Add job and deploy token authentication to npm dist-tag routes

Moaz Khalifarequested to merge
258835-Add-job-and-deploy-token-authentication-to-npm-dist-tag-routes into master

What does this MR do and why?

Allow using job & deploy tokens to authenticate against npm dist-tag endpoints.

Screenshots or screen recordings

Screenshots are required for UI changes and are strongly recommended for all other merge requests.

How to set up and validate locally

Authenticate using the CI_JOB_TOKEN:

  1. Publish a new npm package or use an already published one.
  2. Make sure you are authenticating via the .npmrc using CI_JOB_TOKEN.
  3. Use dist-tag commands in .gitlab-ci.yml to add or remove tags to a specific package version.
  4. After your pipeline run successfully, you should see any addition/deletion of tags reflected in the package registry list.

Authenticate using the deploy token:

  1. Create a project/group deploy token.
  2. Store the token password in a ci/cd variable
  3. Make sure you are authenticating via the .npmrc using the ci/cd variable you stored the deploy token in.
  4. Use dist-tag commands in .gitlab-ci.yml to add or remove tags to a specific package version.
  5. After your pipeline run successfully, you should see any addition/deletion of tags reflected in the package registry list.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #258835 (closed)

Edited by Moaz Khalifa

Merge request reports