I have a project (A), with CI pipeline, in GitLab. This pipeline has a dependency on a package from another project (B). During the build of project A, I want to download the package from project B's package registry. The packages are uploaded as (zip files) generic packages. The projects are all private so I need some kind of access token to authenticate.
I'm trying to use Deploy Tokens as these seem to provide the required read_package_registry access scope. However, I cannot find any documentation describing how to authenticate with a deploy token when downloading generic package files.
I'm using the following request, described in the previous link.
GET https://gitlab.com/api/v4/projects/<project_B_id>/packages/generic/<package_name>/<package_version>/<package_file>
I have tried
PRIVATE-TOKEN: [deploy-token]DEPLOY-TOKEN: [deploy-token]Authorization: Bearer [deploy-token][deploy-token-username][deploy-token] as the valueI can't find documentation stating that I can't use a deploy token.
Does anyone have a working example of how to do this, or does anyone know if this is/isn't possible?
I can switch to a private access token, but I'd prefer to use the correct tool for the job, and that seems to be deploy tokens.
This works since Gitlab 13.0. As per documentation, create a deploy token, and supply the username and password in the request. This is basic authentication, and with curl you can do so
curl --user "<deploy-token-username>:<deploy-token>" \
"https://gitlab.example.com/api/v4/projects/24/packages/generic/my_package/0.0.1/file.txt"
Deploy tokens do not seem to work with PRIVATE-TOKEN or Authorization headers with bearer token.