►
From YouTube: CI_JOB_TOKEN workflow video for coverage
Description
This video is to assist whoever does the UX review of this feature in development https://gitlab.com/gitlab-org/gitlab/-/issues/375782
A
Hi
I'm
pretty
called
the
product
designer
for
pipeline
execution
team.
This
video
is
for
whoever
gets
assigned
to
review
this
work.
That's
been
done
for
this
issue
that
says,
enable
a
CA,
token
permission,
flow
or
Bots
to
work,
across.com
and
other
shared
instances
securely.
A
This
one
is
a
little
tricky,
because
the
premises
that
we
are
working
in
is
a
complex
one.
This
talks
about
like
if
there
are
two
projects-
project
a
and
Project
B.
How
do
we
allow
one
project
to
access
the
access,
another
project
using
a
CI
job
token,
and
what
is
it
that
we
can
do
to
if
we
do
not
want
any
of
the
project
to
access
our
project
and
at
the
same
time,
how
can
we
enable
it?
A
So
we
have
already
worked
on
an
issue
that
has
added
an
outbound
workflow
for
these
use
cases.
So
if
you
go
to
the
product
today,
you
would
see
that
just
a
moment,
you'll
see
that
under
settings
CI
CD
for
projects,
you
would
see
this
section
that
says
token
access
and
then
there
is
a
particular
section
that
allows
you
to
add
an
existing
project
to
the
scope.
That
means
you
are
currently
able
to
add,
say
that
you
want
your
project
to
have
access
to
this
other
project.
A
Let's
call
it
B
and
you
get
to
decide
that,
like
this
is
an
outbound
workload
that
we
had
worked
on
with
time.
We
learned
that
this
is
not
the
best
way
of
doing
it
and
we
require
to
work
on
an
inbound
flow
as
well,
which
will
slowly
replace
the
outbound,
and
this
will
be
deprecated
in
I
think
the
next
release,
which
is
16.0
now
talking
about
the
inbound
workflow,
specifically
because
this
is
what
is
in
the
scope
of
this
issue
and
what
needs
to
be
looked
at
so
this
particular
workflow.
A
What
it
will
do
is,
as
it
says,
allow
access
to
this
project
with
SEI
job
token.
A
If
a
project
B,
which
is
not
this
project,
wants
access
to
project
a
which
has
this
project,
what
they'll
have
to
do
is
project
a
would
require
to
add
them
to
this
list
like
this
will
give
permission
to
Project
B
that
okay,
now
you
can
access
this
project
using
oci
job
token,
and
at
the
same
time,
if
this
is
disabled,
let's
say,
then
what
will
how
that
would
be
translated
as
only
project
a
would
have
access
to
its
own
project
using
the
cig
object
like
no,
the
project
would
have
access
to
it.
A
So
that's
that
that's
what
will
happen
if
this
comes
disabled
and
upon
enabling
it
this
small
model
is
going
to
appear
that
says,
allow
CI
job
to
construct
the
following
projects
to
access
this
project.
So
if
you
enter
the
URL
of
a
project
here,
it
gets
added
to
the
table
below,
and
you
can
totally
see
that
right
now
test
one
sample
test.
A
One
and
sample
test
two
have
access
to
your
project
using
the
CI
token,
and
these
are
the
namespaces
that
there
are
part
of,
and
you
can
anytime,
go
ahead
and
delete
them
from
the
list.
If
you
don't
want
them
to
be
accessing
your
project,
so
that
is
it
and
I
hope
this
is
helpful.
It's
a
very
small
summary.
A
All
the
decisions
are
documented
in
the
discussion
alongside
and
that's
it.
Thank
you.