Get Roadie in your IDE with our new MCP Servers
Roadie
Backstage Scaffolder Actions

Create GitLab Project Token

Action ID: gitlab:projectAccessToken:create
NPM Package:

@backstage/plugin-scaffolder-backend-module-gitlab

Description

Creates a GitLab project access token with specified permissions and expiration settings.

Input Schema

PropertyTypeDescriptionRequired
namestringName of Access Key
tokenstringThe token to use for authorization to GitLab
scopesarrayScopes for a project access token
repoUrlstringURL to gitlab instance
expiresAtstringExpiration date of the access token in ISO format (YYYY-MM-DD). If Empty, it will set to the maximum of 365 days.
projectIdanyProject ID/Name(slug) of the Gitlab Project
accessLevelnumberAccess Level of the Token, 10 (Guest), 20 (Reporter), 30 (Developer), 40 (Maintainer), and 50 (Owner)

Output Schema

PropertyTypeDescriptionRequired
access_tokenstringAccess Token

Usage Examples

Create a minimal project access token using integration credentials

Creates a token for an existing GitLab project using the default expiration. Use this when your GitLab integration provides the admin token and you only need to specify the project and instance.

Copy 
steps:
  - id: fetch_skeleton
    action: fetch:template
    input:
      url: ./skeleton
      targetPath: .
      values:
        name: ${{ parameters.name }}

  - id: create_project_token
    action: gitlab:projectAccessToken:create
    input:
      projectId: acme/platform/my-service
      repoUrl: https://gitlab.com

Create a developer token with write access for repository and registry

Creates a token with developer access and write scopes for code and container registry. Use this for automation that pushes commits and images after fetch:template.

Copy 
steps:
  - id: fetch_source
    action: fetch:template
    input:
      url: ./skeleton
      targetPath: .
      values:
        name: ${{ parameters.serviceName }}

  - id: create_dev_token
    action: gitlab:projectAccessToken:create
    input:
      projectId: acme/payments/billing-service
      repoUrl: https://gitlab.com
      token: ${{ secrets.gitlabToken }}
      name: scaffolder-ci-billing
      accessLevel: 30
      scopes:
        - write_repository
        - write_registry
        - read_api
      expiresAt: 2026-01-31

Create a short-lived read-only token for preview pipelines

Creates a read-only token for preview environments tied to a branch with a controlled expiration date. Use this to allow ephemeral jobs to fetch code and query read-only APIs.

Copy 
steps:
  - id: fetch_template
    action: fetch:template
    input:
      url: ./skeleton
      targetPath: .
      values:
        branch: ${{ parameters.branchName }}
        service: ${{ parameters.service }}

  - id: create_preview_ro_token
    action: gitlab:projectAccessToken:create
    input:
      projectId: ${{ parameters.projectSlug }} # e.g. acme/web/storefront
      repoUrl: https://gitlab.com
      token: ${{ secrets.gitlabAdminToken }}
      name: preview-${{ parameters.branchName }}
      accessLevel: 20
      scopes:
        - read_repository
        - read_api
      expiresAt: ${{ parameters.tokenExpiry }} # YYYY-MM-DD

Create a maintainer token for a self-hosted GitLab project

Creates a maintainer-level token on a self-hosted instance with broad automation access. Use this for trusted release bots that need repository and registry write access.

Copy 
steps:
  - id: fetch_assets
    action: fetch:template
    input:
      url: ./skeleton
      targetPath: .
      values:
        name: release-bot

  - id: create_maintainer_token
    action: gitlab:projectAccessToken:create
    input:
      projectId: 3421
      repoUrl: https://gitlab.mycorp.internal
      token: ${{ secrets.selfHostedGitlabToken }}
      name: release-bot-token
      accessLevel: 40
      scopes:
        - api
        - write_repository
        - write_registry
      expiresAt: 2025-12-31

Create a package publishing token with package registry scopes

Creates a token for publishing packages from CI with limited package registry permissions. Use this when your pipelines need to push to the project package registry but do not need full API access.

Copy 
steps:
  - id: fetch_template_pkg
    action: fetch:template
    input:
      url: ./skeleton
      targetPath: .
      values:
        library: ${{ parameters.serviceName }}

  - id: create_pkg_registry_token
    action: gitlab:projectAccessToken:create
    input:
      projectId: acme/libs/data-utils
      repoUrl: https://gitlab.com
      token: ${{ secrets.gitlabToken }}
      name: pkg-publisher-${{ parameters.serviceName }}
      accessLevel: 30
      scopes:
        - write_package_registry
        - read_api
      expiresAt: 2025-06-30

Other actions in @backstage/plugin-scaffolder-backend-module-gitlab

Publish GitLab Merge Request

Publishes a merge request to GitLab with specified title, branch, and additional options.

Available on Roadie

Publish To GitLab

Initializes a git repository of the content in the workspace, and publishes it to GitLab.

Available on Roadie

GitLab Repo Push

Pushes changes to a specified GitLab repository branch with a defined commit message and action.

Available on Roadie

Create GitLab Project Variable

Creates a new project variable in GitLab with specified attributes and settings.

10 inputs, 0 outputs
Available on Roadie

Create GitLab Deploy Token

Creates a deploy token for a GitLab project with specified scopes and user details.

Available on Roadie

Trigger GitLab Pipeline

Triggers a GitLab Pipeline.

Available on Roadie

Create GitLab Issue

Creates a Gitlab issue.

Available on Roadie

Edit GitLab Issue

Edit a Gitlab issue.

Available on Roadie

GitLab Project Migration

Migrates a project from one GitLab instance to another using specified access tokens and URLs.

Available on Roadie

Ensure GitLab Group Exists

Ensures a Gitlab group exists

Available on Roadie
Dry run