Add job and deploy token authentication to npm dist-tag routes.
Problem to solve
As discussed in #220985 (comment 420787332)
It looks like the
npm dist tag routes simply don't support job tokens or deploy tokens (only the install and publish routes do).
This prevents you from being able to add tags using GitLab CI. Which is a major blocker for many in the Community.
User experience goal
Add job token and deploy token auth to npm dist-tag routes.
A workaround has been identified here #258835 (comment 511212800)
A workaround, that worked for us was to use
npm publish --tagdirectly without the explicit call to
- Add CI examples to https://docs.gitlab.com/ee/user/packages/npm_registry/#npm-distribution-tags
- Remove note added in !43791 (merged)
What does success look like, and how can we measure that?
Users of the GitLab NPM registry can tag their dependencies using GItLab CI.
- Measure npm dist-tag routes via snowplow, so that we can understand how often this route is used on GitLab.com.