You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I see in the README that this requires the use of a PAT to work. The release-cli tool created by GitLab that appears to do similar things outside the context of semantic-release is able to do its work with the built-in CI_JOB_TOKEN instead of requiring a PAT that elevates the pipelines permissions and essentially gives the opportunity for the pipeline to change code and commit it back to the repo, breaking a layer of security.
Is it possible to use this plugin with the CI_JOB_TOKEN similar to release-cli rather than providing elevated privileges to the repo?
The text was updated successfully, but these errors were encountered:
I see in the README that this requires the use of a PAT to work. The release-cli tool created by GitLab that appears to do similar things outside the context of semantic-release is able to do its work with the built-in CI_JOB_TOKEN instead of requiring a PAT that elevates the pipelines permissions and essentially gives the opportunity for the pipeline to change code and commit it back to the repo, breaking a layer of security.
Is it possible to use this plugin with the CI_JOB_TOKEN similar to release-cli rather than providing elevated privileges to the repo?
The text was updated successfully, but these errors were encountered: