Cannot push from gitlab-ci.yml

Question

With my colleagues, we work on a C++ library that becomes more and more important each day. We already built continuous integration utilities through the gitlab-ci.yml file that let us:

• Build & Test in Debug mode
• Build & Test in Release mode
• Perform safety checks like memory leaks using Valgrind and checking if there is any clear symbol in our library we don't want inside it
• Generate documentation

All kind of stuff that made us choose GitLab !

We would like to profile our whole library and push the benchmarks in a separate project. We have already done something like for out documentation using the SSH key method but we would like to avoid this this time.

We tried a script like this:

test_ci_push:   tags:     - linux     - shell     - light   stage: profiling   allow_failure: false   only:     - new-benchmark-stage   script:     - git clone http://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.mycompany.home/developers/benchmarks.git &> /dev/null     - cd benchmarks     - touch test.dat     - echo "This is a test" > test.dat     - git config --global user.name "${GITLAB_USER_NAME}"     - git config --global user.email "${GITLAB_USER_EMAIL}"     - git add --all     - git commit -m "GitLab Runner Push"     - git push http://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.mycompany.home/developers/benchmarks.git HEAD:master     - cd .. 

We also tried a basic git push origin master to push our updated files but each time we got the same answer:

remote: You are not allowed to upload code for this project. fatal: unable to access 'http://gitlab-ci-token:[email protected]/developers/benchmarks.git/': The requested URL returned error: 403 

Both projects are under the same site and I have the rights to push in both. Where am I doing anything wrong here ?

Answer 1

The gitlab ci token is more like the deploy key in github.com, so it only has read access to the repository. To actually push you will need to generate a personal access token and use that instead.

First you need to generate the token as shown here in the gitlab documentation. Make sure you check both the read user and api scopes. Also this only works in GitLab 8.15 and above. If you are using an older version and do not wish to upgrade there's an alternative method I could show you but it is more complex and less secure.

In the end your gitlab-ci.yml should look something like this:

test_ci_push:   tags:     - linux     - shell     - light   stage: profiling   allow_failure: false   only:     - new-benchmark-stage   script:     - git clone http://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.mycompany.home/developers/benchmarks.git &> /dev/null     - cd benchmarks     - echo "This is a test" > test.dat     - git config --global user.name "${GITLAB_USER_NAME}"     - git config --global user.email "${GITLAB_USER_EMAIL}"     - git add --all     - git commit -m "GitLab Runner Push"     - git push http://${YOUR_USERNAME}:${PERSONAL_ACCESS_TOKEN}@gitlab.mycompany.home/developers/benchmarks.git HEAD:master     - cd ..