Artifactview

View CI build artifacts from Forgejo/Github using your web browser.

Forgejo and GitHub's CI systems allow you to upload files and directories as artifacts. These can be downloaded as zip files. However there is no simple way to view individual files of an artifact.

Artifactview is a small web application that can fetch these CI artifacts and serve their contents. If the artifact contains a website, it is displayed normally, if it consists of other files, a file listing is shown.

There is also full support for single page applications, placing a file named 200.html in the root directory it will be returned in case no file exists for the requested path.

Alternatively, if a file named 404.html exists in the root directory, it will be returned with status code 404 if no file was found.

How to use

Artifactview accepts URLs in the given format: <HOST>--<USER>--<REPO>--<RUN>-<ARTIFACT>.example.com

Example: https://github-com--theta-dev--example-project--4-11.example.com

Security considerations

It is recommended to use the whitelist feature to limit Artifactview to access only trusted servers, users and organizations.

Since many well-known URIs are used to configure security-relevant properties of a website or are used to attest ownership of a website (like .well-known/acme-challenge for issuing TLS certificates), Artifactview will serve no files from the .well-known folder.

There is a configurable limit for both the maximum downloaded artifact size and the maximum size of individual files to be served (100MB by default). Additionally there is a configurable timeout for the zip file indexing operation. These measures should protect the server againt denial-of-service attacks like overfilling the server drive or uploading zip bombs.