Skip to content

Unable to push assets to a gitlab protected branch #504

Description

@bolrock

I have a protected master branch on my gitlab project

2024-02-14 07_31_03-Window

I'm using that Docker image

FROM node:21-alpine
RUN apk --update --no-cache add git
ENV JAVA_HOME /usr/lib/jvm/java-17-openjdk
ENV PATH $PATH:$JAVA_HOME/bin
ENV MAVEN_HOME /usr/share/maven
ENV MAVEN_VERSION 3.9.6
RUN apk --no-cache add openjdk17-jdk --repository=https://adoptopenjdk.jfrog.io/adoptopenjdk/alpine/
RUN wget -q "https://archive.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz" -O /tmp/apache-maven.tar.gz && \
  tar xzf /tmp/apache-maven.tar.gz -C /usr/share/ && \
  ln -s /usr/share/apache-maven-${MAVEN_VERSION}/bin/mvn /usr/bin/mvn && \
  rm -f /tmp/apache-maven.tar.gz
RUN npm install -g semantic-release conventional-changelog-conventionalcommits @semantic-release/git @semantic-release/gitlab @semantic-release/exec
CMD ["mvn"]

and I'm using that config

{
  "branches": ["master"],
  "plugins": [
    [ "@semantic-release/commit-analyzer", {
      "preset": "conventionalcommits",
    }],
    "@semantic-release/release-notes-generator",
    [ "@semantic-release/exec", {
      "verifyReleaseCmd": 'mvn versions:set -DnewVersion="${nextRelease.version}" && echo "NEXT_VERSION=${nextRelease.version}" >> build.env',
    }],
    ["@semantic-release/git", {
      "assets": ["pom.xml"],
      "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
    }],
    "@semantic-release/gitlab"
  ]
}

Without the @semantic-release/git module it is working fine. The tag is created and pushed to the master branch.
But it seems the module cannot push the assets to the master branch.

[1:04:43 PM] [semantic-release] [@semantic-release/git] › ℹ  Found 1 file(s) to commit
[1:04:44 PM] [semantic-release] › ✘  Failed step "prepare" of plugin "@semantic-release/git"
[1:04:44 PM] [semantic-release] › ✘  An error occurred while running semantic-release: Error: Command failed with exit code 1: git push --tags https://gitlab-ci-token:[secure]@mygitlab.com/myproject.git HEAD:master
remote: GitLab: You are not allowed to push code to protected branches on this project.

Adding a printenv in the script I can see my GITLAB_TOKEN variable with my token.

But I don't understand if it's really possible to push to master with a personal access token ?
I also tried removing the GITLAB_TOKEN from the project variable and adding

before_script:
  - export GITLAB_TOKEN="$CI_JOB_TOKEN"
  - export GITLAB_URL="$CI_SERVER_URL"

Now the printenv still show me the variable

GITLAB_TOKEN=[MASKED]

But it is still not working (with another reason).

The GitLab token (https://github.com/semantic-release/gitlab/blob/master/README.md#gitlab-authentication) configured in the GL_TOKEN or GITLAB_TOKEN environment variable must be a valid personal access token

I don't want to unprotect my master branch. So what's the solution ?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions