Prev Next

Maven / GitLab CI Basics Interview Questions

What are protected branches and protected variables in GitLab CI?

Protected branches and protected variables are security features that control who can push to critical branches and which jobs can access sensitive CI/CD variables.

# Protected variables are set in:
# Settings > CI/CD > Variables > Add variable
# Tick "Protected variable" checkbox

# A protected variable is ONLY available in jobs running on:
# 1. Protected branches (e.g. main, production)
# 2. Protected tags

# Example: PROD_API_KEY is protected:
deploy-production:
  stage: deploy
  script:
    - echo "Using: $PROD_API_KEY"    # only available because main is protected
  rules:
    - if: $CI_COMMIT_BRANCH == "main"  # main is a protected branch

# feature branches (unprotected) CANNOT access $PROD_API_KEY:
test-on-feature:
  script:
    - echo "$PROD_API_KEY"   # will be empty - variable not available here
  rules:
    - if: $CI_COMMIT_BRANCH =~ /^feature/

# Protected branches in GitLab:
# Settings > Repository > Protected branches
# Can restrict push access to Maintainers, Developers, No one
# Can require merge request approval before merging
# Can require status checks (pipeline must pass)

Protected branch settings
SettingControls
Allowed to mergeMinimum role required to merge into this branch
Allowed to push and mergeMinimum role required to push directly (bypass MR)
Allowed to force pushWhether force push is allowed (usually disabled)
Code owner approvalWhether CODEOWNERS must approve changes

Security design: this combination means developers on feature branches cannot access production secrets even if they have access to the project. Only pipelines running on protected branches (typically main or release tags) can use protected variables like production API keys.

A CI variable is marked as 'Protected'. In which job will it be available?
What is the security benefit of combining protected branches with protected variables?

Invest now in Acorns!!! 🚀 Join Acorns and get your $5 bonus!
Acorns Logo

Invest now in Acorns!!! 🚀
Join Acorns and get your $5 bonus!

Earn passively and while sleeping

Acorns is a micro-investing app that automatically invests your "spare change" from daily purchases into diversified, expert-built portfolios of ETFs. It is designed for beginners, allowing you to start investing with as little as $5. The service automates saving and investing. Disclosure: I may receive a referral bonus.

Robinhood Logo

Invest now!!! Get Free equity stock (US, UK only)!

Use Robinhood app to invest in stocks. It is safe and secure. Use the Referral link to claim your free stock when you sign up!.

The Robinhood app makes it easy to trade stocks, crypto and more.


Webull Logo

Webull! Receive free stock by signing up using the link: Webull signup.

More Related questions...

What is GitLab CI/CD and what problem does it solve? What is the.gitlab-ci.yml file and where must it be placed? What is a GitLab CI/CD pipeline? What are stages in GitLab CI/CD and how do you define them? What is a CI/CD job in GitLab and what are the required keywords? What is a GitLab Runner and what types are available? What is the 'script', 'before_script', and 'after_script' keywords and how do they differ? How do you use the 'image' keyword to specify a Docker environment for a job? What are GitLab CI/CD artifacts and how do you use them? What is the difference between cache and artifacts in GitLab CI? What are GitLab CI/CD variables and what types are available? What are the most important predefined CI/CD variables in GitLab? What are 'rules' in GitLab CI/CD and how do they control when jobs run? What is the difference between 'only/except' and 'rules' in GitLab CI? What is the 'needs' keyword in GitLab CI/CD and what problem does it solve? What is the 'workflow' keyword in GitLab CI and how does it control pipeline creation? What is the 'extends' keyword and how does it enable job templates? What is the 'include' keyword and how do you share CI configuration across projects? What are GitLab environments and how do you define them in CI/CD? What are manual jobs in GitLab CI/CD and how do you configure them? What is the 'allow_failure' keyword and how does it affect pipeline status? How does parallel job execution work in GitLab CI/CD? What are GitLab CI/CD scheduled pipelines and how do you set them up? What are pipeline triggers and how can a pipeline be started without a git push? What is the 'retry' keyword and how do you handle flaky tests in GitLab CI? What is the 'timeout' keyword in GitLab CI and what are the defaults? What is the GitLab Container Registry and how do you use it in CI/CD pipelines? What are 'services' in GitLab CI/CD and how do you use them? What is the 'default' keyword in GitLab CI and how does it reduce duplication? What are YAML anchors and aliases in GitLab CI and how do they reduce duplication? What is a merge request pipeline in GitLab CI and how does it differ from a branch pipeline? What is pipeline caching and how do you configure cache keys? What is the GitLab CI Lint tool and how do you validate a.gitlab-ci.yml file? What are GitLab CI/CD components and how do they differ from includes? What are parent-child pipelines in GitLab CI/CD? What is the 'resource_group' keyword and how does it prevent concurrent deployments? What are GitLab's built-in security scanning templates and how do you enable them? What is the 'GIT_STRATEGY' variable in GitLab CI and what are the options? What are protected branches and protected variables in GitLab CI? What are common reasons a GitLab CI pipeline fails and how do you troubleshoot them?
Show more question and Answers...

Testing

Comments & Discussions