Limitations capturing Artifacts inside "project" directory
Description
I was attempting to using the artifact capability to capture some generates images from a build to only be presented with messages such as:
Uploading artifacts...
WARNING: processPath: artifact path is not a subpath of project directory: /builds/my-example/output/result.txt
ERROR: No files to upload
...
I was somewhat under the assumption that any artifacts under the $CI_BUILDS_DIR
path could be captured, although looking at the documentation, it does state:
All paths to files and directories are relative to the repository where the job was created.
From what I can tell, this means only artifacts can be guaranteed to be captured from under the $GIT_CLONE_PATH
path (which may or may not be matching to $CI_BUILDS_DIR
).
I have simplified an example CI script I use to demonstration my issue:
image: alpine:latest
variables:
# my repository holds an extension implementation that can be
# tested using ci scripts -- place it in a subfolder of the
# working context since we need it beside the example tool
# that can run the extension
EXTENSION_DIR: $CI_BUILDS_DIR/my-extension
# define another folder which will hold the example tool we
# will acquire before testing
EXAMPLE_TOOL_DIR: $CI_BUILDS_DIR/my-example
# indicate where to clone our extension source into
GIT_CLONE_PATH: $CI_BUILDS_DIR/my-extension
default:
before_script:
# here we will clone the tool into the target directory
#
# emulate clone call:
# git clone --depth 1 git.example.com/example.git $EXAMPLE_TOOL_DIR
- mkdir -p $EXAMPLE_TOOL_DIR && touch $EXAMPLE_TOOL_DIR/utility
Build:
script:
# perform a build test by moving into the example tool's
# directory to prepare the invoke of the tool
- cd $EXAMPLE_TOOL_DIR
# next, we will run this utility, which will generate
# an output with some result content
#
# emulate utility run:
# ./utility EXTENSION=$EXTENSION_DIR
- mkdir -p output && touch output/result.txt
artifacts:
# we want to save the results as an artifact
paths:
- $EXAMPLE_TOOL_DIR/output/result.txt
when: always
The problem with this setup is since the utility I am using generates outputs outside $GIT_CLONE_PATH
, I cannot capture the results due to the path restrictions set by the runner. The only workaround I have in this scenario is to copy resources into (or in a sub-folder) under $GIT_CLONE_PATH
after a build (or configure the utility to generate the output in a same sub-folder under the clone path). The workarounds are less than ideal.
While I assume there may be some desired use case to prevent capturing results outside the clone path, I feel that this may not always be the case for all users.
Proposal
Two proposals off hand would be to:
- Remove the logic restricting relative/absolute paths for captured artifacts; or,
- Provide an option that allows users to override any restrictions. For example, a proposed
strict-paths
option:
artifacts:
paths:
- ...
strict-paths: false
when: always