Creates a deploy token for a GitLab project with specified scopes and user details.
Input Schema
| Property | Type | Description | Required |
|---|---|---|---|
| name | string | Deploy Token Name | |
| token | string | The token to use for authorization to GitLab | |
| scopes | array | Scopes | |
| repoUrl | string | - | |
| username | string | Deploy Token Username | |
| projectId | any | Project ID |
Output Schema
| Property | Type | Description | Required |
|---|---|---|---|
| user | string | User | |
| deploy_token | string | Deploy Token |
Usage Examples
Create read only deploy token for cloning and image pulls
Generates a project deploy token with read_repository and read_registry scopes. Use this when CI needs to clone the repo and pull container images without a user token.
steps:
- id: fetchBase
action: fetch:template
input:
url: ./skeleton
targetPath: .
values:
serviceName: ${{ parameters.serviceName }}
owner: ${{ parameters.owner }}
- id: createDeployToken
action: gitlab:projectDeployToken:create
input:
repoUrl: gitlab.com?owner=acme&repo=web-api
projectId: 452317
name: ${{ parameters.serviceName }}-deploy
scopes:
- read_repository
- read_registryCreate token for pushing images to GitLab Container Registry
Creates a token with write_registry scope and a custom username. Use this for pipelines that build and push Docker images to the project registry.
steps:
- id: fetchBase
action: fetch:template
input:
url: ./skeleton
targetPath: .
values:
serviceName: ${{ parameters.serviceName }}
image: ${{ parameters.image }}
- id: createRegistryPusher
action: gitlab:projectDeployToken:create
input:
repoUrl: gitlab.com?owner=acme%2Fplatform&repo=ci-tools
token: ${{ secrets.gitlab_pat }}
projectId: 987654
name: ${{ parameters.serviceName }}-registry-writer
username: ci-deployer
scopes:
- write_registryCreate token for subgroup project with read and write registry scopes
Creates a token for a subgroup project that can both pull and push images. Use when a single token is needed for build and deploy stages across environments.
steps:
- id: fetchBase
action: fetch:template
input:
url: ./template
targetPath: .
values:
env: ${{ parameters.env }}
owner: ${{ parameters.owner }}
- id: createRWRegistryToken
action: gitlab:projectDeployToken:create
input:
repoUrl: gitlab.com?owner=acme%2Fpayments&repo=checkout
token: ${{ secrets.gitlab_access_token }}
projectId: 1203311
name: ${{ parameters.env }}-registry-rw
username: registry-${{ parameters.env }}
scopes:
- read_registry
- write_registryCreate token for code read access only
Creates a token limited to read_repository scope. Use this for deployment agents that need to fetch configuration or templates from the repo.
steps:
- id: fetchBase
action: fetch:template
input:
url: ./base
targetPath: .
values:
app: ${{ parameters.app }}
env: ${{ parameters.env }}
- id: createReadOnlyToken
action: gitlab:projectDeployToken:create
input:
repoUrl: gitlab.com?owner=acme&repo=lib-common
projectId: 673210
name: ${{ parameters.app }}-ro
username: agent-${{ parameters.env }}
scopes:
- read_repositoryCreate token on a self managed GitLab instance
Creates a deploy token on a self hosted GitLab with a string project ID. Use this when your instance is not gitlab.com and you manage integrations with a PAT.
steps:
- id: fetchBase
action: fetch:template
input:
url: ./stack
targetPath: .
values:
componentId: ${{ parameters.componentId }}
- id: createSelfHostedToken
action: gitlab:projectDeployToken:create
input:
repoUrl: gitlab.company.internal?owner=ml%2Fmodels&repo=model-serving
token: ${{ secrets.self_hosted_gitlab_pat }}
projectId: "740221"
name: ${{ parameters.componentId }}-deploy
scopes:
- read_repository
- read_registry