Allow build user to push

revof11 · July 5, 2018, 3:21am

I set up my Pipeilne to run:

DO_BUMP_VERSION
git config user.email “whatever@myproject.org”
git config user.name “Build User”
git add VERSION
git commit -m “deploy version update [skip ci]”
git push -u origin master
BUILD_VERSIONED_ARTIFACT
DO_DEPLOY

Everything runs fine up until the push where I get:

remote: You are not allowed to upload code.
fatal: unable to access ‘https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@gitlab.com/user/project.git/’: The requested URL returned error: 403

I have the master branch protected; however, I would like to add the build user so that the VERSION file can be changed before my deployment. How can I add permissions for the build user to be able to push to the master branch?

ariel.barria · July 5, 2018, 2:55pm

Hello,

In your repository in the “settings/repository” section, you can expand the option “Protected Branches” and there you can add the specific user who whants to give you the permissions.

Example of url to get to the section of protected branches:

“https://gitlab.com/user/project/settings/repository”

Documentation that can be supported for more detail:

Regards

revof11 · July 5, 2018, 4:11pm

There’s no option for the default GitLab build user.

Would I need to add a whole new user and add an SSH key in there?

lewisxin · April 11, 2019, 8:01am

@revof11 Hi Revo, I am facing the same issue here. Any updates for the solution? thanks

revof11 · April 12, 2019, 12:59pm

Nothing yet - but I haven’t exactly tried in a while. I found some workarounds instead.

I had to get deep into some Bash Fu to do what I needed.

Cynan · December 6, 2019, 9:23am

Has anyone else managed to get this to work? I currently have:

protected master branch (with no one allowed to push)
using mvn release plugin

scm configured in the POM as:

<scm>
 <connection>scm:git:${env.CI_REPOSITORY_URL}</connection>
 <developerConnection>scm:git:${env.CI_REPOSITORY_URL}</developerConnection>
 <url>${env.CI_PROJECT_URL}</url>
</scm>

CI pipeline:

 - 'which ssh-agent || ( apk update && apk add openssh-client git )'
 - eval $(ssh-agent -s)
 - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
 - mkdir -p ~/.ssh
 - chmod 700 ~/.ssh
 - ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
 - chmod 644 ~/.ssh/known_hosts
 - git remote set-url origin $CI_REPOSITORY_URL
 - git config --global user.email "<email to match private key>"
 - git config --global user.name "<name>"
 - mvn release:prepare release:perform

This push fails with:
`[ERROR] fatal: unable to access 'https://gitlab-ci-token:[MASKED]@gitlab.com/<path>/<project>.git/': The requested URL returned error: 403`