fix: semantic-release authentication and token lifecycle management (!38) · Merge requests · LLM Ecosystem / Gitlab CI Components · GitLab

Welcome to the Bluefly.io code repository. By logging in, you agree to comply with our terms of service and code of conduct.

thomas.scola@bluefly.io requested to merge fix/semantic-release-auth into development Sep 21, 2025

Summary

Comprehensive fix for semantic-release authentication issues with multi-layer fallback mechanisms and token lifecycle management.

Changes

Authentication Fixes

✅ Added token validation pre-flight checks
✅ Implemented push permission testing with temporary tags
✅ Multi-layer auth cascade: PAT → CI_JOB_TOKEN → Manual
✅ Fixed YAML parser issues (backticks instead of command substitution)
✅ Added workflow rules for fix/ branches

Monitoring & Documentation

✅ Token expiration monitoring job (quarterly schedule)
✅ 30/60 day warning thresholds
✅ Comprehensive TOKEN_REQUIREMENTS.md documentation
✅ Manual fallback release mechanism

Key Improvements

Non-blocking semantic-release with allow_failure
Clear diagnostic messages for troubleshooting
Production-ready with graceful degradation
Security-focused with minimal required permissions

Fixes

Resolves EGITNOPERMISSION errors
Resolves EINVALIDGLTOKEN errors
Handles protected branch restrictions
Provides fallback for token rotation

Testing

✅ Local validation with gitlab-ci-local
✅ YAML syntax validated
✅ Pipeline #27829 successful

Edited Sep 21, 2025 by thomas.scola@bluefly.io