I want to tag a build and when trying to push the tags I get the below error in CI
How to create a CI token and set in the build environment which can push tags to the repository.
[01:59:14]: Exit status of command 'git push origin --tags' was 128 instead of 0.
remote: You are not allowed to upload code.
fatal: unable to access 'https://gitlab-ci-token:[MASKED]@gxx.yy.zz.git/': The requested URL returned error: 403
Here are two options you can do:
Use a personal access token with write_repository permissions.
masked..gitlab-ci.yml file:script:
- git remote add https-origin https://gitlab-ci-token:${YOUR_PERSONAL_TOKEN}@gitlab.com/group/sub-group/project.git
- git tag <some tag>
- git push https-origin -o ci.skip refs/tags/<some tag>
Note the -o ci.skip to not start a new pipeline, however this depends on your scenario.
This option is definitely better if you create a bot account, so you can better control which repositories the bot account has access to, as otherwise, any maintainer or above can easily retrieve that write_repository key from looking in the settings.
If you have access to the specific runner which the build is running on via tags, you can use a Deploy Keys which saves you on using a bot account or your own personal access token.
Settings -> Repository -> Deploy Keys and pasting the public key within there (and also ticking Write access allowed).git push origin --tags command as before.GitLab are looking to improve the permission problem in the Epic:
The specific issue for write_repository using the pipeline token being: