Environment variables in dependabot.yml?

Question

I'm trying to set up dependabot-standalone to run in a GitLab-CI pipeline in a private instance.

It's an npm package and I'm using a private npm registry to fetch my dependencies from. According to the docs, I should set up my registry access data within the .gitlab/dependabot.yml file.

The docs for settings in dependabot.yml clearly say how to set up the credentials to access a given registry:

registries:
  npm-npmjs:
    type: npm-registry
    url: https://registry.npmjs.org
    username: octocat
    password: ${{secrets.MY_NPM_PASSWORD}}  # Must be an unencoded password

registries:
  npm-github:
    type: npm-registry
    url: https://npm.pkg.github.com
    token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}}

But only for its use in GitHub with project secrets. Is there a way to use GitLab's custom defined CI/CD variables instead?

So far I have unsuccessfully tried to use ${{CI_PRIVATE_NPM_ACCESS_TOKEN}} and ${CI_PRIVATE_NPM_ACCESS_TOKEN}

Answer 1

I think npm-login-noninteractive could be helpful in this case.

job-name:
  script:
    - npm install -g npm-login-noninteractive
    - NPM_USER=testUser NPM_PASS=testPass [email protected] NPM_REGISTRY=your.npm.com npm-login-noninteractive

Other possible useful answers, here: How to set npm credentials using `npm login` without reading from stdin?

---

According to this example, you need to set the following environment variables within GitLab:

• SETTINGS__GITHUB_ACCESS_TOKEN
• SETTINGS__GITLAB_ACCESS_TOKEN

To set these variables at the project level, within GitLab go to: Project -> Settings -> CI/CD -> Variables.