🍫 Zartbitter

An easy to use artifact repository that allows you to have a centralized deployment of things, with version support

Concept

• Provide artifacts (files) via static storage (filesystem)
  • Serve files via HTTP(S), Gemini, …
  • Files are stored in reasonable paths in the file system, either via links or as physical files
• Artifacts and their paths are managed by the system
  • User can create new artifacts, but versions are determined by the upload
  • System uses SemVer 2.0 for artifacts
    • The newest artifact will be served without a version appendix, making it easy to provide stable download links for the latest version
    • Nightly/prerelease versions can also be shared as "the latest prerelease"
  • Each artifact will be accompanied by a set of common hashes (md5, sha1, sha256)
  • Artifacts are immutable, no changes after an upload
• Upload of artifacts happens via API tokens
  • Each upload token can update exactly a single artifact
  • Each upload token has an associated security token that is used to authenticate the upload
    • upload token can be PUBLIC
    • security token must be SECRET
  • Upload via HTTPS only, accompanied by a hash of the file for integrity verification as well as the mime type for the artifact
    • If the file version is uploaded the first time, the hashes will be computed and stored
    • Second upload will have its hash checked and verified. On mismatch, will return a HTTP 409 Conflict
• Artifacts can be accessed either publicly or can be hidden behind an access token
• Artifact metadata can be queried (same rules apply as accessing the artifact itself)
  • date of upload
  • hashes/checksums
  • size
  • mime type
• Minimal requirement for uploading/updating artifacts should be a relatively simple curl request, to make deployment from basically any platform trivial