Clone another GitLab repository in GitLab CI script
I've seen this: `git clone project2` in gitlab-ci.yml? as well as a bunch of similar posts with similar answers implying that one should use Git submodules.
Without getting into arguments about whether submodules in Git work well, in my case, that just isn't an option at all (what other project to check out depends on the arguments passed to the trigger of the job, or, at least, it should).
Another requirement is that I need to be able to track the user who started the chain of triggers. I.e. hard-coding my personal token, or just any token will not do it: I need GitLab to use the permissions of the user who executed the job in order to clone other repositories.
Short of giving up GitLab and looking for a mature CI alternative, is there any way to get this done?
gitlab
asked Nov 20 '18 at 10:42
wvxvwwvxvw
95111122
add a comment |
I've seen this: `git clone project2` in gitlab-ci.yml? as well as a bunch of similar posts with similar answers implying that one should use Git submodules.
Without getting into arguments about whether submodules in Git work well, in my case, that just isn't an option at all (what other project to check out depends on the arguments passed to the trigger of the job, or, at least, it should).
Another requirement is that I need to be able to track the user who started the chain of triggers. I.e. hard-coding my personal token, or just any token will not do it: I need GitLab to use the permissions of the user who executed the job in order to clone other repositories.
Short of giving up GitLab and looking for a mature CI alternative, is there any way to get this done?
gitlab
asked Nov 20 '18 at 10:42
wvxvwwvxvw
95111122
add a comment |
I've seen this: `git clone project2` in gitlab-ci.yml? as well as a bunch of similar posts with similar answers implying that one should use Git submodules.
Without getting into arguments about whether submodules in Git work well, in my case, that just isn't an option at all (what other project to check out depends on the arguments passed to the trigger of the job, or, at least, it should).
Another requirement is that I need to be able to track the user who started the chain of triggers. I.e. hard-coding my personal token, or just any token will not do it: I need GitLab to use the permissions of the user who executed the job in order to clone other repositories.
Short of giving up GitLab and looking for a mature CI alternative, is there any way to get this done?
gitlab
asked Nov 20 '18 at 10:42
wvxvwwvxvw
95111122
I've seen this: `git clone project2` in gitlab-ci.yml? as well as a bunch of similar posts with similar answers implying that one should use Git submodules.
Without getting into arguments about whether submodules in Git work well, in my case, that just isn't an option at all (what other project to check out depends on the arguments passed to the trigger of the job, or, at least, it should).
Another requirement is that I need to be able to track the user who started the chain of triggers. I.e. hard-coding my personal token, or just any token will not do it: I need GitLab to use the permissions of the user who executed the job in order to clone other repositories.
Short of giving up GitLab and looking for a mature CI alternative, is there any way to get this done?
gitlab
gitlab
asked Nov 20 '18 at 10:42
wvxvwwvxvw
95111122
asked Nov 20 '18 at 10:42
wvxvwwvxvw
95111122
asked Nov 20 '18 at 10:42
wvxvwwvxvw
95111122
asked Nov 20 '18 at 10:42
wvxvwwvxvw
95111122
asked Nov 20 '18 at 10:42
wvxvwwvxvw
95111122
95111122
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
This should be possible using the gitlab-ci-token variable as documented here:
git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/myuser/mydependentrepo
This issue discusses the permissions of the gitlab-ci-token, and in the proposal also mentions:
- We will authorize access to the resource by getting from Ci::Build information about a person who run this build, it could be: pusher of
git push, person who did retry a build, person who did merge a changes
answered Nov 20 '18 at 14:41
RekovniRekovni
1,1471429
This almost gets me there, but I also need to have push permissions on other repositories (so, read-only won't be enough). A typical scenario: user submitted pull request, it was staged, tested, and now it needs to be rebased on master, but the master isn't in the repository against which the user submitted their PR.
– wvxvw
Nov 20 '18 at 16:38
@wvxvw didn't realise about the push permissions. This sounds like it's getting out of scope for what GitLab CI is capable of without as you said, personal tokens. Are you sure you couldn't do this the other way around? Instead of cloning said repository, trigger the repository from the one you want to clone, and so you can handle rebasing from that repository? Although this suggestion is a stab in the dark as I don't know your full requirements.
