npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@shini4i/gitlab-token-scope-adjuster

v0.1.5

Published

CLI tool for automatically adjusting CI_JOB_TOKEN scope based on project dependencies in GitLab.

Downloads

8

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

shini4ishini4i

Keywords

gitlabcigitlab-citoken

Readme

GitLab CI Job Token Scope Adjuster

GitHub Actions Workflow Status GitHub Actions Workflow Status NPM Downloads NPM Version codecov GitHub License

This CLI tool helps automate the process of configuring CI job token scopes in GitLab projects.

Starting from GitLab 16, it is mandatory to explicitly configure CI_JOB_TOKEN access, and this tool simplifies that by automating the necessary API calls.

How it works?

  • Fetches project details from GitLab.
  • Identifies dependency files (go.mod, composer.json, package-lock.json) in the repository.
  • Extracts dependencies from these files.
  • Configures CI job token scopes to whitelist the source project in dependency projects.
graph LR
    A[gitlab-token-scope-adjuster -p 1234] --> B[Fetch Project Details]
    B --> C[Identify Dependency Files]
    C --> D[Process Each Dependency File]
    D --> E[Extract Dependencies]
    E --> F[Whitelist project CI_JOB_TOKEN in the Dependency Project]

Prerequisites

  • Node.js (>= 22.x)
  • ts-node
  • GitLab access token with the necessary permissions

Installation

Install @shini4i/gitlab-token-scope-adjuster package:

npm install -g @shini4i/gitlab-token-scope-adjuster

Usage

Expose the following environment variables:

export GITLAB_URL=https://gitlab.example.com
export GITLAB_TOKEN=your_access_token

And run the following command:

gitlab-token-scope-adjuster -p <your_project_id>

To find dependency files recursively run the following command:

gitlab-token-scope-adjuster -p <your_project_id> --monorepo

Keep in mind that depending on the amount of files in the repo it can significantly increase execution time.

Additionally, before making changes, it is possible to check which dependency projects would be edited by passing --dry-run flag.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.