Reputation: 6897
Use includes in .gitlab-ci.yml without direct user access to included project
We are using includes from project B within project A within the .gitlab-ci.yml as follows:
include:
- project: pathto/projectb
file:
- "/pathto/myfile.yml"
which works well when the user has access rights to both projects but breaks with a linting error when the user has only access rights for project A:
Found errors in your .gitlab-ci.yml:
Project `pathto/projectb` not found or access denied! Make sure any includes in the pipeline configuration are correctly defined.
Now the problem is that we want to use the include (and pipeline to succeed) also when the user who starts the pipeline has only access rights to project A.
Are there any ways to achieve this?
Background: Project B holds some general CI files and the user is an external developer and should have limited access only.
Thanks in advance!
Upvotes: 1
Views: 3533
Answers (1)
Reputation: 40921
No, for an include: from a project to work, the user that triggers the pipeline must have at least read access to the referenced CI YAML files.
You must either (1) make Project B have internal or public visibility or (2) provide membership access to users who trigger pipelines using includes in the project.
There may be ways you can separate the yaml files from Project B (like publishing them elsewhere), but in all cases, users can (must be able to) read all includable files.
Upvotes: 2
Related Questions
- I am trying to access a gitlab yaml from another project within same group in my main project
- error in gitlab yaml - include and extends
- Include external files in gitlab-ci file
- Gitlab 'include local' from same project but different directory
- Overriding external gitlab.yml file
- Abstract contents of gitlab-ci file to only use "include"
- Gitlab include yml - access denied
- Gitlab Ci include local only executes last
- gitlab, includes in other include file?
- GitLab CI. Path in yml for different users