Deploy tokens with `write_package_registry` should have read_package permission
Problem
When running a command like mvn deploy
, the Maven client will make a GET request against the Maven package API. Currently both group and project deploy tokens with write_package_registry
do not have :read_package
permissions, so publishing maven packages with deploy tokens will fail.
mvn deploy
...
Downloading from gitlab-maven: http://gdk.test:3001/api/v4/projects/22/packages/maven/foo/bar/app/my-maven-package/1.0-SNAPSHOT/maven-metadata.xml
[WARNING] Could not transfer metadata foo.bar.app:my-maven-package:1.0-SNAPSHOT/maven-metadata.xml from/to gitlab-maven (http://gdk.test:3001/api/v4/projects/22/packages/maven): Authorization failed for http://gdk.test:3001/api/v4/projects/22/packages/maven/foo/bar/app/my-maven-package/1.0-SNAPSHOT/maven-metadata.xml 403 Forbidden
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.299 s
[INFO] Finished at: 2020-11-13T10:12:45-07:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.8.2:deploy (default-deploy) on project my-maven-package: Failed to retrieve remote metadata foo.bar.app:my-maven-package:1.0-SNAPSHOT/maven-metadata.xml: Could not transfer metadata foo.bar.app:my-maven-package:1.0-SNAPSHOT/maven-metadata.xml from/to gitlab-maven (http://gdk.test:3001/api/v4/projects/22/packages/maven): Authorization failed for http://gdk.test:3001/api/v4/projects/22/packages/maven/foo/bar/app/my-maven-package/1.0-SNAPSHOT/maven-metadata.xml 403 Forbidden -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
Solution
Add :read_package
permissions to the group policy and project policy.
Edited by Steve Abrams