Github Actions Download 'LINK' Artifact From Other Repository
Alcibiades Balasubramaniam
...but how do you download the asset/artifact? I think up/download-artifact is intended only to be used only from the same workflow, and there doesn't seem to be an action for downloading a release asset.
You can enable GitHub Actions for your repository. When you enable GitHub Actions, workflows are able to run actions and reusable workflows located within your repository and any other public repository. You can disable GitHub Actions for your repository altogether. When you disable GitHub Actions, no workflows run in your repository.
If you choose Allow OWNER, and select non-OWNER, actions and reusable workflows, actions and reusable workflows within your organization are allowed, and there are additional options for allowing other specific actions and reusable workflows. For more information, see "Allowing select actions and reusable workflows to run."
When you allow actions and reusable workflows from only in your organization, the policy blocks all access to actions authored by GitHub. For example, the actions/checkout action would not be accessible.
When you choose Allow OWNER, and select non-OWNER, actions and reusable workflows, local actions and reusable workflows are allowed, and there are additional options for allowing other specific actions and reusable workflows:
Allow actions created by GitHub: You can allow all actions created by GitHub to be used by workflows. Actions created by GitHub are located in the actions and github organizations. For more information, see the actions and github organizations.
Anyone can fork a public repository, and then submit a pull request that proposes changes to the repository's GitHub Actions workflows. Although workflows from forks do not have access to sensitive data such as secrets, they can be an annoyance for maintainers if they are modified for abusive purposes.
By default, when you create a new repository in your personal account, GITHUB_TOKEN only has read access for the contents and packages scopes. If you create a new repository in an organization, the setting is inherited from what is configured in the organization settings.
By default, when you create a new repository in your personal account, workflows are not allowed to create or approve pull requests. If you create a new repository in an organization, the setting is inherited from what is configured in the organization settings.
You can use the steps below to configure whether actions and reusable workflows in a private repository can be accessed from outside the repository. For more information, see "Sharing actions and workflows from your private repository" and "Sharing actions and workflows with your organization." Alternatively, you can use the REST API to set, or get details of the level of access. For more information, see "GitHub Actions Permissions" and "GitHub Actions Permissions."
I have a private GitHub repository A that builds a library via GitHub Actions and uploads the built library as artifact at the end of the build workflow. This repository including the built library has to stay private due to license reasons.
Another public repository B should now link against that library during its GitHub Actions based build workflow. I only know the usual upload-artifact and download-artifact actions that can be used to manage actions within a workflow, but this does not seem like a solution to my problem.
I realized it would be a lot easier to access release assets of repository A instead of workflow artifacts. There are multiple ready-to-use actions that allow uploading releases from within a workflow run.
I created a private and a public test repository where the private repository has a single release with a simple text file asset and the public repository has a simple Actions workflow that fetches the asset from the private repo. It uses GitHub CLI with a command like gh release download --repo . You find the repository here.
Rather than copying and pasting from one workflow to another, you can make workflows reusable. You and anyone with access to the reusable workflow can then call the reusable workflow from another workflow.
Reusing workflows avoids duplication. This makes workflows easier to maintain and allows you to create new workflows more quickly by building on the work of others, just as you do with actions. Workflow reuse also promotes best practice by helping you to use workflows that are well designed, have already been tested, and have been proven to be effective. Your organization can build up a library of reusable workflows that can be centrally maintained.
If you reuse a workflow from a different repository, any actions in the called workflow run as if they were part of the caller workflow. For example, if the called workflow uses actions/checkout, the action checks out the contents of the repository that hosts the caller workflow, not the called workflow.
Note: To enhance security, GitHub Actions does not support redirects for actions or reusable workflows. This means that when the owner, name of an action's repository, or name of an action is changed, any workflows using that action with the previous name will fail.
The assignment of GitHub-hosted runners is always evaluated using only the caller's context. Billing for GitHub-hosted runners is always associated with the caller. The caller workflow cannot use GitHub-hosted runners from the called repository. For more information, see "Using GitHub-hosted runners."
Reusable workflows are YAML-formatted files, very similar to any other workflow file. As with other workflow files, you locate reusable workflows in the .github/workflows directory of a repository. Subdirectories of the workflows directory are not supported.
For more information on using job outputs, see "Workflow syntax for GitHub Actions." If you want to share something other than a variable (e.g. a build artifact) between workflows, see "Storing workflow data as artifacts."
When you check out Azure Repos Git repositories other than the one containing the pipeline, you may be prompted to authorize access to that resource before the pipeline runs for the first time.For more information, see Why am I prompted to authorize resources the first time I try to check out a different repository? in the FAQ section.
In the following example, three repositories are declared as repository resources. The Azure Repos Git repository in another organization, GitHub, and Bitbucket Cloud repository resources require service connections, which are specified as the endpoint for those repository resources. This example has four checkout steps, which checks out the three repositories declared as repository resources along with the current self repository that contains the pipeline YAML.
Only Azure Repos Git repositories in the same organization can use the inline syntax. Azure Repos Git repositories in a different organization, and other supported repository types require a service connection and must be declared as a repository resource.
When a pipeline is triggered, Azure Pipelines has to determine the version of the YAML file that should be used and a version for each repository that should be checked out. If a change to the self repository triggers a pipeline, then the commit that triggered the pipeline is used to determine the version of the YAML file. If a change to any other repository resource triggers the pipeline, then the latest version of YAML from the default branch of self repository is used.
For the triggering repository, the commit that triggered the pipeline determines the version of the code that is checked out. For other repositories, the ref defined in the YAML for that repository resource determines the default version that is checked out.
Azure Pipelines provides a Limit job authorization scope to current project setting, that when enabled, doesn't permit the pipeline to access resources outside of the project that contains the pipeline. This setting can be set at either the organization or project level. If this setting is enabled, you won't be able to check out a repository in another project unless you explicitly grant access. For more information, see Job authorization scope.
To authenticate towards a Git repository over HTTPS using basic accessauthentication (in other words: using a username and password), the referencedSecret is expected to contain .data.username and .data.password values.
To authenticate towards a Git repository over HTTPS using bearer tokenauthentication (in other words: using a Authorization: Bearer header), the referencedSecret is expected to contain the token in .data.bearerToken.
The .fromPath and .toPath fields allow you to limit the files included, andwhere they will be copied to. If you do not specify a value for .fromPath,all files from the referenced GitRepository Artifact will be included. The.toPath defaults to the .repository.name (e.g. ./other-repository/*).
The release of @actions/artifact@v2 (including upload-artifact@v4 and download-artifact@v4) are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.
It may be useful to download Artifacts from other workflow runs, or even other repositories. By default, the permissions are scoped so they can only download Artifacts within the current workflow run. To elevate permissions for this scenario, you must specify options.findBy to downloadArtifact.
If you have large files that need to be uploaded (or file types that don't compress well), you may benefit from changing the compression level of the Artifact archive. NOTE: This is a tradeoff between artifact upload time and stored data size.
The job starts by using the actions/download-artifact@v3 action to download the artifact named Build (specified by the name input argument) at the location build (specified by the path input argument).
Neither of those arguments is mandatory. Omitting the name argument means that the action downloads all artifacts that are available for download. Omitting the path argument means that the action downloads the artifacts to the current working directory of the actions runtime.
f5d0e4f075