I have a project (A), with CI pipeline, in GitLab. This pipeline has a dependency on a package from another project (B). During the build of project A, I want to download the package from project B's package registry. The packages are uploaded as (zip files) generic packages. The projects are all private so I need some kind of access token to authenticate.
I'm trying to use Deploy Tokens as these seem to provide the required read_package_registry access scope. However, I cannot find any documentation describing how to authenticate with a deploy token when downloading generic package files.
I'm using the following request, described in the previous link.
GET https://gitlab.com/api/v4/projects/<project_B_id>/packages/generic/<package_name>/<package_version>/<package_file>
I have tried
adding the deploy token username and password to the URL, basic/digest authentication
Adding a header to the request PRIVATE-TOKEN: [deploy-token]
Adding a header to the request DEPLOY-TOKEN: [deploy-token]
Adding a header to the request Authorization: Bearer [deploy-token]
I've also tried each of the above headers but with [deploy-token-username][deploy-token] as the value
I can't find documentation stating that I can't use a deploy token.
Does anyone have a working example of how to do this, or does anyone know if this is/isn't possible?
I can switch to a private access token, but I'd prefer to use the correct tool for the job, and that seems to be deploy tokens.
The issue has been raised on gitlab. Deploy tokens do not work for now. It is currently tracked here:
https://gitlab.com/gitlab-org/gitlab/-/issues/284397
The workaround is to use a personal access token.
This works since Gitlab 13.0. As per documentation, create a deploy token, and supply the username and password in the request. This is basic authentication, and with curl you can do so
curl --user "<deploy-token-username>:<deploy-token>" \
"https://gitlab.example.com/api/v4/projects/24/packages/generic/my_package/0.0.1/file.txt"
Deploy tokens do not seem to work with PRIVATE-TOKEN or Authorization headers with bearer token.
I've been looking for this answer too.
The docs (https://docs.gitlab.com/ee/user/packages/generic_packages/index.html#authenticate-to-the-package-registry) say
To authenticate to the Package Registry, you need either a personal access token or CI job token.
No mention of Deploy Tokens. Those seem to be limited to docker, npm, etc.
Also, the Job Token you have in project B allows you to publish your artifact. But, the Job Token you have in project A does not seem to be authorized to download it.
I believe the answer is that you cannot use a Deploy Token, but I'd love to be proven wrong.
Related
I'm trying to publish a Gradle project. I have followed all the documentation provided by GitHub, but when I send the command to publish I am getting a 401 error from the server.
Execution failed for task ':publishGprPublicationToGitHubPackagesRepository'.
> Failed to publish publication 'gpr' to repository 'GitHubPackages'
> Could not GET 'https://maven.pkg.github.com/PowerInnovations/Data-Model/com/powerinnovations/data-model/0.0.1-SNAPSHOT/maven-metadata.xml'. Received status code 401 from server: Unauthorized
Upon going to the page and logging in to Github, it says:
Your token has not been granted the required scopes to execute this query. The 'id' field requires one of the following scopes: ['read:packages'], but your token has only been granted the: [''] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.
The thing is, I am already using the personal access token which I created to do this, and it does have the read packages scope enabled.
I did get a resolution from a member of Github's support.
The support person said in an email "When publishing packages, your PAT needs the repo scope as well as write access to the repo you package will be associated with."
They agreed that the response from the server, in this case, was misleading.
I'm trying to create a Spring Cloud Config Server to retrieve configuration files from a private GitHub repository. My GitHub account has 2 Factor Authentication activated so I wasn't expecting the below configuration to work, which it didn't but I can't find any documentation to suggest what I need to do in order to make it work.
What configuration do I need to set that will allow the connection to work?
spring.cloud.config.server.git.uri=https://github.com/DanBonehill/photo-app-config
spring.cloud.config.server.git.username=USERNAME
spring.cloud.config.server.git.password=PASSWORD
Error
org.eclipse.jgit.api.errors.TransportException: https://github.com/DanBonehill/photo-app-config: not authorized
What you could try and do (have not tested this), is create a personal access token from the Github console.
Then configure
spring.cloud.config.server.git.username=<yourusername>
spring.cloud.config.server.git.password=<yourtoken>
Instead of using username and password you should use an ssh key, the official documentation can guide you through it!
Basic authentication using a password to Git is deprecated and will soon no longer work. Visit https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information around suggested workarounds and removal dates.
you solve this in 2 minutes, this problem is because at August 13, 2021 the github update the login form, to solve this.
1) login in your gitHub folow this path: Settings > Developer settings > Personal access tokens > Generate new token
2) Now set a long time to expiration token, check the "repo" to allow access repository with this token, and Generate token.
3) Now skill your github password because this token created is your new password, replace this at all application, server, terminal that need to access github.
4) Now configure your spring configuration server, this is a content of file "application.properties" of spring configuration server at path /src/main/resources/application.properties.
spring.cloud.config.server.git.uri= https://github.com/"username"/"repository" //your githur repository
spring.cloud.config.server.git.search-paths= myFilesFolder /if your files is into some folder
spring.cloud.config.server.git.username= testUsername // your username
spring.cloud.config.server.git.password= gti_FdsweecSoUSHPsdfw //Here is your new token created
Our sonarqubeinstance deployed on a server which requires basic authentication. How we should configure sonar maven plugin in this case? Any combination of sonar.login and sonar.host.url (with or without user:password for server) will result in 401 error
The sonar-runner, even if configured with credentials, does not use these to make it's first call to the server. The endpoint is /batch/index. You have to allow public access to that endpoint. For all other urls basic auth is fine.
I have more details in my answer here: https://stackoverflow.com/a/60132667/1838233
I've seen a lot of examples of how to configure Maven to upload using a username / password, but I haven't seen any examples of how to do this using the access token. (Access tokens: https://www.jfrog.com/confluence/display/RTF/Access+Tokens)
In the examples I've found, the username/password are stored in settings.xml. I'm looking for a solution that allows me to use this token with mvn deploy.
The access token can be used as the password. For example, if your username is "myuser" and you have an access token for this user: "eyHFdghgHDFGHdgdfg5t...", then your settings file should have the following:
<username>myuser</username>
<password>eyHFdghgHDFGHdgdfg5t...</password>
This is basically already covered in the Using Tokens section of the Wiki you mentioned.
HTH,
Yinon.
I try do auto-deploy for some project, when somebody push to git, deploying occurred for the branch and jenkins setup project and do deploy stuff on a server. For example:
|Branch |URL (will be created) |
|--------|---------------------------------------|
|master |http://master.my-project.example.com/ |
|some |http://some.my-project.example.com/ |
|dev-2e |http://dev-2e.my-project.example.com/ |
all is fine, but project need use google OAuth2, and there is a key, client id, client secret.
So I need setup not just one or just five redirect URIs for google authorization, I need template:
http://*****.my-project.example.com/oauth2redirect
When I try do this, I have error without any reason or explanation. When I just omit all URIs, no one URI is work, but I even agree with turning off this restriction.
Is there any ability to do this? Or programmatic API for adding new URI?
I didn't found any standard way to solve this problem.
How do I add "authorized redirect URIs" to Google OAuth2 using an API?
Says: I need create own proxy server, that will be do redirects. And has the only allowed redirect URI in google console.