diff options
| -rw-r--r-- | doc/user/project/new_ci_build_permissions_model.md | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/doc/user/project/new_ci_build_permissions_model.md b/doc/user/project/new_ci_build_permissions_model.md index 55610a7b014..041602c3d8b 100644 --- a/doc/user/project/new_ci_build_permissions_model.md +++ b/doc/user/project/new_ci_build_permissions_model.md @@ -141,6 +141,7 @@ with GitLab 8.12. With the new job permissions model, there is now an easy way to access all dependent source code in a project. That way, we can: +1. Access a project's dependent repositories 1. Access a project's [Git submodules][gitsub] 1. Access private container images 1. Access project's and submodule LFS objects @@ -177,6 +178,22 @@ As a user: access to. As an Administrator, you can verify that by impersonating the user and retry the failing job in order to verify that everything is correct. +### Dependent repositories + +The [Job environment variable][jobenv] `CI_JOB_TOKEN` can be used to +authenticate any clones of dependent repositories. For example: + +``` +git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/myuser/mydependentrepo +``` + +It can also be used for system-wide authentication +(only do this in a docker container, it will overwrite ~/.netrc): + +``` +echo -e "machine gitlab.com\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc +``` + ### Git submodules To properly configure submodules with GitLab CI, read the @@ -221,3 +238,4 @@ test: [triggers]: ../../ci/triggers/README.md [update-docs]: https://gitlab.com/gitlab-org/gitlab-ce/tree/master/doc/update [workhorse]: https://gitlab.com/gitlab-org/gitlab-workhorse +[jobenv]: ../../ci/variables/#predefined-variables-environment-variables |