Project Access Token and include

Hello everybody,

I’m facing an issue and I don’t find anything to fix it nor find another way to do it…

See, my colleagues and I have developed some CI templates, so inside of our “end projects”, our .gitlab-ci.yml files look like

  - project: 'Path/To/Ci/Templates/Project'
    ref: 'our-branch'
    file: 'file1.yml'
  - project: 'Path/To/Ci/Templates/Project'
    ref: 'our-branch'
    file: 'file2.yml'

    VAR1: foo
    VAR2: bar

  - stage1
  - stage2
  - stage3

and that’s all.

In the included yaml files, we have some jobs with rules :

  1. if: '$CI_COMMIT_TAG && $VAR4 == null', in order to create the jobs if the pipeline is generated by a tag.
  2. if: '$VAR3 != null && $VAR4 != null && $VAR5 != null', in order to create the jobs if the pipeline has these variables set.

One of the job ( with rule 1 ), generate automatically a changelog by analysing the differences between 2 tags.
The changelog is then pushed on the source branch of the tag ( if I set a tag on branch-1, the pipeline is triggered and the changelog will be updated on the branch branch-1 )

In order to push the generated changelog, inside my job, I’ve cloned the end project by using a project access token ( that creates a bot, maintainer of the end project ) and the following code :

     - git clone https://${ACCESS_USER}:${ACCESS_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git end_project
    - git config --global "$GITLAB_USER_EMAIL"
    - git config --global "$GITLAB_USER_NAME"
    - git add ${CHANGELOG_FILE_NAME}
    - git commit -m "Update changelog for tag"
    - git push origin HEAD

Everything works well here. The changelog is pushed by the project access token but my name appears in the commit blame, … But the problem is now.

**The push of the changelog, triggers a pipeline that automatically fails ! **
with the error :

Project `Path/To/Ci/Templates/Project` not found or access denied!

I assume, since the project access token is project related and do not have access to the Path/To/Ci/Templates/Project it fails automatically.

I’ve searched for a way to not trigger the pipeline at all for this user but nothing has worked :’(

I’ve spotted the conditional includes topic but it’s not implemented yet.

I’ve also tried putting a workflow but I think the include key is the first one read…

Do you have any idea ?

Thank you very much !