Add documentation for DeployToken
This commit is contained in:
parent
aaa6d80870
commit
560ed92235
|
@ -28,6 +28,10 @@
|
||||||
%pre
|
%pre
|
||||||
docker login #{Gitlab.config.registry.host_port}
|
docker login #{Gitlab.config.registry.host_port}
|
||||||
%br
|
%br
|
||||||
|
%p
|
||||||
|
- deploy_token = link_to(_('deploy token'), help_page_path('user/projects/deploy_tokens/index', anchor: 'read-container-registry-images'), target: '_blank')
|
||||||
|
= s_('Container-Registry|You can also %{deploy_token} for read-only access to the registry images.').html_safe % { deploy_token: deploy_token }
|
||||||
|
%br
|
||||||
%p
|
%p
|
||||||
= s_('ContainerRegistry|Once you log in, you’re free to create and upload a container image using the common %{build} and %{push} commands').html_safe % { build: "<code>build</code>".html_safe, push: "<code>push</code>".html_safe }
|
= s_('ContainerRegistry|Once you log in, you’re free to create and upload a container image using the common %{build} and %{push} commands').html_safe % { build: "<code>build</code>".html_safe, push: "<code>push</code>".html_safe }
|
||||||
%pre
|
%pre
|
||||||
|
|
|
@ -115,15 +115,16 @@ and [Using the GitLab Container Registry documentation](../../ci/docker/using_do
|
||||||
|
|
||||||
## Using with private projects
|
## Using with private projects
|
||||||
|
|
||||||
> [Introduced][ce-11845] in GitLab 9.3.
|
> Personal Access tokens were [introduced][ce-11845] in GitLab 9.3.
|
||||||
|
> Project Deploy Tokens were [introduced][ce-17894] in GitLab 10.7
|
||||||
|
|
||||||
If a project is private, credentials will need to be provided for authorization.
|
If a project is private, credentials will need to be provided for authorization.
|
||||||
The preferred way to do this, is by using [personal access tokens][pat].
|
The preferred way to do this, is either by using a [personal access tokens][pat] or a [project deploy token][pdt].
|
||||||
The minimal scope needed is `read_registry`.
|
The minimal scope needed for both of them is `read_registry`.
|
||||||
|
|
||||||
Example of using a personal access token:
|
Example of using a personal access token:
|
||||||
```
|
```
|
||||||
docker login registry.example.com -u <your_username> -p <your_personal_access_token>
|
docker login registry.example.com -u <your_username> -p <your_access_token>
|
||||||
```
|
```
|
||||||
|
|
||||||
## Troubleshooting the GitLab Container Registry
|
## Troubleshooting the GitLab Container Registry
|
||||||
|
@ -270,5 +271,7 @@ Once the right permissions were set, the error will go away.
|
||||||
|
|
||||||
[ce-4040]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4040
|
[ce-4040]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4040
|
||||||
[ce-11845]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11845
|
[ce-11845]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11845
|
||||||
|
[ce-17894]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17894
|
||||||
[docker-docs]: https://docs.docker.com/engine/userguide/intro/
|
[docker-docs]: https://docs.docker.com/engine/userguide/intro/
|
||||||
[pat]: ../profile/personal_access_tokens.md
|
[pat]: ../profile/personal_access_tokens.md
|
||||||
|
[pdt]: ../project/deploy_tokens/index.md
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 72 KiB |
|
@ -0,0 +1,72 @@
|
||||||
|
# Deploy Tokens
|
||||||
|
|
||||||
|
> [Introduced][ce-17894] in GitLab 10.7.
|
||||||
|
|
||||||
|
Deploy tokens allow to download (through `git clone`), or read the container registry images of a project without the need of having a user and a password.
|
||||||
|
|
||||||
|
Please note, that the expiration of deploy tokens happens on the date you define,
|
||||||
|
at midnight UTC and that they can be only managed by [masters](https://docs.gitlab.com/ee/user/permissions.html).
