Currently we rely on access tokens to authorize modifications to repos in the release pipeline. Job Tokens may be a better fit in the future. Currently Job Token [push modification permissions are experimental](https://docs.gitlab.com/ci/jobs/ci_job_token/#allow-git-push-requests-to-your-project-repository).
We need to renew Access Tokens annually. I conventionally always set expirations to Jan 1 as that's a great time to expire things at JLab.
We need to renew Access Tokens annually. I conventionally always set expirations to Jan 1 as that's a great time to expire things at JLab (generally machine is not running and during annual lab shutdown).
The `CI_API_TOKEN` CI Variable has the value set to the GROUP_API_TOKEN group token.
