|
|
|
_Life is complex, and so can be Continuous Integration pipelines_ 🥰
|
|
|
|
|
|
|
|
In order to fetch code from other gitlab.esa.int repos from another project CI pipeline, you need to provide git credentials (i.e. username & password) with enough privileges to access that repository.
|
|
|
|
|
|
|
|
From a Gitlab perspective, those credentials can be generated by means of a 'Personal Access Token' or as a 'Deploy Token':
|
|
|
|
|
|
|
|
- **Personal Access Token (PAT)**: allows you to create a token (i.e. a password local to Gitlab) with your¹ same permissions / visibility of projects. Recommended if you need to fetch multiple projects from your CI pipelines.
|
|
|
|
|
|
|
|
- **Deploy Token (DT)**: project-specific credentials. [This is the best option](https://en.wikipedia.org/wiki/Principle_of_least_privilege) if you only need to fetch one project from your CI pipeline.
|
|
|
|
|
|
|
|
Those variables will then be added as environment variables to your project and injected into the CI pipelines.
|
|
|
|
|
|
|
|
## Steps
|
|
|
|
|
|
|
|
1. Create the credentials
|
|
|
|
|
|
|
|
- PAT option. User Account (top right button) -> Settings -> Access Tokens (or directly https://gitlab.esa.int/profile/personal_access_tokens). Create a PAT with `read_repository` permissions.
|
|
|
|
- The git username will be your Gitlab username (the text after the @ when you click in your top right button).
|
|
|
|
- The git password is the string at the top of the page that you are given when generating the PAT.
|
|
|
|
|
|
|
|
<br/>
|
|
|
|
- DT option. 1b. Go to your Project -> Settings -> Repository -> Deploy Tokens. You will be given both the git username and the git password.
|
|
|
|
|
|
|
|
|
|
|
|
2. Add the credentials as project Variables.
|
|
|
|
|
|
|
|
- Go to your Project -> Settings -> CI/CD -> Variables
|
|
|
|
- Add your git username and password as GIT_USER and GIT_PASS (don't forget to mark 'Masked' in GIT_PASS so does not appear in the logs).
|
|
|
|
|
|
|
|
<br/>
|
|
|
|
|
|
|
|
3. In project repository .gitlab-ci.yml file, add the following script inside the before_script section:
|
|
|
|
```
|
|
|
|
before_script:
|
|
|
|
...
|
|
|
|
- git config credential.https://gitlab.esa.int.username $GIT_USER
|
|
|
|
- export GIT_ASKPASS=/git_env_password.sh
|
|
|
|
- echo -e '#!/bin/bash'"\necho $GIT_PASS" > /git_env_password.sh; chmod +x /git_env_password.sh
|
|
|
|
...
|
|
|
|
```
|
|
|
|
|
|
|
|
4. Done!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
____________________________________
|
|
|
|
|
|
|
|
¹: You might consider a ESAAD Service Account, so you don't use your personal account for this. The rest would be the same. |
