10. Package & Infrastructure Registries

As companies scale their operations, sharing packages (like library utilities, React UI packages, or python algorithms) across different repositories becomes essential. Additionally, organizations adopting Infrastructure as Code (IaC) need a highly secure, collaborative place to store their backend state. GitLab includes fully integrated Package Registries and an Infrastructure Registry to act as a secure vault for these assets.

GitLab Package Registry

GitLab can act as a private package repository for almost all major ecosystem package managers:

• NPM Registry: Publish and download Node.js components.
• PyPI Registry: Store private Python libraries (`.whl` files).
• Maven & Gradle: Share Java/Kotlin compiled JARs.
• NuGet Registry: Manage .NET assemblies and DLL packages.
• Composer: Share PHP dependencies.

Example: Publishing an NPM Package via GitLab CI

To publish a package, you add authentication details pointing to the GitLab registry endpoint in your package.json or .npmrc:

# .npmrc configuration pointing to GitLab instance
@scope:registry=https://gitlab.com/api/v4/packages/npm/
//gitlab.com/api/v4/packages/npm/:_authToken=${CI_JOB_TOKEN}

Then, inside your `.gitlab-ci.yml`, publish your library with:

publish_npm_library:
  stage: deploy
  image: node:18-alpine
  script:
    - npm run build
    - npm publish
  rules:
    - if: $CI_COMMIT_TAG # Only run when a new git version tag is pushed

Infrastructure Registry: Remote Terraform States

When utilizing Terraform, managing the state file (`terraform.tfstate`) is highly critical. If two developers run Terraform simultaneously, or the file is lost, your real cloud infrastructure can become corrupted. GitLab includes a Managed Terraform State Backend.

Using GitLab's Terraform backend offers:

• State Locking: Automatically locks the state file during active runs, blocking other developers or pipelines from triggering concurrent conflicting adjustments.
• State Versioning & Auditing: Full version history of your state files, showing who applied which modification and when.
• Encrypted Storage: High-security encryption at rest for files containing sensitive cloud passwords.

Configuring the GitLab Terraform Backend

To connect Terraform to GitLab's state backend, you configure your Terraform code block using standard HTTP integration:

terraform {
  backend "http" {
    # Handled dynamically by GitLab CI environmental flags
  }
}

Inside your pipeline, GitLab provides pre-configured scripts to execute Terraform commands cleanly:

include:
  - template: Jobs/Terraform.gitlab-ci.yml

stages:
  - validate
  - test
  - deploy

# GitLab's standard template automatically configures remote states, validation, plan outputs, and safe applies!