🍫 Zartbitter

An easy to use artifact repository that allows you to have a centralized deployment of things, with version support

Concept

• Provide files via static storage (filesystem)
  • Serve files via HTTP(S), Gemini, …
  • Files are stored in reasonable paths in the file system, either via links or as physical files
• Artifacts and their paths are managed by the system
  • User can create new artifacts, but versions are determined by the upload
  • System uses SemVer 2.0 for artifacts
    • The newest artifact will be served without a version appendix, making it easy to provide stable download links for the latest version
    • Nightly/prerelease versions can also be shared as "the latest prerelease"
  • Each artifact will be accompanied by a set of common hashes (md5, sha1, sha256)
• Upload of artifacts happens via API tokens
  • Each upload token can update exactly a single artifact
  • Each upload token has an associated security token that is used to authenticate the upload
    • upload token can be PUBLIC
    • security token must be SECRET
  • Upload via HTTPS only, accompanied by a hash of the file for integrity verification
• Artifacts can be accessed either publicly or can be hidden behind an access token
• Artifact metadata can be queried
  • date of upload
  • hashes/checksums
  • size