Commit aa2caa54 authored by Eric Engestrom's avatar Eric Engestrom

Allow `$CI_JOB_TOKEN` on all the Jobs Artifacts API download endpoints

Specifically, the "download all artifact from this job ID" and the
"download all artifact from the last successful run of this job name on
this branch name" endpoints allowed this, but the "download a single
artifact file from this job ID" and "download a single artifact file
from the last successful run of this job name on this branch name"
endpoints didn't.

This makes all of them behave the same way with $CI_JOB_TOKEN.
parent d071b6ae
---
title: Allow `$CI_JOB_TOKEN` to access the "Download a single artifact file" endpoints of the Jobs Artifacts API.
merge_request: 55042
author: Eric Engestrom @1ace
type: changed
...@@ -128,7 +128,8 @@ Possible response status codes: ...@@ -128,7 +128,8 @@ Possible response status codes:
## Download a single artifact file by job ID ## Download a single artifact file by job ID
> Introduced in GitLab 10.0 > - Introduced in GitLab 10.0.
> - The use of `CI_JOB_TOKEN` in the artifacts download API was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55042) in [GitLab Premium](https://about.gitlab.com/pricing/) 13.10.
Download a single artifact file from a job with a specified ID from inside Download a single artifact file from a job with a specified ID from inside
the job's artifacts zipped archive. The file is extracted from the archive and the job's artifacts zipped archive. The file is extracted from the archive and
...@@ -145,6 +146,7 @@ Parameters ...@@ -145,6 +146,7 @@ Parameters
| `id` | integer/string | yes | ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user. | | `id` | integer/string | yes | ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user. |
| `job_id` | integer | yes | The unique job identifier. | | `job_id` | integer | yes | The unique job identifier. |
| `artifact_path` | string | yes | Path to a file inside the artifacts archive. | | `artifact_path` | string | yes | Path to a file inside the artifacts archive. |
| `job_token` **(PREMIUM)** | string | no | To be used with [triggers](../ci/triggers/README.md#when-a-pipeline-depends-on-the-artifacts-of-another-pipeline) for multi-project pipelines. It should be invoked only inside `.gitlab-ci.yml`. Its value is always `$CI_JOB_TOKEN`. |
Example request: Example request:
...@@ -162,7 +164,8 @@ Possible response status codes: ...@@ -162,7 +164,8 @@ Possible response status codes:
## Download a single artifact file from specific tag or branch ## Download a single artifact file from specific tag or branch
> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/23538) in GitLab 11.5. > - [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/23538) in GitLab 11.5.
> - The use of `CI_JOB_TOKEN` in the artifacts download API was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55042) in [GitLab Premium](https://about.gitlab.com/pricing/) 13.10.
Download a single artifact file for a specific job of the latest successful Download a single artifact file for a specific job of the latest successful
pipeline for the given reference name from inside the job's artifacts archive. pipeline for the given reference name from inside the job's artifacts archive.
...@@ -185,6 +188,7 @@ Parameters: ...@@ -185,6 +188,7 @@ Parameters:
| `ref_name` | string | yes | Branch or tag name in repository. `HEAD` or `SHA` references are not supported. | | `ref_name` | string | yes | Branch or tag name in repository. `HEAD` or `SHA` references are not supported. |
| `artifact_path` | string | yes | Path to a file inside the artifacts archive. | | `artifact_path` | string | yes | Path to a file inside the artifacts archive. |
| `job` | string | yes | The name of the job. | | `job` | string | yes | The name of the job. |
| `job_token` **(PREMIUM)** | string | no | To be used with [triggers](../ci/triggers/README.md#when-a-pipeline-depends-on-the-artifacts-of-another-pipeline) for multi-project pipelines. It should be invoked only inside `.gitlab-ci.yml`. Its value is always `$CI_JOB_TOKEN`. |
Example request: Example request:
......
...@@ -45,6 +45,7 @@ module API ...@@ -45,6 +45,7 @@ module API
requires :job, type: String, desc: 'The name for the job' requires :job, type: String, desc: 'The name for the job'
requires :artifact_path, type: String, desc: 'Artifact path' requires :artifact_path, type: String, desc: 'Artifact path'
end end
route_setting :authentication, job_token_allowed: true
get ':id/jobs/artifacts/:ref_name/raw/*artifact_path', get ':id/jobs/artifacts/:ref_name/raw/*artifact_path',
format: false, format: false,
requirements: { ref_name: /.+/ } do requirements: { ref_name: /.+/ } do
...@@ -84,6 +85,7 @@ module API ...@@ -84,6 +85,7 @@ module API
requires :job_id, type: Integer, desc: 'The ID of a job' requires :job_id, type: Integer, desc: 'The ID of a job'
requires :artifact_path, type: String, desc: 'Artifact path' requires :artifact_path, type: String, desc: 'Artifact path'
end end
route_setting :authentication, job_token_allowed: true
get ':id/jobs/:job_id/artifacts/*artifact_path', format: false do get ':id/jobs/:job_id/artifacts/*artifact_path', format: false do
authorize_download_artifacts! authorize_download_artifacts!
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment