0627\u0631\u062c\u064a \u0628\u0639\u0645\u0644 fork \u0644\u0645\u0634\u0631\u0648\u0639\u0643 \u0648\u064a\u0641\u062a\u062d MR\u060c \u064a\u0645\u0643\u0646 \u0644\u0640 GitLab \u062a\u0634\u063a\u064a\u0644 \u062e\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 \u0639\u0644\u0649 \u0630\u0644\u0643 \u0627\u0644\u0640 MR. \u0625\u0630\u0627 \u0643\u0627\u0646 \u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u064a\u0645\u0644\u0643 \u0648\u0635\u0648\u0644\u0627\u064b \u0625\u0644\u0649 protected variables \u0623\u0648 runners \u0630\u0627\u062a \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0639\u0627\u0644\u064a\u0629\u060c \u064a\u0645\u0643\u0646 \u0644\u0643\u0648\u062f \u0627\u0644\u0645\u0633\u0627\u0647\u0645 \u062a\u0633\u0631\u064a\u0628 \u0627\u0644\u0623\u0633\u0631\u0627\u0631.<\/p>\n<h3>\u0627\u0644\u062e\u0637\u0648\u0629 1 \u2014 \u062a\u0643\u0648\u064a\u0646 \u0642\u0648\u0627\u0639\u062f \u062e\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 MR<\/h3>\n<pre><code># .gitlab-ci.yml \u2014 Exercise 5\nstages:\n  - validate\n  - build\n  - deploy\n\n# --- Jobs that are safe to run on MR pipelines (no secrets needed) ---\nlint:\n  stage: validate\n  script:\n    - echo \"Linting code...\"\n  rules:\n    - if: $CI_PIPELINE_SOURCE == \"merge_request_event\"\n    - if: $CI_COMMIT_BRANCH == \"main\"\n\nunit-tests:\n  stage: validate\n  script:\n    - echo \"Running unit tests...\"\n  rules:\n    - if: $CI_PIPELINE_SOURCE == \"merge_request_event\"\n    - if: $CI_COMMIT_BRANCH == \"main\"\n\n# --- Jobs that require secrets \u2014 never run on MR pipelines ---\nbuild-image:\n  stage: build\n  script:\n    - echo \"Building and pushing Docker image...\"\n    - echo \"Using REGISTRY_TOKEN = $REGISTRY_TOKEN\"  # Protected + Masked\n  rules:\n    - if: $CI_COMMIT_BRANCH == \"main\"\n\ndeploy-production:\n  stage: deploy\n  tags:\n    - secure-deploy\n  environment:\n    name: production\n    url: https:\/\/prod.example.com\n  script:\n    - echo \"Deploying to production...\"\n  rules:\n    - if: $CI_COMMIT_BRANCH == \"main\"\n      when: manual\n<\/code><\/pre>\n<h3>\u0643\u064a\u0641 \u064a\u062a\u0639\u0627\u0645\u0644 GitLab \u0645\u0639 \u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 Fork MR<\/h3>\n<ul>\n<li>\u062e\u0637\u0648\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0627\u0644\u062a\u064a \u064a\u062a\u0645 \u062a\u0634\u063a\u064a\u0644\u0647\u0627 \u0628\u0648\u0627\u0633\u0637\u0629 <code>merge_request_event<\/code> \u0645\u0646 <strong>fork<\/strong> \u062a\u0639\u0645\u0644 \u062a\u0644\u0642\u0627\u0626\u064a\u064b\u0627 \u0628\u0640<strong>\u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0645\u062d\u062f\u0648\u062f\u0629<\/strong>.<\/li>\n<li>\u0644\u0627 \u064a\u062a\u0645 \u062d\u0642\u0646 protected variables <strong>\u0623\u0628\u062f\u064b\u0627<\/strong> \u0641\u064a \u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 fork MR.<\/li>\n<li><code>CI_JOB_TOKEN<\/code> \u0641\u064a \u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 fork \u0644\u0647 \u0646\u0637\u0627\u0642 \u0645\u062e\u0641\u0636 \u2014 \u064a\u0645\u0643\u0646\u0647 \u0641\u0642\u0637 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0645\u0634\u0631\u0648\u0639 \u0627\u0644\u0645\u0635\u062f\u0631 (fork)\u060c \u0648\u0644\u064a\u0633 \u0627\u0644\u0645\u0634\u0631\u0648\u0639 \u0627\u0644\u0647\u062f\u0641.<\/li>\n<\/ul>\n<p>\u0628\u0641\u0635\u0644 \u0645\u0647\u0627\u0645\u0643 \u0625\u0644\u0649 &#8220;\u0622\u0645\u0646\u0629 \u0644\u0640 MR&#8221; (lint\u060c test) \u0648&#8221;\u062a\u062a\u0637\u0644\u0628 \u0623\u0633\u0631\u0627\u0631\u064b\u0627&#8221; (build\u060c deploy)\u060c \u062a\u0636\u0645\u0646 \u0623\u0646 \u0627\u0644\u0645\u0633\u0627\u0647\u0645\u064a\u0646 \u064a\u0645\u0643\u0646\u0647\u0645 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0643\u0648\u062f\u0647\u0645 \u062f\u0648\u0646 \u0643\u0634\u0641 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u0639\u062a\u0645\u0627\u062f.<\/p>\n<h3>\u0623\u0641\u0636\u0644 \u0627\u0644\u0645\u0645\u0627\u0631\u0633\u0627\u062a \u0644\u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 MR<\/h3>\n<ul>\n<li>\u0644\u0627 \u062a\u0633\u062a\u062e\u062f\u0645 <code>only\/except<\/code> \u0623\u0628\u062f\u064b\u0627 \u2014 \u0641\u0636\u0651\u0644 <code>rules:<\/code> \u0644\u0644\u0648\u0636\u0648\u062d \u0648\u0627\u0644\u0635\u062d\u0629.<\/li>\n<li>\u0642\u064a\u0651\u062f \u0627\u0644\u0645\u0647\u0627\u0645 \u0627\u0644\u062a\u064a \u062a\u0639\u062a\u0645\u062f \u0639\u0644\u0649 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0628\u0640 <code>if: $CI_COMMIT_BRANCH == \"main\"<\/code> (\u0623\u0648 \u0645\u0631\u062c\u0639 \u0645\u062d\u0645\u064a \u0622\u062e\u0631).<\/li>\n<li>\u0641\u0643\u0651\u0631 \u0641\u064a \u062a\u0641\u0639\u064a\u0644 <strong>Pipelines must succeed<\/strong> \u062a\u062d\u062a <strong>Settings &gt; Merge requests<\/strong> \u0644\u0627\u0634\u062a\u0631\u0627\u0637 \u0646\u062c\u0627\u062d \u062e\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 MR \u0642\u0628\u0644 \u0627\u0644\u062f\u0645\u062c.<\/li>\n<li>\u0641\u0639\u0651\u0644 <strong>Merged results pipelines<\/strong> \u0644\u0627\u062e\u062a\u0628\u0627\u0631 <em>\u0646\u062a\u064a\u062c\u0629 \u0627\u0644\u062f\u0645\u062c<\/em> \u0628\u062f\u0644\u0627\u064b \u0645\u0646 \u0627\u0644\u0641\u0631\u0639 \u0627\u0644\u0645\u0635\u062f\u0631 \u0641\u0642\u0637 \u2014 \u0647\u0630\u0627 \u064a\u0643\u0634\u0641 \u0645\u0634\u0627\u0643\u0644 \u0627\u0644\u062a\u0643\u0627\u0645\u0644 \u0645\u0628\u0643\u0631\u064b\u0627.<\/li>\n<\/ul>\n<h2>\u0627\u0644\u062a\u0645\u0631\u064a\u0646 6: \u062a\u0642\u0648\u064a\u0629 \u0625\u0636\u0627\u0641\u064a\u0629<\/h2>\n<p>\u0645\u0639 \u062a\u0623\u0645\u064a\u0646 \u0627\u0644\u0645\u062a\u063a\u064a\u0631\u0627\u062a \u0648runners \u0648\u0627\u0644\u0628\u064a\u0626\u0627\u062a \u0648\u0627\u0644\u0631\u0645\u0648\u0632 \u0648\u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 MR\u060c \u062a\u0648\u0641\u0631 \u0639\u062f\u0629 \u0636\u0648\u0627\u0628\u0637 \u0625\u0636\u0627\u0641\u064a\u0629 \u0648\u0636\u0639\u064b\u0627 \u0623\u0645\u0646\u064a\u064b\u0627 \u0628\u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u0625\u0646\u062a\u0627\u062c \u0644\u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0627\u0644\u062e\u0627\u0635 \u0628\u0643.