So currently I’am developing a tools that would automate my versioning and release for my projects.
While testing I stumbled upon an issue.
my cuurent flow:
get fetch --tags
calculate new tag
create new tag
git push --tags → error
my tools is on the build server where gitlab-runner is running aswell with a shell executer.
For the git push and probably further in the process for versioning. I get a 403 access denied.
Now I understand why other tools use access tokens for this.however I do have some questions from a security standpoint.
The solutions I have tried require a access token with read/write permissions which is mostly set via an env variable. Here I do ask myself if this is safe from a security standpoint, due to the fact that if a hacker would hack my account he/she has access to the env variables where he/she can copy the access token and basically have read/write acccess anywhere on the planet, since most ci/cd platforms are accesible from the public internet.
Any opinions on this part?