Automated testing

Gitlab CI – download job artifacts from a private repository

To configure a pipeline in the Gitlab CI you sometimes need to download artifacts from another job. It is not difficult and you can easily find the documentation that describes how to do it. It is here:
In the document you can see two basic ways to do that:

  • using JOB-TOKEN

As you can see, the private token should be specified in clear in the pipeline instructions. But for the JOB-TOKEN you can use the Gitlab-provided CI_JOB_TOKEN variable. The second case looks more secure, simpler, and more attractive.

When you try to get your artifacts using this method and then unzip it you can receive that message:

$ unzip
  End-of-central-directory signature not found.  Either this file is not
  a zipfile, or it constitutes one disk of a multi-part archive.  In the
  latter case the central directory and zipfile comment will be found on
  the last disk(s) of this archive.
unzip: cannot find zipfile directory in one of, and cannot find, period

This looks like the file is corrupt. You can start trying different approaches: change unzip to tar or try advice from google and unpack it with jar. Then when you realize that nothing helps you add ‘-v’ to the curl command. And somewhere in the output, you see

< HTTP/2 404

To look deeper you can print the content of the

$ cat
{"message":"404 Project Not Found"}

Now it’s absolutely clear that by some reason you can’t get the artifacts of the job.

Stop looking for mistakes in your curl command or hardcode the project Id. Most likely, the reason is – you are using a private repository that is free (not Premium, not Ultimate, but free). The usage of the CI_JOB_TOKEN variable is only available for public repositories and the private ones starting from Premium subscription.

How to download artifacts from a free private repository

1. Click your Gitlab avatar.
2. Select Preferences from the dropdown.
3. Click Access Tokens in the menu on the left side.
4. Specify the name for your new token – this can be any name you want.
5. Set the expiration date.
6. In the ‘Select scopes’ section check the ‘read-api’ option – this is enough to be able to download artifacts.
7. Click ‘Create personal access token’.
8. Now you see your token at the top of the form in the ‘Your personal access token’ field. Save that into any place as you will not be able to see that here in the future. You will only have the possibility to revoke existing tokens.
9. Go to the pipeline and use your new token.

To download the artifacts from the exact job using its Id use this (where 42 is your job Id):

curl --output --header "PRIVATE-TOKEN: <your_access_token>" "$CI_PROJECT_ID/jobs/42/artifacts"

In case is you want to download the artifacts from the latest successful run of a job, use the following:

'curl --location --output --header "PRIVATE-TOKEN: <your_access_token>" "$CI_PROJECT_ID/jobs/artifacts/main/download?job=job_name"'

Additionally I’d like to mention my post that describes the process running pytest with report publication on GitLab

By Eugene Okulik