I’m using the following line in a script in my gitlab-ci.yml and wanted to confirm 2 questions.
ssh $SSH_USER_NAME@$SSH_HOST "cd /www && git pull $CI_REPOSITORY_URL && exit"
Where $CI_REPOSITORY_URL expands to something like:
git pull https://gitlab-ci-token:[MASKED]@gitlab.com/username/website.git
- Is the token in
CI_REPOSITORY_URLusing an ephemeral/per job token - like the
CI_JOB_TOKEN(as explained here https://gitlab.com/gitlab-org/gitlab/-/issues/35067)
- I’ve tested that even without having any Deploy Tokens in my project settings that the
pullis in the job still runs. Is this intentional? (I have some confusion between this and using the “special” username gitlab-deploy-token)
The documentation on CI_REPOSITORY_URL is pretty thin.