Using GitLab token to clone without authentication
GitGitlabGit Problem Overview
I want to clone GitLab repository without prompt for my automation script, by using my private token from my GitLab account.
Can someone provide me a sample?
I know I can do so with user and password:
git clone https://" + user + ":" + password + "@" + gitlaburl;
and I know it is possible with ssh key
But, both options are insufficient.
Git Solutions
Solution 1 - Git
I know this is old but this is how you do it:
git clone https://oauth2:[email protected]/vendor/package.git</code>
Solution 2 - Git
The gitlab has a lot of tokens:
- Private token
- Personal Access Token
- CI/CD running token
I tested only the Personal Access Token using GitLab Community Edition 10.1.2, the example:
git clone https://gitlab-ci-token:${Personal Access Tokens}@gitlab.com/username/myrepo.git
git clone https://oauth2:${Personal Access Tokens}@gitlab.com/username/myrepo.git
or using username and password:
git clone https://${username}:${password}@gitlab.com/username/myrepo.git
or by input your password:
git clone https://${username}@gitlab.com/username/myrepo.git
But the private token seems can not work.
Solution 3 - Git
You can do it like this:
git clone https://gitlab-ci-token:<private token>@git.example.com/myuser/myrepo.git
Solution 4 - Git
Use the token instead of the password (the token needs to have "api" scope for clone to be allowed):
git clone https://username:[email protected]/user/repo.git
Tested against 11.0.0-ee.
Solution 5 - Git
If you already has a repository and just changed the way you do authentication to MFA, u can change your remote origin
HTTP URI to use your new api token as follows:
git remote set-url origin https://oauth2:TOKEN@ANY_GIT_PROVIDER_DOMAIN/YOUR_PROJECT/YOUR_REPO.git
And you wont need to re-clone the repository at all.
Solution 6 - Git
You can use the runners token for CI/CD Pipelines of your GitLab repo.
git clone https://gitlab-ci-token:<runners token>@git.example.com/myuser/myrepo.git
Where <runners token>
can be obtained from:
git.example.com/myuser/myrepo/pipelines/settings
or by clicking on the Settings icon -> CI/CD Pipeline
and look for Runners Token on the page
Solution 7 - Git
One possible way is using a deploy token (https://docs.gitlab.com/ee/user/project/deploy_tokens). After creating the token, use:
git clone https://<username>:<deploy_token>@gitlab.example.com/tanuki/awesome_project.git
as mentioned in the link above.
Solution 8 - Git
As of 8.12
, cloning using HTTPS
+ runner token is not supported anymore, as mentioned here:
> In 8.12 we improved build permissions. Being able to clone project using runners token it is no supported from now on (it was actually working by coincidence and was never a fully fledged feature, so we changed that in 8.12). You should use build token instead. > >This is widely documented here - https://docs.gitlab.com/ce/user/project/new_ci_build_permissions_model.html.
Solution 9 - Git
Inside a GitLab CI pipeline the CI_JOB_TOKEN
environment variable works for me:
git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/...
Source: Gitlab Docs
BTW, setting this variable in .gitlab-ci.yml
helps to debug errors.
variables:
CI_DEBUG_TRACE: "true"
Solution 10 - Git
many answers above are close, but they get ~username
syntax for deploy
tokens incorrect. There are other types of tokens, but the deploy token
is what gitlab offers (circa 2020+ at least) per repo to allow customized access, including read-only.
from a repository
(or group
), find the settings
--> repository
--> deploy tokens
. Create a new one. A username
and token
field are created. The username
is NOT a fixed value by default; it's unique to this token.
git clone https://<your_deploy_token_username>:<the_token>@gitlab.com/your/repo/path.git
tested on gitlab.com public, free account.
Solution 11 - Git
These days (Oct 2020) you can use just the following
git clone $CI_REPOSITORY_URL
Which will expand to something like:
git clone https://gitlab-ci-token:[MASKED]@gitlab.com/gitlab-examples/ci-debug-trace.git
Where the "token" password is ephemeral token (it will be automatically revoked after a build is complete).
Solution 12 - Git
In my case, I just provided the token instead the password (second input field).
I pushed a local repo for the first time from the command line.
From the scratch, these are the commands I entered (remember to move inside the repo's folder first).
$ git init
$ git status
$ git add .
$ git status
$ git commit -m 'Shinra Tensei.'
$ git push --set-upstream https://gitlab.com/userName/my-repo.git master
Then, the pop-up message you can see in the picture comes up. Provided USERNAME and TOKEN.
Solution 13 - Git
I went SSH using the per project deploy keys setting (read only)
Solution 14 - Git
To make my future me happy: RTFM - don't use the gitlab-ci-token at all, but the .netrc
file.
There are a couple of important points:
echo -e "machine gitlab.com\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc
- Don't forget to replace "gitlab.com" by your URL!
- Don't try to be smart and create the .netrc file directly - gitlab will not replace the
$CI_JOB_TOKEN
within the file! - Use
https://gitlab.com/whatever/foobar.com
- notssh://git@foobar
, notgit+ssh://
, notgit+https://
. You also don't need any CI-TOKEN stuff in the URL. - Make sure you can
git clone [url from step 4]
Background: I got
fatal: could not read Username for 'https://gitlab.mycompany.com': No such device or address
when I tried to make Ansible + Gitlab + Docker work as I imagine it. Now it works.
Solution 15 - Git
Customising the URL is not needed. Just use a git configuration for gitlab tokens such as
git config --global gitlab.accesstoken {TOKEN_VALUE}