Gitlab CI job should change source code. poetry-dynamic-versioning

Question

I would like to run a job which launches poetry-dynamic-versioning and add new version to pyproject.toml and __init__.py.

Is it possible to change source code with CI job?

Answer 1

Yes. This is possible. You need the following steps

1. Generate a ssh key pair for your CI processes.

   ssh-keygen -t ed25519 -C "Key for Gitlab CI" -f gitlab-ci_ed25519

   !Do not add a passphrase to the SSH key!

   This gives you two files gitlab-ci_ed25519.pub and gitlab-ci_ed25519

2. Create a deploy key with write access for your repo (also possible on group level). Use the public key from step 1 for it: gitlab-ci_ed25519.pub.

   The Deploy Key section can be found under -/settings/repository

3. Protected Branches. For your use case it may be necessary to allow the deploy key to push to protected branches.

   Protected branches can be found under -/settings/repository

4. Create a variable SSH_PRIVATE_KEY with the private key from step 1: gitlab-ci_ed25519.

   The variable section can be found under -/settings/ci_cd

   Note: You can add some security to the SSH_PRIVATE_KEY variable by setting it as "protected". If selected, the variable is only available in pipelines that run on protected branches or tags. More info on security can be found here.

5. Follow this guide and create a .gitlab-ci.yml that uses the deploy key to access the repo.

• Now your tools (poetry-dynamic-versioning, git) should be able to modify files and push them back to your origin.
• A similar example (for docker executer) can be found here: GitLab CI denies access to push using a deploy key with write access (I can confirm that it works)

6. Job Control (Optional). Since a push from Gitlab-CI can trigger the pipeline again you may want to add some rule directive to control when to start the job and to prevent an endless loop.