Merge branch 'feature/gb/download-single-job-artifact-using-api' into 'master'

Add API endpoint for downloading a single job artifact

Closes #37196

See merge request !14027

7 files changed, 279 insertions, 197 deletions

diff --git a/lib/api/api.rb b/lib/api/api.rb
index 94df543853b..1405a5d0f0e 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -108,6 +108,7 @@ module API
     mount ::API::Internal
     mount ::API::Issues
     mount ::API::Jobs
+    mount ::API::JobArtifacts
     mount ::API::Keys
     mount ::API::Labels
     mount ::API::Lint
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 3d377fdb9eb..e646c63467a 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -128,6 +128,10 @@ module API
       merge_request
     end
 
+    def find_build!(id)
+      user_project.builds.find(id.to_i)
+    end
+
     def authenticate!
       unauthorized! unless current_user && can?(initial_current_user, :access_api)
     end
@@ -160,6 +164,14 @@ module API
       authorize! :admin_project, user_project
     end
 
+    def authorize_read_builds!
+      authorize! :read_build, user_project
+    end
+
+    def authorize_update_builds!
+      authorize! :update_build, user_project
+    end
+
     def require_gitlab_workhorse!
       unless env['HTTP_GITLAB_WORKHORSE'].present?
         forbidden!('Request should be executed via GitLab Workhorse')
@@ -210,7 +222,7 @@ module API
 
     def bad_request!(attribute)
       message = ["400 (Bad request)"]
-      message << "\"" + attribute.to_s + "\" not given"
+      message << "\"" + attribute.to_s + "\" not given" if attribute
       render_api_error!(message.join(' '), 400)
     end
 
@@ -432,6 +444,10 @@ module API
       header(*Gitlab::Workhorse.send_git_archive(repository, ref: ref, format: format))
     end
 
+    def send_artifacts_entry(build, entry)
+      header(*Gitlab::Workhorse.send_artifacts_entry(build, entry))
+    end
+
     # The Grape Error Middleware only has access to env but no params. We workaround this by
     # defining a method that returns the right value.
     def define_params_for_grape_middleware
diff --git a/lib/api/job_artifacts.rb b/lib/api/job_artifacts.rb
new file mode 100644
index 00000000000..2a8fa7659bf
--- /dev/null
+++ b/lib/api/job_artifacts.rb
@@ -0,0 +1,80 @@
+module API
+  class JobArtifacts < Grape::API
+    before { authenticate_non_get! }
+
+    params do
+      requires :id, type: String, desc: 'The ID of a project'
+    end
+    resource :projects, requirements: API::PROJECT_ENDPOINT_REQUIREMENTS do
+      desc 'Download the artifacts file from a job' do
+        detail 'This feature was introduced in GitLab 8.10'
+      end
+      params do
+        requires :ref_name, type: String, desc: 'The ref from repository'
+        requires :job,      type: String, desc: 'The name for the job'
+      end
+      get ':id/jobs/artifacts/:ref_name/download',
+        requirements: { ref_name: /.+/ } do
+        authorize_read_builds!
+
+        builds = user_project.latest_successful_builds_for(params[:ref_name])
+        latest_build = builds.find_by!(name: params[:job])
+
+        present_artifacts!(latest_build.artifacts_file)
+      end
+
+      desc 'Download the artifacts file from a job' do
+        detail 'This feature was introduced in GitLab 8.5'
+      end
+      params do
+        requires :job_id, type: Integer, desc: 'The ID of a job'
+      end
+      get ':id/jobs/:job_id/artifacts' do
+        authorize_read_builds!
+
+        build = find_build!(params[:job_id])
+
+        present_artifacts!(build.artifacts_file)
+      end
+
+      desc 'Download a specific file from artifacts archive' do
+        detail 'This feature was introduced in GitLab 10.0'
+      end
+      params do
+        requires :job_id, type: Integer, desc: 'The ID of a job'
+        requires :artifact_path, type: String, desc: 'Artifact path'
+      end
+      get ':id/jobs/:job_id/artifacts/*artifact_path', format: false do
+        authorize_read_builds!
+
+        build = find_build!(params[:job_id])
+        not_found! unless build.artifacts?
+
+        path = Gitlab::Ci::Build::Artifacts::Path
+          .new(params[:artifact_path])
+        bad_request! unless path.valid?
+
+        send_artifacts_entry(build, path)
+      end
+
+      desc 'Keep the artifacts to prevent them from being deleted' do
+        success Entities::Job
+      end
+      params do
+        requires :job_id, type: Integer, desc: 'The ID of a job'
+      end
+      post ':id/jobs/:job_id/artifacts/keep' do
+        authorize_update_builds!
+
+        build = find_build!(params[:job_id])
+        authorize!(:update_build, build)
+        return not_found!(build) unless build.artifacts?
+
+        build.keep_artifacts!
+
+        status 200
+        present build, with: Entities::Job
+      end
+    end
+  end
+end
diff --git a/lib/api/jobs.rb b/lib/api/jobs.rb
index 5bab96398fd..3c1c412ba42 100644
--- a/lib/api/jobs.rb
+++ b/lib/api/jobs.rb
@@ -66,42 +66,11 @@ module API
       get ':id/jobs/:job_id' do
         authorize_read_builds!
 
