This is a GitHub Action that can be used by workflows in the qualcomm-linux organization to publish CI artifacts that aren't approved for public distribution.
See the unit test for examples.
The backend API is a simple serverless application that can handle PUT requests from this service by:
-
Validating the
ACTIONS_RUNTIME_TOKENJWT. This token includes information about the Run ID and Runner ID its representing. The server can compare that to the URL its attempting to write to and verify it coming from an active Run that should be allowed to upload. -
Creating a Signed URL to an object store.
The flow looks something like:
Action FileServer Google storage
PUT foo.txt -> Validate JWT
<- Generate Signed URL
PUT ${URL} -----------------------------> foo.txt
upload-private-artifact-action is licensed under the BSD-3-clause License. See LICENSE.txt for the full license text.