diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2b3230cbb72c4775540526546f3b88c3043499f4..135315666311fe8a9f7fa6459cb00a47ac7e43f0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -56,6 +56,11 @@ workflow:
         NOTIFY_PIPELINE_FAILURE_CHANNEL: "f_ruby3"
         OMNIBUS_GITLAB_RUBY3_BUILD: "true"
         OMNIBUS_GITLAB_CACHE_EDITION: "GITLAB_RUBY3"
+    # This work around https://gitlab.com/gitlab-org/gitlab/-/issues/332411 whichs prevents usage of dependency proxy
+    # when pipeline is triggered by a project access token.
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $GITLAB_USER_LOGIN =~ /project_\d+_bot\d*/'
+      variables:
+        GITLAB_DEPENDENCY_PROXY_ADDRESS: ""
     # For `$CI_DEFAULT_BRANCH` branch, create a pipeline (this includes on schedules, pushes, merges, etc.).
     - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
     # For tags, create a pipeline.
@@ -71,6 +76,9 @@ workflow:
 variables:
   PG_VERSION: "12"
   DEFAULT_CI_IMAGE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}.patched-golang-${GO_VERSION}-node-16.14-postgresql-${PG_VERSION}:rubygems-3.2-git-2.36-lfs-2.9-chrome-${CHROME_VERSION}-yarn-1.22-graphicsmagick-1.3.36"
+  # We set $GITLAB_DEPENDENCY_PROXY to another variable (since it's set at the group level and has higher precedence than .gitlab-ci.yml)
+  # so that we can override $GITLAB_DEPENDENCY_PROXY_ADDRESS in workflow rules.
+  GITLAB_DEPENDENCY_PROXY_ADDRESS: "${GITLAB_DEPENDENCY_PROXY}"
   RAILS_ENV: "test"
   NODE_ENV: "test"
   BUNDLE_WITHOUT: "production:development"
diff --git a/.gitlab/ci/_skip.yml b/.gitlab/ci/_skip.yml
index 27a3ff5b836f7584973f588936d3a87b5d2cc398..9d3745cf2f171568f4b01d59c21342e2f2e3a675 100644
--- a/.gitlab/ci/_skip.yml
+++ b/.gitlab/ci/_skip.yml
@@ -1,7 +1,7 @@
 # no-op pipeline template for skipping whole child pipeline execution
 
 no-op:
-  image: ${GITLAB_DEPENDENCY_PROXY}alpine:latest
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}alpine:latest
   stage: test
   variables:
     GIT_STRATEGY: none
diff --git a/.gitlab/ci/docs.gitlab-ci.yml b/.gitlab/ci/docs.gitlab-ci.yml
index 7e1571711831df69b52bb3dfef0cfa23d4531a50..022f1c17a93fbc1333b539df2c1f6c89aac58d94 100644
--- a/.gitlab/ci/docs.gitlab-ci.yml
+++ b/.gitlab/ci/docs.gitlab-ci.yml
@@ -2,7 +2,7 @@
   extends:
     - .default-retry
     - .docs:rules:review-docs
-  image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-alpine
   stage: review
   needs: []
   variables:
diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml
index c64704d5d49622a8bc12e4bb28a660e88f5300db..00ac68782e62a79c9786ea19968b26c9f20edd71 100644
--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@@ -301,17 +301,17 @@ coverage-frontend:
 
 qa-frontend-node:14:
   extends: .qa-frontend-node
-  image: ${GITLAB_DEPENDENCY_PROXY}node:14
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}node:14
 
 qa-frontend-node:16:
   extends: .qa-frontend-node
-  image: ${GITLAB_DEPENDENCY_PROXY}node:16
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}node:16
 
 qa-frontend-node:latest:
   extends:
     - .qa-frontend-node
     - .frontend:rules:qa-frontend-node-latest
-  image: ${GITLAB_DEPENDENCY_PROXY}node:latest
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}node:latest
 
 webpack-dev-server:
   extends:
diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml
index 77e17b2147fb8884ebfee04df38aff01d4db8db5..9be5eb7bcd7b68078469a5c1bf442484b5374ed5 100644
--- a/.gitlab/ci/global.gitlab-ci.yml
+++ b/.gitlab/ci/global.gitlab-ci.yml
@@ -342,7 +342,7 @@
     FOSS_ONLY: '1'
 
