Create an access token for the Gitlab entity to which your runner is attached. The token needs to have read_api scope at the developer access level.

The Gitlab documentation for creating a token by entity:

• group
• project

Terraform 

The Gitlab Terraform provider is quite functional and can be used to create a group token via the gitlab_group_access_token resource.

data "gitlab_group" "default" {
  full_path = "path/to/group"
}

resource "gitlab_group_access_token" "default" {
  name = "Cedar CI"
  group = data.gitlab_group.default.id
  scopes = ["read_api"]
  access_level = "developer"
  rotation_configuration = {
    expiration_days = 365
    rotate_before_days = 60
  }
}

output "token_api" {
  value = gitlab_group_access_token.default.token
}