Runner can't pull code from server

paulos · March 12, 2018, 12:37am

I have a gitlab server and we’re experimenting with CI. It used to be working until I updated my installation and now it’s not working. I tried removing and registering the runner again and I’m not sure how to fix this. Here’s the error.

remote: You are not allowed to download code from this project.
fatal: unable to access ‘https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@my.server/user/project.git/’: The requested URL returned error: 403
ERROR: Job failed: exit code 1

paulos · March 13, 2018, 11:23pm

I found something out and other users running into the same issue may find this useful.

I’m not sure if it’s in the documentation since I didn’t see it there but apparently, runners don’t like private repos. I “fixed” it by changing the repo to internal and setting project privacy settings to only project members.

We’re encountering other issues with the CI but this is something on our end this time.

mntbighker · December 15, 2018, 12:09am

Thanks, that was the final clue that got us started with making CI work.

I wasted hours trying to get simple shell CI to work. All because we don’t set projects to internal, and we don’t use https for clone. Either will prevent CI from working apparently.

Yurii · January 17, 2020, 9:55am

Very strange behavior. I have two similar project for different runners.
Both project are just for test and set to be Private. One of them using Linux, and it works well. The other show 403 error while it is set to Private and only Internal works. How I can fix this issue?

GitLab Community Edition [12.6.2]
Windows runner:
Version: 12.6.0
Git revision: ac8e767a
Git branch: 12-6-stable
GO version: go1.13.4
Built: 2019-12-22T11:55:34+0000
OS/Arch: windows/amd64

stefan.midjich · July 2, 2020, 8:36am

I resolved this. Apparently I wasn’t a Member of the repo. I’m admin in this Gitlab so it’s easy to forget that I have access to everything even though I might not always be member. SO I just added myself as member on the repo and I could run CI jobs. Duh…

natalia · September 8, 2021, 11:05am

THANK YOU! I just wasted 2hrs on troubleshooting why I keep getting 403 -.- Same, admin rights but repo download is nonono for admins until we join the private repo.

LyudmilPavlov · June 6, 2022, 8:19am

I can confirm it worked for me as well.

AlexFinch · December 8, 2023, 11:27am

For me the problem was a setting in CI/CD Settings.

Token Access

Control how the CI_JOB_TOKEN CI/CD variable is used for API access between projects.

Limit access to this project

Prevent access to this project from other project CI/CD job tokens, unless the other project is added to the allowlist.