Allow to use trigger token in multi-project pipelines

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Proposal

Currently it is possible to trigger pipeline in two different ways:

• from CI/CD using https://docs.gitlab.com/ee/ci/yaml/#trigger statement
• from pipeline anywhere using pipeline triggers (https://docs.gitlab.com/ee/ci/triggers/)

The benefit of triggering a pipeline from ci yaml in multi-project mode is a native approach bringing also visibility with pipeline graph and such nice features as strategy:depend behavior.

However trigger statement approach has also many limitations. One of those - is that user needs to have privileges to run private pipelines in that child project. By making everyone developer in that child group - we loose the initial idea of building compliant service pipelines.

So as a proposal I suggest to introduce also token parameter for a trigger statement:

trigger:
  project: devops/deployment-service
  token: $DEPLOY_TOKEN

Expected behavior in this case is that pipeline starts in the same way as it starts from API but as a downstream pipeline.

As the result we may get following benefits:

• Proper pipeline visualization via DAG ( currently it's possible to do via API but it will be a different pipeline )
• Ability to enable impersonalized pipelines ( service-to-service ) when projects will be releasing their tokens and share them to another pipelines ( let's say via Vault )

With this appoach we may solve such issues as

• #326941 (closed)
• #35083 (closed)