GitLab - CI/CD template access problem with token

My problem is a little complicated, so I try to describe it precisely:

We have a ci template in GitLab Project A, which is included in Project B. It works fine, as long as I am the triggerer of a pipeline. But when the triggerer is project B’s token user (created by us), there is an invalid yaml error.

To give you some perspective:

If you make a commit to B’s master branch, the automerging job should merge master into develop. This triggers a new pipeline on develop, which does its own things. Unfortunately, the new pipeline on develop fails, because the token was the triggerer, and it hasn’t got access to the template.

Similar thing happens with our versioning job. The job makes a commit and a tag with the new version number, which triggers a pipeline, which fails with the same error. Weird thing is that we are filtering this commit out with workflow rules, so it shouldn’t trigger a pipeline in the first place, but it does and fails.

On the other hand:

If I declare the ci logic in Project B’s yml (i.e. not including the template), the workflow filter works, the versioning commit doesn’t trigger a pipeline, the automerge does trigger one on develop and it runs perfectly.

What I have on my mind is that when Project B’s token triggers something, it looks through the yml file, which has the including in the first lines, and since it doesn’t have access to project A, it fails immediately. Our goal is to use Project A’s template in other projects. It should be possible without giving permissions to every other project’s own token user, right?

Thanks in advance,

David

Next time also link posts on other forums :wink:
It’s easier for those who may be answering you to get more information (in case some reply was added on one place and not on others).

Anyway, here’s my answer; GitLab - CI/CD template access problem with token - Stack Overflow

You’re right! Thanks again for the answer, I hope it is going to solve our problem!

Problem solved, thank you!

1 Like