Menu
I'm writing GitLab CI/CD pipeline script in .gitlab-ci.yml I want to check if a specific file changed in another repo and if so I would like to copy the file, commit and push to the current repo. everything works until I get to the 'git push' part
I tried several ways to fixed it:
stages:
- build
build:
stage: build
script:
- echo "Building"
- git checkout -b try
- git remote add -f b https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.{otherRepo}.git
- git remote update
- CHANGED=$(git diff try:mobile_map.conf b/master:mobile_map.conf)
- if [ -n "${CHANGED}" ]; then
echo 'changed';
FILE=$(git show b/master:mobile_map.conf > mobile_map.conf);
git add mobile_map.conf;
git commit -m "updating conf file";
git push;
else
echo 'not changed';
fi
- git remote rm bfor this code I get :
fatal: unable to access 'https://gitlab-ci-token:[MASKED]@gitlab.{curr_repo}.git/': The requested URL returned error: 403also I tried to add this line in the beginning :
git remote set-url origin 'https://{MY_USER_NAME}:"\"${PASSWORD}\""@gitlab.{curr_repo}.git'and I get this error message:
fatal: Authentication failed for 'https://{MY_USER_NAME}:"\"${PASSWORD}\""@{curr_repo}.git/'also I added:
please help me, Thanks
483
It might be a security vulnerability The code in your most recent commit could be vulnerable, or a dependency could be at risk, either of which would trigger a failed security test and thus a failed pipeline.
GitLab CI uses a YAML file ( . gitlab-ci. yml ) for project configuration. This file is placed in the root of the repository and defines the project's Pipelines, Jobs, and Environments. The YAML file defines a set of jobs with constraints for when they should be run.
Job-tokens only have read-permission to your repository.
A unique job token is generated for each job and provides the user read access all projects that would be normally accessible to the user creating that job. The unique job token does not have any write permissions, but there is a proposal to add support.
You can't use deploy-tokens because they can't have write-access to a repository (possible tokens). You could use a project-access-token with read-write-access to your repository.
Then you can use your project-access-token as an environment variable in the url.
git push "https://gitlab-ci-token:$PROJECT_ACCESS_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git"
At least that's how we use it in our pipelines. I hope this helps you further.
50
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
