zaquestion/lab

Do not consider GitLab CI variables when LAB_CORE are equivalent set

soullivaneuh opened this issue · 2 comments

Summary

Since upgrade from 0.17.2 to 0.23.0, I have a 401 error on merge request creation from a CI job:

2022/03/09 19:07:45 ERROR: mr_create.go:179: GET https://gitlab.com/api/v4/projects/kidways/docs: 401 {message: 401 Unauthorized}

Here is the complete script:

#!/usr/bin/env sh
set -e

branch=bot/dispatch

git clean -dx --force
git fetch --all
git checkout "${CI_DEFAULT_BRANCH}"
# May be simplified by `git switch -c "${branch}"` with git 2.23.
# @see https://stackoverflow.com/a/26961416/1731473
git checkout "${branch}" || git checkout -b "${branch}"

apply

git add --all
diff=$(git diff --cached --name-status)
if [ -z "${diff}" ]; then
	echo "Nothing to commit."
	exit 0
fi
git config --global user.email "${NEXY_BOT_EMAIL:-dev@nexylan.com}"
git config --global user.name "bot"

message="build: update core files"
git commit -m "${message}"
git remote set-url origin "https://${GITLAB_USER:?}:${GITLAB_TOKEN:?}@${CI_PROJECT_URL#https://}.git/"
git push origin ${branch}

export LAB_CORE_HOST="https://${CI_SERVER_HOST:-gitlab.com}"
export LAB_CORE_USER="${GITLAB_USER:?}"
export LAB_CORE_TOKEN="${GITLAB_TOKEN:?}"
git remote set-url origin "${CI_PROJECT_URL}.git"
lab mr create --remove-source-branch --message "${message}"

Here, I use a custom set GITLAB_TOKEN to LAB_CORE_TOKEN because the default provided CI_JOB_TOKEN does not allow write operation to the API.

However, according to the latest documentation of that project:

The environment variables CI_PROJECT_URL, CI_JOB_TOKEN and GITLAB_USER_LOGIN, intended to be used in a CI environment, can be set to prevent any configuration file creation/update. Also, any of these take precedence over all other options.

I assume this was done quite recently, however, this make my script being completely stuck. 🙃

A fallback to the CI token is great for a "no configuration" quick setup, but it the lab related user config should take precedence, not the reverse.

For people stuck on the same situation, the workaround is to temporary remove the not desired variable:

# @see https://github.com/zaquestion/lab/issues/813
TMP_CI_TOKEN=${CI_JOB_TOKEN}
unset CI_JOB_TOKEN
lab mr create --remove-source-branch --message "${message}"
export CI_JOB_TOKEN=${TMP_CI_TOKEN}

However, this solution is:

  • Not fully reliable because it does not manage the other possible variable overrides (host, user).
  • Very cumbersome. It force us to tweak system variable, with the occurring related risks.

That's interesting. The doc was updated, but the code behaves like that for quite some time already.

Since upgrade from 0.17.2 to 0.23.0.

It seems the issue is the big version bump :).

But I see what you're saying. I'm going to check the code and propose some changes there.