Allow CI_JOB_TOKEN to read releases API
Allow CI_JOB_TOKEN read access to releases API
Expectation:
- My script executing in a GitLab CI pipeline can read GitLab release properties with already existing CI_JOB_TOKEN.
- Even better imho, the release-cli will provide a seamless user experience so that I do not have to figure out how to pass the token in curl.
Optional:
- It could also allow me to enumerate the releases.
- Sometimes I do not need a release, just a tag (which is created anyway through the release API).
Issue #27001 (closed) enabled us to create releases using the CI_JOB_TOKEN without the need for extra tokens or key setup. Great!
I've spent half a day today trying to figure out why I can't read the releases created with the CI_JOB_TOKEN
, thinking I'm passing the token incorrectly to curl or wrong URL or what, only to realize that only create permission has been implemented. It is in my opinion slightly shortsighted. My situation is that I create a release with one pipeline (on branch) and that triggers (on tag) another pipeline which would greatly benefit from having access to the asset links and description as there is no other way to pass artifacts this way.
Justification: Releases are largely no secret. If someone has access to pipelines / code, they will most likely see releases as well. No reason to deny the pipeline reading releases, or is there?