Allow push to the own repo using CI_JOB_TOKEN API (!154111) · Merge requests · GitLab.org / GitLab

Dmytro Biryukov requested to merge dbiryukov_allow_push_to_repo_by_ci_job_token_api_mr-389060 into master May 24, 2024

Related to issue: #389060

First iteration MR: !152096 (merged)

What does this MR do and why?

The second iteration to introduce API for `push_repository_for_job_token_allowed`

Introduce a REST API to update ci_push_repository_for_job_token_allowed
Introduce a GraphQL mutation to update pushRepositoryForJobTokenAllowed
Add documentation around ci_push_repository_for_job_token_allowed
Update a documentation around ci_pipeline_variables_minimum_override_role

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

REST API

curl --request PUT --header "PRIVATE-TOKEN: PAT_token" "http://gdk.test:3000/api/v4/projects/59"  --form "ci_push_repository_for_job_token_allowed=true"

GraphQL update mutation

mutation ProjectCiCdSettingsUpdate {
  projectCiCdSettingsUpdate(
    input:{
      fullPath: "test_repository/push_to_own_repo",
      pushRepositoryForJobTokenAllowed: true
    }
  )
  {
    errors
  }
}

GraphQL expose query:

query {
  project(fullPath: "test_repository/push_to_own_repo") {
    name,
    ciCdSettings {
      pushRepositoryForJobTokenAllowed
    },
  }
}

answer:

{
  "data": {
    "project": {
      "name": "push_to_own_repo",
      "ciCdSettings": {
        "pushRepositoryForJobTokenAllowed": false
      }
    }
  }
}

Edited Jun 06, 2024 by Dmytro Biryukov

Allow push to the own repo using CI_JOB_TOKEN API

What does this MR do and why?

The second iteration to introduce API for push_repository_for_job_token_allowed

MR acceptance checklist

How to set up and validate locally

Merge request reports

The second iteration to introduce API for `push_repository_for_job_token_allowed`