-        build = get_build!(params[:job_id])
+        build = find_build!(params[:job_id])
 
         present build, with: Entities::Job
       end
 
-      desc 'Download the artifacts file from a job' do
-        detail 'This feature was introduced in GitLab 8.5'
-      end
-      params do
-        requires :job_id, type: Integer, desc: 'The ID of a job'
-      end
-      get ':id/jobs/:job_id/artifacts' do
-        authorize_read_builds!
-
-        build = get_build!(params[:job_id])
-
-        present_artifacts!(build.artifacts_file)
-      end
-
-      desc 'Download the artifacts file from a job' do
-        detail 'This feature was introduced in GitLab 8.10'
-      end
-      params do
-        requires :ref_name, type: String, desc: 'The ref from repository'
-        requires :job,      type: String, desc: 'The name for the job'
-      end
-      get ':id/jobs/artifacts/:ref_name/download',
-        requirements: { ref_name: /.+/ } do
-        authorize_read_builds!
-
-        builds = user_project.latest_successful_builds_for(params[:ref_name])
-        latest_build = builds.find_by!(name: params[:job])
-
-        present_artifacts!(latest_build.artifacts_file)
-      end
-
       # TODO: We should use `present_file!` and leave this implementation for backward compatibility (when build trace
       #       is saved in the DB instead of file). But before that, we need to consider how to replace the value of
       #       `runners_token` with some mask (like `xxxxxx`) when sending trace file directly by workhorse.
@@ -112,7 +81,7 @@ module API
       get ':id/jobs/:job_id/trace' do
         authorize_read_builds!
 
-        build = get_build!(params[:job_id])
+        build = find_build!(params[:job_id])
 
         header 'Content-Disposition', "infile; filename=\"#{build.id}.log\""
         content_type 'text/plain'
@@ -131,7 +100,7 @@ module API
       post ':id/jobs/:job_id/cancel' do
         authorize_update_builds!
 
-        build = get_build!(params[:job_id])
+        build = find_build!(params[:job_id])
         authorize!(:update_build, build)
 
         build.cancel
@@ -148,7 +117,7 @@ module API
       post ':id/jobs/:job_id/retry' do
         authorize_update_builds!
 
-        build = get_build!(params[:job_id])
+        build = find_build!(params[:job_id])
         authorize!(:update_build, build)
         return forbidden!('Job is not retryable') unless build.retryable?
 
@@ -166,7 +135,7 @@ module API
       post ':id/jobs/:job_id/erase' do
         authorize_update_builds!
 
