lein-gitlab-cart
A plugin that enables Leiningen projects to access and deploy to GitLab package registries.
Background
GitLab authentication
Access to a GitLab package registry is controlled using HTTP authentication by placing a GitLab Token in an HTTP header, instead of a username and password.
This header can be one of the following:
| Token Type | HTTP Header name | Expected value |
|---|---|---|
| CI/CD Job Token | Job-Token | CI/CD Job Token provided in ${CI_JOB_TOKEN} |
| Access token | Private-Token | Personal/Group/Project access token |
Leiningen
Leiningen authentication only allows providing credentials using a username and password (or passphrase), and doesn't populate HTTP authentication headers.
Workaround
This plugin provides a Maven HTTP Wagon that populates the required HTTP authentication headers by taking the required values from the configured username and password.
Value in :username | Value in :password |
|---|---|
Job-Token | CI/CD Job Token provided in ${CI_JOB_TOKEN} |
Private-Token | Personal/Group/Project access token |
Usage
Enable the plugin
Add the following to your project.clj:
:plugins [[net.clojars.hissyfit/lein-gitlab-cart "1.0.0"]]
Declare repositories
Use
gitlab:instead ofhttps:in repository URLs to trigger the plugin's special handling ofusernameandpassword. The plugin will usehttps:when passing it on.
Example with credentials in environment variables
:repositories {"group-releases" {:url "gitlab://gitlab.com/api/v4/groups/GROUP_ID/-/packages/maven"
:username "Job-Token"
:password :env/ci_job_token}
"group-snapshots" {:url "gitlab://gitlab.com/api/v4/groups/GROUP_ID/-/packages/maven"
:username "Job-Token"
:password :env/ci_job_token}}
:deploy-repositories {"project-releases" {:url "gitlab://gitlab.com/api/v4/projects/PROJECT_ID/packages/maven"
:username "Job-Token"
:password :env/ci_job_token
:sign-releases false}
"project-snapshots" {:url "gitlab://gitlab.com/api/v4/projects/PROJECT_ID/packages/maven"
:username "Private-Token"
:password :env/gitlab_private_token}}
Example with a combination of credentials
A more typical example would be to use GPG credentials during development, and environment variables for CI/CD.
Given credentials in ~/.lein/credentials.clj.gpg, such as:
{#"gitlab:.*\/groups" {:username "Private-Token"
:password "deadbeafdeadbeafdeadbeef" ;; A group token
}
#"gitlab:.*\/projects" {:username "Private-Token"
:password "deadbeafdeadbeafdeadbeef" ;; A personal or project token
}}
We add a ci_job_token_name environment variable to the CI config in .gitlab-ci.yml:
variables:
CI_JOB_TOKEN_NAME: "Job-Token"
Since Leiningen will "prefer" the GPG credentials, we can now have the following in project.clj:
:repositories {"releases" {:url "gitlab://gitlab.com/api/v4/groups/GROUP_ID/-/packages/maven"
:username [:gpg :env/ci_job_token_name]
:password [:gpg :env/ci_job_token]}
"snapshots" {:url "gitlab://gitlab.com/api/v4/groups/GROUP_ID/-/packages/maven"
:username [:gpg :env/ci_job_token_name]
:password [:gpg :env/ci_job_token]}}
:deploy-repositories {"releases" {:url "gitlab://gitlab.com/api/v4/projects/PROJECT_ID/packages/maven"
:username [:gpg :env/ci_job_token_name]
:password [:gpg :env/ci_job_token]
:sign-releases false}
"snapshots" {:url "gitlab://gitlab.com/api/v4/projects/PROJECT_ID/packages/maven"
:username [:gpg :env/ci_job_token_name]
:password [:gpg :env/ci_job_token]}}
Copyright and License
Copyright © 2023 Kevin Poalses
Distributed under the Apache-2.0 License.
Can you improve this documentation?Edit on GitLab
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close