I need a place to post files that we can download using “wget” (or equivalent).
We have a local GitLab server; does it have capability to support a page for that?
Note that I don’t want to use any of the normal Git operations on these files, no versioning, and I don’t to be cloning directory-trees of these files.
Hi there,
How about using general package repository? You can upload a file using CI/CD or manually via API and then download it via API as well.
As I read it , the authentication still has to be on the command-line
curl --header "PRIVATE-TOKEN: <your_access_token>" ...
which I want to avoid. I want to use certificates stored in my home-directory and in my account on the server.
Also, I want to post a tarball of a directory with a bunch of data files. Again, if I read right, this is only for .deb and .rpm files etc. not for general tarballs. Is this correct?
I don’t think authentication to API is possible using SSH keys - you can read about it here. You can only pull information from git repository using SSH keys.
Like I already mentioned, to Generic package registry you can push anything you want: zipfiles, exe, tarballs… But of course, this does not have a behavior of a typical package management server, like PyPi Registry or Debian Registries.
I use Personal Access Tokens for other operations (containers).
But these docs keep indicating that it has to be passed on the command-line, not just implicitly read from a file location on my system, is that correct?
Well, I believe this depends rather on the tool that you’re using, not GitLab.
You’re interacting with GitLab API that requires specific header information (e.g. PRIVATE-TOKEN) to be passed along with the http request. How do you do this, it’s up to you and tool you use to do this. So, if curl, wget, Postman, your custom Python script, or whatever else you use to interact with API, allows you to read your credentials from environment or file and generate the request with headers that you need, then you don’t need to pass it directly (in plain text) via CLI.
I mean (or hope), noone passes their private token in plain text like this. E.g. if you use this in the pipeline, you will put this token in a variable and protect it (so it’s not being printed out), so your token is not committed in plain text to git. And then you will use this variable either in curl, wget or any other custom script.