We have a GitLab CI Pipeline that is responsible for the release process.
Here is the pipeline for the release stage:
release:
before_script:
- |
git config --global user.email $GIT_USER_EMAIL
git config --global user.name $GIT_USERNAME
npm install -g standard-version
stage: release
image: node:14.15
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_COMMIT_BRANCH == 'develop'
script:
- nextVersion=`npm run release -- --dry-run | grep -oP '(?<=tagging release ).*'`
- standard-version
- git push --follow-tags origin HEAD:$CI_COMMIT_BRANCH
Up until the standard-version line it's working fine, but in the last command I am getting the following error:
remote: You are not allowed to upload code.
fatal: unable to access 'https://gitlab-ci-token:[MASKED]@gitlab.com/project_name/repo_name.git/': The requested URL returned error: 403
Can anyone please help me to solve this issue?
I had a problem similar to yours, with a pipeline that commits to another repo. Not on gitlab.com, but on a private GitLab instance. The push command below works here.
git push -f https://myusername:$ACCESS_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git HEAD:${CI_COMMIT_REF_NAME}
What matters for access control is the token. Any non-empty string should work as username [1]. The access token on the instance I use has write-repository scope.
There is also a CI-variable [2] in the project that contains the token. The variable brings the token into the environment where the git push command runs.
The idea comes from this pipeline example:
https://gitlab.com/guided-explorations/gitlab-ci-yml-tips-tricks-and-hacks/commit-to-repos-during-ci/commit-to-repos-during-ci/-/blob/master/.gitlab-ci.yml
References:
[1] https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html
[2] https://docs.gitlab.com/ee/ci/variables/#add-a-cicd-variable-to-a-project