What kind of token do I need to git push from the pipeline?

We’re using gitlab 13.4.3-ee. I’ve got a pipeline that does a command like this:

git push http://root:(token)@ --tags

One of the projects now has an expired token.

I didn’t set any of this up, so I’m not sure what kind of token to use.

  1. I tried using ci_repository_url, but this only provides read-only access.
  2. I tried copying a token from another project, but that doesn’t provide access to this project’s repository.
  3. I looked around in the various settings panes. I found Project Access Tokens, but this says our existing token was never used. So probably not (and I really want to stop trying things that probably won’t work, as I’ve been doing this for a full day).
  4. I tried asking support, but as I didn’t set this up I was unable to answer some of the required questions. I could rant about this for a while. :slight_smile:

So where do I create the right kind of token to do this?

(I don’t like the idea of doing this at all, but I need to fix the existing pipeline until we have time to reconsider this all.)