Use your Job token to authenticate to and update packages in your GitLab NuGet Repository
Problem to solve
The GitLab NuGet Repository allows developers to build, publish and share .NET packages, right alongside their source code and CI Pipelines. However, we currently do not allow users to authenticate using the pre-defined environment variable CI_JOB_TOKEN, which either prevents users from using the feature or forces them to use their personal credentials for making updates to the NuGet Repository.
Intended users
Further details
Benefits
- Easily publish and install NuGet packages, without having to rely on personal access tokens or user-generated environment variables.
- Work more securely by using
CI_JOB_TOKEN
Proposal
When using GitLab CI/CD, allow users to publish and install packages using the pre-defined environment variable CI_JOB_TOKEN.
Permissions and Security
- There are no permissions changes required for this change.
- The job token inherits the permissions of the user that ran the pipeline/job, so you will still need permissions to publish or install a given package.
Documentation
- Update the NuGet docs with an example of how to publish and install a package via Ci/CD.
- The Maven topic has an example.
- We also need to update this topic to add it.
Testing
What does success look like, and how can we measure that?
- Success looks like we see increased adoption and usage of the NuGet Repository. We can measure this using our North Star Metric (gitlab-data/analytics#4597 (closed)) of the number of packages published/installed.