Search code examples
gitcontinuous-integrationcontinuous-deploymentsemantic-release

How to grant permission for semantic-release to push code to master

I'm using semantic-release to automatically define the next version, update package.json and push to git. However, I'm facing a problem where it stop me from direct pushing to master.

I'm using GitLab.

my release.config.js

module.exports = {
    "plugins": [
        "@semantic-release/commit-analyzer",
        "@semantic-release/release-notes-generator",
        "@semantic-release/changelog",
        "@semantic-release/npm",
        ["@semantic-release/git", {
            "assets": ["dist/**/*.{js,css}", "docs", "package.json"],
            "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
        }]
    ]
}

my gitlab-ci.yml

package-versioning:
  stage: package-versioning
  tags:
    - fe
    - xdev
  artifacts:
    expire_in: 1 day
  only:
    refs:
      - master
  dependencies:
    - install
    - build
    - test
  script:
    - npx semantic-release --tag-format 'app/v${version}'

error:

The command "git push --dry-run --no-verify https://gitlab-ci-token:[secure]@***/**.git HEAD:master" failed with the error message remote: You are not allowed to upload code.

fatal: unable to access 'https://gitlab-ci-token:[secure]@***/**.git/': The requested URL returned error: 403.

[6:02:23 PM] [semantic-release] › ✖  EGITNOPERMISSION Cannot push to the Git repository.
semantic-release cannot push the version tag to the branch next on the remote Git repository with URL https://gitlab-ci-token:[secure]@***/**.git.

But I'm actually the owner of the repo and already set push permission for master to only owner. Do i need to config any other authentication for the script to run on my behalf?

So my questions are:

1/ How to set authentication for semantic-release so that it can push to master directly on your behalf

2/ Is it a good practice to direct push to master ( even though its only for version updating). Does anyone experience this scenario and what's your solution to update version. Really Appreciate your input and thoughts.

Solution

  • 1.In GitLab you have to explicitly set the script to push to Git. For this you need to create a token and pass it to your CI via env variable.

    In example, see how we do it in our integration project via setting GIT_PUSH_TOKEN - here: https://gitlab.com/taleodor/sample-helm-cd

    and the actual ci yaml code here: https://gitlab.com/taleodor/sample-helm-cd/-/blob/master/.gitlab-ci.yml (lines 25-30).

    2.Yes, direct push on version bump is common.