Reduce access_level requirements when using --dry-run

[thompson-shaun]

My team has a few projects where we require doing a --dry-run to obtain nextRelease information in an MR. Ideally we could use a token with reduced scope (say just read_repository and read_api).

As a test this snippet in verify.js worked well enough to pass local testing.

if(context.options.dryRun && ((projectAccess && projectAccess.access_level >= 10) || (groupAccess && groupAccess.access_level >= 10)))
{
  ...
}
else if(...existing check...)

Ultimately it would be great if #156 would get closed out by GitLab adding some functionality to adjust the CI_JOB_TOKEN scope.

[fgreinacher]

This sounds like a very useful feature to me! PRs welcome :)

[github-actions]

🎉 This issue has been resolved in version 9.5.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