fix(ci): glab CI auto-login for create-release job

Andrew Dunnrequested to merge
fix/glab-ci-autologin into main

Summary

create-release was failing in CI because glab sent CI_JOB_TOKEN as a Bearer token, which the /api/v4/user endpoint rejects with 401.

glab has a built-in CI auto-login flag:

variables:
  GLAB_ENABLE_CI_AUTOLOGIN: "true"

With GITLAB_CI=true (always set in CI), this routes the token through gitlab.JobTokenAuthSource instead of Bearer. The token then goes via the proper job-token header the API accepts.

Source: gitlab-org/cli internal/config/config_mapping.go:47-50. The same mechanism auto-discovers host/protocol/ca-cert from CI_SERVER_* vars, so we drop the GITLAB_HOST override.

Also removed the glab auth status pre-check — it called /user which job-tokens can't reach. The actual release-create and catalog-publish operations hit endpoints that accept job-token.

Validation plan

  • MR pipeline green (syntax + lint-templates).
  • After merge: cut a small test tag (v2.0.1-rc.1 or similar) to verify create-release works end-to-end. If create-release green, the auth fix is proven; v2.1.0 work can resume.
  • If still failing, iterate on this MR before any other v2.1.0 work goes out.

Merge request reports