A similar job definition using tag and branch name in ref field, works fine for me. Also, I am sure that pipeline/job/artifacts exist for SHA that I’m trying to refer.
I wonder if commit SHA as ref for needs:project is supported or maybe I’m doing something wrong?
Unfortunately, I can not find information in documentation. However, similar context for ref field is used for include:project and documentation has a example with commit SHA as ref value. I wonder if behavior for needs:project suppose to be similar.
No,it looks like the api doesn’t support it either. There is a request that allow you to download a artifacts from job (lnik below), but description for ref_name says:
Branch or tag name in repository. HEAD or SHA references are not supported.
Thus, only workaround that comes to my mind, is to create a artificial branch or tag, for commit from which you are willing to get artifacts.
Basically, my requirement was to use MR (not SHA). And for that you have to pass this refs/merge-requests/1/head instead of just merge-requests/1. (I knew it should start with refs/ but didn’t know about passing head at the end.)
This is very annoying. A natural thing I is to use an artifact from a job of the pipeline associated with $CI_MERGE_REQUEST_DIFF_BASE_SHA. I understand that a commit could be associate with multiple pipelines which complicates this.
When trying to workaround this, the limited permissions of CI_JOB_TOKEN gets in the way. It can read artifacts, but does not seem to be allowed to look up commits (to find the pipeline).
Rant: At this point it feels like it would be more useful if GitlLab just exposed a simple key-value store with a simple API we could use in the pipelines.
More rant: Why is there no documentation on the required scopes for the rest endpoints (eg.: Commits API | GitLab Docs)
Even more rant: the API appear to often return 404 instead of 401 if the token lack permissions. Coupled with incomplete/dispersed documentation on scopes and permissions and long interationt times it really create a miserable developer experience..
If anyone wonders: as of 2025-06-24 the CI_JOB_TOKEN does not have access to fetch artifacts from other pipelines. You need a token with developer role and read_api scope for this (I tried guest and developer)
Maybe that would work just as well (or better) in practice…
To be clear: my goal is to have a job which show type-errors introduced by the MR. Every pipeline store the type errors of that commit in an artifact.
But whether the errors are compared against the merge base or the previous commit is perhaps not crucial. Should still catch all new errors, but the user would have to inspect multiple jobs to see all (on the other hand - the what-is-new heuristic might work better for this “granularity”).
So you are saying the CI_JOB_TOKEN should have access to the artifacts created by the MR? Is there even a “ref” I can use to download this “declaratively”?
But one challenge is the first commit in the MR. This would need to compare against the merge-base commit.
ref_name attribute: Branch or tag name in repository. HEAD or SHA references are not supported. For merge request pipelines, use ref/merge-requests/:iid/head instead of the branch name.