-        build = get_build!(params[:job_id])
+        build = find_build!(params[:job_id])
         authorize!(:update_build, build)
         return forbidden!('Job is not erasable!') unless build.erasable?
 
@@ -174,25 +143,6 @@ module API
         present build, with: Entities::Job
       end
 
-      desc 'Keep the artifacts to prevent them from being deleted' do
-        success Entities::Job
-      end
-      params do
-        requires :job_id, type: Integer, desc: 'The ID of a job'
-      end
-      post ':id/jobs/:job_id/artifacts/keep' do
-        authorize_update_builds!
-
-        build = get_build!(params[:job_id])
-        authorize!(:update_build, build)
-        return not_found!(build) unless build.artifacts?
-
-        build.keep_artifacts!
-
-        status 200
-        present build, with: Entities::Job
-      end
-
       desc 'Trigger a manual job' do
         success Entities::Job
         detail 'This feature was added in GitLab 8.11'
@@ -203,7 +153,7 @@ module API
       post ":id/jobs/:job_id/play" do
         authorize_read_builds!
 
-        build = get_build!(params[:job_id])
+        build = find_build!(params[:job_id])
 
         authorize!(:update_build, build)
         bad_request!("Unplayable Job") unless build.playable?
@@ -216,14 +166,6 @@ module API
     end
 
     helpers do
-      def find_build(id)
-        user_project.builds.find_by(id: id.to_i)
-      end
-
-      def get_build!(id)
-        find_build(id) || not_found!
-      end
-
       def filter_builds(builds, scope)
         return builds if scope.nil? || scope.empty?
 
@@ -234,14 +176,6 @@ module API
 
         builds.where(status: available_statuses && scope)
       end
-
-      def authorize_read_builds!
-        authorize! :read_build, user_project
-      end
-
-      def authorize_update_builds!
-        authorize! :update_build, user_project
-      end
     end
   end
 end
diff --git a/lib/gitlab/ci/build/artifacts/metadata/entry.rb b/lib/gitlab/ci/build/artifacts/metadata/entry.rb
index 2e073334abc..22941d48edf 100644
--- a/lib/gitlab/ci/build/artifacts/metadata/entry.rb
+++ b/lib/gitlab/ci/build/artifacts/metadata/entry.rb
@@ -1,129 +1,129 @@
 module Gitlab
-  module Ci::Build::Artifacts
-    class Metadata
-      ##
-      # Class that represents an entry (path and metadata) to a file or
-      # directory in GitLab CI Build Artifacts binary file / archive
-      #
-      # This is IO-operations safe class, that does similar job to
-      # Ruby's Pathname but without the risk of accessing filesystem.
-      #
-      # This class is working only with UTF-8 encoded paths.
-      #
-      class Entry
-        attr_reader :path, :entries
-        attr_accessor :name
-
-        def initialize(path, entries)
-          @path = path.dup.force_encoding('UTF-8')
-          @entries = entries
-
-          if path.include?("\0")
-            raise ArgumentError, 'Path contains zero byte character!'
-          end
+  module Ci
+    module Build
+      module Artifacts
+        class Metadata
+          ##
+          # Class that represents an entry (path and metadata) to a file or
+          # directory in GitLab CI Build Artifacts binary file / archive
+          #
+          # This is IO-operations safe class, that does similar job to
+          # Ruby's Pathname but without the risk of accessing filesystem.
+          #
+          # This class is working only with UTF-8 encoded paths.
+          #
+          class Entry
+            attr_reader :entries
+            attr_accessor :name
+
+            def initialize(path, entries)
+              @entries = entries
+              @path = Artifacts::Path.new(path)
+            end
+
+            delegate :empty?, to: :children
+
+            def directory?
+              blank_node? || @path.directory?
+            end
+
+            def file?
+              !directory?
+            end
+
+            def blob
+              return unless file?
+
+              @blob ||= Blob.decorate(::Ci::ArtifactBlob.new(self), nil)
+            end
+
+            def has_parent?
+              nodes > 0
+            end
+
+            def parent
+              return nil unless has_parent?
+              self.class.new(@path.to_s.chomp(basename), @entries)
+            end
+
+            def basename
+              (directory? && !blank_node?) ? name + '/' : name
+            end
+
+            def name
+              @name || @path.name
+            end
+
+            def children
+              return [] unless directory?
+              return @children if @children
+
+              child_pattern = %r{^#{Regexp.escape(@path.to_s)}[^/]+/?$}
+              @children = select_entries { |path| path =~ child_pattern }
+            end
+
+            def directories(opts = {})
+              return [] unless directory?
+              dirs = children.select(&:directory?)
+              return dirs unless has_parent? && opts[:parent]
+
+              dotted_parent = parent
+              dotted_parent.name = '..'
+              dirs.prepend(dotted_parent)
+            end
+
+            def files
+              return [] unless directory?
+              children.select(&:file?)
+            end
+
+            def metadata
+              @entries[@path.to_s] || {}
+            end
+
+            def nodes
+              @path.nodes + (file? ? 1 : 0)
+            end
+
+            def blank_node?
+              @path.to_s.empty? # "" is considered to be './'
+            end
+
+            def exists?
+              blank_node? || @entries.include?(@path.to_s)
+            end
+
+            def total_size
+              descendant_pattern = %r{^#{Regexp.escape(@path.to_s)}}
+              entries.sum do |path, entry|
+                (entry[:size] if path =~ descendant_pattern).to_i
+              end
+            end
+
+            def path
+              @path.to_s
+            end
+
+            def to_s
+              @path.to_s
+            end
+
+            def ==(other)
+              path == other.path && @entries == other.entries
+            end
+
+            def inspect
+              "#{self.class.name}: #{self}"
+            end
 
