Allow access to project-level packages API with CI job token
What does this MR do and why?
Describe in detail what your merge request does and why.
Closes Allow the CI_JOB_TOKEN access to the package AP... (#349418 - closed)
I followed the discussions in the issue and:
- skipped group-level registries as noted in #349418 (comment 798250278)
- Added both get packages/package and delete package endpoint as requested in the issue. I'm a bit wary of adding the delete with job tokens, but this is already possible with some other endpoints so the concern is the same IMO and that should be resolved in a general way at some point (Secure CI_JOB_TOKEN Workflows (&6546))
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Create a project with CI config in GDK:
image: curlimages/curl:latest
test:
script:
- touch file.txt
- curl -H "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file file.txt "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/my_package/0.0.1/file.txt"
- sleep 5
- curl -H "JOB-TOKEN: $CI_JOB_TOKEN" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages"MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Nejc Habjan