Add job and deploy token authentication to npm dist-tag routes (!112804) · Merge requests · GitLab.org / GitLab

Moaz Khalifa requested to merge 258835-Add-job-and-deploy-token-authentication-to-npm-dist-tag-routes into master Feb 23, 2023

What does this MR do and why?

Allow using job & deploy tokens to authenticate against npm dist-tag endpoints.

Screenshots or screen recordings

Screenshots are required for UI changes and are strongly recommended for all other merge requests.

How to set up and validate locally

Authenticate using the `CI_JOB_TOKEN`:

Publish a new npm package or use an already published one.
Make sure you are authenticating via the .npmrc using CI_JOB_TOKEN.
Use dist-tag commands in .gitlab-ci.yml to add or remove tags to a specific package version.
After your pipeline run successfully, you should see any addition/deletion of tags reflected in the package registry list.

Authenticate using the deploy token:

Create a project/group deploy token.
Store the token password in a ci/cd variable
Make sure you are authenticating via the .npmrc using the ci/cd variable you stored the deploy token in.
Use dist-tag commands in .gitlab-ci.yml to add or remove tags to a specific package version.
After your pipeline run successfully, you should see any addition/deletion of tags reflected in the package registry list.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #258835 (closed)

Edited Feb 23, 2023 by Moaz Khalifa

Add job and deploy token authentication to npm dist-tag routes