<\/p>\n<h3>\u0645\u0647\u0644\u0629 \u0627\u0644\u0645\u0647\u0627\u0645<\/h3>\n<p>\u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0645\u0647\u0627\u0645 \u063a\u064a\u0631 \u0627\u0644\u0645\u062d\u062f\u0648\u062f\u0629 \u0644\u0644\u062a\u0639\u062f\u064a\u0646 \u0639\u0644\u0649 \u0627\u0644\u0639\u0645\u0644\u0627\u062a \u0627\u0644\u0645\u0634\u0641\u0631\u0629 \u0623\u0648 \u0644\u0644\u062d\u0641\u0627\u0638 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u062f\u0627\u0626\u0645. \u062d\u062f\u062f \u0645\u0647\u0644\u0627\u062a \u0635\u0631\u064a\u062d\u0629:<\/p>\n<pre><code>deploy-production:\n  stage: deploy\n  timeout: 10 minutes\n  script:\n    - echo \"Deploying...\"\n<\/code><\/pre>\n<h3>\u062e\u0637\u0648\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0627\u0644\u0642\u0627\u0628\u0644\u0629 \u0644\u0644\u0645\u0642\u0627\u0637\u0639\u0629<\/h3>\n<p>\u0627\u0645\u0646\u0639 \u0625\u0647\u062f\u0627\u0631 \u0627\u0644\u0645\u0648\u0627\u0631\u062f \u0648\u062d\u062f\u0651 \u0645\u0646 \u0646\u0627\u0641\u0630\u0629 \u0627\u0644\u0645\u0647\u0627\u0645 \u0627\u0644\u062e\u0628\u064a\u062b\u0629 \u0637\u0648\u064a\u0644\u0629 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0628\u062a\u0639\u064a\u064a\u0646 \u0627\u0644\u0645\u0647\u0627\u0645 \u063a\u064a\u0631 \u0627\u0644\u062d\u0631\u062c\u0629 \u0643\u0642\u0627\u0628\u0644\u0629 \u0644\u0644\u0645\u0642\u0627\u0637\u0639\u0629:<\/p>\n<pre><code>lint:\n  stage: validate\n  interruptible: true     # Auto-cancelled if a newer pipeline starts\n  script:\n    - echo \"Linting...\"\n<\/code><\/pre>\n<h3>Push Rules (\u062a\u0642\u064a\u064a\u062f \u0625\u0646\u0634\u0627\u0621 \u062e\u0637\u0648\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628)<\/h3>\n<p>\u062a\u062d\u062a <strong>Settings &gt; Repository &gt; Push rules<\/strong>\u060c \u064a\u0645\u0643\u0646\u0643:<\/p>\n<ul>\n<li><strong>\u0631\u0641\u0636 \u0627\u0644\u0625\u064a\u062f\u0627\u0639\u0627\u062a \u063a\u064a\u0631 \u0627\u0644\u0645\u0648\u0642\u0651\u0639\u0629<\/strong> \u2014 \u064a\u0636\u0645\u0646 \u0623\u0646 \u0643\u0644 \u0625\u064a\u062f\u0627\u0639 \u0645\u0648\u0642\u0651\u0639 \u0628\u0640 GPG.<\/li>\n<li><strong>\u062a\u0642\u064a\u064a\u062f \u0623\u0633\u0645\u0627\u0621 \u0627\u0644\u0641\u0631\u0648\u0639<\/strong> \u2014 \u0641\u0631\u0636 \u0627\u062a\u0641\u0627\u0642\u064a\u0629 \u062a\u0633\u0645\u064a\u0629 (\u0645\u062b\u0644 <code>feature\/*<\/code>\u060c <code>bugfix\/*<\/code>).<\/li>\n<li><strong>\u0645\u0646\u0639 \u062f\u0641\u0639 \u0627\u0644\u0623\u0633\u0631\u0627\u0631<\/strong> \u2014 \u064a\u0645\u0643\u0646 \u0644\u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u062f\u0641\u0639 \u0627\u0644\u0645\u062f\u0645\u062c\u0629 \u0641\u064a GitLab \u062d\u0638\u0631 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u0637\u0627\u0628\u0642 \u0623\u0646\u0645\u0627\u0637 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u0634\u0627\u0626\u0639\u0629.