从 GitLabCI 构建脚本中使用 GitLab API [英] Use GitLab API from a GitLabCI build script

问题描述

我有一个这样的 GitLab CI 构建脚本:

I have a GitLab CI build script like this:

create release:
  stage: deploy
  tags:
    - basic
  only:
    - tags
  script:
    - GITLOG=$(echo "# Changes Log"; git log `git tag | tail -2 | head -1`..${CI_BUILD_TAG} --pretty=format:" - %s")
    - curl -X POST -d "private_token=$CI_BUILD_TOKEN&description=$GITLOG" "http://git.example.com/api/v3/projects/${CI_PROJECT_ID}/repository/tags/${CI_BUILD_TAG}/release"

此步骤的目的是在 GitLab 版本部分中自动添加来自 Git 的更改日志.

The purpose of this step is to automatically add a Changes Log from Git in the GitLab Releases section.

如果我在命令行上手动运行它并放入变量，那就可以了...

That works if I manually run this on the command line and put in the variables...

问题是构建运行器中 CI_BUILD_TOKEN 的值不是有效的 GitLab 私有令牌 - 它只是连接到 Docker Registry 的令牌 - 根据文档.

The problem is that the value of CI_BUILD_TOKEN in the build runner isn't a valid GitLab Private Token - it's only a token to connect to the Docker Registry - as per the documentation.

有没有办法获得一个有效的 GitLab API 令牌，构建运行者可以使用它来访问它正在为其运行构建的项目的 API?看来这应该是可能的.

Is there a way to get a valid GitLab API token that the build runner can use to access the API for the project it's running a build for? Seems like this should be possible.

GitLab 跑步者:

GitLab Runner:

gitlab-runner -v
Version:      1.2.0
Git revision: 3a4fcd4
Git branch:   HEAD
GO version:   go1.6.2
Built:        Sun, 22 May 2016 20:05:30 +0000
OS/Arch:      linux/amd64

推荐答案

您可以通过运行器的 API 进行 只读 访问，但前提是您使用 添加标头CI_JOB_TOKEN.

You can have read-only access with the API from the runner, but only if you add a header with the CI_JOB_TOKEN.

例如

curl -H "JOB_TOKEN: $CI_JOB_TOKEN" "https://gitlab.com/api/v4/projects/2828837/repository/tags

并且仅在项目公开且每个人都可以访问同一个项目时.

And only when the project is public with everyone has access from the same project.

如果您也想访问私人项目和/或写入权限，请投票 GitLab 问题 #29566 和/或 #41084.

If you want access to private projects as well and/or write access, please up-vote GitLab issue #29566 and/or #41084.

作为一个替代方案，你可以在 gitlab 上创建一个访问令牌，并添加它到项目设置/ci_cd 下的秘密变量，虽然不建议这样做，因为您的个人访问令牌将被触发工作的每个人使用.

As an alternative for the time being, you can create an access token on gitlab, and add it to the secret variables, under project settings/ci_cd although not really advised to do as your personal access token will be used by everyone who trigger the job.

这篇关于从 GitLabCI 构建脚本中使用 GitLab API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！