Gitlab-ci.yml failing with Access denied

Below is my config.toml file for my docker container. I am running my own self-hosted version of gitlab. I have upgraded to the latest version. I have verified the token is correct. I have deleted the runner and readded it. I have updated the token, so I know this is correct. From the container I get the following error message and not sure where the issue is. I have added the appropriate tags on the gitlab-ci.yml as well without any luck. Gitlab-runner service is started since I see the runner logs attempting to execute the task.
"
Running with gitlab-runner 15.11.1 (0d8a024e)
on 8d3765a601a4 oyG98ARWP, system ID: r_1DywNuyNM5zu

Preparing the “shell” executor
00:00
Using Shell (bash) executor…

Preparing environment
00:00
Running on 8d3765a601a4…

Getting source from Git repository
00:01
Fetching changes with git depth set to 20…
Reinitialized existing Git repository in /home/gitlab-runner/builds/oyG98ARWP/0/howto/k3s-networking/.git/
Checking out e02ca6ff as detached HEAD (ref is main)…
Skipping object checkout, Git LFS is not installed.
Skipping Git submodules setup

Executing “step_script” stage of the job script
00:00
$ git config --global user.name “${GITLAB_USER_NAME}”
$ git config --global user.email “${GITLAB_USER_EMAIL}”
$ if [ ! -f LICENSE ]; then # collapsed multi-line command
.
[detached HEAD be046ef]
1 file changed, 21 insertions(+)
create mode 100644 LICENSE
remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://gitlab.mydomain.com/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied
fatal: Authentication failed for ‘https://gitlab.mydomain.com/howto/k3s-networking.git/

Cleaning up project directory and file based variables
00:00
ERROR
"

concurrent = 1
check_interval = 0
shutdown_timeout = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "Sample Runner 1"
  url = "https://gitlab.mydomain.com"
  id = 0
  token = "glrt-*******************"
  token_obtained_at = 0001-01-01T00:00:00Z
  token_expires_at = 0001-01-01T00:00:00Z
  executor = "shell"
  [runners.cache]
    MaxUploadedArchiveSize = 0
  [runners.docker]
    tls_verify = false
    image = "docker:stable"
    privileged = false
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"]
    shm_size = 0
    
[[runners]]
  name = "8d3765a601a4"
  url = "https://gitlab.mydomain.com"
  id = 8
  token = "glrt-*******************"
  token_obtained_at = 2024-02-28T22:38:55Z
  token_expires_at = 0001-01-01T00:00:00Z
  executor = "shell"
  [runners.cache]
    MaxUploadedArchiveSize = 0

Hi,

Firstly, it would be nice to have also your .gitlab-ci.yml config, or at least configuration from the job that is making issues. I can only guess what you are trying to go, which is performing some git action. I have already discussed this topic on another post - please read: Pipeline help - Remote You are not allowed to upload code 403, best practices?

Secondly, your runner setup seems very odd to me. You have specified a “shell” executor (two of them?), but you have docker configuration inside (the first one). Are you aware you are using shell instead of docker executor? What is your intended setup?

Below is my gitlab-ci.yml. My goal is run this image in a Kubernetes cluster and have it running all the time. This gitlab instance is for my personal projects, and mostly I am the only one that uses it, but sometimes I do collaborate with other developers. I would like to have the runner running all the time and NOT on my laptop. I would like to run both executioners a shell executioner and a docker one. That way depending on what our needs are we can run them.

stages:
  - add-license

variables:
  MIT_LICENSE: |
    MIT License
    
    Copyright (c) <year> by <username>
    
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the 'Software'), to deal
    in the Software without restriction, including without limitation the rights
    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    copies of the Software, and to permit persons to whom the Software is
    furnished to do so, subject to the following conditions:

    The above copyright notice and this permission notice shall be included in all
    copies or substantial portions of the Software.

    THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
    SOFTWARE.

Add-MIT-License:
  stage: add-license
  script:
      # Configure GIT Info
    - git config --global user.name "${GITLAB_USER_NAME}"
    - git config --global user.email "${GITLAB_USER_EMAIL}"
    - |
      if [ ! -f LICENSE ]; then
        echo "Adding MIT License..."
        
        # Replace <year> with the current year
        CURRENT_YEAR=$(date +"%Y")
        LICENSE_CONTENT=$(echo "$MIT_LICENSE" | sed "s/<year>/$CURRENT_YEAR/g")

        # Replace <username> with the Git username
        GIT_USERNAME=$(git config user.name)
        LICENSE_CONTENT=$(echo "$LICENSE_CONTENT" | sed "s/<username>/$GIT_USERNAME/g")
        
        echo "$LICENSE_CONTENT" > LICENSE
        echo "MIT License file added."
       
        # Add LICENSE to git
        git add LICENSE
        git commit -m "Add MIT License"
        git push -f https://CI_PIPELINE:$ACCESS_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git HEAD:main
        echo "Changes Pushed to Gitlab."
      else
        echo "MIT License file already exists."
      fi
  only:
    - main

Hi,

Okay. What type of token is your ACCESS_TOKEN? I’d suggest you check the permissions of the created token - it very likely does not have enough permissions. If you’re not sure which type of token should you use, please check out this page: GitLab Token overview | GitLab .