Add artifact visibility settings

Release notes

Problem to solve

Pipelines may generate artifacts with sensitive information, and there is no ability to change artifact visibility without changing Pipeline visibility for public projects. Guest permissions allow artifact download in private projects.

Intended users

Devon (DevOps Engineer)
Sidney (Systems Administrator)
Sam (Security Analyst)

User experience goal

Proposal

Two Options (not mutually exclusive):

Add an option in Project Visibility specific to Artifacts and the required permission level to download or view.
Add option to CI Configuration artifacts: like private: true that restricts the downloading of artifacts by users but still allows them to be consumed by downstream jobs.

Further details

Some pipelines, such as

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

Links / references

/cc @nicholasklick @nagyv-gitlab

Edited Sep 01, 2020 by Thao Yeager