docs(tutorials/gitlab_ci): document Project Access Token (HTTPS) workflow#1963
Open
bearomorphism wants to merge 2 commits intocommitizen-tools:masterfrom
Open
docs(tutorials/gitlab_ci): document Project Access Token (HTTPS) workflow#1963bearomorphism wants to merge 2 commits intocommitizen-tools:masterfrom
bearomorphism wants to merge 2 commits intocommitizen-tools:masterfrom
Conversation
…flow Adds an alternative authentication option for the GitLab CI bump pipeline that does not require SSH keys, using a GitLab Project Access Token over HTTPS. Also shows release/tag-only jobs to avoid running packaging steps on every commit. Closes commitizen-tools#482 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add note that Project Access Tokens require Premium/Ultimate on GitLab.com - Clarify that creating the token requires the Maintainer role; the Developer role mentioned is the bot user's role - Refine the CI_JOB_TOKEN warning (it can clone, just cannot push) - Note that write_repository implies read_repository - Inline the authenticated push URL in before_script instead of a top-level variables block to avoid leaking the token via derived strings - Add workflow:rules to avoid duplicate branch+MR pipelines - Document log-masking caveat (CI_DEBUG_TRACE / set -x) - Document non-standard HTTPS port handling (CI_SERVER_FQDN / CI_SERVER_PORT) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Closes #482.
The current utorials/gitlab_ci/ page only documents how to bump versions
from a GitLab CI pipeline using SSH keys + a deploy key. The issue requested an
alternative path that does not require SSH (no key generation, no deploy
key) and that demonstrates running specific jobs per release vs. per tag.
This PR keeps the existing SSH walkthrough intact and adds a parallel section
for GitLab Project Access Tokens (HTTPS):
Authentication optionssummary that points at both the SSH andAccess Token paths.
Option A: SSH keyfor clarity.Option B: Project Access Token (HTTPS)covering:Developer role),
.gitlab-ci.ymlexample that:cz bumponly on the default branch usingoauth2:@…for HTTPS pushes,releasejob that only runs on tag pipelines (so packaging / publishing only happens once per tag, as the issue asked).CI_JOB_TOKENnot being usable for repository writes,Group / Personal Access Tokens being valid alternatives,
bump_messageloops, and token rotation.
Checklist
uv run mkdocs build --strictpasses locally with no warnings.commitizen check).Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com