The artifacts tab does now show up for anonymous users

artifacts

#1

But it’s still accessible if you have the exact link for a particular build.

Would be nice if you could find it too :smile:

Screenshot showing the bug


#2

This is intended behaviour—we currently disallow unauthenticated artifact downloads. We’ll see if we can enable that in the future.

EDIT: I was wrong :slight_smile: We do allow unauthenticated access. Sorry for the confusion.


#3

This is still an issue, and it’s kinda hilarious. If you open Incognito and go to a build page for any public project (mine, for example), the “Artifacts” tab isn’t visible, but if you go to the URL bar and append #artifacts, boom! Links to the artifacts show up!

Bonus: from Incognito, you can also open the URL to the JSON API to get the links to the artifacts, like this one, to continue the example above.


#4

Sorry if this isn’t a good place to ask this, but it seemed like a relevant topic.

Do you think it’d be against the “proper usage” of CircleCI to link directly to build artifacts as a way to distribute development builds? Since anonymous users can access build artifacts, this might mean for example linking to https://circleci.com/api/v1/project/Org/Repo/latest/artifacts/0/$CIRCLE_ARTIFACTS/Project.jar.

Having a way to distribute edge-builds for those who want them would be quite helpful, especially if integrated into an existing system like CircleCI.


#5

I think it would be better to deploy the files you want to share to GitHub as a release, using something similar to https://github.com/tcnksm/ghr

For example, I use the following:

- ./ghr -u drazisil -r fb-adb --replace v2.0.0-raw build/fb-adb

The--replace overwrites the older release with that tag, so https://github.com/drazisil/fb-adb/releases/download/v2.0.0-raw/fb-adb will always stay current.


#6