Use Deploy tokens to grant access to the Composer registry
Context
You use the GitLab Composer repository to publish and download your Composer dependencies to your private project. You can authenticate with a personal access token or a job token.
Problem to solve
The problem is that personal access tokens and job tokens are tied to a specific user. When you want to finalize your production workflows, you'd like to use a deploy token, which is not tied to a specific user or their permissions.
Proposal
Update the permissions model for group deploy tokens to allow for publishing and downloading of Composer dependencies using the write_package_registry
and read_package_registry
scope respectively.
Edited by Tim Rizzi