CLI tool for automatically adjusting CI_JOB_TOKEN access scope based on project dependencies in GitLab.
MIT License
This CLI tool helps automate the process of configuring CI job token scopes in GitLab projects.
Starting from GitLab 16, it is mandatory to explicitly configure CI_JOB_TOKEN
access, and this tool simplifies that by
automating the necessary API calls.
go.mod
, composer.json
, package-lock.json
) in the repository.graph LR
A[gitlab-token-scope-adjuster -p 1234] --> B[Fetch Project Details]
B --> C[Identify Dependency Files]
C --> D[Process Each Dependency File]
D --> E[Extract Dependencies]
E --> F[Whitelist project CI_JOB_TOKEN in the Dependency Project]
Install @shini4i/gitlab-token-scope-adjuster package:
npm install -g @shini4i/gitlab-token-scope-adjuster
Expose the following environment variables:
export GITLAB_URL=https://gitlab.example.com
export GITLAB_TOKEN=your_access_token
And run the following command:
gitlab-token-scope-adjuster -p <your_project_id>
To find dependency files recursively run the following command:
gitlab-token-scope-adjuster -p <your_project_id> --monorepo
Keep in mind that depending on the amount of files in the repo it can significantly increase execution time.
Additionally, before making changes, it is possible to check which dependency projects would be edited by passing --dry-run
flag.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.