I am setting up a tag-triggered release pipeline for building and releasing software using GitLab pipelines. In my 'release' stage, I am trying to create a GitLab release for the software, containing an archive of the built code (in addition to the default source code archive). I am attempting to use the glab CLI in GitLab's provided Docker container for this purpose.
The issue I am having is that, for some reason, glab is not able to authenticate with my GitLab instance using the CI_JOB_TOKEN available to the pipeline.
Here is a (simplified/redacted) copy of my gitlab-ci yml for the release stage:
release: # TODO delete debug var variables: CI_DEBUG_TRACE: "true" stage: release image: registry.gitlab.com/gitlab-org/release-cli:latest script: - export GITLAB_HOST=$(echo "$CI_SERVER_URL" | awk -F'//' '{print $2}') # Get server URL without http prefix - | glab auth login --hostname "${GITLAB_HOST}" --token "$CI_JOB_TOKEN" --api-protocol http # My local-network-only gitlab instance does not use https glab release create "$CI_COMMIT_TAG" \ --name "$CI_COMMIT_TAG" \ --notes "$CI_COMMIT_TAG_MESSAGE" - glab release upload "$CI_COMMIT_TAG" ${PACKAGE_NAME}.zip This script fails on the glab release create command with the following error:
glab auth login --hostname <gitlab.mydomain.com> --token [MASKED] --api-protocol http
glab release create <my-tag> --name <my-tag>
Validating tag <my-tag>
could not fetch tag error=GET http://<gitlab.mydomain.com>/api/v4/projects//repository/tags/<my_tag>
:401 {message: 401 Unauthorized}
ERROR: Job failed: exit code 1
Even with the CI_DEBUG_TRACE variable set, this is all the info I get. It seems to be an authentication error, but from my understanding, the CI_JOB_TOKEN should provide sufficient permissions for a job to create a release. If I use the 'release' field in the stage, I can create a release without encountering any permission errors.
What is going wrong here?
--ref $CI_COMMIT_TAGin theglab create release.