How do I have permission to use git push in gitlab ci?

Question

CI_JOB_TOKEN has only read-only access to repository, and I am able to have write access to the repository using the gitlab personal access token, but I need to set the personal access token as a variable.

git remote add origin "https://${GITLAB_USER_NAME}:${PERSONAL_ACCESS_TOKEN}@${CI_REPOSITORY_URL#*@}"

However, there are security issues with this approach, and I want everyone on the team to use their own personal access token, rather than being able to read someone else's generated personal access token directly from the gitlab CI.

So, is there a better solution?

Answer 1

Why not use a Project Access Token? You can generate a token for the project you want to clone and set the appropriate permissions for use in the pipeline. That way you can just add a single project access token in the CI/CD variables (and set it to "masked" so it can't be copied from the CI logs to be used somewhere else).