Is there a best practice for obtaining an API token within a continuous integration job?
I can get my API calls working using a personal access token, but is it safe to include my personal access token directly in the gitlab-ci.yml file? Anyone else could use that token to perform actions as me, right? I could pass it as a secret project variable but those are still visible to other project Masters.
I hoped that using the $CI_BUILD_TOKEN would just work, but it appears that it does not work for main API access, only for the CI API. I get a 401 Unauthorized error.
(My reason for doing this is to download the latest artifacts from a reference branch and compare them to the artifacts from the current build).