<\/li>\n<\/ul>\n<h3>\u0643\u0634\u0641 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0645\u0639 GitLab SAST<\/h3>\n<p>\u0623\u0636\u0641 \u0642\u0627\u0644\u0628 Secret Detection \u0627\u0644\u0645\u062f\u0645\u062c \u0641\u064a GitLab \u0644\u0644\u0643\u0634\u0641 \u0639\u0646 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u0639\u062a\u0645\u0627\u062f \u0627\u0644\u0645\u0648\u062f\u0639\u0629 \u0639\u0646 \u0637\u0631\u064a\u0642 \u0627\u0644\u062e\u0637\u0623:<\/p>\n<pre><code>include:\n  - template: Security\/Secret-Detection.gitlab-ci.yml\n<\/code><\/pre>\n<p>\u064a\u0636\u064a\u0641 \u0647\u0630\u0627 \u0645\u0647\u0645\u0629 <code>secret_detection<\/code> \u062a\u0641\u062d\u0635 \u0643\u0644 \u0625\u064a\u062f\u0627\u0639 \u0628\u062d\u062b\u064b\u0627 \u0639\u0646 \u0645\u0641\u0627\u062a\u064a\u062d API \u0648\u0627\u0644\u0631\u0645\u0648\u0632 \u0648\u0643\u0644\u0645\u0627\u062a \u0627\u0644\u0645\u0631\u0648\u0631 \u0648\u0623\u0646\u0645\u0627\u0637 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u0623\u062e\u0631\u0649. \u062a\u0638\u0647\u0631 \u0627\u0644\u0646\u062a\u0627\u0626\u062c \u0641\u064a \u0639\u0644\u0627\u0645\u0629 \u062a\u0628\u0648\u064a\u0628 <strong>Security<\/strong> \u0641\u064a merge requests.<\/p>\n<h2>\u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0627\u0644\u0646\u0647\u0627\u0626\u064a \u0627\u0644\u0645\u064f\u0642\u0648\u0651\u0649<\/h2>\n<p>\u0641\u064a\u0645\u0627 \u064a\u0644\u064a \u0645\u0644\u0641 <code>.gitlab-ci.yml<\/code> \u0627\u0644\u0643\u0627\u0645\u0644 \u0627\u0644\u0630\u064a \u064a\u062c\u0645\u0639 \u0643\u0644 \u0636\u0648\u0627\u0628\u0637 \u0627\u0644\u0623\u0645\u0627\u0646 \u0645\u0646 \u0647\u0630\u0627 \u0627\u0644\u062a\u0645\u0631\u064a\u0646. \u0643\u0644 \u0633\u0637\u0631 \u0645\u062a\u0639\u0644\u0642 \u0628\u0627\u0644\u0623\u0645\u0627\u0646 \u0645\u064f\u0639\u0644\u0651\u0642 \u0639\u0644\u064a\u0647.<\/p>\n<pre><code># .gitlab-ci.yml \u2014 Fully Hardened GitLab CI Pipeline\n\n# Include GitLab's built-in secret detection scanner\ninclude:\n  - template: Security\/Secret-Detection.gitlab-ci.yml  # Scans for leaked secrets\n\nstages:\n  - validate\n  - build\n  - deploy\n\n# --- Default settings applied to all jobs ---\ndefault:\n  timeout: 10 minutes        # Prevent runaway\/abused jobs\n\n# --- Safe for merge request pipelines (no secrets required) ---\nlint:\n  stage: validate\n  interruptible: true        # Cancel if a newer pipeline starts\n  script:\n    - echo \"Linting source code...\"\n  rules:\n    - if: $CI_PIPELINE_SOURCE == \"merge_request_event\"  # Run on MRs\n    - if: $CI_COMMIT_BRANCH == \"main\"                    # Run on main\n\nunit-tests:\n  stage: validate\n  interruptible: true\n  script:\n    - echo \"Running unit tests...\"\n    - echo \"API_KEY length = ${#API_KEY}\"  # Safe: prints length only\n  rules:\n    - if: $CI_PIPELINE_SOURCE == \"merge_request_event\"\n    - if: $CI_COMMIT_BRANCH == \"main\"\n\n# --- Requires secrets \u2014 only runs on protected branch ---\nbuild-image:\n  stage: build\n  script:\n    - echo \"Building Docker image...\"\n    - echo \"Authenticating to registry...