Currently we rely on access tokens to authorize modifications to repos in the release pipeline. Job Tokens may be a better fit in the future. Currently Job Token [push modification permissions are experimental](https://docs.gitlab.com/ci/jobs/ci_job_token/#allow-git-push-requests-to-your-project-repository).
We need to renew Access Tokens annually. I conventionally always set expirations to Jan 1 as that's a great time to expire things at JLab.
# Steps
Another experimental feature, [Steps](https://docs.gitlab.com/ci/steps/) may make our pipelines easier to understand and more performant. Currently each step is done as a separate job, which can be inefficient. We could potentially collapse many jobs that are really steps into a single job at the cost of a big complex script.
