I have a GitLab CI build script like this:
create release:
stage: deploy
tags:
- basic
only:
- tags
script:
- GITLOG=$(echo "# Changes Log"; git log `git tag | tail -2 | head -1`..${CI_BUILD_TAG} --pretty=format:" - %s")
- curl -X POST -d "private_token=$CI_BUILD_TOKEN&description=$GITLOG" "http://git.example.com/api/v3/projects/${CI_PROJECT_ID}/repository/tags/${CI_BUILD_TAG}/release"
The purpose of this step is to automatically add a Changes Log from Git in the GitLab Releases section.
That works if I manually run this on the command line and put in the variables…
The problem is that the value of CI_BUILD_TOKEN
in the build runner isn't a valid GitLab Private Token – it's only a token to connect to the Docker Registry – as per the documentation.
Is there a way to get a valid GitLab API token that the build runner can use to access the API for the project it's running a build for? Seems like this should be possible.
GitLab Runner:
gitlab-runner -v
Version: 1.2.0
Git revision: 3a4fcd4
Git branch: HEAD
GO version: go1.6.2
Built: Sun, 22 May 2016 20:05:30 +0000
OS/Arch: linux/amd64
Best Answer
You can have read-only access with the API from the runner, but only if you add a header with the CI_JOB_TOKEN.
e.g.
And only when the project is public with everyone has access from the same project.
If you want access to private projects as well and/or write access, please up-vote GitLab issue #29566 and/or #41084.
As an alternative for the time being, you can create an access token on gitlab, and add it to the secret variables, under project settings/ci_cd although not really advised to do as your personal access token will be used by everyone who trigger the job.