Accessing CI Job artifacts and releases (binaries) through a deploy token

It seems like the Gitlab APIs require a Personal Access Token (maybe I’m mistaken but couldn’t get it to work any other way).

Is there any way to download artifacts or releases for a private repository using something other than a PAT (like a deploy token)?

My use case is pulling latest binaries on distributed systems that cannot be pushed to using a deployment script. Having to use a personal access token is undesirable since it will be tied to my user’s account instead of being tied to the Project.

Thanks!

2 Likes

Same here, I would like to be able to download artifacts from build jobs with a Deploy Token instead of a PAT…

What a headache, discovering a deploy token is insufficient (and explained the 401s I was getting). Glad to at least know that much. I hope this can be addressed soon for the reasons outlined here (seems odd that a deploy token is insufficient).

I use application/deploy tokens for simple things, but just switch to a full-blown user when it’s more complicated than the simple case (eg if it takes me too much time to implement the token-based setup, I default to a special regular user in gitlab).

Call it the gitlab-bot or similar, and give it access to the projects it needs, use read-only tokens everywhere unless it needs to make a commit or push changes.

I did get it to work with a generated personal token. The specific user account is a backup I suppose (as per @ketzacoatl 's feedback). It is just unfortunate (for viability and automation purposes) that I can’t simply use a deploy token.

For any others who come across this, I was able to get it working (in PowerShell 7.1) via…
curl --location --header "PRIVATE-TOKEN: {INSERT YOUR PERSONAL ACCESS TOKEN HERE}" "https://gitlab.com/api/v4/projects/{GROUP}%2f{PROJECT}%2f{SUBPROJ}/jobs/{JOB ID FROM GITLAB WEB UI JOB LOG OUTPUT WHICH LISTS "id="}/artifacts" -o {EXPECTED FILE NAME}

--location is important as the api request returns a location redirect
id=... is a (10) digit job (which produced the artifact from my pipeline) id number which must be included in the API call via curl

1 Like