Resolves oxsecurity#2420

LBeaulaton · Mar 5, 2023 · ebafc21 · ebafc21
1 parent 0d699a3
commit ebafc21
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -30,12 +30,14 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
   - Modified the .pre-commit-hooks.yaml for megalinter-full so the containername argument is correctly split between two lines, by @drbothen [#2411](https://github.com/oxsecurity/megalinter/pull/2411)
   - Avoid [jscpd](https://megalinter.io/v6/descriptors/copypaste_jscpd/) default config to detect copy pastes in image files
   - Move utilstest to megalinter folder to avoid import issues
+  - Correct misleading error message in **GitlabCommentReporter.py**, see [#2420](https://github.com/oxsecurity/megalinter/issues/2420)
 
 - Documentation
   - Change **swiftlint** example that did not correctly reflect the **--fix** parameter, by @bdovaz in [#2294](https://github.com/oxsecurity/megalinter/pull/2294)
   - Change in TSX **eslint** descriptor the urls as they were not correct, by @bdovaz in [#2294](https://github.com/oxsecurity/megalinter/pull/2294)
   - Change in TYPESCRIPT **eslint** descriptor the urls as they were not correct, by @bdovaz on [#2294](https://github.com/oxsecurity/megalinter/pull/2294)
   - Use mkdocs-glightbox to allow to click on images and display them in full screen
+  - Update **gitlab-ci** (see [#2420](GitlabCommentReporter.py))
 
 - CI
   - Use docker/build-push-action to build docker images and akhilerm/tag-push-action to release by retagging and pushing beta images instead of rebuilding them

diff --git a/README.md b/README.md
@@ -497,7 +497,7 @@ mega-linter:
     expire_in: 1 week
 ```
 
-Create a Gitlab access token and define it in a variable **GITLAB_ACCESS_TOKEN_MEGALINTER** in the project CI/CD masked variables
+Create a Gitlab access token and define it in a variable **GITLAB_ACCESS_TOKEN_MEGALINTER** in the project CI/CD masked variables. Make sure your token (e.g. if a project token) as the appropriate [role](https://docs.gitlab.com/ee/user/permissions.html) for commenting a merge request (at least developer).
 
 ![config-gitlab-access-token](https://user-images.githubusercontent.com/17500430/151674446-1bcb1420-d9aa-4ae1-aaae-dcf51afb36ab.gif)
 

diff --git a/megalinter/reporters/GitlabCommentReporter.py b/megalinter/reporters/GitlabCommentReporter.py
@@ -166,7 +166,7 @@ def produce_report(self):
     def display_auth_error(self, e):
         logging.error(
             "[Gitlab Comment Reporter] You may need to define a masked Gitlab CI/CD variable "
-            "GITLAB_MEGALINTER_ACCESS_TOKEN containing a personal token with scope 'api'\n"
+            "GITLAB_ACCESS_TOKEN_MEGALINTER containing a personal token with scope 'api'\n"
             "(if already defined, your token is probably invalid)\n"
             "If you are using local certificate, you also may need to define variables "
             "GITLAB_CUSTOM_CERTIFICATE or GITLAB_CERTIFICATE_PATH" + str(e)