Correct url for pypi private package registry?

I am using gitlab deployed to kubernetes using version 4.4.1 of the helm chart (current as of yesterday). I have enabled the “packages” feature. I am trying to push a package following the documentation

I have enabled the packages registry according to the admin doc, and can see:

I have setup ~/.pypirc with:

index-servers =

repository = https://<host>/api/v4/projects/<project-name>/packages/pypi
username = __token__
password = /Users/<me>/.ssh/gitlab-token

With and appropriately filled in. I’ve tried as either bar as the name of the project itself, or foo/bar as name of the group and project. I’ve also replaced “projects” in url with “bar” In all cases, when I push using twine, I get:

$ python3 -m twine upload --repository gitlab dist/* 
Uploading distributions to https://<host>/api/v4/projects/bar/packages/pypi
  dist/bar-0.0.1-py3-none-any.whl (90.3 KB)
  dist/bar-0.0.1.tar.gz (70.1 KB)
Uploading bar-0.0.1-py3-none-any.whl
100%|███████████████████████████████████████████████████████████████████████████████| 96.2k/96.2k [00:00<00:00, 352kB/s]
Content received from server:
{"error":"404 Not Found"}
HTTPError: 404 Not Found from https://<host>/api/v4/projects/bar/packages/pypi

Where the error is changes according to the url I try. What am I missing? Tips appreciated!

Update – some progress made.

  1. According to API doc, a group/package should be encoded as foo%2Fbar. Indeed, the following URL doesn’t give me 404:
  • https:///api/v4/projects/%2F/packages/pypi
  1. It seems that, either because I upgraded my helm chart since the token was generated, or simply because I hadn’t enabled packages yet, my old token (“all API access”), though it was still working with git, wasn’t sufficient to allow packages access, and I got a 403. After generating a new token, it works.

Now however, I get the error:

Content received from server:

{"error":"id is invalid, content is invalid"}

HTTPError: 400 Bad Request from https://<host>/api/v4/projects/<group>%2F<project>/packages/pypi

Bad Request

This is despite the fact that I can curl this same ID to get an (empty) list of projects.

Any tips??

Aha – so following url works:


where “47” is the id of the project, which can be obtained by:

curl --header "PRIVATE-TOKEN: <token>" https://<host>/api/v4/projects | jq '.[] | select( .name | contains("foo")) | .id '

(or similiar).

I would think that the inability to post by string-encoded path is a bug…?

You sir, are my hero!
I too think it’s a bug, or at least it should be documented somewhere that pypi registry does not supports projects names