r-lib
`remotes::install_gitlab()` cannot use gitlab's `CI_JOB_TOKEN` (as opposed to personal token)
install_gitlab() works fine with personal and group tokens but if one tries to use a job token it fails the authentication.
This is really a GitLab problem due to how inconsistently they use their tokens. But here in remotes we will just need to hack it ourselves - similar to what for example uv does for python with their .netrc authentication.
The problem
Gitlab personal (and group) tokens are authenticated with the "Private-Token" HTTP header (docs).
But when running a gitlab CI job a specific job token - in the CI_JOB_TOKEN environment variable, that works as a temporary personal token, is created. Unfortunately one cannot use this token with remotes::install_gitlab() because the HTTP header used for this token is "Job-Token" (docs)
And remotes's code always hardcodes the HTTP header for gitlab authentication as follows:
download(dest, src, headers = c("Private-Token" = x$auth_token))
All instances of that call to download are in R/install-gitlab.R .
Could we have a way to change the HTTP header used depending on the token type?
I am keen on figuring out a way to do this myself. Will open a PR. But would like opinions on the best way to achieve it without breaking anything else in the code. Probably should use a different env variable, e.g. GITLAB_JOB instead of GITLAB_PAT
Actually i just found this PR: https://github.com/r-lib/remotes/pull/608
It attempts to use the CI_JOB_TOKEN and that is the one thing missing from that PR. I may try to improve that instead.