feat: enhance job token support in GitLab integration

Author: tachyons

README.md

@@ -63,6 +63,7 @@ Create a [project access token](https://docs.gitlab.com/ee/user/project/settings
 **Note**: When running with [`dryRun`](https://semantic-release.gitbook.io/semantic-release/usage/configuration#dryrun) only `read_repository` scope is required.
 
 #### Job Token
+
 Ensure your project is configured to [allow git push requests for job tokens](https://docs.gitlab.com/ci/jobs/ci_job_token/#allow-git-push-requests-to-your-project-repository), and assign the value of `CI_JOB_TOKEN` to `GL_TOKEN`.
 
 **Note**: Due to limitations on [job token](https://docs.gitlab.com/ci/jobs/ci_job_token/) access, comments on merge requests and issues must be explicitly disabled. See: [successCommentCondition](#successcommentcondition) and [failCommentCondition](#failcommentcondition).

lib/resolve-config.js

@@ -51,10 +51,11 @@ export default (
     (service === "gitlab" && CI_PROJECT_URL && CI_PROJECT_PATH
       ? CI_PROJECT_URL.replace(new RegExp(`/${CI_PROJECT_PATH}$`), "")
       : "https://gitlab.com");
+  const isJobToken = !!CI_JOB_TOKEN && (GL_TOKEN || GITLAB_TOKEN) === CI_JOB_TOKEN;
   return {
     gitlabToken: GL_TOKEN || GITLAB_TOKEN,
-    isJobToken: (!!CI_JOB_TOKEN && (GL_TOKEN || GITLAB_TOKEN) === CI_JOB_TOKEN),
-    tokenHeader: (!!CI_JOB_TOKEN && (GL_TOKEN || GITLAB_TOKEN) === CI_JOB_TOKEN) ? "JOB-TOKEN" : "PRIVATE-TOKEN",
+    isJobToken,
+    tokenHeader: isJobToken ? "JOB-TOKEN" : "PRIVATE-TOKEN",
     gitlabUrl: defaultedGitlabUrl,
     gitlabApiUrl:
       userGitlabUrl && userGitlabApiPathPrefix

lib/verify.js

@@ -31,10 +31,17 @@ export default async (pluginConfig, context) => {
     options: { repositoryUrl },
     logger,
   } = context;
-  const { gitlabToken, isJobToken, tokenHeader, successCommentCondition, failCommentCondition, gitlabUrl, gitlabApiUrl, proxy, ...options } = resolveConfig(
-    pluginConfig,
-    context
-  );
+  const {
+    gitlabToken,
+    isJobToken,
+    tokenHeader,
+    successCommentCondition,
+    failCommentCondition,
+    gitlabUrl,
+    gitlabApiUrl,
+    proxy,
+    ...options
+  } = resolveConfig(pluginConfig, context);
   const { projectPath, projectApiUrl } = getProjectContext(context, gitlabUrl, gitlabApiUrl, repositoryUrl);
 
   debug("apiUrl: %o", gitlabApiUrl);
@@ -58,7 +65,7 @@ export default async (pluginConfig, context) => {
   }
 
   if (isJobToken && !(failCommentCondition === false) && !(successCommentCondition === false)) {
-    errors.push(getError("EJOBTOKENCOMMENTCONDITION", { projectPath }))
+    errors.push(getError("EJOBTOKENCOMMENTCONDITION", { projectPath }));
   }
 
   if (gitlabToken && projectPath) {

test/integration.test.js

@@ -117,7 +117,7 @@ test.serial("Verify GitLab auth and release with Job Token", async (t) => {
   const env = { GL_TOKEN: "gitlab_token", CI_JOB_TOKEN: "gitlab_token" };
   const owner = "test_user";
   const repo = "test_repo";
-  const options = { repositoryUrl: `https://github.com/${owner}/${repo}.git` };
+  const options = { repositoryUrl: `https://gitlab.com/${owner}/${repo}.git` };
   const encodedProjectPath = encodeURIComponent(`${owner}/${repo}`);
   const nextRelease = { gitHead: "123", gitTag: "v1.0.0", notes: "Test release note body" };
 
@@ -133,7 +133,12 @@ test.serial("Verify GitLab auth and release with Job Token", async (t) => {
     })
     .reply(200);
 
-  await t.notThrowsAsync(t.context.m.verifyConditions({ successCommentCondition: false, failCommentCondition: false }, { env, options, logger: t.context.logger }));
+  await t.notThrowsAsync(
+    t.context.m.verifyConditions(
+      { successCommentCondition: false, failCommentCondition: false },
+      { env, options, logger: t.context.logger }
+    )
+  );
   const result = await t.context.m.publish({}, { env, options, nextRelease, logger: t.context.logger });
 
   t.is(result.url, `https://gitlab.com/${owner}/${repo}/-/releases/${nextRelease.gitTag}`);

test/resolve-config.test.js

@@ -512,7 +512,7 @@ test("Ignore GitLab CI/CD environment variables if not running on GitLab CI/CD",
 });
 
 test("Use job token when GitLab token equals CI_JOB_TOKEN", (t) => {
-  const jobToken = "TOKEN"
+  const jobToken = "TOKEN";
 
   t.deepEqual(
     resolveConfig(

test/verify.test.js

@@ -995,15 +995,13 @@ test.serial(
     const owner = "test_user";
     const repo = "test_repo";
     const env = { GITLAB_TOKEN: "gitlab_token", CI_JOB_TOKEN: "gitlab_token" };
-    const gitlab = authenticate(env)
-      .get(`/projects/${owner}%2F${repo}/releases`)
-      .reply(200, []);
+    const gitlab = authenticate(env).get(`/projects/${owner}%2F${repo}/releases`).reply(200, []);
 
     const {
       errors: [error],
     } = await t.throwsAsync(
       verify(
-        { },
+        {},
         { env, options: { repositoryUrl: `https://gitlab.com/${owner}/${repo}.git` }, logger: t.context.logger }
       )
     );
@@ -1019,9 +1017,7 @@ test.serial(
     const owner = "test_user";
     const repo = "test_repo";
     const env = { GITLAB_TOKEN: "gitlab_token", CI_JOB_TOKEN: "gitlab_token" };
-    const gitlab = authenticate(env)
-      .get(`/projects/${owner}%2F${repo}/releases`)
-      .reply(200, []);
+    const gitlab = authenticate(env).get(`/projects/${owner}%2F${repo}/releases`).reply(200, []);
 
     await t.notThrowsAsync(
       verify(