\"  # Uses REGISTRY_TOKEN (Protected + Masked)\n  rules:\n    - if: $CI_COMMIT_BRANCH == \"main\"       # Only on protected branch\n\n# --- Staging deployment \u2014 automatic on main ---\ndeploy-staging:\n  stage: deploy\n  environment:\n    name: staging                            # Tracked environment\n    url: https:\/\/staging.example.com\n  script:\n    - echo \"Deploying to staging...\"\n  rules:\n    - if: $CI_COMMIT_BRANCH == \"main\"\n\n# --- Production deployment \u2014 manual + approval required ---\ndeploy-production:\n  stage: deploy\n  tags:\n    - secure-deploy                          # Runs on project-specific runner only\n  environment:\n    name: production                         # Protected environment with approvals\n    url: https:\/\/prod.example.com\n  script:\n    - echo \"Deploying to production...\"\n    - |\n      curl --fail --silent \\\n        --header \"PRIVATE-TOKEN: $DEPLOY_TOKEN\" \\   # Protected + Masked variable\n        --request POST \\\n        \"https:\/\/gitlab.com\/api\/v4\/projects\/$CI_PROJECT_ID\/deployments\"\n  rules:\n    - if: $CI_COMMIT_BRANCH == \"main\"\n      when: manual                           # Requires human trigger\n  allow_failure: false                       # Pipeline blocks until approved\n  timeout: 5 minutes                         # Tighter timeout for deploys\n<\/code><\/pre>\n<h2>\u0627\u0644\u062a\u0646\u0638\u064a\u0641<\/h2>\n<p>\u0628\u0639\u062f \u0625\u0643\u0645\u0627\u0644 \u0627\u0644\u062a\u0645\u0631\u064a\u0646\u060c \u0642\u0645 \u0628\u062a\u0646\u0638\u064a\u0641 \u0627\u0644\u0645\u0648\u0627\u0631\u062f \u0627\u0644\u062a\u062c\u0631\u064a\u0628\u064a\u0629:<\/p>\n<ol>\n<li><strong>\u0627\u062d\u0630\u0641 \u0623\u0648 \u0623\u0631\u0634\u0641 \u0627\u0644\u0645\u0634\u0631\u0648\u0639 \u0627\u0644\u062a\u062c\u0631\u064a\u0628\u064a:<\/strong> \u0627\u0630\u0647\u0628 \u0625\u0644\u0649 <strong>Settings &gt; General &gt; Advanced &gt; Delete project<\/strong>.<\/li>\n<li><strong>\u0623\u0632\u0644 \u0645\u062a\u063a\u064a\u0631\u0627\u062a CI\/CD:<\/strong> \u0625\u0630\u0627 \u0643\u0646\u062a \u062a\u062e\u0637\u0637 \u0644\u0644\u0627\u062d\u062a\u0641\u0627\u0638 \u0628\u0627\u0644\u0645\u0634\u0631\u0648\u0639\u060c \u0627\u0630\u0647\u0628 \u0625\u0644\u0649 <strong>Settings &gt; CI\/CD &gt; Variables<\/strong> \u0648\u0627\u062d\u0630\u0641 \u0627\u0644\u0645\u062a\u063a\u064a\u0631\u0627\u062a \u0627\u0644\u062a\u062c\u0631\u064a\u0628\u064a\u0629 (<code>DEPLOY_TOKEN<\/code>\u060c <code>DB_PASSWORD<\/code>\u060c <code>API_KEY<\/code>).<\/li>\n<li><strong>\u0623\u0644\u063a\u0650 \u062a\u0633\u062c\u064a\u0644 runner \u0627\u0644\u062a\u062c\u0631\u064a\u0628\u064a:<\/strong><\/li>\n<\/ol>\n<pre><code># List registered runners\nsudo gitlab-runner list\n\n# Unregister the test runner\nsudo gitlab-runner unregister --name \"secure-deploy-runner\"\n\n# Optionally remove GitLab Runner entirely\nsudo gitlab-runner stop\nsudo gitlab-runner uninstall\nsudo rm \/usr\/local\/bin\/gitlab-runner\n<\/code><\/pre>\n<h2>\u0627\u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629<\/h2>\n<ul>\n<li><strong>\u0642\u0645 \u0628\u062d\u0645\u0627\u064a\u0629 \u0648\u062d\u062c\u0628 \u0643\u0644 \u0645\u062a\u063a\u064a\u0631 \u0633\u0631\u064a.