Maven Deploy Artifact to GitLab: Access Denied

I am very new to GitLab and am testing the Maven repository feature. I have a simple Maven project, which produces a JAR, which I would like uploaded to the Maven Artifact Repo in GitLab. I have followed this guide as carefully as I can: https://docs.gitlab.com/ee/user/project/packages/maven_repository.html and I also followed portions of this guide: https://docs.gitlab.com/ee/ci/examples/artifactory_and_gitlab/

Thanks in advance for any help!

Problem 1: Local Deploy

When I run ‘mvn deploy’ on my local machine, I get the error below labeled “Local Error Message” (Access Denied). I’m guessing that either I don’t have my permissions configured properly, or the path is bad. I have updated my local ~/.m2/settings.xml with a Private Token (per the guide above with =gitlab-maven). I have “Maintainer” permissions on the Project that I’m building. Is 'Maintainer" able to perform the deploy action? I can’t find any documentation about permissions in relation to this. The group/project are still in the GitLab trial period.

The Private Token I generated only had API selected. Is that right? I named the token ‘gitlab-maven’, assuming the name is arbitrary. Is that right?

I have configured the POM and nodes exactly as described in the guide, replacing the PROJECT_ID with my project ID and matching all nodes to my ~/.m2/settings.xml (gitlab-maven).

Problem 2 : CI Deploy

I have also run this build and deploy via the GitLab CI. The deploy step also results in Access Denied. I have placed the full error below labeled “GitLab CI Error Message”. For the CI build, I have in the root of the project the file /.m2/settings.xml with a Job-Token, with the value ‘${env.CI_JOB_TOKEN}’. I’m assuming that this token is available in the environment at build time and that I don’t need to do anything to generate it and I don’t have to replace that variable. Is my understanding of Job-Token correct?

I copied and pasted the .gitlab-ci.yml to run the build/deploy from this tutorial: https://docs.gitlab.com/ee/ci/examples/artifactory_and_gitlab/#configure-gitlab-cicd-for-simple-maven-dep

Both errors (local and CI) list the path: https://gitlab.com/api/v4/projects/9660882/packages/maven/apps4work/co.a4w.api/1.0-SNAPSHOT/maven-metadata.xml

I don’t believe this path should exist yet, as I have not pushed the artifact into the Maven package repository.

=== Local Error Message ===

[ ERROR ] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.8.2:deploy (default-deploy) on project co.a4w.api: Failed to retrieve remote metadata apps4work:co.a4w.api:1.0-SNAPSHOT/maven-metadata.xml: Could not transfer metadata apps4work:co.a4w.api:1.0-SNAPSHOT/maven-metadata.xml from/to gitlab-maven (https://gitlab.com/api/v4/projects/9660882/packages/maven): Access denied to: https://gitlab.com/api/v4/projects/9660882/packages/maven/apps4work/co.a4w.api/1.0-SNAPSHOT/maven-metadata.xml

org.apache.maven.lifecycle.LifecycleExecutionException : Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.8.2:deploy (default-deploy) on project co.a4w.api: Failed to retrieve remote metadata apps4work:co.a4w.api:1.0-SNAPSHOT/maven-metadata.xml: Could not transfer metadata apps4work:co.a4w.api:1.0-SNAPSHOT/maven-metadata.xml from/to gitlab-maven (https://gitlab.com/api/v4/projects/9660882/packages/maven): Access denied to: https://gitlab.com/api/v4/projects/9660882/packages/maven/apps4work/co.a4w.api/1.0-SNAPSHOT/maven-metadata.xml

=== GitLab CI Error Message ===

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project co.a4w.api: Failed to retrieve remote metadata apps4work:co.a4w.api:1.0-SNAPSHOT/maven-metadata.xml: Could not transfer metadata apps4work:co.a4w.api:1.0-SNAPSHOT/maven-metadata.xml from/to gitlab-maven (https://gitlab.com/api/v4/projects/9660882/packages/maven): Access denied to: https://gitlab.com/api/v4/projects/9660882/packages/maven/apps4work/co.a4w.api/1.0-SNAPSHOT/maven-metadata.xml

We upgraded our trial to Gold, then I re-ran the CI build and I got almost the same error message, except it has a new addition: “ReasonPhrase:Forbidden.”

It seems significant that now we are receiving this, can anyone tell me what it means and how to fix it?

Thanks!

======

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.8.2:deploy (default-deploy) on project co.a4w.api: Failed to retrieve remote metadata apps4work:co.a4w.api:1.0-SNAPSHOT/maven-metadata.xml: Could not transfer metadata apps4work:co.a4w.api:1.0-SNAPSHOT/maven-metadata.xml from/to gitlab-maven (https://gitlab.com/api/v4/projects/9660882/packages/maven): Access denied to: https://gitlab.com/api/v4/projects/9660882/packages/maven/apps4work/co.a4w.api/1.0-SNAPSHOT/maven-metadata.xml , ReasonPhrase:Forbidden.

I was granted the “owner” role on the project and attempted to perform the Maven deploy stage, and it failed with the same error as above, with “Failed to retrieve remote metadata” and “ReasonPhrase:Forbidden”.

I’m stumped at this point. I’m not sure what to try next.

Kevin, we are having this exact same issue on our gitlab-ce environment, with any attempt to push with “CI_JOB_TOKEN” as part of a pipeline resulting in

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project <our project>: Failed to deploy artifacts: Could not find artifact com.<our namespace>.spring.ext:<our jar>:0.0.1-20190207.112431-1 in gitlab-maven (https://git.<our tld>/api/v4/projects/19/packages/maven) -> [Help 1]

I suspect the issues are related as attempting to run the same commands from via the API directly return a 404 for unauthorised users (See: https://gitlab.com/gitlab-org/gitlab-ce/issues/42586).

Modifying our settings.xml to use a personal token with only the “api” scope enabled works.

Looks like you’re not alone in this one!