This CLI tool helps automate the process of configuring CI job token scopes in GitLab projects.
Starting from GitLab 16, it is mandatory to explicitly configure CI_JOB_TOKEN access, and this tool simplifies that by
automating the necessary API calls.
- Fetches project details from GitLab.
- Identifies dependency files (
go.mod,composer.json,package-lock.json) in the repository. - Extracts dependencies from these files.
- Configures CI job token scopes to whitelist the source project in dependency projects.
graph LR
A[gitlab-token-scope-adjuster -p 1234] --> B[Fetch Project Details]
B --> C[Identify Dependency Files]
C --> D[Process Each Dependency File]
D --> E[Extract Dependencies]
E --> F[Whitelist project CI_JOB_TOKEN in the Dependency Project]
- Node.js (>= 22.x)
- ts-node
- GitLab access token with the necessary permissions
Install @shini4i/gitlab-token-scope-adjuster package:
npm install -g @shini4i/gitlab-token-scope-adjusterExpose the following environment variables:
export GITLAB_URL=https://gitlab.example.com
export GITLAB_TOKEN=your_access_tokenAnd run the following command:
gitlab-token-scope-adjuster -p <your_project_id>To find dependency files recursively run the following command:
gitlab-token-scope-adjuster -p <your_project_id> --monorepoKeep in mind that depending on the amount of files in the repo it can significantly increase execution time.
Additionally, before making changes, it is possible to check which dependency projects would be edited by passing --dry-run flag.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.