Add artifact visibility settings
Release notes
Problem to solve
Pipelines may generate artifacts with sensitive information, and there is no ability to change artifact visibility without changing Pipeline visibility for public projects. Guest permissions allow artifact download in private projects.
Intended users
User experience goal
Proposal
Two Options (not mutually exclusive):
- Add an option in Project Visibility specific to Artifacts and the required permission level to download or view.
- Add option to CI Configuration
artifacts:
likeprivate: true
that restricts the downloading of artifacts by users but still allows them to be consumed by downstream jobs.
Further details
Some pipelines, such as
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
Links / references
Edited by Thao Yeager