– Rekovni
Nov 20 '18 at 16:55
Nah, not really. The repository has at least these two projects (in reality there's more), which work as a client and server, and they need to be compiled (and updated) together, otherwise they won't work, but developers can contribute to either one of them.
– wvxvw
Nov 20 '18 at 18:49
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53391229%2fclone-another-gitlab-repository-in-gitlab-ci-script%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
This should be possible using the gitlab-ci-token variable as documented here:
git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/myuser/mydependentrepo
This issue discusses the permissions of the gitlab-ci-token, and in the proposal also mentions:
- We will authorize access to the resource by getting from Ci::Build information about a person who run this build, it could be: pusher of
git push, person who did retry a build, person who did merge a changes
answered Nov 20 '18 at 14:41
RekovniRekovni
1,1471429
This almost gets me there, but I also need to have push permissions on other repositories (so, read-only won't be enough). A typical scenario: user submitted pull request, it was staged, tested, and now it needs to be rebased on master, but the master isn't in the repository against which the user submitted their PR.
– wvxvw
Nov 20 '18 at 16:38
@wvxvw didn't realise about the push permissions. This sounds like it's getting out of scope for what GitLab CI is capable of without as you said, personal tokens. Are you sure you couldn't do this the other way around? Instead of cloning said repository, trigger the repository from the one you want to clone, and so you can handle rebasing from that repository? Although this suggestion is a stab in the dark as I don't know your full requirements.
– Rekovni
Nov 20 '18 at 16:55
Nah, not really. The repository has at least these two projects (in reality there's more), which work as a client and server, and they need to be compiled (and updated) together, otherwise they won't work, but developers can contribute to either one of them.
– wvxvw
Nov 20 '18 at 18:49
add a comment |
This should be possible using the gitlab-ci-token variable as documented here:
git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/myuser/mydependentrepo
This issue discusses the permissions of the gitlab-ci-token, and in the proposal also mentions:
- We will authorize access to the resource by getting from Ci::Build information about a person who run this build, it could be: pusher of
git push, person who did retry a build, person who did merge a changes
answered Nov 20 '18 at 14:41
RekovniRekovni
1,1471429
This almost gets me there, but I also need to have push permissions on other repositories (so, read-only won't be enough). A typical scenario: user submitted pull request, it was staged, tested, and now it needs to be rebased on master, but the master isn't in the repository against which the user submitted their PR.
– wvxvw
Nov 20 '18 at 16:38
@wvxvw didn't realise about the push permissions. This sounds like it's getting out of scope for what GitLab CI is capable of without as you said, personal tokens. Are you sure you couldn't do this the other way around? Instead of cloning said repository, trigger the repository from the one you want to clone, and so you can handle rebasing from that repository? Although this suggestion is a stab in the dark as I don't know your full requirements.
– Rekovni
Nov 20 '18 at 16:55
Nah, not really. The repository has at least these two projects (in reality there's more), which work as a client and server, and they need to be compiled (and updated) together, otherwise they won't work, but developers can contribute to either one of them.
– wvxvw
Nov 20 '18 at 18:49
add a comment |
This should be possible using the gitlab-ci-token variable as documented here:
git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/myuser/mydependentrepo
This issue discusses the permissions of the gitlab-ci-token, and in the proposal also mentions:
- We will authorize access to the resource by getting from Ci::Build information about a person who run this build, it could be: pusher of
git push, person who did retry a build, person who did merge a changes
answered Nov 20 '18 at 14:41
RekovniRekovni
1,1471429
This should be possible using the gitlab-ci-token variable as documented here:
git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/myuser/mydependentrepo
This issue discusses the permissions of the gitlab-ci-token, and in the proposal also mentions:
- We will authorize access to the resource by getting from Ci::Build information about a person who run this build, it could be: pusher of
git push, person who did retry a build, person who did merge a changes
answered Nov 20 '18 at 14:41
RekovniRekovni
1,1471429
answered Nov 20 '18 at 14:41
RekovniRekovni
1,1471429
answered Nov 20 '18 at 14:41
RekovniRekovni
1,1471429
answered Nov 20 '18 at 14:41
RekovniRekovni
1,1471429
1,1471429
This almost gets me there, but I also need to have push permissions on other repositories (so, read-only won't be enough). A typical scenario: user submitted pull request, it was staged, tested, and now it needs to be rebased on master, but the master isn't in the repository against which the user submitted their PR.
