Skip to main content
  1. 2021/
  2. December/

Group Bots - Fun for the whole family

·3 mins

Testing gitlab group bots #

The documentation for This is how we make group bots, according to the Gitlab Documentation
and…. This is how we make project scoped tokens: project tokens

The scope can be set, here’s the docs

This is no longer relevant I believe #

It appears that in Gitlab Issue 214045 / Gitlab Issue 214046 They have now allowed you to create bot/tokens in the UI.

Create a group access token using UI #

Introduced in GitLab 14.7.

To create a group access token: #

  1. On the top bar, select Menu > Groups and find your group.
  2. On the left sidebar, select Settings > Access Tokens.
  3. Enter a name.
    The token name is visible to any user with permissions to view the group.

4. Enter an expiry date for the token. The token will expire on that date at midnight UTC.

  • An instance-wide maximum lifetime setting can limit the maximum allowable lifetime in self-managed instances.
  1. Select a role for the token.
  2. Select the desired scopes.
  3. Select Create group access token.

A group access token is displayed. Save the group access token somewhere safe. After you leave or refresh the page, you can’t view it again.

admin = User.find(1) # group admin
group = Group.find(3) # H&P Group
bot =, { name: 'group_token', username: "group_#{}_bot", email: "gitlab_group_#{}", user_type: :project_bot }).execute # create the group bot user
bot.confirm # confirm the bot
group.add_user(bot, :maintainer) # add the bot to the group at the desired access level
token = bot.personal_access_tokens.create(scopes:[:api, :write_repository,:write_registry], name: 'group_3_bot_token') # give it a PAT
gtoken = token.token # get the token value

You get to this by running gitlab-rails console

root@gitlab:/# gitlab-rails console
 Ruby:         ruby 2.7.5p203 (2021-11-24 revision f69aeb8314) [x86_64-linux]
 GitLab:       14.5.2-ee (4511944420f) EE
 GitLab Shell: 13.22.1
 PostgreSQL:   12.7
(...this takes a bit of time...)
Loading production environment (Rails

admin = User.find(1)
Loading production environment (Rails
irb(main):001:0> admin = User.find(1)
=> #<User id:1 @gitlabadmin>
irb(main):004:0> Group.find(4)
=> #<Group id:4 @wolfspyrelabs>
irb(main):005:0> Group.find(5)
irb(main):006:0> group = Group.find(3)
=> #<Group id:3 @hoof-and-paw>
irb(main):007:0> bot =, { name: 'group_token', username: "group_#{}_bot", email: "
gitlab_group_#{}", user_type: :project_bot }).execute
=> #<User id:10 @group_3_bot>
irb(main):008:0> bot.confirm
=> true
irb(main):009:0> group.add_user(bot, :maintainer)
=> #<GroupMember id: 88, access_level: 40, source_id: 3, source_type: "Namespace", user_id: 10, notification_level: 3, type: "GroupMember", created_at: "2021-12-10 23:12:58.917961334 +0000", updated_at: "2021-12-10 23:12:58.917961334 +0000", created_by_id: nil, invite_email: nil, invite_token: nil, invite_accepted_at: nil, requested_at: nil, expires_at: nil, ldap: false, override: false, invite_email_success: true, state: 0>
irb(main):010:0> token = bot.personal_access_tokens.create(scopes:[:api, :write_repository,:write_registry], name: 'group_3_bot_token')
=> #<PersonalAccessToken id: 9, user_id: 10, name: "group_3_bot_token", revoked: false, expires_at: nil, created_at:...
irb(main):011:0> gtoken = token.token
=> "glpat-sePcTM1UtCAJhwmH52Lf"

~/Nextcloud/Git_Repos/hoof-and-paw/lichtenberg-skeleton (main)$ docker login -user=botnamehere -p token-here

docker pull
16-alpine3.14: Pulling from hoof-and-paw/dependency_proxy/containers/node
97518928ae5f: Pull complete
16a1a5057866: Pull complete
ad8b526cbb1f: Pull complete
0328e268dee9: Pull complete
Digest: sha256:8569c8f07454ec42501e5e40a680e49d3f9aabab91a6c149e309bac63a3c8d54
Status: Downloaded newer image for