1

I'm trying to do change in a file during a job in a pipeline i'm developing and then commit that change to the master branch of the same project, but I'm having a hard time making it work.

Here's the job:

maven_next_release:
  stage: next-version
  dependencies:
    - maven_test
  before_script:
    - apt update && apt-get install git perl-base -yrelease-demo.git
    - git config --global user.email "${GITLAB_USER_EMAIL}"
    - git config --global user.name "${GITLAB_USER_NAME}"
    - git fetch
    - git checkout master
  script:
    - cat VERSION
    - perl -i -pe 's/\d+\.\d+\.\K(\d+)/ $1+1 /e' VERSION
    - echo $(cat VERSION)-SNAPSHOT > VERSION
    - cat VERSION
    - git add VERSION
    - git commit -m "[skip ci]New version $(cat VERSION)"
    - git push https://${GIT_USERNAME}:${GIT_PASSWORD}@gitlab.com/myproject/release-demo.git
  only:
    - tags
  except:
- branches

So, everything seems to work except for the push command. Here's the log:

$ git push https://${GIT_USERNAME}:${GIT_PASSWORD}@gitlab.com/myproject/release-demo.git
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'https://gitlab.com/myproject/release-demo.git/'

I'm really not sure what to do, I read about settting a SSH Key so I don't have to pass user and password, but I'm not sure how to generate a SSH key for the runner.

Sage Harpuia
  • 348
  • 2
  • 13

3 Answers3

3

GitLab CI (unlike GitHub Actions) does not automatically authorize you to push code on check out.

To achieve what you want you need to generate Git Push Token and pass it in secrets to your pipeline.

For a sample - you can refer to my sample helm cd project here - https://gitlab.com/taleodor/sample-helm-cd/

Particularly, search for "GIT_PUSH_TOKEN" in the documentation and then the actual git commit part is in https://gitlab.com/taleodor/sample-helm-cd/-/blob/master/.gitlab-ci.yml in ".git-script" block.

taleodor
  • 1,849
  • 1
  • 13
  • 15
1

So i resolved my issue:

First at all, I previously created two environment variables in my ci/cd, GIT_USER and GIT_PASSWORD, I had them as protected variables, so I had to de-select that and just mark them as masked.

Secondly I modified my job like this:

maven_next_release:
  stage: next-version
  dependencies:
    - maven_test
  before_script:
    - apt update && apt-get install git perl-base -y
    - git clone http://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/myteam/release-demo.git &> /dev/null
    - cd release-demo
    - git config --global user.email "${GITLAB_USER_EMAIL}"
    - git config --global user.name "${GITLAB_USER_NAME}"
  script:
    - cat VERSION
    - perl -i -pe 's/\d+\.\d+\.\K(\d+)/ $1+1 /e' VERSION
    - echo $(cat VERSION)-SNAPSHOT > VERSION
    - cat VERSION
    - git add VERSION
    - git commit -m "[skip ci]Version $(cat VERSION)"
    - git push "https://${GIT_USERNAME}:${GIT_PASSWORD}@${CI_REPOSITORY_URL#*@}" HEAD:master
  only:
    - tags
  except:
    - branches

and with that, my pipeline finally worked and can push changes to master branch.

Uwe Keim
  • 39,551
  • 56
  • 175
  • 291
Sage Harpuia
  • 348
  • 2
  • 13
0

Instead using https you can using ssh_key. You can add ssh_key inside container in shared runner or private runner gitlabci.

Okutasan
  • 36
  • 4