Reputation: 3813
Download GitLab Generic Package File using Deploy Token
I have a project (A), with CI pipeline, in GitLab. This pipeline has a dependency on a package from another project (B). During the build of project A, I want to download the package from project B's package registry. The packages are uploaded as (zip files) generic packages. The projects are all private so I need some kind of access token to authenticate.
I'm trying to use Deploy Tokens as these seem to provide the required read_package_registry access scope. However, I cannot find any documentation describing how to authenticate with a deploy token when downloading generic package files.
I'm using the following request, described in the previous link.
GET https://gitlab.com/api/v4/projects/<project_B_id>/packages/generic/<package_name>/<package_version>/<package_file>
I have tried
- adding the deploy token username and password to the URL, basic/digest authentication
- Adding a header to the request
PRIVATE-TOKEN: [deploy-token] - Adding a header to the request
DEPLOY-TOKEN: [deploy-token] - Adding a header to the request
Authorization: Bearer [deploy-token] - I've also tried each of the above headers but with
[deploy-token-username][deploy-token]as the value
I can't find documentation stating that I can't use a deploy token.
Does anyone have a working example of how to do this, or does anyone know if this is/isn't possible?
I can switch to a private access token, but I'd prefer to use the correct tool for the job, and that seems to be deploy tokens.
Upvotes: 6
Views: 4749
Answers (3)
Reputation: 753
This works since Gitlab 13.0. As per documentation, create a deploy token, and supply the username and password in the request. This is basic authentication, and with curl you can do so
curl --user "<deploy-token-username>:<deploy-token>" \
"https://gitlab.example.com/api/v4/projects/24/packages/generic/my_package/0.0.1/file.txt"
Deploy tokens do not seem to work with PRIVATE-TOKEN or Authorization headers with bearer token.
Upvotes: 5
Reputation: 722
The issue has been raised on gitlab. Deploy tokens do not work for now. It is currently tracked here:
https://gitlab.com/gitlab-org/gitlab/-/issues/284397
The workaround is to use a personal access token.
Upvotes: 3
Reputation: 2363
I've been looking for this answer too.
The docs (https://docs.gitlab.com/ee/user/packages/generic_packages/index.html#authenticate-to-the-package-registry) say
To authenticate to the Package Registry, you need either a personal access token or CI job token.
No mention of Deploy Tokens. Those seem to be limited to docker, npm, etc.
Also, the Job Token you have in project B allows you to publish your artifact. But, the Job Token you have in project A does not seem to be authorized to download it.
I believe the answer is that you cannot use a Deploy Token, but I'd love to be proven wrong.
Upvotes: 2
Related Questions
- using api gitlab to download file
- How to download ALL artifacts in a gitlab pipeline despite needs
- Publishing to Gitlab Package Registry with Deploy Tokens
- Download dotenv job artifact via GitLab API
- GitLab: How can I programatically download the artifacts issued at end of CI pipeline?
- Download a single file from GitLab artifacts archive
- Downloading a package from Gitlab package registry
- Deploy token for GitLab project via command line
- Get gitlab-ci token with gitlab API
- How to use the deploy token correctly