Last active
March 13, 2025 21:57
-
-
Save chkpnt/9a96c47370271c28dd59ed232dcfd5d7 to your computer and use it in GitHub Desktop.
Automatically create a Personal Access Token in GitLab
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| gitlab-rails runner - <<EOS | |
| if user = User.find_by_username('root') | |
| token = user.personal_access_tokens.find_by(name: 'Ansible') | |
| if !token || token.expired? | |
| token = user.personal_access_tokens.create( | |
| scopes: ['api', 'admin_mode'], | |
| name: 'Ansible', | |
| expires_at: PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now | |
| ) | |
| token.save! | |
| token_value = token.token | |
| File.open('/tmp/root.pat', 'w', 0600) { |file| file.write(token_value) } | |
| puts "PAT written to /tmp/root.pat" | |
| else | |
| puts "There is already a PAT with the name 'Ansible' which expires at #{token.expires_at}." | |
| end | |
| end | |
| EOS | |
| echo "Post Reconfigure Script successfully executed" |
worth noting, this would only work with official gitlab server docker images
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For automatic provisioning of a GitLab instance, a Personal Access Token (PAT) is needed for API interactions. Such a token can be generated with a
GITLAB_POST_RECONFIGURE_SCRIPT.Ensure to securely delete
/tmp/root.patpost-provisioning to maintain security, potentially using tools likeshred,wipe, orsecure-delete.