Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/shini4i/gitlab-token-scope-adjuster

CLI tool for automatically adjusting CI_JOB_TOKEN access scope based on project dependencies in GitLab.
https://github.com/shini4i/gitlab-token-scope-adjuster

automation devops gitlab gitlab-ci time-saving-tool

Last synced: 3 months ago
JSON representation

CLI tool for automatically adjusting CI_JOB_TOKEN access scope based on project dependencies in GitLab.

Host: GitHub
URL: https://github.com/shini4i/gitlab-token-scope-adjuster
Owner: shini4i
License: mit
Created: 2024-05-28T20:46:05.000Z (7 months ago)
Default Branch: main
Last Pushed: 2024-08-15T08:11:18.000Z (4 months ago)
Last Synced: 2024-09-30T03:03:48.300Z (3 months ago)
Topics: automation, devops, gitlab, gitlab-ci, time-saving-tool
Language: TypeScript
Homepage:
Size: 259 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# GitLab CI Job Token Scope Adjuster

![GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/shini4i/gitlab-token-scope-adjuster/publish.yaml?label=publish)
![GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/shini4i/gitlab-token-scope-adjuster/tests.yaml?label=tests)
![NPM Downloads](https://img.shields.io/npm/dm/%40shini4i%2Fgitlab-token-scope-adjuster)
![NPM Version](https://img.shields.io/npm/v/%40shini4i%2Fgitlab-token-scope-adjuster)
[![codecov](https://codecov.io/github/shini4i/gitlab-token-scope-adjuster/graph/badge.svg?token=ELQ6VQJ0Z5)](https://codecov.io/github/shini4i/gitlab-token-scope-adjuster)
![GitHub License](https://img.shields.io/github/license/shini4i/gitlab-token-scope-adjuster)

This CLI tool helps automate the process of configuring CI job token scopes in GitLab projects.

Starting from GitLab 16, it is mandatory to explicitly configure `CI_JOB_TOKEN` access, and this tool simplifies that by
automating the necessary API calls.

## How it works?

- Fetches project details from GitLab.
- Identifies dependency files (`go.mod`, `composer.json`, `package-lock.json`) in the repository.
- Extracts dependencies from these files.
- Configures CI job token scopes to whitelist the source project in dependency projects.

```mermaid
graph LR
A[gitlab-token-scope-adjuster -p 1234] --> B[Fetch Project Details]
B --> C[Identify Dependency Files]
C --> D[Process Each Dependency File]
D --> E[Extract Dependencies]
E --> F[Whitelist project CI_JOB_TOKEN in the Dependency Project]
```

## Prerequisites

- Node.js (>= 22.x)
- ts-node
- GitLab access token with the necessary permissions

## Installation

Install [@shini4i/gitlab-token-scope-adjuster](https://www.npmjs.com/package/@shini4i/gitlab-token-scope-adjuster) package:

```sh
npm install -g @shini4i/gitlab-token-scope-adjuster
```

## Usage

Expose the following environment variables:

```sh
export GITLAB_URL=https://gitlab.example.com
export GITLAB_TOKEN=your_access_token
```

And run the following command:

```sh
gitlab-token-scope-adjuster -p
```

To find dependency files recursively run the following command:
```sh
gitlab-token-scope-adjuster -p --monorepo
```

Keep in mind that depending on the amount of files in the repo it can significantly increase execution time.

Additionally, before making changes, it is possible to check which dependency projects would be edited by passing `--dry-run` flag.

## Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.