zeus icon indicating copy to clipboard operation
zeus copied to clipboard
verified publisher icon getsentry

Upload artifacts via API with token

Open jan-auer opened this issue 8 years ago • 1 comments

Currently we use Zeus hook URLs to upload artifacts. It would be much better to use the API for this. We already have user-based and repository-based tokens which can be used for authorization.

The current endpoint also does not include the provider id and might potentially collide on external ids. For now, this will not happen as Travis and AppVeyor use different ID schemas.

Ideally, we'd split the current endpoint in two requests:

  1. Obtain the job by external build and job ID: GET /api/repos/provider/<p>/<o>/<r>/jobs?build_xid=<BUILD_ID>&job_xid=<JOB_ID>
  2. Push an artifact to the job: POST /api/repos/provider/<p>/<o>/<r>/builds/<b>/jobs/<j>/artifacts

Both requests require bearer authorization. The CLI would obtain a token from ZEUS_TOKEN and then run both requests in sequence.

jan-auer avatar Nov 14 '17 14:11 jan-auer

The reason for the hook is two fold:

  1. It automatically binds and restricts authentication on a per-repository scope. With that, it doesn't actually require authentication as the URL itself is considered authenticated.
  2. It is coupled to the provider, which means theres no concern of interacting with different systems in different ways.

I don't think its appropriate to try and replace it with a harder to use API, but thats not to say we couldn't use the API in other cases.

dcramer avatar Dec 07 '17 17:12 dcramer