Search code examples
continuous-integrationgitlabpackage-managerscodefresh

Publishing to Gitlab Package Registry with Deploy Tokens

I've created a Codefresh pipeline to deploy an artifact to Gitlab Package Registry. Source code is also in Gitlab.

I'm able to publish my artifact using a Gitlab Personal Access Token, but when I try to do it using a Gitlab Deploy Token, it fails (401 unauthorized error), no matter if I use Codefresh for it or not.

I have defined this using Gradle, to publish to Gitlab Package Registry:

    repositories {
        maven {
            url "https://gitlab.com/api/v4/projects/<group_id>/packages/maven"
            credentials(HttpHeaderCredentials) {
                name = "Private-Token"
                value = '<private_token>'
            }
            authentication {
                header(HttpHeaderAuthentication)
            }
        }
    }

I use the right <group_id> and <private_token> values, they are changed here for security reasons.

If I provide my Personal Access Token in <private_token>, I can publish to Gitlab Package Registry without any problem. But when I use a generated Deploy Token, it fails. Both my Personal Access Token and the Deploy Token have the same name and username (in the case of Deploy Token).

I'm getting a 401 unauthorized error:

* What went wrong:
Execution failed for task ':publishMavenJavaPublicationToMavenRepository'.
> Failed to publish publication 'mavenJava' to repository 'maven'
   > Could not write to resource 'https://gitlab.com/api/v4/projects/<group_id>/packages/maven/mypackageroute/mypackage/0.1/mypackage-0.1.jar'.
      > Could not PUT 'https://gitlab.com/api/v4/projects/<group_id>/packages/maven/mypackageroute/mypackage/0.1/mypackage-0.1.jar'. Received status code 401 from server: Unauthorized

Does anyone know what I'm doing wrong? Thank you very much

Solution

  • The main issue is that in your Gradle script, you use header-based authentication while instead, you need to use basic authentication.

    In order to get gradle publish with deploy tokens to work, you have to use PasswordCredentials + basic(BasicAuthentication):

    repositories {
        maven {
            url "https://gitlab.com/api/v4/projects/<project_id>/packages/maven"
            credentials(PasswordCredentials) {
                username = <username>
                password = <password>
            }
            authentication {
                basic(BasicAuthentication)
            }
        }
    }