Send MR comments from CI job (with CI job token)

Hello,

A few gitlab versions back, the temporary CI_JOB_TOKEN available in Gitlab CI jobs had some permissions on the Notes API to be able to send comments on Merge Requests.

This use-case was very useful for custom integrations. Indeed, in many cases CI automation can help to provide developers automatic comments on their MR to get more context (e.g. get a link to an external service, get summarized changelog information, get stats on their MR changes…). There are some other open topics which asks for the same thing (e.g. here and here).

I didn’t find which Gitlab version removed the permission to the CI job token on the Notes API but it was really useful. Also I believe using a PAT (or project token) isn’t recommended as those are not ephemeral as opposed to the CI job tokens.

Could someone from the Gitlab team give some hints on how to build custom integrations with Gitlab CI workflows to be able to send Merge Requests comments automatically via a CI job?

Thanks a lot,
Paul

Hi Paul,

I’m not from GitLab Team, but I’ve came across this blog post posted originally on another topic by @dnsmichi . I believe it can serve you well as inspiration

I believe there should be nothing wrong with using Project Access Token to do this job. And I don’t believe you have many other choices, apart from Group Access Token - this page gives a good token scope overview.