Description
- Gitea version (or commit ref): 1.9.4
- Git version: 2.17.1
- Operating system: Ubuntu Linux Server 18.04 LTS (all packages updated to their current version)
- Database (use
[x]):- PostgreSQL
- MySQL
- MSSQL
- SQLite
- Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No
- Not relevant
- Log gist:
- Not relevant
Description
I'm looking for a way to download an attachment of a release (i.e. a zipped release binary) using Ansible's get_url (wget or curl would work as well) while exposing as little as possible of the rest of the project. The reason is, that I would like to avoid having to build a release on my server (I guess that would work with Deploy Keys).
In short, what I need is some kind of secret, similar to a Deploy Key, which allows the holder of the secret to just download any attachment of any release of a given project.
My setup:
- Everything is private (
REQUIRE_SIGNIN_VIEW = true) - Private repo
myRepois owned byme - User
ansibleis read-only contributor ofmyRepo - An Access Token exists for
ansible
I tried (amended the leading https:// and anonymized):
- my-server.example.com/gitea/attachments/<attachment_uuid>?token=<access_token>
- my-server.example.com/gitea/attachments/<attachment_uuid>?access_token=<access_token>
- my-server.example.com/gitea/me/myRepo/releases/download/v1.0/myRepo-release.zip?token=<access_token>
- my-server.example.com/gitea/me/myRepo/releases/download/v1.0/myRepo-release.zip?access_token=<access_token>
None of them seem to work, and even if they did: API access is not intended in my use-case.
BasicAuth works fine up until here, but as soon as I disable sign-in for ansible it fails too.
Is there any way to achieve what I am trying to do? Did anybody find a different approach for this?