112

I implemented the oauth2 web flow in order to get access_token from users of my app. With the access_token, I would like to do the following actions:

  1. Get user informations
  2. Create a repo for this user
  3. Push code to this repo (using git push )

I already successfully get the user information(1) and create a repo(2)

The problem is I can't push code (3), I got "Unauthorized" error.

The command I run:

git remote add origin https://gitlab-ci-token<mytoken>@gitlab.com/myuser/myrepo.git  
git push origin master
Improve this question

6 Answers 6

Reset to default
142

You should do

git remote add origin https://<access-token-name>:<access-token>@gitlab.com/myuser/myrepo.git

Note that this stores the access token as plain text in the .git\config file. To avoid this you can use the git credential system, providing the access token name for "username" and the access token for "password". This should store the credentials in the git credential system in a more secure way.

Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

this does work, and I found the answer via docs.gitlab.com/ee/user/profile/…
Hello What is the difference with the above?
If gitlab says git remote add origin [email protected]:foo/bar/myrepo.git you should do (watch missed : ) : git remote add origin "https://oauth2:[email protected]/foo/bar/myrepo.git"
And what is <access-token-name>?
@George access-token-name is the name of the token that you generated in gitlab. The < and > in the above example should be excluded, the same goes for access-token value.
|
55

It is also possible to push directly without adding a new remote repository:

git push https://gitlab-ci-token:<access_token>@gitlab.com/myuser/myrepo.git <branch_name>

This could be particularly useful if you want to pull from and push to different repositories.

Improve this answer

3 Comments

Shouldn't you be hiding your private access token?
@NickK9 you are right, if I push as described and then type "git config -l" I see that the access token content is visible in git config output
When I try this I get: URL rejected: Port number was not a decimal number between 0 and 65535
18

You can also use git remote set-url. After creating your access token, do:

git remote set-url origin https://gitlab-ci-token:${ACCESS_TOKEN}@gitlab.com/<group>/<repo-name>.git
Improve this answer

Comments

3

I placed the following into my ~/.gitconfig:

[credential "https://gitlab.com"]
    username = <insertusername>
    helper = "!f() { echo "username=<insertusername>"; echo "password=$GITLAB_PERSONAL_ACCESS_TOKEN"; };f"
Improve this answer

Comments

1

The OP asked about using git push, but some Maven plugins also write to the repository. Git credentials can be cached in the git credential system or placed in the settings.xml file.

git credential settings.xml
git push X
maven-release-plugin X
versions-maven-plugin X X

Create a (personal, project, group) access token with write-repository permission and copy it to a masked (project, group) variable REPO_TOKEN.

project/.gitlab-ci.yml:

job:
  script:
    - echo -e 
        "protocol=https\n
         host=gitlab.example.com\n
         username=git\n
         password=$REPO_TOKEN\n"
      | git credential-cache store
    - git commit -m "Upload changes"
    - mvn versions:use-latest-releases
    - mvn release:prepare
    - mvn release:perform

project/pom.xml:

  <scm>
    <url>https://gitlab.example.com/group/${project.artifactId}</url>
    <connection>scm:git:https://gitlab.example.com/group/${project.artifactId}.git</connection>
    <developerConnection>scm:git:https://gitlab.example.com/group/${project.artifactId}.git</developerConnection>
  </scm>
  <properties>
    <scm.tag>${env.COMMIT_ID}</scm.tag>
    <project.scm.id>gitlab-scm</project.scm.id>
  </properties>

~/.m2/settings.xml

  <server>
    <id>gitlab-scm</id>
    <username>git</username>
    <password>${env.REPO_TOKEN}</password>
  </server>
Improve this answer

Comments

-3

Push using gitlab-ci-token is not currently supported by Gitlab. There is an open feature request.

Improve this answer

2 Comments

You worded it as if it is not possible at all. For the record, git push is possible but by creating personal token and setting origin URL with it hardcoded. This bears security risks as thoroughly discussed in the feature request link you shared in the answer, for which I'd recommend to hide CI from public on GitLab, even on open source repos. For the record that feature request is about doing it "internally" (non-GitLab CI's could equally push using aforementioned tokens) and with granular rights. That's what it was about.
@nicolas, if you want more points, you can probably delete your answer. ;-)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.