 .use-docker-in-docker:
-  image: ${GITLAB_DEPENDENCY_PROXY}docker:${DOCKER_VERSION}
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}docker:${DOCKER_VERSION}
   services:
     - docker:${DOCKER_VERSION}-dind
   variables:
diff --git a/.gitlab/ci/notify.gitlab-ci.yml b/.gitlab/ci/notify.gitlab-ci.yml
index 95318d5ce08a4ef285aeaa98566bbd114f7ccf31..c945d4dc78082813e45af3b985df64f3a5798347 100644
--- a/.gitlab/ci/notify.gitlab-ci.yml
+++ b/.gitlab/ci/notify.gitlab-ci.yml
@@ -1,5 +1,5 @@
 .notify-slack:
-  image: ${GITLAB_DEPENDENCY_PROXY}alpine
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}alpine
   stage: notify
   dependencies: []
   cache: {}
diff --git a/.gitlab/ci/releases.gitlab-ci.yml b/.gitlab/ci/releases.gitlab-ci.yml
index 77f23814f3c94c7d0045b87c76a77e491b7bbf39..df7b07f5545cb0dcfe332c6e1aee6120b3ffdae1 100644
--- a/.gitlab/ci/releases.gitlab-ci.yml
+++ b/.gitlab/ci/releases.gitlab-ci.yml
@@ -4,7 +4,7 @@
 .merge-train-sync:
   # We don't need/want any global before/after commands, so we overwrite these
   # settings.
-  image: ${GITLAB_DEPENDENCY_PROXY}alpine:edge
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}alpine:edge
   stage: sync
   before_script:
     - apk add --no-cache --update curl bash jq
diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml
index 4c0a3579c9285fccdf5035abaecfc24dbf9cfb3c..6be781fb06dcd3a029c6428de088fe4ad526b275 100644
--- a/.gitlab/ci/review-apps/main.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml
@@ -32,7 +32,7 @@ review-build-cng-env:
   extends:
     - .default-retry
     - .review:rules:review-build-cng
-  image: ${GITLAB_DEPENDENCY_PROXY}ruby:3.0-alpine3.13
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:3.0-alpine3.13
   stage: prepare
   needs: []
   before_script:
diff --git a/.gitlab/ci/setup.gitlab-ci.yml b/.gitlab/ci/setup.gitlab-ci.yml
index 7f9edd1650a59ba2199d676fc85fe5b780e13679..e417b054cd69c7d23c480edeae6021fced87f3fc 100644
--- a/.gitlab/ci/setup.gitlab-ci.yml
+++ b/.gitlab/ci/setup.gitlab-ci.yml
@@ -30,7 +30,7 @@ cache gems:
 .absolutely-minimal-job:
   extends:
     - .minimal-job
-  image: ${GITLAB_DEPENDENCY_PROXY}alpine:edge
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}alpine:edge
   variables:
     GIT_STRATEGY: none
 
