从GitLabCI构建脚本使用GitLab API [英] Use GitLab API from a GitLabCI build script

问题描述

我有一个像这样的GitLab CI构建脚本:

I have a GitLab CI build script like this:

create release:
  stage: deploy
  tags:
    - basic
  only:
    - tags
  script:
    - GITLOG=$(echo "# Changes Log"; git log `git tag | tail -2 | head -1`..${CI_BUILD_TAG} --pretty=format:" - %s")
    - curl -X POST -d "private_token=$CI_BUILD_TOKEN&description=$GITLOG" "http://git.example.com/api/v3/projects/${CI_PROJECT_ID}/repository/tags/${CI_BUILD_TAG}/release"

此步骤的目的是在GitLab版本部分中自动从Git添加更改日志.

The purpose of this step is to automatically add a Changes Log from Git in the GitLab Releases section.

如果我在命令行上手动运行此命令并放入变量...

That works if I manually run this on the command line and put in the variables...

问题在于，按照文档说明，构建运行器中的CI_BUILD_TOKEN值不是有效的GitLab私有令牌-只是连接到Docker注册表的令牌.

The problem is that the value of CI_BUILD_TOKEN in the build runner isn't a valid GitLab Private Token - it's only a token to connect to the Docker Registry - as per the documentation.

是否有一种方法可以获取有效的GitLab API令牌，构建运行器可以使用该令牌访问为其运行构建的项目的API?似乎应该是可能的.

Is there a way to get a valid GitLab API token that the build runner can use to access the API for the project it's running a build for? Seems like this should be possible.

GitLab Runner:

GitLab Runner:

gitlab-runner -v
Version:      1.2.0
Git revision: 3a4fcd4
Git branch:   HEAD
GO version:   go1.6.2
Built:        Sun, 22 May 2016 20:05:30 +0000
OS/Arch:      linux/amd64

推荐答案

您可以使用来自运行器的API进行只读访问，但前提是您添加带有的标头CI_JOB_TOKEN .

You can have read-only access with the API from the runner, but only if you add a header with the CI_JOB_TOKEN.

例如

curl -H "JOB_TOKEN: $CI_JOB_TOKEN" "https://gitlab.com/api/v4/projects/2828837/repository/tags

并且仅，并且该项目是公开且每个人都可以从同一项目访问的情况.

And only when the project is public with everyone has access from the same project.

如果您还想访问私人项目和/或写访问权，请投票#41084 .

If you want access to private projects as well and/or write access, please up-vote GitLab issue #29566 and/or #41084.

目前，您可以在 gitlab 上创建访问令牌，然后添加将其保存到项目设置/ci_cd下的秘密变量中，尽管不建议这样做，因为触发工作的每个人都会使用您的个人访问令牌.

As an alternative for the time being, you can create an access token on gitlab, and add it to the secret variables, under project settings/ci_cd although not really advised to do as your personal access token will be used by everyone who trigger the job.

这篇关于从GitLabCI构建脚本使用GitLab API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！