Cannot access composer registry in CI with $CI_JOB_TOKEN authentication

philipsorst · October 21, 2020, 1:08pm

We are using GitLab Enterprise Edition 13.4.3-ee and the composer package registry. Publishing to the registry in a CI step with authentication via $CI_JOB_TOKEN works fine. However composer install on a depending project fails with “Invalid credentials”.

What I have done in the depending project:

Adding the registry to the repositories section with {servername} and {groupId} replaced by the actual values:

"repositories": [
    {
        "type": "composer",
        "url": "https://{servername}/api/v4/group/{groupId}/-/packages/composer/packages.json"
    },
    ...

Add the domain to the config section:

"config": {
    "gitlab-domains": ["{servername}"],
    ...

Add the JobToken in the .gitlab-ci.yaml before the composer install:

before_script:
    - composer config gitlab-token.{servername} $CI_JOB_TOKEN
    - composer install --no-progress -o

Am I missing anything? It works fine if I use a personal Access Token with exactly the same setup.

thierry.pot · May 22, 2021, 1:12pm

Same problem here. Did you fin a solution?

philipsorst · May 25, 2021, 12:36pm

No, unfortunately not. I created a dedicated readonly API token instead that I pass to the CI.

jbluhm · January 4, 2022, 9:17pm

If you do something like this:

composer config gitlab-token.gitlab.com gitlab-ci-token ${CI_JOB_TOKEN}

That should be what you need for composer specifically. Some of the others don’t need that username of gitlab-ci-token, but composer packages in gitlab do. You may also have to update your token access at Project/Settings/CI/CD/Token Access.

servuc · November 3, 2022, 4:21pm

Try some solution, actually : Authentication on the composer download endpoint breaks user setups (#360644) · Issues · GitLab.org / GitLab · GitLab works

FalkHe · March 10, 2023, 4:06pm

Same here … looks like there’s still no solution.