Clone another GitLab repository in GitLab CI script

Question

I've seen this: `git clone project2` in gitlab-ci.yml? as well as a bunch of similar posts with similar answers implying that one should use Git submodules.

Without getting into arguments about whether submodules in Git work well, in my case, that just isn't an option at all (what other project to check out depends on the arguments passed to the trigger of the job, or, at least, it should).

Another requirement is that I need to be able to track the user who started the chain of triggers. I.e. hard-coding my personal token, or just any token will not do it: I need GitLab to use the permissions of the user who executed the job in order to clone other repositories.

Short of giving up GitLab and looking for a mature CI alternative, is there any way to get this done?

Answer 1

This should be possible using the gitlab-ci-token variable as documented here:

git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/myuser/mydependentrepo

This issue discusses the permissions of the gitlab-ci-token, and in the proposal also mentions:

6. We will authorize access to the resource by getting from Ci::Build information about a person who run this build, it could be: pusher of git push, person who did retry a build, person who did merge a changes

Answer 2

As New CI job permissions model states that there are 2 options: use gitlab-ci-token:${CI_JOB_TOKEN} or write it to ~/.netrc (doesn't work for me).

But we have multiple dependent repositories defined in package.json so our solution is to overwrite git config

git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@your-gitlab.com/".insteadOf "ssh://git@your-gitlab.com/"