gitlab - Push to a repository using access_token

Asked 6/2, 2017 at 18:6 Answered 21/3 at 11:1

I implemented the oauth2 web flow in order to get access_token from users of my app. With the access_token, I would like to do the following actions:

Get user informations
Create a repo for this user
Push code to this repo (using git push )

I already successfully get the user information(1) and create a repo(2)

The problem is I can't push code (3), I got "Unauthorized" error.

The command I run:

git remote add origin https://gitlab-ci-token<mytoken>@gitlab.com/myuser/myrepo.git  
git push origin master

Frap answered 6/2, 2017 at 18:6 Comment(0)

125

You should do

git remote add origin https://<access-token-name>:<access-token>@gitlab.com/myuser/myrepo.git

Note that this stores the access token as plain text in the .git\config file. To avoid this you can use the git credential system, providing the access token name for "username" and the access token for "password". This should store the credentials in the git credential system in a more secure way.

Got answered 29/8, 2018 at 9:36 Comment(10)

this does work, and I found the answer via docs.gitlab.com/ee/user/profile/… – Alive 30/8, 2018 at 12:46

Hello What is the difference with the above? – Execrable 3/4, 2019 at 11:56

gitlab-ci-token: schema is supposed to use a token generated by Gitlab CI which is hidden, it's even masked in Gitlab CI logs when attempt to print out the env variable it's stored in, but the limtation is it's applicable only to the repo where the Gitlab CI pipeline was started on (perhaps internal, public or group repos, not sure there were changes to permission model since). oauth2: schema is supposed to use Gitlab user's personal access token and the permissions can be set using Members. – Landed 16/9, 2019 at 9:45

If gitlab says git remote add origin [email protected]:foo/bar/myrepo.git you should do (watch missed : ) : git remote add origin "https://oauth2:[email protected]/foo/bar/myrepo.git" – Rancid 12/6, 2020 at 14:23

And what is <access-token-name>? – Countersubject 26/11, 2020 at 14:24

I used this approach but it didn't help me. – Spelaean 2/7, 2021 at 10:15

Worked like a charm for my objective. – Cavin 3/1, 2022 at 22:55

error: failed to push some refs to – Mines 12/5, 2022 at 14:27

@George access-token-name is the name of the token that you generated in gitlab. The < and > in the above example should be excluded, the same goes for access-token value. – Droppings 8/6, 2022 at 16:1

As of 2024, I can say this still works! I've been trying to achieve a simple push for the past 3 weeks (not an actual DevOps, just trying some stuff) and i've been down every rabbitholes imaginable on the web and ChatGPT didn't help. Glad I got it sorted out. Thanks ! – Shenitashenk 26/3 at 12:58

It is also possible to push directly without adding a new remote repository:

git push https://gitlab-ci-token:<access_token>@gitlab.com/myuser/myrepo.git <branch_name>

This could be particularly useful if you want to pull from and push to different repositories.

Antevert answered 23/8, 2019 at 10:16 Comment(2)

Shouldn't you be hiding your private access token? – Aimo 30/1, 2020 at 18:46

@NickK9 you are right, if I push as described and then type "git config -l" I see that the access token content is visible in git config output – Formal 25/10, 2023 at 13:8

You can also use git remote set-url. After creating your access token, do:

git remote set-url origin https://gitlab-ci-token:${ACCESS_TOKEN}@gitlab.com/<group>/<repo-name>.git

Cosme answered 23/9, 2022 at 13:35 Comment(0)

I placed the following into my ~/.gitconfig:

[credential "https://gitlab.com"]
    username = <insertusername>
    helper = "!f() { echo "username=<insertusername>"; echo "password=$GITLAB_PERSONAL_ACCESS_TOKEN"; };f"

Shelton answered 27/1, 2023 at 6:20 Comment(0)

The OP asked about using git push, but some Maven plugins also write to the repository. Git credentials can be cached in the git credential system or placed in the settings.xml file.

	git credential	settings.xml
`git push`	X
`maven-release-plugin`		X
`versions-maven-plugin`	X	X

Create a (personal, project, group) access token with write-repository permission and copy it to a masked (project, group) variable REPO_TOKEN.

project/.gitlab-ci.yml:

job:
  script:
    - echo -e 
        "protocol=https\n
         host=gitlab.example.com\n
         username=git\n
         password=$REPO_TOKEN\n"
      | git credential-cache store
    - git commit -m "Upload changes"
    - mvn versions:use-latest-releases
    - mvn release:prepare
    - mvn release:perform

project/pom.xml:

  <scm>
    <url>https://gitlab.example.com/group/${project.artifactId}</url>
    <connection>scm:git:https://gitlab.example.com/group/${project.artifactId}.git</connection>
    <developerConnection>scm:git:https://gitlab.example.com/group/${project.artifactId}.git</developerConnection>
  </scm>
  <properties>
    <scm.tag>${env.COMMIT_ID}</scm.tag>
    <project.scm.id>gitlab-scm</project.scm.id>
  </properties>

~/.m2/settings.xml

  <server>
    <id>gitlab-scm</id>
    <username>git</username>
    <password>${env.REPO_TOKEN}</password>
  </server>

Ardeb answered 21/3 at 11:1 Comment(0)

-3

Push using gitlab-ci-token is not currently supported by Gitlab. There is an open feature request.

Moshemoshell answered 30/8, 2018 at 10:56 Comment(2)

You worded it as if it is not possible at all. For the record, git push is possible but by creating personal token and setting origin URL with it hardcoded. This bears security risks as thoroughly discussed in the feature request link you shared in the answer, for which I'd recommend to hide CI from public on GitLab, even on open source repos. For the record that feature request is about doing it "internally" (non-GitLab CI's could equally push using aforementioned tokens) and with granular rights. That's what it was about. – Pulvinate 10/3, 2019 at 19:22

@nicolas, if you want more points, you can probably delete your answer. ;-) – Raconteur 18/7, 2023 at 15:52

Recommended topics

Hot tags