Allow sessionless users to download releases (!109217) · Merge requests · GitLab.org / GitLab

Allen Cook requested to merge 375489-download-install-gitlab-release-binary-via-private-homebrew-tap into master Jan 18, 2023

What does this MR do and why?

Allows release files to be downloaded from private projects with access tokens

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Enable the feature flag Feature.enable(:allow_release_as_web_access_format)
Setup a private project with a release
Add a release binary to that release with the API (/api/v4/projects/PROJ_ID/releases/REL_NAME/assets/links with a body describing the new release. { "name": "linkname","url": "URL", "filepath": "link.zip" }
The response should contain direct_asset_url, copy that for the next step
Get the direct_asset_url using an access token (i.e. curl --request GET --url 'direct_asset_url' --header 'Authorization: Bearer TOKEN')
You should see a response redirecting you to the original URL

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #375489 (closed)

Edited Jan 18, 2023 by Allen Cook

Allow sessionless users to download releases

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports