How do you push to a gitlab repo using a gitlab-ci job?

Question

I am new to GitLab CI/CD jobs, but I\'m trying to set up a Python script that when pushed to GitLab, triggers the CI/CD job to run it, and call an internal function that pus

Answer 1

A GitLab CI runner cannot yet push to a repo: there is a proposal in progress here.

In the meantime, you can use an SSH URL, with:

• An SSH private key is defined as a secret variable through the Settings > CI/CD Pipelines web interface in GitLab, and
• the public part of the SSH key is stored as a deployment key Settings > Repository > Deploy Keys section of the same web UI.

Or, as mentioned here, you can use a “personal access token” in Settings of your profile.

I created a token with scope api and configure in my pipeline.
Open the project in gitlab console, go to Settings > CI/CD > Secret variables, create a variable with value the key (generated in profile).
I replace “${CI_JOB_TOKEN}” to my variable “${VAR01}”.

With a gitlab-ci.yml

script:
   - url_host=`git remote get-url origin | sed -e "s/https:\/\/gitlab-ci-token:.*@//g"`
   - git remote set-url origin "https://gitlab-ci-token:${CI_TAG_UPLOAD_TOKEN}@${url_host}"

CI_TAG_UPLOAD_TOKEN is the Secret variable

Answer 2

The command we ended up using was:

git tag my-new-tag
git push --repo=git@YOUR_REPO_URL:YOUR_GROUP/YOUR_PROJECT.git --tags

By default we were getting:

remote: You are not allowed to upload code.
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@YOUR_REPO_URL:YOUR_FORK/YOUR_PROJECT.git/': The requested URL returned error: 403`

The reason is because the CI runner executes git commands using the HTTPS protocol with a token that does not support push as stated by @VonC.

We have configured our runner to share a volume to the /root/.ssh directory. So using the git protocol and a proper ssh configuration we are able to push git commands using the Gitlab CI runner.

Edit

The gitlab runner is exectuded as follows (I removed useless parameters for the purpose of clarity)

docker exec -it gitlab-runner.service gitlab-runner register \
  --non-interactive \
  --name `hostname` \
  --url "some-gitlab-url" \
  ...
  --executor "docker" \
  --limit "1" \
  --docker-image "debian" \
  --docker-volumes "/var/run/docker.sock:/var/run/docker.sock" \
  --docker-volumes "/fs1/runner/builds:/builds" \
  --docker-volumes "/fs1/runner/cache:/cache" \
  --docker-volumes "/fs1/runner/profile:/root" \

So the /root directory is shared across all our runners. Therefore once configured properly with /root/.ssh/ proper keys and those keys have the right to push to gitlab, it will work as described above.