Fetch-other-Gitlab-repositories-from-CI-pipelines.md

@@ -2,34 +2,13 @@ _Life is complex, and so can be Continuous Integration pipelines_ 🥰
 
 In order to fetch code from other gitlab.esa.int repos from another project CI pipeline, you need to provide git credentials (i.e. username & password) with enough privileges to access that repository. 
 
-From a Gitlab perspective, those credentials can be generated by means of a 'Personal Access Token' or as a 'Deploy Token':
+From a Gitlab perspective, those credentials are the same ones the Gitlab runner is using to fetch the project you are running. They will have the same permissions as the user triggering the CI/CD pipeline.
 
-- **Personal Access Token (PAT)**: allows you to create a token (i.e. a password local to Gitlab) with your¹ same permissions / visibility of projects. Recommended if you need to fetch multiple projects from your CI pipelines.
 
-- **Deploy Token (DT)**: project-specific credentials. [This is the best option](https://en.wikipedia.org/wiki/Principle_of_least_privilege) if you only need to fetch one project from your CI pipeline.
+## Regular Gitlab CI
 
-Those variables will then be added as environment variables to your project and injected into the CI pipelines.
+Just add this code before your `script` block.
 
-## Steps
-
-1. Create the credentials
-
-    - PAT option. User Account (top right button) -> Settings -> Access Tokens (or directly https://gitlab.esa.int/profile/personal_access_tokens). Create a PAT with `read_repository` permissions.
-        - The git username will be your Gitlab username (the text after the @ when you click in your top right button). 
-        - The git password is the string at the top of the page that you are given when generating the PAT.
-  
-        <br/>
-    - DT option. 1b. Go to your Project -> Settings -> Repository -> Deploy Tokens. You will be given both the git username and the git password.
-
-
-2. Add the credentials as project Variables.
-
-    - Go to your Project -> Settings -> CI/CD -> Variables 
-    - Add your git username and password as GIT_USER and GIT_PASS (don't forget to mark 'Masked' in GIT_PASS so does not appear in the logs).
-
-        <br/>
-
-3. In project repository .gitlab-ci.yml file, add the following script inside the before_script section:
 ```
 before_script:
     ...
@@ -37,13 +16,38 @@ before_script:
     - export GIT_ASKPASS=/git_env_password.sh
     - echo -e '#!/bin/bash'"\necho $GIT_PASS" > /git_env_password.sh; chmod +x /git_env_password.sh
     ...
+
+script:
+    ...
+    - git clone https://gitlab.esa.int/YOUR_OTHER_PROJECT
+    ...
 ```
 
-4. Done!
 
+## Fetching the repo from a Docker container build
 
+In .gitlab-ci.yml (your actual tags in Docker might vary, the relevant part are the args)
 
+```
+script:
+    ...
+    - docker build -t $CI_REGISTRY_IMAGE:latest --build-arg GIT_USER=gitlab-ci-token --build-arg GIT_PASS=$CI_BUILD_TOKEN .
+    ... 
+
+```
+
+In the Dockerfile
+```
+...
+ARG GIT_USER
+ARG GIT_PASS
+RUN git config --global credential.https://gitlab.esa.int.username $GIT_USER
+ARG GIT_ASKPASS=/git_env_password.sh
+RUN /bin/echo -e '#!/bin/bash'"\necho $GIT_PASS" > /git_env_password.sh
+RUN chmod +x /git_env_password.sh
+...
+RUN git clone https://gitlab.esa.int/YOUR_OTHER_PROJECT
+...
+```
 
-____________________________________
 
-¹: You might consider a ESAAD Service Account, so you don't use your personal account for this. The rest would be the same.