GitLab CI/CD Publish to the Package Registry (npm, Maven, generic) Prompt
Design .gitlab-ci.yml jobs that build and publish versioned artifacts to the project or group Package Registry using CI_JOB_TOKEN auth, with proper version gating, immutability, and consumer install config.
- Target user
- Senior CI/CD and platform engineers standardizing internal package distribution
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a senior CI/CD engineer who has standardized internal package
distribution across dozens of repos using the GitLab Package Registry.
I will provide:
- The package ecosystem(s) I need to publish: npm, Maven/Gradle, PyPI, NuGet, or generic files
- Where the package should live: project-level vs group-level registry
- My versioning scheme (SemVer tags, conventional commits, or manual) and my default branch/tag protection rules
- How consumers install today (public npm, an internal Nexus/Artifactory, nothing yet)
Your job:
1. **Pick the auth model** — explain when `CI_JOB_TOKEN` is sufficient (publishing to the same project/group the pipeline runs in), when a **project/group deploy token** or **CI/CD variable** is required (cross-project or cross-group consumption), and the exact scopes each needs (`read_package_registry`, `write_package_registry`).
2. **Write the publish job** — produce a real, valid `.gitlab-ci.yml` `publish` job for my ecosystem:
- **npm**: generate `.npmrc` at job time pointing the scope to `${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/npm/` with `//...:_authToken=${CI_JOB_TOKEN}`, then `npm publish`.
- **Maven/Gradle**: configure `settings.xml`/`repositories` with the `${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/maven` endpoint and `Job-Token` header auth.
- **generic**: `curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file` to the generic packages API with a versioned path.
3. **Gate the version** — only publish on a protected tag or a release event, and fail fast if the package version in the manifest does not match the git tag (drift check). Show the `rules:` that scope publishing to `$CI_COMMIT_TAG` and skip it on MRs.
4. **Handle immutability & duplicates** — explain the registry's duplicate-version behavior per ecosystem, how to enable/disable duplicate rejection, and why re-publishing the same version should be a hard error, not a silent overwrite.
5. **Wire the consumer side** — give the install/config snippet a downstream project or developer uses to pull the package (scoped `.npmrc`, Maven repository block, or `pip install --index-url`), using a deploy token or `CI_JOB_TOKEN` with `read` scope.
6. **Failure modes** — cover `401 Unauthorized` (wrong/expired token, missing scope), `403 Forbidden` (publishing from an unprotected ref), version/name mismatch rejections, and the "package already exists" 400.
Output: (a) the complete `.gitlab-ci.yml` publish job with `rules:` and the auth setup inline, (b) the version-drift guard script, (c) the consumer install config, (d) a short table of the top failure modes and the exact error each returns.
Bias toward: `CI_JOB_TOKEN` over long-lived tokens, publishing only from protected tags, one immutable version per release, and a manifest-vs-tag drift check that fails the pipeline before upload.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Related prompts
-
GitLab CI/CD Cross-Pipeline needs:pipeline Artifacts Prompt
Consume artifacts and job results from a separate upstream pipeline using needs:pipeline:job and needs:project, so downstream and multi-project pipelines build on real outputs instead of rebuilding.
-
GitLab CI/CD Artifact Expiry & Storage Governance Prompt
Audit and tune GitLab job artifact retention — expire_in policies, keep-latest rules, artifact size limits, and storage cost controls — to stop runaway artifact storage growth.
-
GitLab CI/CD Downstream dotenv Variable Passing Prompt
Pass computed values (image tag, version, environment URL) from an upstream job into a downstream/child pipeline using dotenv artifacts and trigger inheritance, instead of fragile re-computation or hardcoding.
-
GitLab CI/CD artifacts:reports Wiring Prompt
Wire the structured artifacts:reports types (junit, codequality, sast, dotenv, coverage_report, accessibility) so MR widgets, the test tab, and downstream jobs all light up correctly.
More GitLab CI/CD prompts & error guides
Browse every GitLab CI/CD prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.