diff options
Diffstat (limited to 'doc/user/packages')
-rw-r--r-- | doc/user/packages/composer_repository/index.md | 12 | ||||
-rw-r--r-- | doc/user/packages/conan_repository/index.md | 22 | ||||
-rw-r--r-- | doc/user/packages/container_registry/index.md | 13 | ||||
-rw-r--r-- | doc/user/packages/container_registry/reduce_container_registry_storage.md | 20 | ||||
-rw-r--r-- | doc/user/packages/dependency_proxy/index.md | 11 | ||||
-rw-r--r-- | doc/user/packages/maven_repository/index.md | 7 | ||||
-rw-r--r-- | doc/user/packages/package_registry/index.md | 20 |
7 files changed, 95 insertions, 10 deletions
diff --git a/doc/user/packages/composer_repository/index.md b/doc/user/packages/composer_repository/index.md index ea12b225717..901fb740717 100644 --- a/doc/user/packages/composer_repository/index.md +++ b/doc/user/packages/composer_repository/index.md @@ -171,6 +171,8 @@ When you publish: ## Install a Composer package +> Authorization to [download a package archive](../../../api/packages/composer.md#download-a-package-archive) was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/331601) in GitLab 14.10. + Install a package from the Package Registry so you can use it as a dependency. Prerequisites: @@ -354,6 +356,8 @@ used to access them: ## Troubleshooting +### Caching + To improve performance, Composer caches files related to a package. Note that Composer doesn't remove data by itself. The cache grows as new packages are installed. If you encounter issues, clear the cache with this command: @@ -362,6 +366,14 @@ this command: composer clearcache ``` +### Authorization requirement when using `composer install` + +In GitLab 14.9 and earlier, you did not require authorization to use `composer install` if you already had a generated `composer.lock`. +If you committed your `composer.lock`, you could do a `composer install` in CI without setting up credentials. + +In GitLab 14.10 and later, authorization is required for the [downloading a package archive](../../../api/packages/composer.md#download-a-package-archive) endpoint. +If you encounter a credentials prompt when you are using `composer install`, follow the instructions in the [install a composer package](#install-a-composer-package) section to create an `auth.json` file. + ## Supported CLI commands The GitLab Composer repository supports the following Composer CLI commands: diff --git a/doc/user/packages/conan_repository/index.md b/doc/user/packages/conan_repository/index.md index 731ba04a9f7..b3eadc13772 100644 --- a/doc/user/packages/conan_repository/index.md +++ b/doc/user/packages/conan_repository/index.md @@ -428,3 +428,25 @@ The GitLab Conan repository supports the following Conan CLI commands: packages you have permission to view. - `conan info`: View the information on a given package from the Package Registry. - `conan remove`: Delete the package from the Package Registry. + +## Troubleshooting + +### Make output verbose + +For more verbose output when troubleshooting a Conan issue: + +```shell +export CONAN_TRACE_FILE=/tmp/conan_trace.log # Or SET in windows +conan <command> +``` + +You can find more logging tips in the [Conan documentation](https://docs.conan.io/en/latest/mastering/logging.html). + +### SSL Errors + +If you are using a self-signed certificate, there are two methods to manage SSL errors with Conan: + +- Use the `conan remote` command to disable the SSL verification. +- Append your server `crt` file to the `cacert.pem` file. + +Read more about this in the [Conan Documentation](https://docs.conan.io/en/latest/howtos/use_tls_certificates.html). diff --git a/doc/user/packages/container_registry/index.md b/doc/user/packages/container_registry/index.md index 5b6c71d4dd2..59bb4a89b0b 100644 --- a/doc/user/packages/container_registry/index.md +++ b/doc/user/packages/container_registry/index.md @@ -626,13 +626,18 @@ Use your own URLs to complete the following steps: docker pull gitlab.example.com/org/build/sample_project/cr:v2.9.1 ``` +NOTE: +For container registry authentication, use either a +[personal access token](../../profile/personal_access_tokens.md) or a +[deploy token](../../project/deploy_tokens/index.md). + 1. Rename the images to match the new project name: ```shell docker tag gitlab.example.com/org/build/sample_project/cr:v2.9.1 gitlab.example.com/new_org/build/new_sample_project/cr:v2.9.1 ``` -1. Delete the images in both projects by using the [UI](#delete-images) or [API](../../../api/packages.md#delete-a-project-package). +1. Delete the images in the old project by using the [UI](#delete-images) or [API](../../../api/packages.md#delete-a-project-package). There may be a delay while the images are queued and deleted. 1. Change the path or transfer the project by going to **Settings > General** and expanding **Advanced**. @@ -698,7 +703,7 @@ Follow [this issue](https://gitlab.com/gitlab-org/container-registry/-/issues/55 ### Tags temporarily cannot be marked for deletion -GitLab is [migrating to the next generation of the Container Registry](https://gitlab.com/groups/gitlab-org/-/epics/5523). -During the migration, you may encounter difficulty deleting tags. -If you encounter an error, it's likely that your image repository is in the process of being migrated. +GitLab is [migrating to the next generation of the Container Registry](https://gitlab.com/groups/gitlab-org/-/epics/5523). +During the migration, you may encounter difficulty deleting tags. +If you encounter an error, it's likely that your image repository is in the process of being migrated. Please wait a few minutes and try again. diff --git a/doc/user/packages/container_registry/reduce_container_registry_storage.md b/doc/user/packages/container_registry/reduce_container_registry_storage.md index 7e8b2865b6e..2cfe99876fa 100644 --- a/doc/user/packages/container_registry/reduce_container_registry_storage.md +++ b/doc/user/packages/container_registry/reduce_container_registry_storage.md @@ -79,7 +79,7 @@ the Container Registry after the policy runs. The next time the policy runs, the so it may take multiple runs for all tags to be deleted. WARNING: -GitLab self-managed