gitlab-runner cannot clone the git repository. How can I add authentication to it?

Question

I newly installed a gitlab runner in docker like this:

...
# docker-compose.yaml
  gitlab-runner:
    image: 'gitlab/gitlab-runner:latest'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./config-runner:/etc/gitlab-runner
    restart: always
...

After that I successfully registered with something like this:

docker-compose exec -T gitlab-runner-prod gitlab-runner register 

I created a simle gitlab-ci.yaml with simple build command like this:

variables:
  MAVEN_CLI_OPTS: "-DskipTests=true -Dmaven.test.skip=true -Dmaven.javadoc.skip=true -Djacoco.skip=true -Dformatter.skip=true  -Dsonar.host.url=https://sonar.xxxx.yyyy/ -s ./.m2/settings.xml"
  DOCKER_TLS_CERTDIR: "/certs"


stages:
  - build

image: maven:3.8-jdk-11

build:
  stage: build
  script:
    - mvn $MAVEN_CLI_OPTS clean deploy

When the build starts I get this error:

Running with gitlab-runner 14.7.0 (98daeee0)
  on kube.yyy.yy-docker TXU2VJaW
Preparing the "docker" executor
00:03
Using Docker executor with image maven:3.8-jdk-11 ...
Pulling docker image maven:3.8-jdk-11 ...
Using docker image sha256:7ba3f54f023fe41416785b7ff546abd975a8f7004f9e55d5be1b5ed7d3319792 for maven:3.8-jdk-11 with digest maven@sha256:be9931cf4b26f5c284e60a55652b8349b0322bfc9c9e2e3da88567310ce6e298 ...
Preparing environment
00:00
Running on runner-txu2vjaw-project-60-concurrent-0 via d355996b2401...
Getting source from Git repository
00:01
Fetching changes with git depth set to 20...
Reinitialized existing Git repository in /builds/xxxx/yyyy/.git/
remote: You are not allowed to download code from this project.
fatal: unable to access 'https://git.xxx.yyy/xxxx/yyyy.git/': The requested URL returned error: 403
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1

I see the problem. The url is not contains the gitlab-ci-token and password. But I don't know why, and how can I set up.

The question is: How can I set up my dockerized gitlab-runner to use the token variables when try clone the project?

UPDATE: @sytech asked my config.toml file:

#config.toml
concurrent = 1
check_interval = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "kube.yyy.yy-docker"
  url = "https://git.xxx.yyy/"
  token = "TXU2VJaWDPycc4cDKHAc"
  tls-ca-file = "/etc/gitlab-runner/2014.pem"
  executor = "docker"
  [runners.custom_build_dir]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]
    [runners.cache.azure]
  [runners.docker]
    tls_verify = false
    image = "maven:3.8-jdk-11"
    privileged = true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0

Answer 1

I solved my problem.

I was not member of the project (I haven't any roles), because I have full admin rights. As admin I can commit to any project.

BUT:

https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html

The token has the same permissions to access the API as the user that caused the job to run. A user can cause a job to run by pushing a commit, triggering a manual job, being the owner of a scheduled pipeline, and so on. Therefore, this user must be assigned to a role that has the required privileges.

The cicd tokens not generated, because I not member of the project.

Because I not member of project, the tokens was not generated, and the project clone failed with 403.

After I added myself to the project as developer, and the problem solved automatically.