@@ -79,7 +79,7 @@ verify-ruby-2.7:
 verify-tests-yml:
   extends:
     - .setup:rules:verify-tests-yml
-  image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine3.13
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-alpine3.13
   stage: test
   needs: []
   script:
@@ -116,7 +116,7 @@ generate-frontend-fixtures-mapping:
 
 detect-tests:
   extends: .rails:rules:detect-tests
-  image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}
   needs: []
   stage: prepare
   variables:
diff --git a/.gitlab/ci/test-metadata.gitlab-ci.yml b/.gitlab/ci/test-metadata.gitlab-ci.yml
index f4fa39300b6d6827a5af17fba9d3217aacf40492..e147305e25a365a9388ef6396894b9ca93f8e02a 100644
--- a/.gitlab/ci/test-metadata.gitlab-ci.yml
+++ b/.gitlab/ci/test-metadata.gitlab-ci.yml
@@ -1,5 +1,5 @@
 .tests-metadata-state:
-  image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}
   before_script:
     - source scripts/utils.sh
   artifacts:
diff --git a/.gitlab/ci/workhorse.gitlab-ci.yml b/.gitlab/ci/workhorse.gitlab-ci.yml
index 4ed674948cf8c36869cb6189c9894b0c303b1a72..a11d5f000cff3554f39979051a1718917d56fed2 100644
--- a/.gitlab/ci/workhorse.gitlab-ci.yml
+++ b/.gitlab/ci/workhorse.gitlab-ci.yml
@@ -1,6 +1,6 @@
 workhorse:verify:
   extends: .workhorse:rules:workhorse
-  image: ${GITLAB_DEPENDENCY_PROXY}golang:${GO_VERSION}
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}golang:${GO_VERSION}
   stage: test
   needs: []
   script:
diff --git a/doc/development/pipelines.md b/doc/development/pipelines.md
index 130fa17c73fdf80192f75ce0b163d65a214eec19..debb33a285444c415732c5367c1dd449b5387bfe 100644
--- a/doc/development/pipelines.md
+++ b/doc/development/pipelines.md
@@ -587,8 +587,9 @@ The current stages are:
 ### Dependency Proxy
 
 Some of the jobs are using images from Docker Hub, where we also use
-`${GITLAB_DEPENDENCY_PROXY}` as a prefix to the image path, so that we pull
+`${GITLAB_DEPENDENCY_PROXY_ADDRESS}` as a prefix to the image path, so that we pull
 images from our [Dependency Proxy](../user/packages/dependency_proxy/index.md).
+By default, this variable is set from the value of `${GITLAB_DEPENDENCY_PROXY}`.
 
 `${GITLAB_DEPENDENCY_PROXY}` is a group CI/CD variable defined in
 [`gitlab-org`](https://gitlab.com/gitlab-org) as
@@ -596,13 +597,32 @@ images from our [Dependency Proxy](../user/packages/dependency_proxy/index.md).
 defined as:
 
 ```yaml
-image: ${GITLAB_DEPENDENCY_PROXY}alpine:edge
+image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}alpine:edge
 ```
 
 Projects in the `gitlab-org` group pull from the Dependency Proxy, while
 forks that reside on any other personal namespaces or groups fall back to
 Docker Hub unless `${GITLAB_DEPENDENCY_PROXY}` is also defined there.
 
+#### Work around for when a pipeline is started by a Project access token user
+
+When a pipeline is started by a Project access token user (e.g. the `release-tools approver bot` user which
+automatically updates the Gitaly version used in the main project),
+[the Dependency proxy isn't accessible](https://gitlab.com/gitlab-org/gitlab/-/issues/332411#note_1130388163)
+and the job fails at the `Preparing the "docker+machine" executor` step.
+To work around that, we have a special workflow rule, that overrides the
+`${GITLAB_DEPENDENCY_PROXY_ADDRESS}` variable so that Depdendency proxy isn't used in that case:
+
+```yaml
+- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $GITLAB_USER_LOGIN =~ /project_\d+_bot\d*/'
+  variables:
+    GITLAB_DEPENDENCY_PROXY_ADDRESS: ""
+```
+
+NOTE:
+We don't directly override the `${GITLAB_DEPENDENCY_PROXY}` variable because group-level
+variables have higher precedence over `.gitlab-ci.yml` variables.
+
 ### Common job definitions
 
 Most of the jobs [extend from a few CI definitions](../ci/yaml/index.md#extends)