CI Lint API suddenly requires a token
Summary
The CI lint API endpoint now requires a token to successfully validate a YAML file. This was not the case previously (few days ago) and is not documented right now.
Steps to reproduce
- Run the documented curl snippet from https://docs.gitlab.com/ee/api/lint.html#validate-the-ci-yaml-configuration (remove
.example
in URL)
curl --header "Content-Type: application/json" "https://gitlab.example.com/api/v4/ci/lint" --data '{"content": "{ \"image\": \"ruby:2.6\", \"services\": [\"postgres\"], \"before_script\": [\"bundle install\", \"bundle exec rake db:create\"], \"variables\": {\"DB_NAME\": \"postgres\"}, \"types\": [\"test\", \"deploy\", \"notify\"], \"rspec\": { \"script\": \"rake spec\", \"tags\": [\"ruby\", \"postgres\"], \"only\": [\"branches\"]}}"}'
This used to work without a token, but with a recent commit by @lauraMon this seems to have been changed.
Example Project
n/a
What is the current bug behavior?
Result is {"message":"401 Unauthorized"}
, breaking integrated projects like https://github.com/BuBuaBu/gitlab-ci-lint/issues/26
What is the expected correct behavior?
According to the docs, I expect to receive the validation result without passing a token.
Relevant logs and/or screenshots
n/a
Output of checks
This bug happens on GitLab.com
Possible fixes
- I assume it was introduced here b8b7735f
- If this is intended, the docs are outdated. But as things are now, requiring a token makes integrating it in the dev process complicated (e.g. usage in aliases)
Thanks for any help here, I'm not sure if this was intended for this case, unfortunately the changelog entry didn't answer this (for me)