How to pull a private repo in Gitlab CI


If you’re like me and use git instead of NPM to host private node packages then you’ve probably ran into a time when you wanted to do a Gitlab CI build but don’t have permission to pull from your private repositories. Luckily Gitlab provides a slick way to deal with this!

This example applies to a TypeScript project I have. First you might have a package.json with the below in the dependencies section.

"a-repo": "git+",

Since this is a private repository, your build will surely fail with an auth error! Insted of using a hacky SSH service account or environment variables with user name and password, Gitlab offers the CI_JOB_TOKEN environment variable. Every build gets a freh, temporary, token to authenticate with other Gitlab private repositories.

All that is needed in a Docker build is to add the before_script tag with the command to override ~/.netrc (only do this in a docker container).

image: node:8.15.0-alpine

- Test

  - echo -e "machine\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc

  stage: Test
    - yarn && yarn test
    - yarn build
    - docker

Now when the yarn command starts resolving dependencies you are good to go with your private dependency!

Check out the Gitlab offical docs.