To resolve this issue I had to add myself as a project member. This is a private repo. I'm not sure if that caused the runner to fail with the different permission setup or not, but it is highly possible.

为了解决这个问题，我必须将自己添加为项目成员。这是一个私人回购。我不确定这是否会导致跑步者因不同的权限设置而失败，但这很有可能。

This help articleat gitlab outlines this issue.

gitlab 上的这篇帮助文章概述了这个问题。

With the new permission model in place, there may be times that your build will fail. This is most likely because your project tries to access other project's sources, and you don't have the appropriate permissions. In the build log look for information about 403 or forbidden access messages.

As an Administrator, you can verify that the user is a memberof the group or project they're trying to have access to, and you can impersonate the user to retry the failing build in order to verify that everything is correct.

使用新的权限模型后，您的构建有时可能会失败。这很可能是因为您的项目试图访问其他项目的源，而您没有适当的权限。在构建日志中查找有关 403 或禁止访问消息的信息。

作为管理员，您可以验证用户是否是他们尝试访问的组或项目的成员，并且您可以模拟用户重试失败的构建以验证一切是否正确。

From the project page click the settings gear and then click members. Add yourself (or user generating builds) as a member to the project. I used the "Master" Role, but based off of this documentyou can probably use the "Reporter" role as a minimum. The reporter role is the least privilege that still has access to "Pull project code." This removed my 403 error and allowed me to continue on.

从项目页面单击设置齿轮，然后单击成员。将您自己（或用户生成的构建）添加为项目的成员。我使用了“Master”角色，但根据本文档，您可能至少可以使用“Reporter”角色。报告者角色是仍然可以访问“提取项目代码”的最低权限。这消除了我的 403 错误并允许我继续。

I also encountered this problem

我也遇到这个问题

fatal: unable to access 'http://gitlab-ci-token:xxxx.git':The Requested URL returned error:403
ERROR: Job Failed: command terminated with exit code 1

but it seems that the reason for the above answer is not the same, because my account is an administrator, ci job pulls the project and reports an error 403, because the administrator account is not a project member, added as a project Members will no longer report this error.

但是好像上面回答的原因不太一样，因为我的账号是管理员，ci job拉项目报错403，因为管理员账号不是项目成员，添加为项目成员就不行了再报这个错误。

ci_build_permissions

ci_build_permissions

This looks like you need to add add a cdcommand to print current directory to your before_script. Then go fix permissions to access the parent of that folder. If you installed your gitlab runner to c:\glrunner, it is probably c:\glrunner\buildspermission you need to fix.

这看起来你需要添加一个cd命令来打印当前目录到你的 before_script。然后去修复访问该文件夹的父级的权限。如果您将 gitlab runner 安装到c:\glrunner，则可能是c:\glrunner\builds您需要修复的权限。

Second problem is you may need to force a fresh git clone by deleting the builds folder.

第二个问题是您可能需要通过删除 builds 文件夹来强制执行新的 git clone。

You may want to change the login credentials for the gitlab runner service to a gitlabuserwhich should be a non-admin account, which may have fewer priveges than the LOCAL SYSTEM account that your gitlab runner is using by default.

您可能希望将 gitlab runner 服务的登录凭据更改gitlabuser为非管理员帐户，该帐户的权限可能少于 gitlab runner 默认使用的 LOCAL SYSTEM 帐户。

If you want to know who is logged in, add setto your before_script as well, and you'll get an environment variable dump. From that you can see which account is logged in, and where its USERPROFILE is and other things.

如果你想知道谁登录了，也添加set到你的 before_script 中，你会得到一个环境变量转储。从中您可以看到登录了哪个帐户，以及它的 USERPROFILE 在哪里等等。