<\/strong> \u064a\u062a\u0645 \u062d\u0642\u0646 Protected variables \u0641\u0642\u0637 \u0639\u0644\u0649 \u0627\u0644\u0641\u0631\u0648\u0639 \u0627\u0644\u0645\u062d\u0645\u064a\u0629\u060c \u0648\u0627\u0644\u062d\u062c\u0628 \u064a\u0645\u0646\u0639 \u0627\u0644\u062a\u0639\u0631\u0636 \u0627\u0644\u0639\u0631\u0636\u064a \u0641\u064a \u0627\u0644\u0633\u062c\u0644\u0627\u062a. \u0627\u0633\u062a\u062e\u062f\u0645 \u0639\u0644\u0627\u0645\u0629 Hidden \u0644\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u062a\u064a \u0644\u0627 \u064a\u062c\u0628 \u0623\u0646 \u062a\u0643\u0648\u0646 \u0642\u0627\u0628\u0644\u0629 \u0644\u0644\u0642\u0631\u0627\u0621\u0629 \u0641\u064a \u0648\u0627\u062c\u0647\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0623\u0628\u062f\u064b\u0627.<\/li>\n<li><strong>\u062d\u062f\u062f \u0646\u0637\u0627\u0642 runners \u0625\u0644\u0649 \u0623\u062f\u0646\u0649 \u0645\u0633\u062a\u0648\u0649 \u062b\u0642\u0629 \u0645\u0637\u0644\u0648\u0628.<\/strong> \u0627\u0633\u062a\u062e\u062f\u0645 runners \u062e\u0627\u0635\u0629 \u0628\u0627\u0644\u0645\u0634\u0631\u0648\u0639 \u0645\u0639 \u0648\u0635\u0648\u0644 <code>ref_protected<\/code> \u0644\u0645\u0647\u0627\u0645 \u0627\u0644\u0646\u0634\u0631. \u0627\u062d\u062a\u0641\u0638 \u0628\u0640 shared runners \u0644\u0644\u062e\u0637\u0648\u0627\u062a \u063a\u064a\u0631 \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0645\u0646 \u0627\u0644\u0628\u0646\u0627\u0621 \u0648\u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631.<\/li>\n<li><strong>\u0642\u064a\u0651\u062f \u0639\u0645\u0644\u064a\u0627\u062a \u0646\u0634\u0631 \u0627\u0644\u0625\u0646\u062a\u0627\u062c \u0628\u0628\u0648\u0627\u0628\u0627\u062a \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0628\u064a\u0626\u0629 \u0648\u0627\u0644\u0645\u0648\u0627\u0641\u0642\u0627\u062a.<\/strong> \u0627\u0644\u062c\u0645\u0639 \u0628\u064a\u0646 <code>when: manual<\/code> \u0645\u0639 \u0628\u064a\u0626\u0629 \u0645\u062d\u0645\u064a\u0629 \u0648\u0645\u0648\u0627\u0641\u0642\u064a\u0646 \u0645\u0637\u0644\u0648\u0628\u064a\u0646 \u064a\u0636\u0645\u0646 \u0639\u062f\u0645 \u0642\u062f\u0631\u0629 \u0634\u062e\u0635 \u0648\u0627\u062d\u062f \u0639\u0644\u0649 \u0627\u0644\u062f\u0641\u0639 \u0644\u0644\u0625\u0646\u062a\u0627\u062c \u062f\u0648\u0646 \u0645\u0631\u0627\u062c\u0639\u0629.<\/li>\n<li><strong>\u0642\u064a\u0651\u062f CI_JOB_TOKEN \u0628\u0642\u0627\u0626\u0645\u0629 \u0628\u064a\u0636\u0627\u0621 \u0635\u0631\u064a\u062d\u0629.<\/strong> \u0627\u0644\u0646\u0637\u0627\u0642 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a \u0648\u0627\u0633\u0639 \u062c\u062f\u064b\u0627. \u062d\u062f\u062f \u0627\u0644\u0648\u0635\u0648\u0644 \u0627\u0644\u0648\u0627\u0631\u062f \u0648\u0627\u0644\u0635\u0627\u062f\u0631 \u0625\u0644\u0649 \u0627\u0644\u0645\u0634\u0627\u0631\u064a\u0639 \u0627\u0644\u062a\u064a \u064a\u062d\u062a\u0627\u062c\u0647\u0627 \u062e\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0641\u0639\u0644\u0627\u064b \u0641\u0642\u0637.<\/li>\n<li><strong>\u0627\u0641\u0635\u0644 \u0645\u0647\u0627\u0645 \u062e\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 MR \u0639\u0646 \u0645\u0647\u0627\u0645 \u0627\u0644\u0646\u0634\u0631.