1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
|
---
stage: Package
group: Package Registry
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Package registry
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** GitLab.com, Self-managed, GitLab Dedicated
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/221259) from GitLab Premium to GitLab Free in 13.3.
With the GitLab package registry, you can use GitLab as a private or public registry for a variety
of [supported package managers](supported_package_managers.md).
You can publish and share packages, which can be consumed as a dependency in downstream projects.
## Package workflows
Learn how to use the GitLab package registry to build your own custom package workflow:
- [Use a project as a package registry](../workflows/project_registry.md)
to publish all of your packages to one project.
- Publish multiple different packages from one [monorepo project](../workflows/working_with_monorepos.md).
## View packages
You can view packages for your project or group.
1. Go to the project or group.
1. Go to **Deploy > Package Registry**.
You can search, sort, and filter packages on this page. You can share your search results by copying
and pasting the URL from your browser.
You can also find helpful code snippets for configuring your package manager or installing a given package.
When you view packages in a group:
- All packages published to the group and its projects are displayed.
- Only the projects you can access are displayed.
- If a project is private, or you are not a member of the project, the packages from that project are not displayed.
For information on how to create and upload a package, view the GitLab documentation for your package type.
## Authenticate with the registry
Authentication depends on the package manager being used. For more information, see the docs on the
specific package format you want to use.
For most package types, the following credential types are valid:
- [Personal access token](../../profile/personal_access_tokens.md):
authenticates with your user permissions. Good for personal and local use of the package registry.
- [Project deploy token](../../project/deploy_tokens/index.md):
allows access to all packages in a project. Good for granting and revoking project access to many
users.
- [Group deploy token](../../project/deploy_tokens/index.md):
allows access to all packages in a group and its subgroups. Good for granting and revoking access
to a large number of packages to sets of users.
- [Job token](../../../ci/jobs/ci_job_token.md):
allows access to packages in the project running the job for the users running the pipeline.
Access to other external projects can be configured.
- If your organization uses two factor authentication (2FA), you must use a personal access token with the scope set to `api`.
- If you are publishing a package by using CI/CD pipelines, you must use a CI job token.
NOTE:
If the "Package registry" feature is turned off for your project at **Settings > General > Visibility, project features, permissions**, you will receive a 403 Forbidden response.
Accessing the package registry with a deploy token is not available when external authorization is enabled.
## Use GitLab CI/CD
You can use [GitLab CI/CD](../../../ci/index.md) to build or import packages into
a package registry.
### To build packages
You can authenticate with GitLab by using the `CI_JOB_TOKEN`.
CI/CD templates, which you can use to get started, are in [this repository](https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates).
For more information about using the GitLab package registry with CI/CD, see:
- [Generic](../generic_packages/index.md#publish-a-generic-package-by-using-cicd)
- [Maven](../maven_repository/index.md#create-maven-packages-with-gitlab-cicd)
- [npm](../npm_registry/index.md#publishing-a-package-by-using-a-cicd-pipeline)
- [NuGet](../nuget_repository/index.md#publish-a-nuget-package-by-using-cicd)
- [PyPI](../pypi_repository/index.md#authenticate-with-a-ci-job-token)
- [Terraform](../terraform_module_registry/index.md#authenticate-to-the-terraform-module-registry)
If you use CI/CD to build a package, extended activity information is displayed
when you view the package details:
You can view which pipeline published the package, and the commit and user who triggered it. However, the history is limited to five updates of a given package.
### To import packages
If you already have packages built in a different registry, you can import them
into your GitLab package registry with the [package importer](https://gitlab.com/gitlab-org/ci-cd/package-stage/pkgs_importer).
For a list of supported packages, see [Importing packages from other repositories](supported_functionality.md#importing-packages-from-other-repositories).
## Reduce storage usage
For information on reducing your storage use for the package registry, see
[Reduce package registry storage use](reduce_package_registry_storage.md).
## Disable the package registry
The package registry is automatically enabled.
If you are using a self-managed instance of GitLab, your administrator can remove
the menu item, **Packages and registries**, from the GitLab sidebar. For more information,
see the [administration documentation](../../../administration/packages/index.md).
You can also remove the package registry for your project specifically:
1. In your project, go to **Settings > General**.
1. Expand the **Visibility, project features, permissions** section and disable the
**Packages** feature.
1. Select **Save changes**.
The **Deploy > Package Registry** entry is removed from the sidebar.
