CI_JOB_TOKEN for releases

Context:

  • GitLab Enterprise Edition [12.10.8-ee]

Given:

  • I create a private repository and a pipeline with these contents:
stages:
    - test

build:app:
    variables:
    stage: test
    script: curl --request POST --header "PRIVATE-TOKEN: ${CI_JOB_TOKEN}" --data "{ \"name\": \"Release test\", \"tag_name\": \"test\", \"ref\": \"master\", \"description\": \"Release\"}" --header 'Content-Type: application/json'  ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/releases

Result:

  • I get {"message":"401 Unauthorized"} when running the stage.

Question:

I will respond my own question, even though documentation is misleading regarding this:
in order to be able to use /releases endpoint you have to use JOB-TOKEN: header rather than PRIVATE-TOKEN. While it makes sense, this behavior is not well documented and it’s rather erratic.