– wvxvw
Nov 20 '18 at 16:38
@wvxvw didn't realise about the push permissions. This sounds like it's getting out of scope for what GitLab CI is capable of without as you said, personal tokens. Are you sure you couldn't do this the other way around? Instead of cloning said repository, trigger the repository from the one you want to clone, and so you can handle rebasing from that repository? Although this suggestion is a stab in the dark as I don't know your full requirements.
– Rekovni
Nov 20 '18 at 16:55
Nah, not really. The repository has at least these two projects (in reality there's more), which work as a client and server, and they need to be compiled (and updated) together, otherwise they won't work, but developers can contribute to either one of them.
– wvxvw
Nov 20 '18 at 18:49
add a comment |
This almost gets me there, but I also need to have push permissions on other repositories (so, read-only won't be enough). A typical scenario: user submitted pull request, it was staged, tested, and now it needs to be rebased on master, but the master isn't in the repository against which the user submitted their PR.
– wvxvw
Nov 20 '18 at 16:38
@wvxvw didn't realise about the push permissions. This sounds like it's getting out of scope for what GitLab CI is capable of without as you said, personal tokens. Are you sure you couldn't do this the other way around? Instead of cloning said repository, trigger the repository from the one you want to clone, and so you can handle rebasing from that repository? Although this suggestion is a stab in the dark as I don't know your full requirements.
– Rekovni
Nov 20 '18 at 16:55
Nah, not really. The repository has at least these two projects (in reality there's more), which work as a client and server, and they need to be compiled (and updated) together, otherwise they won't work, but developers can contribute to either one of them.
– wvxvw
Nov 20 '18 at 18:49
This almost gets me there, but I also need to have push permissions on other repositories (so, read-only won't be enough). A typical scenario: user submitted pull request, it was staged, tested, and now it needs to be rebased on master, but the master isn't in the repository against which the user submitted their PR.
– wvxvw
Nov 20 '18 at 16:38
This almost gets me there, but I also need to have push permissions on other repositories (so, read-only won't be enough). A typical scenario: user submitted pull request, it was staged, tested, and now it needs to be rebased on master, but the master isn't in the repository against which the user submitted their PR.
– wvxvw
Nov 20 '18 at 16:38
@wvxvw didn't realise about the push permissions. This sounds like it's getting out of scope for what GitLab CI is capable of without as you said, personal tokens. Are you sure you couldn't do this the other way around? Instead of cloning said repository, trigger the repository from the one you want to clone, and so you can handle rebasing from that repository? Although this suggestion is a stab in the dark as I don't know your full requirements.
– Rekovni
Nov 20 '18 at 16:55
@wvxvw didn't realise about the push permissions. This sounds like it's getting out of scope for what GitLab CI is capable of without as you said, personal tokens. Are you sure you couldn't do this the other way around? Instead of cloning said repository, trigger the repository from the one you want to clone, and so you can handle rebasing from that repository? Although this suggestion is a stab in the dark as I don't know your full requirements.
– Rekovni
Nov 20 '18 at 16:55
Nah, not really. The repository has at least these two projects (in reality there's more), which work as a client and server, and they need to be compiled (and updated) together, otherwise they won't work, but developers can contribute to either one of them.
– wvxvw
Nov 20 '18 at 18:49
Nah, not really. The repository has at least these two projects (in reality there's more), which work as a client and server, and they need to be compiled (and updated) together, otherwise they won't work, but developers can contribute to either one of them.
– wvxvw
Nov 20 '18 at 18:49
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53391229%2fclone-another-gitlab-repository-in-gitlab-ci-script%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
