Pipelines Created by Group Bots Cannot Pull Git Repository

Summary

If a pipeline is created using the Pipelines API using a Group Access Token with a Group Bot that has access to the Project - the Pipeline is successfully created - but the due to the fact that the Group Bot is not considered a project.bot - the build_access_token_check returns - and pulling the Git repository in the pipeline fails with:

remote: HTTP Basic: Access denied

Steps to reproduce

1. Create a Group Access Token
2. Create a Pipeline in a project belonging to the group using the token: e.g. curl --request POST --header \"PRIVATE-TOKEN: ${GROUP_ACCESS_TOKEN}\" --form ref=main \"https://gitlab.example.com/api/v4/projects/project_id/pipeline\"
3. The pipeline is successfully created, but will result in a 401 being returned from Repositories::GitHttpController due to the fact that the group bot isn't considered a project.bot

Related Discussion

I know that we implemented a fix for using Group Access Tokens for regular Git-over-HTTPS operations in !65788 (merged) fixing #330718 (closed) - and that was meant from the comments to be a stop gap until Service Accounts are implemented.

This may not be a typebug - and it may be that Group Bots aren't considered Project Bots by design - but it does result in a confusing experience when the Pipeline is successfully created - but the pipeline can't pull the git repository for the project.

Proposal

@serenafang :

Since group tokens are being introduced this MR, I think we could implement this bug fix as described after the MR merges 👍