## Package registry visibility permissions
[Project-level permissions](../../permissions.md)
determine actions such as downloading, pushing, or deleting packages.
The visibility of the package registry is independent of the repository and can be controlled from
your project's settings. For example, if you have a public project and set the repository visibility
to **Only Project Members**, the package registry is then public. Disabling the Package
Registry disables all package registry operations.
| Project visibility | Action | Minimum [role](../../permissions.md#roles) required |
|--------------------|-----------------------|---------------------------------------------------------|
| Public | View package registry | `n/a`, everyone on the internet can perform this action |
| Public | Publish a package | Developer |
| Public | Pull a package | `n/a`, everyone on the internet can perform this action |
| Internal | View package registry | Guest |
| Internal | Publish a package | Developer |
| Internal | Pull a package | Guest (1) |
| Private | View package registry | Reporter |
| Private | Publish a package | Developer |
| Private | Pull a package | Reporter (1) |
### Allow anyone to pull from package registry
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/385994) in GitLab 15.7.
> - [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/468058) in GitLab 17.4 to support NuGet group endpoints.
> - [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/468059) in GitLab 17.5 to support Maven group endpoint.
> - [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/468062) in GitLab 17.5 to support Terraform module namespace endpoints.
To allow anyone to pull from the package registry, regardless of project visibility:
1. On the left sidebar, select **Search or go to** and find your private or internal project.
1. Select **Settings > General**.
1. Expand **Visibility, project features, permissions**.
1. Turn on the **Allow anyone to pull from Package Registry** toggle.
1. Select **Save changes**.
Anyone on the internet can access the package registry for the project.
#### Disable allowing anyone to pull
Prerequisites:
- You must be an administrator.
To hide the **Allow anyone to pull from Package Registry** toggle globally:
- [Change the application setting](../../../api/settings.md#change-application-settings) `package_registry_allow_anyone_to_pull_option` to `false`.
Anonymous downloads are disabled, even for projects that turned on the **Allow anyone to pull from Package Registry** toggle.
Several known issues exist when you allow anyone to pull from the package registry:
- Endpoints for projects are supported.
- NuGet registry endpoints for groups are supported. However, because of how NuGet clients send the authentication credentials, anonymous downloads are not allowed. Only GitLab users can pull from the package registry, even if this feature is enabled.
- Maven registry endpoint for groups are supported.
- Terraform module registry endpoints for namespaces are supported.
- Other group and instance endpoints are not fully supported. Support for group endpoints is proposed in [epic 14234](https://gitlab.com/groups/gitlab-org/-/epics/14234).
- It does not work with the [Composer](../composer_repository/index.md#install-a-composer-package), because Composer only has a group endpoint.
- It works with Conan, but using [`conan search`](../conan_repository/index.md#search-for-conan-packages-in-the-package-registry) does not work.
## Accepting contributions
This table lists unsupported package manager formats that we are accepting contributions for.
Consider contributing to GitLab. This [development documentation](../../../development/packages/index.md)
guides you through the process.
<!-- vale gitlab_base.Spelling = NO -->
| Format | Status |
| --------- | ------------------------------------------------------------- |
| Chef | [#36889](https://gitlab.com/gitlab-org/gitlab/-/issues/36889) |
| CocoaPods | [#36890](https://gitlab.com/gitlab-org/gitlab/-/issues/36890) |
| Conda | [#36891](https://gitlab.com/gitlab-org/gitlab/-/issues/36891) |
| CRAN | [#36892](https://gitlab.com/gitlab-org/gitlab/-/issues/36892) |
| Opkg | [#36894](https://gitlab.com/gitlab-org/gitlab/-/issues/36894) |
| P2 | [#36895](https://gitlab.com/gitlab-org/gitlab/-/issues/36895) |
| Puppet | [#36897](https://gitlab.com/gitlab-org/gitlab/-/issues/36897) |
| RPM | [#5932](https://gitlab.com/groups/gitlab-org/-/epics/5128) |
| SBT | [#36898](https://gitlab.com/gitlab-org/gitlab/-/issues/36898) |
| Swift | [#12233](https://gitlab.com/gitlab-org/gitlab/-/issues/12233) |
| Vagrant | [#36899](https://gitlab.com/gitlab-org/gitlab/-/issues/36899) |
<!-- vale gitlab_base.Spelling = YES -->
|
