I am attempting to setup the Package Registry for private projects so that packages can only be published to the Gitlab package registry via CICD pipelines. I am not able to find any setting which prevents any role from manually publishing to the project’s package registry.
Goal here is to have a review process before publishing the package. Currently, developers are able to publish directly publish to the projects package registry using their tokens.
How to prevent a Developer/Maintainer/Owner Role having write access to the package registry?
Thanks for any help or guidance,