Gitlab CI/CD env var availabel only on master

Question

If I push to master, it works perfectly, all environment variables available and I have a successful deploy to Heroku.

Problem: If I push to the dev branch, it can't see the environment variables for the deploy.

$ dpl --provider=heroku --app=$HEROKU_DEV_APP --api-key=$HEROKU_API_KEY
invalid option "--api-key="
ERROR: Job failed: exit code 1 

Environment settings:

.gitlab-ci.yml:

stages:
  - build
  - test
  - deploy

build:
  stage: build
  image: maven:3.6.3-jdk-14
  script:
    - mvn clean package
  tags:
    - docker

test:
  stage: test
  image: maven:3.6.3-jdk-14
  script:
    - mvn test
  tags:
    - docker

deploy_dev:
  stage: deploy
  image: ruby:2.3
  script:
    - apt-get update -qy
    - apt-get install -y ruby-dev
    - gem install dpl
    - dpl --provider=heroku --app=$HEROKU_DEV_APP --api-key=$HEROKU_API_KEY
  environment:
    name: prod
    url: https://.....herokuapp.com/
  only:
    - dev
  tags:
    - docker

deploy_prod:
  stage: deploy
  image: ruby:2.3
  script:
    - apt-get update -qy
    - apt-get install -y ruby-dev
    - gem install dpl
    - dpl --provider=heroku --app=$HEROKU_PROD_APP --api-key=$HEROKU_API_KEY
  environment:
    name: prod
    url: https://.....herokuapp.com/
  when: manual
  only:
    - master
  tags:
    - docker

Answer 1

This is because your Heroku api key variable is set as protected.

Protected variables are visible only by protected branches and protected tags. That is why it works for you on master but not on dev.

More information: https://gitlab.com/help/ci/variables/README#protect-a-custom-variable and https://gitlab.com/help/user/project/protected_branches.md

Your options are: either remove protected flag, or introduce another unprotected variable with another api key for your non-protected branches which would be less sensitive.