How do you push to a gitlab repo using a gitlab-ci job?

Chloe Bennett picture Chloe Bennett · Jul 22, 2018 · Viewed 9.6k times · Source

I am new to GitLab CI/CD jobs, but I'm trying to set up a Python script that when pushed to GitLab, triggers the CI/CD job to run it, and call an internal function that pushes to GitLab again provided that certain criteria are met. So, for example, suppose I have the following:

def hasFileInDirectory():
    # checks if the current directory has at least 1 other file in it
    if (1 or more files exist):
        print 'Great! You have enough files!';
    else:
        print 'Oh no! You need more files! Let me create one!';
        createFile('missingFile'+str(random.randint(0,1000000)+'.txt');
        os.system('git add -A');
        os.system('git commit -m "Automatically added new file..."');
        os.system('git push origin HEAD:master --force');

This function seems to run perfectly fine if I run it myself from the command line, however, it seems to not be able to run in the GitLab CI/CD job. The output I am getting is:

remote: You are not allowed to upload code.
fatal: unable to access 'https://gitlab-ci-token:[email protected]/path_to/my_repository.git/': The requested URL returned error: 403

This error occurs when I call git push so I was wondering what I could do to fix this. I would really appreciate any help!

Answer

VonC picture VonC · Jul 22, 2018

A GitLab CI runner cannot yet push to a repo: there is a proposal in progress here.

In the meantime, you can use an SSH URL, with:

  • An SSH private key is defined as a secret variable through the Settings > CI/CD Pipelines web interface in GitLab, and
  • the public part of the SSH key is stored as a deployment key Settings > Repository > Deploy Keys section of the same web UI.

Or, as mentioned here, you can use a “personal access token” in Settings of your profile.

I created a token with scope api and configure in my pipeline.
Open the project in gitlab console, go to Settings > CI/CD > Secret variables, create a variable with value the key (generated in profile).
I replace “${CI_JOB_TOKEN}” to my variable “${VAR01}”.

With a gitlab-ci.yml

script:
   - url_host=`git remote get-url origin | sed -e "s/https:\/\/gitlab-ci-token:.*@//g"`
   - git remote set-url origin "https://gitlab-ci-token:${CI_TAG_UPLOAD_TOKEN}@${url_host}"

CI_TAG_UPLOAD_TOKEN is the Secret variable