installs support for third-party container registries that comply with the +GitLab self-managed installations support third-party container registries that comply with the [Docker Registry HTTP API V2](https://docs.docker.com/registry/spec/api/) specification. However, this specification does not include a tag delete operation. Therefore, when interacting with third-party container registries, GitLab uses a workaround to delete tags. See the @@ -217,7 +217,23 @@ Valid values for `cadence` when using the API are: - `1month` (every month) - `3month` (every quarter) -See the API documentation for further details: [Edit project](../../../api/projects.md#edit-project). +Valid values for `keep_n` (number of tags kept per image name) when using the API are: + +- `1` +- `5` +- `10` +- `25` +- `50` +- `100` + +Valid values for `older_than` (days until tags are automatically removed) when using the API are: + +- `7d` +- `14d` +- `30d` +- `90d` + +See the API documentation for further details: [Edit project API](../../../api/projects.md#edit-project). ### Use with external container registries diff --git a/doc/user/packages/dependency_proxy/index.md b/doc/user/packages/dependency_proxy/index.md index e431d4d7de3..5e66c8ed7a5 100644 --- a/doc/user/packages/dependency_proxy/index.md +++ b/doc/user/packages/dependency_proxy/index.md @@ -96,6 +96,14 @@ You can authenticate using: Users accessing the Dependency Proxy with a personal access token or username and password must have at least the Guest role for the group they pull images from. +The Dependency Proxy follows the [Docker v2 token authentication flow](https://docs.docker.com/registry/spec/auth/token/), +issuing the client a JWT to use for the pull requests. The JWT issued as a result of authenticating +expires after some time. When the token expires, most Docker clients store your credentials and +automatically request a new token without further action. + +The token expiration time is a [configurable setting](../../../administration/packages/dependency_proxy.md#changing-the-jwt-expiration). +On GitLab.com, the expiration time is 15 minutes. + #### SAML SSO When [SSO enforcement](../../group/saml_sso/index.md#sso-enforcement) @@ -132,7 +140,8 @@ There are other additional predefined CI/CD variables you can also use: - `CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX`: the image prefix for pulling images through the dependency proxy from the direct group or subgroup that the project belongs to. -`CI_DEPENDENCY_PROXY_SERVER` and `CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX` +`CI_DEPENDENCY_PROXY_SERVER`, `CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX`, and +`CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX` include the server port. If you explicitly include the Dependency Proxy path, the port must be included, unless you have logged into the Dependency Proxy manually without including the port: diff --git a/doc/user/packages/maven_repository/index.md b/doc/user/packages/maven_repository/index.md index 6e3af6a92d5..6a515b78fc1 100644 --- a/doc/user/packages/maven_repository/index.md +++ b/doc/user/packages/maven_repository/index.md @@ -283,7 +283,8 @@ To authenticate to the Package Registry, you need either a personal access token ### Authenticate with a personal access token in Gradle -Create a file `~/.gradle/gradle.properties` with the following content: +In [your `GRADLE_USER_HOME` directory](https://docs.gradle.org/current/userguide/directory_layout.html#dir:gradle_user_home), +create a file `gradle.properties` with the following content: ```groovy gitLabPrivateToken=REPLACE_WITH_YOUR_PERSONAL_ACCESS_TOKEN @@ -586,7 +587,7 @@ To publish a package by using Gradle: url "https://gitlab.example.com/api/v4/projects/<PROJECT_ID>/packages/maven" credentials(HttpHeaderCredentials) { name = "Private-Token" - value = gitLabPrivateToken // the variable resides in ~/.gradle/gradle.properties + value = gitLabPrivateToken // the variable resides in $GRADLE_USER_HOME/gradle.properties } authentication { header(HttpHeaderAuthentication) @@ -820,7 +821,7 @@ rm -rf ~/.m2/repository If you're using Gradle, run this command to clear the cache: ```shell -rm -rf ~/.gradle/caches +rm -rf ~/.gradle/caches # Or replace ~/.gradle with your custom GRADLE_USER_HOME ``` ### Review network trace logs diff --git a/doc/user/packages/package_registry/index.md b/doc/user/packages/package_registry/index.md index b980f6a5694..1f278bd1476 100644 --- a/doc/user/packages/package_registry/index.md +++ b/doc/user/packages/package_registry/index.md @@ -114,6 +114,26 @@ You can also remove the Package Registry for your project specifically: The **Packages & Registries > Package Registry** entry is removed from the sidebar. +## Package Registry visibility permissions + +[Project-level permissions](../../permissions.md) +determine actions such as downloading, pushing, or deleting packages. + +The visibility of the Package Registry is independent of the repository and can't be controlled from +your project's settings. For example, if you have a public project and set the repository visibility +to **Only Project Members**, the Package Registry is then public. However, disabling the Package +Registry disables all Package Registry operations. + +[GitLab-#329253](https://gitlab.com/gitlab-org/gitlab/-/issues/329253) +proposes adding the ability to control Package Registry visibility from the UI. + +| | | Anonymous<br/>(everyone on internet) | Guest | Reporter, Developer, Maintainer, Owner | +| -------------------- | --------------------- | --------- | ----- | ------------------------------------------ | +| Public project with Package Registry enabled | View Package Registry <br/> and pull packages | Yes | Yes | Yes | +| Internal project with Package Registry enabled | View Package Registry <br/> and pull packages | No | Yes | Yes | +| Private project with Package Registry enabled | View Package Registry <br/> and pull packages | No | No | Yes | +| Any project with Package Registry disabled | All operations on Package Registry | No | No | No | + ## Supported package managers WARNING: |