|
||||||
|
|
||||||
|
## Creating a personal access token
|
||||||
|
|
||||||
|
You can create as many deploy tokens as you like from the settings of your project:
|
||||||
|
|
||||||
|
1. Log in to your GitLab account.
|
||||||
|
1. Go to the project you want to create Deploy Tokens for.
|
||||||
|
1. Go to **Settings** > **Repository**
|
||||||
|
1. Click on "Expand" on **Deploy Tokens** section
|
||||||
|
1. Choose a name and optionally an expiry date for the token.
|
||||||
|
1. Choose the [desired scopes](#limiting-scopes-of-a-deploy-token).
|
||||||
|
1. Click on **Create deploy token**.
|
||||||
|
1. Save the deploy token somewhere safe. Once you leave or refresh
|
||||||
|
the page, **you won't be able to access it again**.
|
||||||
|
|
||||||
|
![Personal access tokens page](img/deploy_tokens.png)
|
||||||
|
|
||||||
|
## Revoking a personal access token
|
||||||
|
|
||||||
|
At any time, you can revoke any deploy token by just clicking the
|
||||||
|
respective **Revoke** button under the 'Active deploy tokens' area.
|
||||||
|
|
||||||
|
## Limiting scopes of a deploy token
|
||||||
|
|
||||||
|
Deploy tokens can be created with two different scopes that allow various
|
||||||
|
actions that a given token can perform. The available scopes are depicted in
|
||||||
|
the following table.
|
||||||
|
|
||||||
|
| Scope | Description |
|
||||||
|
| ----- | ----------- |
|
||||||
|
|`read_repo` | Allows read-access to the repository through `git clone` |
|
||||||
|
| `read_registry` | Allows read-access to[container registry] images if a project is private and authorization is required. |
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
### Git clone a repository
|
||||||
|
|
||||||
|
To download a repository using a Deploy Token, you just need to:
|
||||||
|
|
||||||
|
1. Create a Deploy Token with `read_repo` as a scope.
|
||||||
|
2. `git clone` the project using the Deploy Token:
|
||||||
|
|
||||||
|
|
||||||
|
```bash
|
||||||
|
git clone http://oauth2:<deploy_token>@gitlab.example.com/tanuki/awesome_project.git
|
||||||
|
```
|
||||||
|
|
||||||
|
Just replace `<deploy_token>` with your real token.
|
||||||
|
|
||||||
|
### Read container registry images
|
||||||
|
|
||||||
|
To read the container registry images, you'll need to:
|
||||||
|
|
||||||
|
1. Create a Deploy Token with `read_registry` as a scope.
|
||||||
|
2. Log in to GitLab’s Container Registry using the deploy token:
|
||||||
|
|
||||||
|
```
|
||||||
|
docker login registry.example.com -u <username> -p <deploy_token>
|
||||||
|
```
|
||||||
|
Just replace `<username>` and `<deploy_token>` with the proper values.
|
||||||
|
|
||||||
|
[ce-17894]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17894
|
||||||
|
[ce-11845]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11845
|
||||||
|
[container registry]: ../project/container_registry.md
|
|
@ -27,6 +27,7 @@ integrated platform
|
||||||
- [Protected tags](protected_tags.md): Control over who has
|
- [Protected tags](protected_tags.md): Control over who has
|
||||||
permission to create tags, and prevent accidental update or deletion
|
permission to create tags, and prevent accidental update or deletion
|
||||||
- [Signing commits](gpg_signed_commits/index.md): use GPG to sign your commits
|
- [Signing commits](gpg_signed_commits/index.md): use GPG to sign your commits
|
||||||
|
- [Deploy tokens](deploy_tokens/index.md): Manage project-based deploy tokens that allow permanent access to the repository and Container Registry.
|
||||||
- [Merge Requests](merge_requests/index.md): Apply your branching
|
- [Merge Requests](merge_requests/index.md): Apply your branching
|
||||||
strategy and get reviewed by your team
|
strategy and get reviewed by your team
|
||||||
- [Merge Request Approvals](https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html) (**Starter/Premium**): Ask for approval before
|
- [Merge Request Approvals](https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html) (**Starter/Premium**): Ask for approval before
|
||||||
|
|
Loading…
Reference in New Issue