Allow users to seed the initial runner registration token using an environment variable

app/models/concerns/token_authenticatable.rb

@@ -39,6 +39,10 @@ module TokenAuthenticatable
         current_token.blank? ? write_new_token(token_field) : current_token
       end
 
+      define_method("set_#{token_field}") do |token|
+        write_attribute(token_field, token) if token
+      end
+
       define_method("ensure_#{token_field}!") do
         send("reset_#{token_field}!") if read_attribute(token_field).blank?
         read_attribute(token_field)

db/fixtures/production/010_settings.rb

+if ENV['GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN'].present?
+  settings = ApplicationSetting.current || ApplicationSetting.create_from_defaults
+  settings.set_runners_registration_token(ENV['GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN'])
+
+  if settings.save
+    puts "Saved Runner Registration Token".color(:green)
+  else
+    puts "Could not save Runner Registration Token".color(:red)
+    puts
+    settings.errors.full_messages.map do |message|
+      puts "--> #{message}".color(:red)
+    end
+    puts
+    exit 1
+  end
+end

doc/administration/environment_variables.md

@@ -13,17 +13,18 @@ override certain values.
 
 Variable | Type | Description
 -------- | ---- | -----------
-`GITLAB_ROOT_PASSWORD`        | string  | Sets the password for the `root` user on installation
-`GITLAB_HOST`                 | string  | The full URL of the GitLab server (including `http://` or `https://`)
-`RAILS_ENV`                   | string  | The Rails environment; can be one of `production`, `development`, `staging` or `test`
-`DATABASE_URL`                | string  | The database URL; is of the form: `postgresql://localhost/blog_development`
-`GITLAB_EMAIL_FROM`           | string  | The e-mail address used in the "From" field in e-mails sent by GitLab
-`GITLAB_EMAIL_DISPLAY_NAME`   | string  | The name used in the "From" field in e-mails sent by GitLab
-`GITLAB_EMAIL_REPLY_TO`       | string  | The e-mail address used in the "Reply-To" field in e-mails sent by GitLab
-`GITLAB_EMAIL_REPLY_TO`       | string  | The e-mail address used in the "Reply-To" field in e-mails sent by GitLab
-`GITLAB_EMAIL_SUBJECT_SUFFIX` | string  | The e-mail subject suffix used in e-mails sent by GitLab
-`GITLAB_UNICORN_MEMORY_MIN`   | integer | The minimum memory threshold (in bytes) for the Unicorn worker killer
-`GITLAB_UNICORN_MEMORY_MAX`   | integer | The maximum memory threshold (in bytes) for the Unicorn worker killer
+`GITLAB_ROOT_PASSWORD`                     | string  | Sets the password for the `root` user on installation
+`GITLAB_HOST`                              | string  | The full URL of the GitLab server (including `http://` or `https://`)
+`RAILS_ENV`                                | string  | The Rails environment; can be one of `production`, `development`, `staging` or `test`
+`DATABASE_URL`                             | string  | The database URL; is of the form: `postgresql://localhost/blog_development`
+`GITLAB_EMAIL_FROM`                        | string  | The e-mail address used in the "From" field in e-mails sent by GitLab
+`GITLAB_EMAIL_DISPLAY_NAME`                | string  | The name used in the "From" field in e-mails sent by GitLab
+`GITLAB_EMAIL_REPLY_TO`                    | string  | The e-mail address used in the "Reply-To" field in e-mails sent by GitLab
+`GITLAB_EMAIL_REPLY_TO`                    | string  | The e-mail address used in the "Reply-To" field in e-mails sent by GitLab
+`GITLAB_EMAIL_SUBJECT_SUFFIX`              | string  | The e-mail subject suffix used in e-mails sent by GitLab
+`GITLAB_UNICORN_MEMORY_MIN`                | integer | The minimum memory threshold (in bytes) for the Unicorn worker killer
+`GITLAB_UNICORN_MEMORY_MAX`                | integer | The maximum memory threshold (in bytes) for the Unicorn worker killer
+`GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN` | string  | Sets the initial registration token used for GitLab Runners
 
 ## Complete database variables
 

spec/db/production/settings.rb

+require 'spec_helper'
+require 'rainbow/ext/string'
+
+describe 'seed production settings', lib: true do
+  context 'GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN is set in the environment' do
+    before do
+      allow(ENV).to receive(:[]).and_call_original
+      allow(ENV).to receive(:[]).with('GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN').and_return('013456789')
+    end
+
+    it 'writes the token to the database' do
+      load(File.join(__dir__, '../../../db/fixtures/production/010_settings.rb'))
+      expect(ApplicationSetting.current.runners_registration_token).to eq('013456789')
+    end
+  end
+end

spec/models/concerns/token_authenticatable_spec.rb

@@ -6,6 +6,7 @@ shared_examples 'TokenAuthenticatable' do
     it { expect(described_class).to be_private_method_defined(:write_new_token) }
     it { expect(described_class).to respond_to("find_by_#{token_field}") }
     it { is_expected.to respond_to("ensure_#{token_field}") }
+    it { is_expected.to respond_to("set_#{token_field}") }
     it { is_expected.to respond_to("reset_#{token_field}!") }
   end
 end
@@ -55,6 +56,12 @@ describe ApplicationSetting, 'TokenAuthenticatable' do
     end
   end
 
+  describe 'setting new token' do
+    subject { described_class.new.send("set_#{token_field}", '0123456789') }
+
+    it { is_expected.to eq '0123456789' }
+  end
+
   describe 'multiple token fields' do
     before do
       described_class.send(:add_authentication_token_field, :yet_another_token)