Hideable project level environment variables


We have a project, that would need a project level environment variable only available in some builds.

The problem is if anyone creates a PR for the project and inserts echo $MY_SECRET_VARIABLE they can get the value.

It should be solved with a project-level environment variable with conditions.

Conditions can be:

  • If it is not a PR then it would not be added.
  • If pr has no ‘trusted’ label then do not add it.
  • or the best would be: Run a command (that is problably not in the same repository, or it can be uploaded) that returns if the variable should be set. (e.g. curl request with a pipe returning 1 or empty string)