Gitlab 可以向匿名用户公开构建和覆盖徽章吗?
Can Gitlab expose build and coverage badges to anonymous users?
我们在 GitHub 上托管一些存储库,在 GitLab 上托管其他一些存储库。
有时,发布了包但没有发布源代码。
我们始终在 README.md 中显示构建状态和代码覆盖率。
有没有办法让 GitLab 上的构建和覆盖徽章始终可供匿名访问?
紧随其后的是issue 13324
它包括:
FYI, I have a workaround for this using the GitLab API.
It assumes you have created a token in GitLab for a user (Note: That "user" needn't necessarily be Human - my use case is to display a badge on a dashboard hosted on a different VM).
<img src="https://<gitlab-uri>/<namespace>/<project>/badges/<branch>/build.svg?private_token=<token>
2018 年 12 月更新:无法通过令牌登录(参见 Paul B.'s )。
这是因为“Improper Enforcement of Token Scope”:
The GitLab web interface was vulnerable to an authorization issue that allowed access to the web-UI as a user using their Personal Access Token (PAT) of any scope.
The issue is now mitigated in the latest release and is assigned CVE-2018-19569.
但是...:[=21=]
Updated: 2018-11-28: We have received reports that this change has impacted how repo files and job artifacts are downloaded for some users.
For instructions on how to do so through the API, please see our support issue.
你还有一个 current workaround 重复 API 访问:
可以使用特定文件名(徽标)将项目头像添加到项目存储库,然后此文件将用于头像。这里有一个例子:
https://gitlab.com/issue-reproduce/project-avatar-repo
You'll be able to retrieve the files through the Repository Files API:
https://docs.gitlab.com/ee/api/repository_files.html#get-file-from-repository
Example:
https://gitlab.com/api/v4/projects/issue-reproduce%2Fproject-avatar-repo/repository/files/logo.png?ref=master
自 Gitlab release 11.4.8 以来,不可能再通过个人访问令牌公开项目的徽章。因为改变“
将个人访问令牌限制在 Web 请求的 API 范围内。“
删除此 "workaround" 的提交是 published as a security fix
目前正在讨论 ongoing issue 以寻找其他解决方案。让我们看看进展如何。
我们在 GitHub 上托管一些存储库,在 GitLab 上托管其他一些存储库。
有时,发布了包但没有发布源代码。
我们始终在 README.md 中显示构建状态和代码覆盖率。
有没有办法让 GitLab 上的构建和覆盖徽章始终可供匿名访问?
紧随其后的是issue 13324
它包括:
FYI, I have a workaround for this using the GitLab API.
It assumes you have created a token in GitLab for a user (Note: That "user" needn't necessarily be Human - my use case is to display a badge on a dashboard hosted on a different VM).
<img src="https://<gitlab-uri>/<namespace>/<project>/badges/<branch>/build.svg?private_token=<token>
2018 年 12 月更新:无法通过令牌登录(参见 Paul B.'s
这是因为“Improper Enforcement of Token Scope”:
The GitLab web interface was vulnerable to an authorization issue that allowed access to the web-UI as a user using their Personal Access Token (PAT) of any scope.
The issue is now mitigated in the latest release and is assigned CVE-2018-19569.
但是...:[=21=]
Updated: 2018-11-28: We have received reports that this change has impacted how repo files and job artifacts are downloaded for some users.
For instructions on how to do so through the API, please see our support issue.
你还有一个 current workaround 重复 API 访问:
可以使用特定文件名(徽标)将项目头像添加到项目存储库,然后此文件将用于头像。这里有一个例子:
https://gitlab.com/issue-reproduce/project-avatar-repo
You'll be able to retrieve the files through the Repository Files API:
https://docs.gitlab.com/ee/api/repository_files.html#get-file-from-repository
Example:
https://gitlab.com/api/v4/projects/issue-reproduce%2Fproject-avatar-repo/repository/files/logo.png?ref=master
自 Gitlab release 11.4.8 以来,不可能再通过个人访问令牌公开项目的徽章。因为改变“ 将个人访问令牌限制在 Web 请求的 API 范围内。“
删除此 "workaround" 的提交是 published as a security fix
目前正在讨论 ongoing issue 以寻找其他解决方案。让我们看看进展如何。