GitLab comment token scopes [Docs]

Wondering about this phrase on Netlify Docs > Deploy notifications > GitLab merge request comments:

It requires a GitLab API token with access to the repository. You can set that token when you configure this notification

The Settings > Build & deploy > Deploy notifications > Outgoing notifications > Add notification form links to GitLab Docs - Personal access tokens but does not specify which scope the token needs, neither do the docs. It would be nice to list in the docs and possibly on the form as well, something like ‘with “api” scope’ [1] or ‘with “read_repository” scope’ [2], whichever it requires.

From GitLab User Settings > Access Tokens > Personal Access Tokens > Scopes:
[1]: “api: Grants complete read/write access to the API, including all groups and projects, the container registry, and the package registry”
[2]: “read_repository: Grants read-only access to repositories on private projects using Git-over-HTTP or the Repository Files API”

I am guessing the comment token needs “api” scope to comment on private repos but it would be nice to know for certain whether one could use a lower privileged scope like “read_repository” or not.

Thanks for such a fantastic service, and great docs.

1 Like

thanks for your feedback, @ricky. I’ll let docs know to take a look!