<\/strong> \u0645\u0647\u0627\u0645 lint \u0648\u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631 \u0622\u0645\u0646\u0629 \u0644\u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 merge request\u061b \u0645\u0647\u0627\u0645 \u0627\u0644\u0628\u0646\u0627\u0621 \u0648\u0627\u0644\u0646\u0634\u0631 \u0627\u0644\u062a\u064a \u062a\u062d\u062a\u0627\u062c \u0623\u0633\u0631\u0627\u0631\u064b\u0627 \u064a\u062c\u0628 \u0623\u0646 \u062a\u0639\u0645\u0644 \u0641\u0642\u0637 \u0639\u0644\u0649 \u0627\u0644\u0641\u0631\u0648\u0639 \u0627\u0644\u0645\u062d\u0645\u064a\u0629.<\/li>\n<li><strong>\u0623\u0636\u0641 \u0637\u0628\u0642\u0627\u062a \u0636\u0648\u0627\u0628\u0637 \u0625\u0636\u0627\u0641\u064a\u0629: \u0627\u0644\u0645\u0647\u0644\u0627\u062a\u060c \u0648\u0627\u0644\u0645\u0647\u0627\u0645 \u0627\u0644\u0642\u0627\u0628\u0644\u0629 \u0644\u0644\u0645\u0642\u0627\u0637\u0639\u0629\u060c \u0648\u0642\u0648\u0627\u0639\u062f \u0627\u0644\u062f\u0641\u0639\u060c \u0648\u0643\u0634\u0641 \u0627\u0644\u0623\u0633\u0631\u0627\u0631.<\/strong> \u0643\u0644 \u0637\u0628\u0642\u0629 \u062a\u0639\u0627\u0644\u062c \u0646\u0627\u0642\u0644 \u0647\u062c\u0648\u0645 \u0645\u062e\u062a\u0644\u0641 \u0648\u0645\u0639\u064b\u0627 \u062a\u064f\u0646\u0634\u0626 \u062f\u0641\u0627\u0639\u064b\u0627 \u0645\u062a\u0639\u062f\u062f \u0627\u0644\u0637\u0628\u0642\u0627\u062a.<\/li>\n<\/ul>\n<h2>\u0627\u0644\u062e\u0637\u0648\u0627\u062a \u0627\u0644\u062a\u0627\u0644\u064a\u0629<\/h2>\n<p>\u0648\u0627\u0635\u0644 \u0628\u0646\u0627\u0621 \u0645\u0639\u0631\u0641\u062a\u0643 \u0628\u0623\u0645\u0627\u0646 CI\/CD \u0645\u0639 \u0647\u0630\u0647 \u0627\u0644\u0623\u062f\u0644\u0629 \u0630\u0627\u062a \u0627\u0644\u0635\u0644\u0629:<\/p>\n<ul>\n<li><a href=\"\/ar\/ci-cd-security\/ci-cd-execution-models-trust-assumptions-security-guide\/\">\u0646\u0645\u0627\u0630\u062c \u062a\u0646\u0641\u064a\u0630 CI\/CD \u0648\u0627\u0641\u062a\u0631\u0627\u0636\u0627\u062a \u0627\u0644\u062b\u0642\u0629<\/a> \u2014 \u0641\u0647\u0645 \u0627\u0644\u062a\u062f\u0627\u0639\u064a\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0644\u0645\u0639\u0645\u0627\u0631\u064a\u0627\u062a CI\/CD \u0627\u0644\u0645\u062e\u062a\u0644\u0641\u0629 \u0648\u0623\u064a\u0646 \u062a\u0642\u0639 \u062d\u062f\u0648\u062f \u0627\u0644\u062b\u0642\u0629.<\/li>\n<li><a href=\"\/ar\/ci-cd-security\/separation-of-duties-least-privilege-ci-cd-pipelines\/\">\u0641\u0635\u0644 \u0627\u0644\u0645\u0647\u0627\u0645 \u0648\u0645\u0628\u062f\u0623 \u0627\u0644\u062d\u062f \u0627\u0644\u0623\u062f\u0646\u0649 \u0645\u0646 \u0627\u0644\u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0641\u064a \u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 CI\/CD<\/a> \u2014 \u062a\u0639\u0644\u0645 \u0643\u064a\u0641\u064a\u0629 \u062a\u0635\u0645\u064a\u0645 \u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 \u062d\u064a\u062b \u0644\u0627 \u064a\u0645\u0644\u0643 \u0623\u064a \u062f\u0648\u0631 \u0623\u0648 \u0631\u0645\u0632 \u0648\u0635\u0648\u0644\u0627\u064b \u0623\u0643\u062b\u0631 \u0645\u0645\u0627 \u0647\u0648 \u0636\u0631\u0648\u0631\u064a.