I am trying to install a private GitLab package via a group deploy_token. The project to which the package belongs is a project inside the group of the deploy_token. The token has read_registry and read_repository permissions.
In order to install the private package, I am using a .npmrc file:
@my-scope:registry=https://gitlab.com/api/v4/packages/npm/
//gitlab.com/api/v4/packages/npm/:_authToken="<group_deploy_token>"
When I try to install the private package with the group deploy_token I get the following error message:
>> npm i @my-scope/my-package@latest
npm ERR! code E404
npm ERR! 404 Not Found - GET https://gitlab.com/api/v4/packages/npm/@my-scope%2fmy-package
npm ERR! 404
npm ERR! 404 '@my-scope/my-package@latest' is not in this registry.
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
By using my personal access_token everything works fine.
I would like to use a group token so I can give it to colleagues with the set read permissions.
I have already tried to extend the gitlab.com path to
//gitlab.com/api/v4/groups/groupid/packages/npm/:_authToken="<group_deploy_token>"
//gitlab.com/api/v4/projects/groupid/packages/npm/:_authToken="<group_deploy_token>"
I tried to address the package inside the group by doing this. Maybe it would have worked.
In the Gitlab documentation, I have not found any other approaches or references to the use of group deploy_tokens.