Pipeline access to get a single file using CI_JOB_TOKEN
Problem to solve
Pipeline access to get a file from a repo, without a private access token which is tied to a single user.
https://docs.gitlab.com/ce/api/repository_files.html#get-file-from-repository
Intended users
People who download shell scripts in a pipeline.
Further details
Proposal
Make PRIVATE-TOKEN respect CI_JOB_TOKEN variable.
https://docs.gitlab.com/ce/api/repository_files.html#get-file-from-repository
Permissions and Security
This is how it's set up for GIT clone. I assumed it would work this way for curl.
Documentation
Basically make it work like this...
https://docs.gitlab.com/ee/user/project/new_ci_build_permissions_model.html
Testing
What does success look like, and how can we measure that?
I can pull a single file from a repo using CI_JOB_TOKEN without needing to clone the whole repo, without a private access token which is tied to a single user.