Merge branch 'patch-15' into 'master'

Add tip about `CI_JOB_TOKEN` clone abilities with "new job permissions model"

See merge request !10221

doc/user/project/new_ci_build_permissions_model.md

@@ -141,6 +141,7 @@ with GitLab 8.12.
 With the new job permissions model, there is now an easy way to access all
 dependent source code in a project. That way, we can:
 
+1. Access a project's dependent repositories
 1. Access a project's [Git submodules][gitsub]
 1. Access private container images
 1. Access project's and submodule LFS objects
@@ -177,6 +178,22 @@ As a user:
   access to. As an Administrator, you can verify that by impersonating the user
   and retry the failing job in order to verify that everything is correct.
 
+### Dependent repositories
+
+The [Job environment variable][jobenv] `CI_JOB_TOKEN` can be used to
+authenticate any clones of dependent repositories. For example:
+
+```
+git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/myuser/mydependentrepo
+```
+
+It can also be used for system-wide authentication
+(only do this in a docker container, it will overwrite ~/.netrc):
+
+```
+echo -e "machine gitlab.com\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc
+```
+
 ### Git submodules
 
 To properly configure submodules with GitLab CI, read the
@@ -221,3 +238,4 @@ test:
 [triggers]: ../../ci/triggers/README.md
 [update-docs]: https://gitlab.com/gitlab-org/gitlab-ce/tree/master/doc/update
 [workhorse]: https://gitlab.com/gitlab-org/gitlab-workhorse
+[jobenv]: ../../ci/variables/#predefined-variables-environment-variables