Authentication on the composer download endpoint breaks user setups

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

🔥 Problem

!77950 (merged) updated the composer download endpoint by adding authentication support.

This broke some setups where pipelines are not able to pull the composer packages.

We're still gathering more details about this issue. It would be valuable to have:

1. Project visibility
2. Credentials type used (pat, ci job token, deploy token, none?)
3. Is the CI job running on the same project as the one hosting the composer package?
4. $ composer commands executed that led to the issue.

Having a public project on gitlab.com that demonstrates the typebug would be ideal.

🧯 Workaround

If you encounter a credentials prompt when you are using composer install, follow the instructions in the install a composer package section to create an auth.json file.

If you encounter broken pipelines:

1. Follow https://docs.gitlab.com/ee/user/project/deploy_tokens/index.html#creating-a-deploy-token to create a deploy token in your project or group with the scope set to read_package_registry.

2. Save the deploy token and deploy token user as a variable available in CI, either in .gitlab-ci.yml, project CI/CD variables, group CI/CD variables or instance CI/CD variables.

3. Add the following line before your call to composer install to create auth.config:

   composer config gitlab-token.<DOMAIN-NAME> <deploy_token_username> <deploy_token>

   For instance, for gitlab.com, with deploy token stored in the variable called $DEPLOY_TOKEN and user in $DEPLOY_TOKEN_USERNAME:

   composer config gitlab-token.gitlab.com $DEPLOY_TOKEN_USERNAME $DEPLOY_TOKEN

🚒 Solution

none yet as we're still getting more details about the problem