Use project access tokens for the multi-pipeline triggers
What does this MR do?
This allows the scripts/trigger-build
script to use new environment variables that contain dedicated Project access token instead of the default $GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN
variable which is a @gitlab-bot's personal access token that is abused a lot.
A similar change is made in the gitlab-org/omnibus-gitlab
project at omnibus-gitlab!5487 (merged), and in the gitlab-org/gitlab-qa
project at gitlab-qa!730 (merged)..
The following new project access tokens have been created:
- "Multi-pipeline (from 'gitlab-org/gitlab' 'package-and-qa' job)" at https://gitlab.com/gitlab-org/build/omnibus-gitlab-mirror/-/settings/access_tokens
- Set as masked variable
OMNIBUS_GITLAB_PROJECT_ACCESS_TOKEN
at https://gitlab.com/gitlab-org/gitlab/-/settings/ci_cd
- Set as masked variable
- "Multi-pipeline (from 'gitlab-org/gitlab' 'cloud-native-image' job)" at https://gitlab.com/gitlab-org/build/CNG/-/settings/access_tokens
- Set as masked variable
CNG_PROJECT_ACCESS_TOKEN
at https://gitlab.com/gitlab-org/gitlab/-/settings/ci_cd
- Set as masked variable
- "Multi-pipeline (from 'gitlab-org/gitlab' 'review-build-cng' job)" at https://gitlab.com/gitlab-org/build/CNG-mirror/-/settings/access_tokens
- Set as masked variable
CNG_MIRROR_PROJECT_ACCESS_TOKEN
at https://gitlab.com/gitlab-org/gitlab/-/settings/ci_cd
- Set as masked variable
- "DOCS_PROJECT_API_TOKEN" at https://gitlab.com/gitlab-org/gitlab-docs/-/settings/access_tokens (it was already existing prior to this MR)
Related issues
Check-list
Pre-merge
-
review-build-cng
still triggers a downstream pipeline: https://gitlab.com/gitlab-org/gitlab/-/jobs/1441867847 -
package-and-qa
still triggers a downstream pipeline: https://gitlab.com/gitlab-org/gitlab/-/jobs/1441867850- Comment is successfully posted by the new
OMNIBUS_GITLAB_PROJECT_ACCESS_TOKEN
from https://gitlab.com/gitlab-org/gitlab - Comment is successfully posted by the new
GITLAB_QA_PROJECT_ACCESS_TOKEN
from https://gitlab.com/gitlab-org/gitlab-qa-mirror
- Comment is successfully posted by the new
Post-merge
-
Consider communicating these changes to the broader team following the communication guideline for pipeline changes
Edited by Rémy Coutable