Skip to content

Use read_job_artifacts based solely on job artifacts accessibility

Dmytro Biryukov requested to merge dbiryukov_move_read_job_artifacts_ability_to_job_artifacts_policy_mr-428939 into master

What does this MR do and why?

Reference issue: #428939 (closed)

The feature flag non_public_artifacts is disabled on SaaS for the non-performant reason.

We made the following improvements:

  1. MR - Persist artifacts:public to Ci::JobArtifact table
  2. MR - Fix artifacts:public accessiblity parameter

The main goal of improvements is to persist aritfacts:public in DB and avoid expensive deep calls to options in order to read the expected access level.

Retaining the 'read_job_artifacts' policy on the build/job level still allows for resource-intensive deep calls and blocks non_public_artifacts rollout.

This MR is refactor :read_job_artifacts policy - to remove options.dig(:artifacts, :public)

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

  1. Switch on a feature flag: Feature.enable(:non_public_artifacts)
  2. Define public artifacts
rspec:
  artifacts:
    path: folder/
    public: true
  1. Create any scenario and generate public/private artifacts
  2. Check if the user can read any public/private artifacts

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Dmytro Biryukov

Merge request reports