6

GitLab now has nice feature called "Releases". You can define "release" as combination of "tag + some description + some URLs" and it will be shown on "Releases" and "Tags" pages of your project. GitLab doc says:

we recommend doing this as one of the last steps in your CI/CD release pipeline

But, wait! CI/CD job by default has no access to API calls or write to git repository. We can configure "deploy token" or "deploy key" for access to repository and use them (via "secret variables") in build scripts. But neither "deploy token", nor "deploy key" give access to API.

So, we can't create release from CI/CD job using its environment variables, we can't use deploy tokens, we can't use deploy keys. So, what exactly GitLab suggests us to do when it says: "we recommend doing this as one of the last steps in your CI/CD release pipeline" ?

Ezh
  • 579
  • 1
  • 7
  • 26

2 Answers2

5

This previous question highlighted the same issue, pointing out you need to access in your CI/CD release pipeline to (from doc)

  • either OAuth2 tokens
  • Personal access tokens
  • Session cookie

This is not limited to release.
As seen in gitlab-ce issue 61108: "Allow tags to be managed with CI_JOB_TOKEN"

However, it turns out that tags cannot be removed by simply using the CI_JOB_TOKEN.
Instead I would need to have create an access token and pass this as CI variable to be able to call this API from within the CI jobs.

Other examples:

However, it turns out the call to this REST API does not work with the JOB_TOKEN header but only with the PRIVATE_TOKEN.
Is this limitation intended?

I don't want to maintain extra Private tokens just for manipulating the assets of the release.

That means for now (June 2019), maintaining an extra Private token, and passing it as CI variable might be the only available workaround, pending those issues to be resolved.
That would use, I supposed, a masked variable (GitLab 11.0+)

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • So the answer is "there is no answer" (extra private token is bad solution for many reasons). – Ezh Jun 19 '19 at 17:46
  • @Ezh Yes, for now there is no direct way to use the GitLab Releases API from a CI/CD release pipeline. – VonC Jun 19 '19 at 19:48
1

2019, I commented:

for now there is no direct way to use the GitLab Releases API from a CI/CD release pipeline.

Update 2022:

See GitLab 15.5 (October 2022)

Update a release using the Release CLI

In this milestone we added the ability to update a release using the Release CLI. You can use this to automate releases by updating any of the release attributes directly from the .gitlab-ci.yml file, and leveraging the CI/CD pipeline to do so.

See Documentation and Issue.

So it is now possible.

Plus (still GitLab 15.5 (October 2022))

Access release description from tag in CI/CD pipeline variable

In past releases, there was no easy way to configure a pipeline that refers to a release or to release notes associated with a tag.

Now, you can refer to this information using two predefined environment variables: $CI_COMMIT_TAG_MESSAGE and $CI_RELEASE_DESCRIPTION.

See Documentation and Issue.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250