🍫 Zartbitter
An easy to use artifact repository that allows you to have a centralized deployment of things, with version support
Concept
- Provide artifacts (files) via static storage (filesystem)
- Serve files via HTTP(S), Gemini, …
- Files are stored in reasonable paths in the file system, either via links or as physical files
- Artifacts should be accessible in a nice and human-friendly way.
- Example:
download.random-projects.net/files/kristall-windows-x86_64-1.3.1-alpha.zip
- Artifacts and their paths are managed by the system
- User can create new artifacts, but versions are determined by the upload
- System uses SemVer 2.0 for artifacts
- The newest artifact will be served without a version appendix, making it easy to provide stable download links for the latest version
- Nightly/prerelease versions can also be shared as "the latest prerelease"
- Each artifact will be accompanied by a set of common hashes (md5, sha1, sha256)
- Artifacts are immutable, no changes after an upload
- Upload of artifacts happens via API tokens
- Each upload token can update exactly a single artifact
- Each upload token has an associated security token that is used to authenticate the upload
-
upload token can be PUBLIC
-
security token must be SECRET
- Upload via HTTPS only, accompanied by a hash of the file for integrity verification as well as the mime type for the artifact
- If the file version is uploaded the first time, the hashes will be computed and stored
- Second upload will have its hash checked and verified. On mismatch, will return a HTTP 409 Conflict
- Artifacts can be accessed either publicly or can be hidden behind an access token
- Artifact metadata can be queried (same rules apply as accessing the artifact itself)
- date of upload
- hashes/checksums
- size
- mime type
- Minimal requirement for uploading/updating artifacts should be a relatively simple
curl
request, to make deployment from basically any platform trivial