Allow pipelines for job-token created commits
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
This is a follow up to !197418 (merged), which prevents pipelines form being created when the CI_JOB_TOKEN pushes commits in order to prevent pipeline loops and waste of CI minutes on gitlab.com.
to quote @adil.farrukh:
The purpose of this change was for users to not inadvertently exhaust their CI minutes when pushing with CI_JOB_TOKENS.
I'm self-hosting several premium instances, where wasting CI minutes is not a concern, since runners or also self-hosted on dedicated machines.
Several deployment processes rely on multi-project pipelines connected through triggers and (cross-project) commits. I've started using job tokens as soon as write-access become available behind a feature flag to avoid the need to create access tokens with their long lifecycle.
Gitlab 18.3 now got released with this new restriction in place, which broke these deployment processes. As a workaround I've added code to create the pipelines using curl against the API after the git push command. This works fine, but feels like a very unnecessary hoop to jump through, without any advantage on self-hosted sites.
So I'm requesting a way to disable this restriction.
I can imagine a few different ways to approach this:
- add a permission in the fine grained job token permissions UI (defaulting to be not allowed)
- add a boolean option to the CI settings per-project (and/or group and and/or system) to allow the behavior (defaulting to false)
- add a feature flag to allow the behavior (per project or per pipeline job if that is viable?)