This message was deleted.

Hi Aviad! We saw similar issues from other users. CI may use a different token than the one you created. We created this troubleshooting section to catch that case 🙂 https://gitlab.com/infracost/infracost-gitlab-ci#403-error-when-posting-to-gitlab

I don't think that's the case, i've changed the name of the token (GITLAB_TOKEN -> GITLAB_INFRACOST_BOT_TOKEN) in purpose to avoid such cases, and notice that I'm getting 401 and not 403 error, that's means I'm not authenticating from the first place and not the case of insufficient permissions.

Hm, okay. Next question: do you use self-hosted GitLab with custom domain or the cloud version? If it's self-hosted, you'll have to provide

--gitlab-server-url $CI_SERVER_URL

flag in

infracost comment

command to use its API.

cloud version. gitlab.com

I assume, you set the

api

scope for the token, right?

of course, i've assigned it with all permissions, tried project token and private access token.

Sorry, trying to filter out all possibilities 😄

should my token contain the name of the token (i.e "PRIVATE-TOKEN") or only the token value?

Only the value

so what should I replace with PRIVATE-TOKEN? the name of the token?

I just realized my example is incomplete (missing project name). I'll provide an example in a second

curl -X POST --header "$GITLAB_TOKEN" --data-urlencode "body=test" https://*gi*tlab.com/${CI_PROJECT_PATH}/-/merge_requests/${MR_ID}/notes

curl -X POST --header "PRIVATE-TOKEN: abc" --data-urlencode "body=test" <https://gitlab.com/api/v4/projects/test%2Frepo/merge_requests/1/notes>

abc - is the value of the token test%2Frepo - should be your repo name in form namespace/project name with encoded slash character 1 - number of the merge request