Run GitLab CI Pipeline on Protected Branches by a Member of Developer Role
To let project members of the “Developer” role be able to run GitLab CI pipeline on protected branches, go to “Settings -> Repository -> Protected branches”, in “Allowed to merge” dropbox, add “Developers + Maintainers”.
See discussion on this GitLab issue for details.
Fix the “requested access to the resource is denied” issue
If the CI job needs to pull Docker images from registry of a GitLab project, the user who run the CI pipeline must have necessary permission to this GitLab project.
As per this GitLab document, the user should at least have the “Developer” role to pull Docker images from GitLab projects.
| Action | Guest, Reporter | Developer |
|---|---|---|
| Pull container images from current projects | ✓ | |
| Pull container images from public projects | ✓ | |
| Pull container images from internal projects | ✓ |
If the user has a “Guest” or “Reporter” role in a project X, the CI job of project Y needs to pull images from the registry of project X, when that user run the CI job of project Y, the job would fail. Error message in the failed CI job would be like
pull access denied for registry.gitlab.example.com/group/project-x,
repository does not exist or may require 'docker login':
denied: requested access to the resource is denied