I tried to use the CI_JOB_TOKEN in a GitLab CI pipeline to install a Python Package from a different project's package registry.
According to the documentation i should just have to add my project to the allowlist of the corresponding project and run the pipeline.
However i always get the following 401 error when running this command
pip install --extra-index-url https://__token__:[email protected]/api/v4/projects/<projId>/packages/pypi/simple <package>
Looking in indexes: https://pypi.org/simple, https://__token__:****@gitlab.com/api/v4/projects/<projId>/packages/pypi/simple
WARNING: 401 Error, Credentials not correct for https://gitlab.com/api/v4/projects/<projId>/packages/pypi/simple/<package>/
ERROR: Could not find a version that satisfies the requirement <package> (from versions: none)
ERROR: No matching distribution found for <package>
WARNING: 401 Error, Credentials not correct for https://gitlab.com/api/v4/projects/<projId>/packages/pypi/simple/pip/
I tried to remove the allow list protections completely and it still did not work.
As a workaround i just added a secret variable in form of an Access Token to the pipelines in the GUI and with that it works, but this seems rather hacky since i need to update the token every few weeks.
Did i miss anything in the documentation and the CI_JOB_TOKEN does not have access to these registries ?
According to the GitLab PyPI registry authentication documentation, you should use the username gitlab-ci-token when authenticating with a job token.
This might be confusing because some other examples use __token__ even though GitLab does not accept this username unless you are using an access token literally named __token__. __token__ is normally used for tokens on PyPI.org, however.