Usable within GitLab CI jobs

Problem to solve

Allow the Glab CLI to run within GitLab's CI jobs. Currently the default CI env vars are not respected and CI_JOB_TOKEN does not have enough permissions to run the tool. The tool should run under the identity that triggered the job.

Proposal

While it is possible to use other token in the job, such a token would be static and would not represent anyone triggering the job.

Further details

I am writing a job that would publish k8s manifests to a gitops manifest inventory repository that would work with the GitLab Kubernetes Agent. I have tried to use glab to publish the manifest from one project to a different project containing the inventory.

publish-manifest:
  image: alpine
  script:
  - apk add --no-cache glab
  - glab auth login --token ${CI_JOB_TOKEN}
  - glab repo clone kubernetes/${MANIFEST_INVENTORY}
  - cd ${MANIFEST_INVENTORY}
  - cp -f ../k8s-manifest-artifact.yaml ./${CI_PROJECT_PATH_SLUG}.yaml
  - git checkout -b "${CI_PROJECT_PATH_SLUG}-${CI_COMMIT__TAG:CI_COMMIT_SHORT_SHA}"
  - git add .
  - git commit -a -m "some message"
  - git push -u origin "${CI_PROJECT_PATH_SLUG}-${CI_COMMIT__TAG:CI_COMMIT_SHORT_SHA}"
  - glab mr create -fy --remove-source-branch

image

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information