Search code examples
gitlabcontinuous-integrationcontinuous-deployment

Cannot understand how to download secure files in GitLab


I have uploaded a file named example.conf in the repository's secure files and want to download that file while running the CI / CD pipeline script. I followed the Project-level Secure Files section in the GitLab documentation, but still I do not understand what the correct path to the file should be.

My attempt was this: curl --header "JOB-TOKEN: $CI_JOB_TOKEN" https://gitlab.com/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/download-secure-files/-/example.conf

Which is apparently incorrect as I get the response:

<html><body>You are being <a href="https://gitlab.com/users/sign_in">redirected</a>.</body></html>

I cannot access that file even if I try to do so through the browser, while the URL provided in the documentation works. I don't understand what the URL should consist of, as using https://gitlab.com/<GROUP_NAME>/<PROJECT_NAME>/download-secure-files/-/<FILE_NAME> does not work.

So, how do I access the GitLab secure files from the URL?


Solution

  • Well, I didn't figure out how to how to do it using the download-secure-files tool but the GitLab provides the API for working with secure files so I used that instead. My approach includes downloading data about secure files stored in the repository, extracting filename and id pairs and downloading each file.

    1. Download data about secure files stored in this project:
    curl --request GET -H "JOB-TOKEN: $CI_JOB_TOKEN" https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/secure_files > secure_files.json
    
    1. Extract file id and name.
    cat secure_files.json | jq '.[] | "\(.id),\(.name)"' | tr -d '"' > files.txt
    
    1. Download file contents.
    while IFS=, read -a line;
    do set -- "${line[@]}";
        curl --request GET --header "JOB-TOKEN: $CI_JOB_TOKEN" https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/secure_files/$1/download > $2;
    done < files.txt
    

    Note: this only works in bash shell due to usage of, for example, -a flag in read command. I am not familiar enough with shell scripting to make this any more compatible or efficient.