如何将标签推送到CI中的分支?
当我运行手动作业时,我想向拉取请求"中添加手动作业以标记源分支.该标签将触发我的bitrise配置的构建.
I want to add a manual jobs to my Pull Request to tag my source branch when i run the manual jobs. This tag will trigger a build on my bitrise configuration.
但是,当我尝试推送标签时,我正面临着这个问题.注意:我尝试将标签推送到的分支不受保护.
However, when i'm trying to push my tag, i am facing this issue. NB: The branch i'm trying to push my tag to is NOT protected.
$ git checkout $CI_COMMIT_REF_NAME
Switched to a new branch 'feature/gitlab-ci'
Branch feature/gitlab-ci set up to track remote branch feature/gitlab-ci from origin.
$ git tag build-bitrise
$ git push --tags
remote: You are not allowed to upload code.
fatal: unable to access 'https://gitlab-ci-token:[MASKED]@gitlab.com/my-app/my-app.git/': The requested URL returned error: 403
Cleaning up file based variables
00:01
ERROR: Job failed: exit code 1
我的工作是这样做的:
- git remote show origin
- git fetch
- git checkout $CI_COMMIT_REF_NAME
- git tag build-bitrise
- git push --tags
在我的"before_scripts"中步骤,我愿意:
In my "before_scripts" step, i do :
before_script:
# Install ssh-agent through openssh-client if not present
- 'which ssh-agent || ( apt-get update -qy && apt-get install openssh-client -qqy )'
# Add the private key to this user
- eval $(ssh-agent -s) && ssh-add <(echo "$SSH_PRIVATE_KEY") && mkdir -p ~/.ssh
# Config git to avoid first usage questions. Set the identity
- git config --global user.email "my-secret-email@gmail.com" && git config --global user.name "Louis Lecocq"
其中SSH_PRIVATE_KEY是一个变量,它是ENV中我的GITLAB配置文件的副本/粘贴.
Where SSH_PRIVATE_KEY is a variable that is a copy/paste of my GITLAB profile in the ENV.
感谢您的阅读和时间
我认为您当前的方法不起作用,因为它仍在使用 https 而不是 ssh 根据错误消息的 git标记,因此不使用您的 SSH_PRIVATE_KEY :
I think your current method is not working because it is still using https rather than ssh for doing the git tag as per the error message, so isn't using your SSH_PRIVATE_KEY:
fatal: unable to access 'https://gitlab-ci-token:[MASKED]@gitlab.com/my-app/my-app.git/': The requested URL returned error: 403
在执行 git remote 来使它正常工作(未试用),例如:
You might be able to get this working (untested) by updating the git remote manually before you do git push --tags, ie with:
git remote set-url origin git@gitlab.com:my-group/my-app/my-app
使用 SSH_PRIVATE_KEY 的另一种方法是使用API密钥.您可以通过 https://gitlab.com/-//profile/personal_access_tokens创建具有API访问权限的个人访问令牌,然后将密钥作为 API_KEY 添加到 CI/CD变量中.
An alternative to using an SSH_PRIVATE_KEY is to use an API key. You can create an personal access token with API access from https://gitlab.com/-/profile/personal_access_tokens, and then add the key to the CI/CD Variables as API_KEY for example.
然后在脚本部分中,您可以拥有类似的内容:
Then in your script section, you can have something similar to:
script:
- # something to do before pushing the tag
# sometimes the remote might already exist (if using the same runner), let's just remove it and don't fail
- git remote remove https-origin || true
# add new https-origin remote which uses the API_KEY
- git remote add https-origin https://gitlab-ci-token:${API_KEY}@gitlab.com/my-group/my-app.git
# tag your build
- git tag build-bitrise
# push only the build-bitrise tag using the https-origin ref, and skip CI build
- git push https-origin -o ci.skip refs/tags/build-bitrise
NB,建议为API_KEY使用漫游器帐户,否则API_KEY将具有与您的用户相同的权限,并可能被其他维护者泄漏,这些维护者可以在CI/CD变量中查看密钥,等等.
NB, would recommend using a bot account for the API_KEY, otherwise the API_KEY would have the same permissions as your user, and could be leaked by other Maintainers who would be able to see the key in CI/CD Variables, etc.