Token for pypi deployment

There is currently a problem with the local-pypi job that is supposed to deploy the package :

$ test -z "${CI_COMMIT_TAG}" && citool deregister --git-url "${CI_SERVER_URL}" --token "${PYPI_PACKAGE_REGISTRY_TOKEN}" --project "${CI_PROJECT_ID}" --name "${PACKAGE_NAME}" --version "${PACKAGE_VERSION}"
Traceback (most recent call last):
  File "/scratch/builds/bob/bob.learn.em/venv/lib/python3.10/site-packages/gitlab/exceptions.py", line 333, in wrapped_f
    return f(*args, **kwargs)
  File "/scratch/builds/bob/bob.learn.em/venv/lib/python3.10/site-packages/gitlab/mixins.py", line 246, in list
    obj = self.gitlab.http_list(path, **data)
  File "/scratch/builds/bob/bob.learn.em/venv/lib/python3.10/site-packages/gitlab/client.py", line 942, in http_list
    gl_list = GitlabList(self, url, query_data, get_next=False, **kwargs)
  File "/scratch/builds/bob/bob.learn.em/venv/lib/python3.10/site-packages/gitlab/client.py", line 1144, in __init__
    self._query(url, query_data, **self._kwargs)
  File "/scratch/builds/bob/bob.learn.em/venv/lib/python3.10/site-packages/gitlab/client.py", line 1154, in _query
    result = self._gl.http_request("get", url, query_data=query_data, **kwargs)
  File "/scratch/builds/bob/bob.learn.em/venv/lib/python3.10/site-packages/gitlab/client.py", line 798, in http_request
    raise gitlab.exceptions.GitlabHttpError(
gitlab.exceptions.GitlabHttpError: 403: 403 Forbidden
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
  File "/scratch/builds/bob/bob.learn.em/venv/bin/citool", line 8, in <module>
    sys.exit(main())
  File "/scratch/builds/bob/bob.learn.em/venv/lib/python3.10/site-packages/citools/script.py", line 54, in main
    args.func(args)
  File "/scratch/builds/bob/bob.learn.em/venv/lib/python3.10/site-packages/citools/deregister.py", line 43, in _wrapper
    for p in proj.packages.list():
  File "/scratch/builds/bob/bob.learn.em/venv/lib/python3.10/site-packages/gitlab/exceptions.py", line 335, in wrapped_f
    raise error(e.error_message, e.response_code, e.response_body) from e
gitlab.exceptions.GitlabListError: 403: 403 Forbidden
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1

The problem is in the call of for p in proj.packages.list(): in the citools/deregister.py file.

From what I investigated, the gitlab.exceptions.GitlabListError: 403: 403 Forbidden error could indicate that no token is provided to Gitlab, and therefore the runner cannot access to the packages.

For info, proj.packages.list() calls here:

curl --header "PRIVATE-TOKEN: <token>" "https://gitlab.idiap.ch/api/v4/projects/1510/packages"

If an invalid token is given, it returns {"message":"401 Unauthorized"} but if no token is given, it returns {"message":"403 Forbidden"}

This would mean that ${PYPI_PACKAGE_REGISTRY_TOKEN} is never set.

Where is it supposed to be set?

And why not use ${CI_JOB_TOKEN} as deregister.py calls Gitlab API methods ?

Edited Oct 18, 2022 by André MAYORAZ