Reputation: 127
Publishing to Gitlab Package Registry with Deploy Tokens
I've created a Codefresh pipeline to deploy an artifact to Gitlab Package Registry. Source code is also in Gitlab.
I'm able to publish my artifact using a Gitlab Personal Access Token, but when I try to do it using a Gitlab Deploy Token, it fails (401 unauthorized error), no matter if I use Codefresh for it or not.
I have defined this using Gradle, to publish to Gitlab Package Registry:
repositories {
maven {
url "https://gitlab.com/api/v4/projects/<group_id>/packages/maven"
credentials(HttpHeaderCredentials) {
name = "Private-Token"
value = '<private_token>'
}
authentication {
header(HttpHeaderAuthentication)
}
}
}
I use the right <group_id> and <private_token> values, they are changed here for security reasons.
If I provide my Personal Access Token in <private_token>, I can publish to Gitlab Package Registry without any problem. But when I use a generated Deploy Token, it fails. Both my Personal Access Token and the Deploy Token have the same name and username (in the case of Deploy Token).
I'm getting a 401 unauthorized error:
* What went wrong:
Execution failed for task ':publishMavenJavaPublicationToMavenRepository'.
> Failed to publish publication 'mavenJava' to repository 'maven'
> Could not write to resource 'https://gitlab.com/api/v4/projects/<group_id>/packages/maven/mypackageroute/mypackage/0.1/mypackage-0.1.jar'.
> Could not PUT 'https://gitlab.com/api/v4/projects/<group_id>/packages/maven/mypackageroute/mypackage/0.1/mypackage-0.1.jar'. Received status code 401 from server: Unauthorized
Does anyone know what I'm doing wrong? Thank you very much
Upvotes: 7
Views: 7094
Answers (2)
Reputation: 662
The main issue is that in your Gradle script, you use header-based authentication while instead, you need to use basic authentication.
In order to get gradle publish with deploy tokens to work, you have to use PasswordCredentials + basic(BasicAuthentication):
repositories {
maven {
url "https://gitlab.com/api/v4/projects/<project_id>/packages/maven"
credentials(PasswordCredentials) {
username = <username>
password = <password>
}
authentication {
basic(BasicAuthentication)
}
}
}
Upvotes: 7
Reputation: 1125
You need to set name to "Deploy-Token" when using a deploy token, i.e.
repositories {
maven {
url "https://gitlab.com/api/v4/projects/<group_id>/packages/maven"
credentials(HttpHeaderCredentials) {
name = "Deploy-Token"
value = '<deploy_token>'
}
authentication {
header(HttpHeaderAuthentication)
}
}
}
Private-Token is used for personal access tokens, and Job-Token for CI access tokens.
Note here that name is the name of the header added to the http request and is not related to the name or username of the token itself.
Upvotes: 5
Related Questions
- Gitlab maven deploy to package registry
- Publishing to gitlab pypi package registry for a group
- How to expose Gitlab Package Registry without access token?
- Can the CI_JOB_TOKEN with GitLab be used to push to the repo and create a tag?
- Download GitLab Generic Package File using Deploy Token
- How to publish multiple versions of same package to gitlab registry
- Gitlab CI_JOB_TOKEN permissions to read package registry of other project
- Downloading a package from Gitlab package registry
- Deploy token for GitLab project via command line
- How to use the deploy token correctly