gitlabgitlab-cigitlab-ci-runnergitlab-8

Is it possible to do a git push within a Gitlab-CI without SSH?


We want to know if it's technically possible like in GitHub, to do a git push using https protocol and not ssh and without using directly an username and password in the curl request.

I have seen people that seem to think it is possible, we weren't able to prove it.

Is there any proof or witness out there than can confirm such a feature that allow you to push using a user access token or the gitlab-ci-token within the CI?


Solution

  • I am giving my before_script.sh that can be used within any .gitlab-ci.yml

    before_script:
      - ./before_script.sh
    

    All you need is to set a protected environment variable called GL_TOKEN or GITLAB_TOKEN within your project.

    if [[ -v "GL_TOKEN" || -v "GITLAB_TOKEN" ]]; then
      if [[ "${CI_PROJECT_URL}" =~ (([^/]*/){3}) ]]; then
        mkdir -p $HOME/.config/git
        echo "${BASH_REMATCH[1]/:\/\//://gitlab-ci-token:${GL_TOKEN:-$GITLAB_TOKEN}@}" > $HOME/.config/git/credentials
        git config --global credential.helper store
      fi
    fi
    

    It doesn't require to change the default git strategy and it will work fine with non protected branch using the default gitlab-ci-token.

    On a protected branch, you can use the git push command as usual.

    We stopped using SSH keys, Vít Kotačka answers helped us understand why it was failing before.