diff --git a/doc/user/packages/container_registry/index.md b/doc/user/packages/container_registry/index.md index 673768da065feba3c8fa5edd55387e7aa8074650..10e5b36bf240e23d9b0a472a0b0a21413417696f 100644 --- a/doc/user/packages/container_registry/index.md +++ b/doc/user/packages/container_registry/index.md @@ -201,10 +201,7 @@ Before diving into the details, some things you should be aware of: ### Authenticating to the Container Registry with GitLab CI/CD There are three ways to authenticate to the Container Registry via -[GitLab CI/CD](../../../ci/yaml/README.md) which depend on the visibility of -your project. - -Available for all projects, though more suitable for public ones: +[GitLab CI/CD](../../../ci/yaml/README.md): - **Using the special `CI_REGISTRY_USER` variable**: The user specified by this variable is created for you in order to push to the Registry connected to your project. Its password is automatically @@ -216,14 +213,22 @@ Available for all projects, though more suitable for public ones: docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY ``` -For private and internal projects: +- **Using the GitLab Deploy Token**: You can create and use a + [special deploy token](../../project/deploy_tokens/index.md#gitlab-deploy-token) + with your projects. + Once created, you can use the special environment variables, and GitLab CI/CD + fills them in for you. You can use the following example as-is: + + ```shell + docker login -u $CI_DEPLOY_USER -p $CI_DEPLOY_PASSWORD $CI_REGISTRY + ``` - **Using a personal access token**: You can create and use a [personal access token](../../profile/personal_access_tokens.md) in case your project is private: - For read (pull) access, the scope should be `read_registry`. - - For read/write (pull/push) access, use `api`. + - For write (push) access, the scope should be `write_registry`. Replace the `<username>` and `<access_token>` in the following example: @@ -231,16 +236,6 @@ For private and internal projects: docker login -u <username> -p <access_token> $CI_REGISTRY ``` -- **Using the GitLab Deploy Token**: You can create and use a - [special deploy token](../../project/deploy_tokens/index.md#gitlab-deploy-token) - with your private projects. It provides read-only (pull) access to the Registry. - Once created, you can use the special environment variables, and GitLab CI/CD - fills them in for you. You can use the following example as-is: - - ```shell - docker login -u $CI_DEPLOY_USER -p $CI_DEPLOY_PASSWORD $CI_REGISTRY - ``` - ### Container Registry examples with GitLab CI/CD If you're using Docker-in-Docker on your Runners, this is how your `.gitlab-ci.yml` diff --git a/doc/user/profile/personal_access_tokens.md b/doc/user/profile/personal_access_tokens.md index 572cfe19322aa47faf697bc893f4749ef58c5238..48e19c58df4f5b60d144df204ff4a38e126ce4ba 100644 --- a/doc/user/profile/personal_access_tokens.md +++ b/doc/user/profile/personal_access_tokens.md @@ -60,6 +60,7 @@ the following table. | `api` | [GitLab 8.15](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/5951) | Grants complete read/write access to the API, including all groups and projects, the container registry, and the package registry. | | `read_api` | [GitLab 12.10](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28944) | Grants read access to the API, including all groups and projects, the container registry, and the package registry. | | `read_registry` | [GitLab 9.3](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/11845) | Allows to read (pull) [container registry](../packages/container_registry/index.md) images if a project is private and authorization is required. | +| `write_registry` | [GitLab 12.10](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28958) | Allows to write (push) [container registry](../packages/container_registry/index.md) images if a project is private and authorization is required. | | `sudo` | [GitLab 10.2](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/14838) | Allows performing API actions as any user in the system (if the authenticated user is an administrator). | | `read_repository` | [GitLab 10.7](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/17894) | Allows read-only access (pull) to the repository through `git clone`. | | `write_repository` | [GitLab 11.11](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/26021) | Allows read-write access (pull, push) to the repository through `git clone`. Required for accessing Git repositories over HTTP when 2FA is enabled. |