I’ve been using my own personal token on the PRIVATE-TOKEN header when deleting job artifacts through the REST API. For governance reasons, we’d rather use a non personal token. Upon trying it, via:
curl --globoff -s "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/jobs?per_page=100&page=$i" -H "PRIVATE-TOKEN: $CI_JOB_TOKEN"
I got no success.
I know that for a GET request (premium & ultimate tier only), you can pass the job_token as a path parameter. And I know you need a Maintainer role in order to perform DELETE requests on the artifacts, so there may be an inherent need for an account-based token indeed. I’d like to confirm if that’s the case.