Deploy token support for the Dependency Proxy
Context
You can use the Dependency Proxy to proxy and cache container images from Docker Hub to reduce your external dependencies, avoid Docker Hub rate limits, and speed up your builds.
When using the Dependency Proxy, you must authenticate with either your GitLab username/password, a personal access token, or using the pre-defined environment variables CI_DEPENDENCY_PROXY_USER
and CI_DEPENDENCY_PROXY_PASSWORD
.
Problem to solve
The problem is that you cannot authenticate using a Deploy token, which is a common workflow for many organizations as they can avoid using personal credentials in their builds.
Proposal
Add support for Group Deploy Tokens to the dependency proxy.
Further details
When it comes to deploy tokens, there are group and project-level tokens. Since the dependency proxy is at the group (or sub-group), you will need to use a group and not project deploy token.
Documentation
Update the dependencyu proxy authentication docs
Availability & Testing
- Confirm that group deploy tokens work at the group and sub-group level
What does success look like, and how can we measure that?
Measure the number of container image pulls using a deploy token vs. other credentials.