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629 \u064a\u064f\u0639\u062f GitLab CI \u062b\u0627\u0646\u064a \u0623\u0643\u062b\u0631 \u0645\u0646\u0635\u0627\u062a CI\/CD \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u064b\u0627 \u0641\u064a \u0627\u0644\u0642\u0637\u0627\u0639\u060c \u062d\u064a\u062b \u064a\u064f\u0634\u063a\u0651\u0644 \u0645\u0644\u0627\u064a\u064a\u0646 \u062e\u0637\u0648\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0639\u0628\u0631 \u0645\u0624\u0633\u0633\u0627\u062a \u0628\u0645\u062e\u062a\u0644\u0641 \u0627\u0644\u0623\u062d\u062c\u0627\u0645. \u064a\u062c\u0639\u0644 \u062a\u0643\u0627\u0645\u0644\u0647 \u0627\u0644\u0648\u062b\u064a\u0642 \u0645\u0639 \u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u062d\u0643\u0645 \u0628\u0627\u0644\u0645\u0635\u0627\u062f\u0631 \u0645\u0646\u0647 \u0623\u062f\u0627\u0629 \u0645\u0631\u064a\u062d\u0629 \u0644\u0644\u063a\u0627\u064a\u0629 \u2014 \u0644\u0643\u0646 \u0647\u0630\u0627 \u0627\u0644\u062a\u0643\u0627\u0645\u0644 \u0630\u0627\u062a\u0647 \u064a\u064f\u0646\u0634\u0626 \u0633\u0637\u062d \u0647\u062c\u0648\u0645 \u0648\u0627\u0633\u0639\u064b\u0627 \u0625\u0630\u0627 \u0644\u0645 \u064a\u062a\u0645 \u062a\u0642\u0648\u064a\u0629 \u062e\u0637\u0648\u0637 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0628\u0634\u0643\u0644 \u0645\u062a\u0639\u0645\u062f. \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u062a\u0645\u0631\u064a\u0646 \u0627\u0644\u0639\u0645\u0644\u064a \u0633\u062a\u0645\u0631 \u0628\u0633\u062a\u0629 &#8230; <a title=\"\u062a\u0645\u0631\u064a\u0646 \u0639\u0645\u0644\u064a: \u062a\u0623\u0645\u064a\u0646 \u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 GitLab CI \u2014 Protected Variables \u0648 Runners \u0648 Environments\" class=\"read-more\" href=\"https:\/\/secure-pipelines.com\/ar\/ci-cd-security\/lab-securing-gitlab-ci-pipelines-protected-variables-runners-environments\/\" aria-label=\"Read more about \u062a\u0645\u0631\u064a\u0646 \u0639\u0645\u0644\u064a: \u062a\u0623\u0645\u064a\u0646 \u062e\u0637\u0648\u0637 \u0623\u0646\u0627\u0628\u064a\u0628 GitLab CI \u2014 Protected Variables \u0648 Runners \u0648 Environments\">\u0627\u0642\u0631\u0623 \u0627\u0644\u0645\u0632\u064a\u062f<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26,30],"tags":[],"post_folder":[],"class_list":["post-807","post","type-post","status-publish","format-standard","hentry","category-ci-cd-security","category-gitlab-ci"],"_links":{"self":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts\/807","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/comments?post=807"}],"version-history":[{"count":0,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts\/807\/revisions"}],"wp:attachment":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/media?parent=807"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/categories?post=807"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/tags?post=807"},{"taxonomy":"post_folder","embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/post_folder?post=807"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}