ValberJunior
commented
10 months ago Hello 👋, how are you?
Thanks for the feedback! 🤝
At the moment, the plugin is related to the token entered in app-config, and this ends up giving access to the components that trigger the pipelines.
However, the suggestion is very coherent, and we already have on our radar this improvement of adding the authentication layer to the plugin, which will better allow access to it.
Thanks again, we'll be releasing the new update as soon as possible!
Hi, I love the gitlab pipelines plugin, thank you for your work. One thing I wonder though and I don't see any information in the README - how does permissioning work with the plugin? Does it use the GitLab login (if there is one) for each user and triggers the pipelines in their name, or does it re-use the single token in the settings? While I'd love to install the plugin, it seems scary to give every backstage user, or hack even just the developers - permissions to run all jobs on every connected repo. And maybe literally every repo if it just proxies API requests with the admin token. Thank you for your answer!