Use GitLab API from a GitLabCI build script

Question

I have a GitLab CI build script like this:

create release:
  stage: deploy
  tags:
    - basic
  only:
    - tags
  script:
    - GITLOG=$(echo "# Changes Log"; git log `git tag | tail -2 | head -1`..${CI_BUILD_TAG} --pretty=format:" - %s")
    - curl -X POST -d "private_token=$CI_BUILD_TOKEN&description=$GITLOG" "http://git.example.com/api/v3/projects/${CI_PROJECT_ID}/repository/tags/${CI_BUILD_TAG}/release"

The purpose of this step is to automatically add a Changes Log from Git in the GitLab Releases section.

That works if I manually run this on the command line and put in the variables...

The problem is that the value of CI_BUILD_TOKEN in the build runner isn't a valid GitLab Private Token - it's only a token to connect to the Docker Registry - as per the documentation.

Is there a way to get a valid GitLab API token that the build runner can use to access the API for the project it's running a build for? Seems like this should be possible.

GitLab Runner:

gitlab-runner -v
Version:      1.2.0
Git revision: 3a4fcd4
Git branch:   HEAD
GO version:   go1.6.2
Built:        Sun, 22 May 2016 20:05:30 +0000
OS/Arch:      linux/amd64

Answer 1

You can have read-only access with the API from the runner, but only if you add a header with the CI_JOB_TOKEN.

e.g.

curl -H "JOB_TOKEN: $CI_JOB_TOKEN" "https://gitlab.com/api/v4/projects/2828837/repository/tags

And only when the project is public with everyone has access from the same project.

If you want access to private projects as well and/or write access, please up-vote GitLab issue #29566 and/or #41084.

As an alternative for the time being, you can create an access token on gitlab, and add it to the secret variables, under project settings/ci_cd although not really advised to do as your personal access token will be used by everyone who trigger the job.

Answer 2

Did you try to use the Secret Variables? You can define in the settings and then use in your build script.