Generate Deploy Token

This page describes how to add a deploy token to your target repository.

Prerequisite: Before starting de deployment, make sure you have at least a repository that follows the correct structure. The implementation may not be started or completed.

Create a Deploy Token

A deployment token is used to give access of this repository to the dAIEdge-VLab. This token is used by CI/CD systems to access the container registry.

A deployment token is used to give access of this repository to the dAIEdge-VLab and its contrainer registery.

Location

Access the target repository in your GitLab. Then go to Setting > Repository Deploy tokens > Add token.

Name

Name the token as you want or leave the field empty. If you name it as follows GitLab exposes automatically the username and the token in CI/CD variable :

gitlab-deploy-token

The variables created are named as followed :

CI_DEPLOY_USER: Username
CI_DEPLOY_PASSWORD: Token

This can be useful if you want to use these variables in your CI/CD pipeline.

Expiration date

Add an expiration date if wanted. To avoid any future problems, it is recommended to leave this field empty.

Access

Under the section Scopes, select only the following access :

read_repository
read_registry
read_package_registry (if your project needs it)

Safety warning: Make sure to only select the required permissions and no more.

Username

Leave the username empty.

Create and save

Create the deployment token and copy the username and the token as they will not be shown again.

Save: Keep a copy of this token, you will need it later !

GitHub uses a Personal Access Token (PAT) to access the container registry.

Location

Access your GitHub account settings. Then go to Settings > Developer settings > Personal access tokens.

Token type

Choose one of the following:

Fine-grained tokens (recommended)
Tokens (classic)

Name

Name the token clearly, for example:

github-registry-token

Expiration date

To avoid any future problems by leaving the expiration date empty, as this token is intended to be used for a long time. Every time the token is renewed, you will need to update the token in your Host configuration.

Access

Under permissions, select only the following access:

For pulling images:

read:packages
write:packages

If accessing private repositories (classic tokens only):

repo

Safety warning: Make sure to only select the required permissions and no more.

Generate and save

Generate the token and copy it immediately. It will not be shown again.

Save: Keep a copy of this token, you will need it later !

Usage

The generated credentials will be used to give your Host access to the container registry. They will be used for the step Container Registry Access.

Security: Store these credentials securely using environment variables or a secrets manager. Never commit them to the repository.

Target repository folder structure Create Docker Image