Project access token cannot access private repository
Summary
Project access token can be used with different scope. However, when it's used to trigger pipeline, the pipeline will fail during Create fresh repository task.
Steps to reproduce
Case 1:
- Create a private project
- Create a project access token
- Configure pipeline for the project
- Use the access token for pushing to the repo
- See the pipeline fail
Case2:
- Configure a pipeline using the project access token to pull container registry from the private project
- Observe authorization failure
Example Project
Case 1:
https://gitlab.com/gitlab-gold/rabbit-hole-1/cicd/
Case 2:
https://gitlab.com/gitlab-gold/rabbit-hole-1/test-ci-output/-/jobs/926171509
What is the current bug behavior?
Project access token bot is not authorized to access private repository/container registry.
What is the expected correct behavior?
Project access token bot should have access to the private repository according the the scope configured for the token.
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com; GitLab Enterprise Edition 13.7.0-pre eb33b6c0
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)(we will only investigate if the tests are passing)