Use project access tokens for the multi-pipeline triggers
What does this MR do?
This allows:
- The
Trigger:qa-test
job to use a new environment variable that contain dedicated Project access token instead of the default$GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN
variable which is a @gitlab-bot's personal access token that is abused a lot. - The
Trigger:*e-package
jobs to use a new environment variable that contain dedicated Project access token instead of the default$GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN
variable which is a @gitlab-bot's personal access token that is abused a lot. - The
Trigger:RAT
job to use a new environment variable that contain dedicated Project access token instead of the default$GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN
variable which is a @gitlab-bot's personal access token that is abused a lot. - The
RAT-*
jobs to use a new environment variable that contain dedicated Project access token instead of the default$GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN
variable which is a @gitlab-bot's personal access token that is abused a lot.
A similar change is made in the gitlab-org/gitlab
project at gitlab!66548 (merged), and in the gitlab-org/gitlab-qa
project at gitlab-qa!730 (merged).
The following new project access tokens have been created:
- "Multi-pipeline (from 'gitlab-org/omnibus-gitlab' 'Trigger:*e-package' job)" at https://gitlab.com/gitlab-org/build/omnibus-gitlab-mirror/-/settings/access_tokens
- Set as masked variable
OMNIBUS_GITLAB_MIRROR_PROJECT_ACCESS_TOKEN
at https://gitlab.com/gitlab-org/omnibus-gitlab/-/settings/ci_cd
- Set as masked variable
- "Multi-pipeline (from 'gitlab-org/build/omnibus-gitlab-mirror' 'Trigger:qa-test' job)" at https://gitlab.com/gitlab-org/gitlab-qa-mirror/-/settings/access_tokens
- Set as masked variable
GITLAB_QA_MIRROR_PROJECT_ACCESS_TOKEN
at https://gitlab.com/gitlab-org/build/omnibus-gitlab-mirror/-/settings/ci_cd
- Set as masked variable
- "Multi-pipeline (from 'gitlab-org/omnibus-gitlab' 'Trigger:RAT' job)" at https://gitlab.com/gitlab-org/distribution/reference-architecture-tester/-/settings/access_tokens
- Set as masked variable
RAT_PROJECT_ACCESS_TOKEN
at https://gitlab.com/gitlab-org/omnibus-gitlab/-/settings/ci_cd
- Set as masked variable
- "Multi-pipeline (from 'dev/gitlab/omnibus-gitlab' 'RAT-*' jobs)" at https://gitlab.com/gitlab-org/distribution/reference-architecture-tester/-/settings/access_tokens
- Set as masked variable
RAT_PROJECT_ACCESS_TOKEN
at https://dev.gitlab.org/gitlab/omnibus-gitlab/-/settings/ci_cd
- Set as masked variable
Related issues
Check-list
Pre-merge
-
Trigger:ce-package
andTrigger:ee-package
still triggers a downstream pipeline- Comment is successfully posted by the new
OMNIBUS_GITLAB_MIRROR_PROJECT_ACCESS_TOKEN
from https://gitlab.com/gitlab-org/build/omnibus-gitlab-mirror (Ghost user is a previously revoked token)
- Comment is successfully posted by the new
-
Trigger:qa-test
still triggers a downstream pipeline- Comment is successfully posted by the new
GITLAB_QA_MIRROR_PROJECT_ACCESS_TOKEN
from https://gitlab.com/gitlab-org/gitlab-qa-mirror, see gitlab!66548 (merged)
- Comment is successfully posted by the new
Post-merge
-
Consider communicating these changes to the broader team following the communication guideline for pipeline changes
Edited by Rémy Coutable