How to pull a private repo in Gitlab CI

08/21/2019

If you’re like me and use git instead of NPM to host private node packages then you’ve probably ran into a time when you wanted to do a Gitlab CI build but don’t have permission to pull from your private repositories. Luckily Gitlab provides a slick way to deal with this!

This example applies to a TypeScript project I have. First you might have a package.json with the below in the dependencies section.

"a-repo": "git+https://gitlab.com/kmcgill88/a-repo.git#4e08f44b3434d55090a1e90932d8596f84965f5d",

Since this is a private repository, your build will surely fail with an auth error! Insted of using a hacky SSH service account or environment variables with user name and password, Gitlab offers the CI_JOB_TOKEN environment variable. Every build gets a freh, temporary, token to authenticate with other Gitlab private repositories.

All that is needed in a Docker build is to add the before_script tag with the command to override ~/.netrc (only do this in a docker container).

image: node:8.15.0-alpine

stages:
- Test

before_script:
  - echo -e "machine gitlab.com\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc

Test:
  stage: Test
  variables:
    MY_VAR: $SHHH_SECRET
  script:
    - yarn && yarn test
    - yarn build
  tags:
    - docker

Now when the yarn command starts resolving dependencies you are good to go with your private dependency!

Check out the Gitlab offical docs.