Hi all, I am trying to use job templates, which are stored in a dedicated repository (project 1). I am looking for a way to authenticate the pipelines I run in a second project (project 2) when using the template. 
.
Configuration
- Sample of pipeline (project 2):
include:
- project: 'wp-pps-icys-tcc/gitlab-templates'
ref: master
file:
- 'templates/trivy-images-scan.yml'
stages:
- sca
trivy-images-scan:
stage: sca
extends: .trivy-images-scan
variables:
RUNNER_TAG: "sbom"
SBOM_REPORT_NAME: trivy-sbom
VULNERABILITY_SEVERITY: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
SCANNERS_TYPE: "vuln,config,secret,license"
VULN_TYPE: "os,library"
IMAGE_NAME: "$BUILT_IMAGE_NAME"
ALLOW_FAILURE: "true"
- Sample of job template (project 1):
# How to fill variables, e.g.:
# RUNNER_TAG: "sbom"
# VULNERABILITY_SEVERITY: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
# SCANNERS_TYPE: "vuln,config,secret,license"
# SBOM_REPORT_NAME: trivy-sbom
# ALLOW_FAILURE: "true"
# VULN_TYPE: "os,library"
# IMAGE_NAME: alpine:latest
.trivy-images-scan:
image:
name: trivy:0.63.0
entrypoint: [""]
variables:
TRIVY_NO_PROGRESS: "true"
TRIVY_SCANNERS: ${SCANNERS_TYPE}
TRIVY_SEVERITY: ${VULNERABILITY_SEVERITY}
tags:
- $RUNNER_TAG
script:
- trivy --insecure --scanners ${TRIVY_SCANNERS} --severity ${TRIVY_SEVERITY} --format cyclonedx --output ${SBOM_REPORT_NAME}.json image ${IMAGE_NAME}
artifacts:
paths:
- ${SBOM_REPORT_NAME}.json
expire_in: 1 week
rules:
- if: $ALLOW_FAILURE == "true"
allow_failure: true
- allow_failure: false
Problem to solve
I would like to get some hints to authenticate the pipeline in the project associated to the template, for example, using PAT.
Thanks for taking the time to be thorough in your request, it really helps!
Versions
Please check whether options apply, and add the version information.
- Self-managed
-
GitLab.com SaaS - Dedicated
- Self-hosted Runners