
How to grant permission for semantic-release to push code to master

I'm using semantic-release to automatically define the next version, update package.json and push to git. However, I'm facing a problem where it stop me from direct pushing to master.

I'm using GitLab.

my release.config.js

module.exports = {
    "plugins": [
        ["@semantic-release/git", {
            "assets": ["dist/**/*.{js,css}", "docs", "package.json"],
            "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"

my gitlab-ci.yml

  stage: package-versioning
    - fe
    - xdev
    expire_in: 1 day
      - master
    - install
    - build
    - test
    - npx semantic-release --tag-format 'app/v${version}'


The command "git push --dry-run --no-verify https://gitlab-ci-token:[secure]@***/**.git HEAD:master" failed with the error message remote: You are not allowed to upload code.

fatal: unable to access 'https://gitlab-ci-token:[secure]@***/**.git/': The requested URL returned error: 403.

[6:02:23 PM] [semantic-release] › ✖  EGITNOPERMISSION Cannot push to the Git repository.
semantic-release cannot push the version tag to the branch next on the remote Git repository with URL https://gitlab-ci-token:[secure]@***/**.git.

But I'm actually the owner of the repo and already set push permission for master to only owner. Do i need to config any other authentication for the script to run on my behalf?

So my questions are:

1/ How to set authentication for semantic-release so that it can push to master directly on your behalf

2/ Is it a good practice to direct push to master ( even though its only for version updating). Does anyone experience this scenario and what's your solution to update version. Really Appreciate your input and thoughts.


  • 1.In GitLab you have to explicitly set the script to push to Git. For this you need to create a token and pass it to your CI via env variable.

    In example, see how we do it in our integration project via setting GIT_PUSH_TOKEN - here:

    and the actual ci yaml code here: (lines 25-30).

    2.Yes, direct push on version bump is common.