Block Artifact Download
Problem to solve
The use case is wanting to have a pipeline that compiles application code in one job, then packages the binary in a Docker image in a subsequent job, and the binary is not to be downloadable outside of the running pipeline. The cache feature is meant for dependencies. Using cache could prevent compiler output files (.class, .o, the final jar or exe, etc) from being created from the new code. The artifacts keyword passes the file between jobs, but also makes it downloadable by anyone with appropriate access to the project. The Jenkins stash feature sits between GitLab's cache and artifacts, in that it's for artifacts but without exposing them outside the pipeline.
The option to block artifact downloads. An extra keyword to make the artifacts pipeline-internal such that they're not downloadable and expire (are deleted) at the end of the pipeline.
Technical Proposal
Currently, we have the artifacts:public keyword to control whether artifacts can be accessible from non-members.
Here, we want to have another access setting. We can have a new attribute for artifacts: access; it can be used to replace the public keyword and handle this case.
Maybe this;
job:
artifacts:
access: none # public (default), member, none-
publicandaccesswill not be used together.-publicwill be deprecated/discouraged. We can't remove this now but maybe 1-2 major milestones later. - Artifact access will not be related to reports.
Out of scope
- Deletion of these artifacts when the pipeline is complete.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.