-          unless path.valid_encoding?
-            raise ArgumentError, 'Path contains non-UTF-8 byte sequence!'
+            private
+
+            def select_entries
+              selected = @entries.select { |path, _metadata| yield path }
+              selected.map { |path, _metadata| self.class.new(path, @entries) }
+            end
           end
         end
-
-        delegate :empty?, to: :children
-
-        def directory?
-          blank_node? || @path.end_with?('/')
-        end
-
-        def file?
-          !directory?
-        end
-
-        def blob
-          return unless file?
-
-          @blob ||= Blob.decorate(::Ci::ArtifactBlob.new(self), nil)
-        end
-
-        def has_parent?
-          nodes > 0
-        end
-
-        def parent
-          return nil unless has_parent?
-          self.class.new(@path.chomp(basename), @entries)
-        end
-
-        def basename
-          (directory? && !blank_node?) ? name + '/' : name
-        end
-
-        def name
-          @name || @path.split('/').last.to_s
-        end
-
-        def children
-          return [] unless directory?
-          return @children if @children
-
-          child_pattern = %r{^#{Regexp.escape(@path)}[^/]+/?$}
-          @children = select_entries { |path| path =~ child_pattern }
-        end
-
-        def directories(opts = {})
-          return [] unless directory?
-          dirs = children.select(&:directory?)
-          return dirs unless has_parent? && opts[:parent]
-
-          dotted_parent = parent
-          dotted_parent.name = '..'
-          dirs.prepend(dotted_parent)
-        end
-
-        def files
-          return [] unless directory?
-          children.select(&:file?)
-        end
-
-        def metadata
-          @entries[@path] || {}
-        end
-
-        def nodes
-          @path.count('/') + (file? ? 1 : 0)
-        end
-
-        def blank_node?
-          @path.empty? # "" is considered to be './'
-        end
-
-        def exists?
-          blank_node? || @entries.include?(@path)
-        end
-
-        def total_size
-          descendant_pattern = %r{^#{Regexp.escape(@path)}}
-          entries.sum do |path, entry|
-            (entry[:size] if path =~ descendant_pattern).to_i
-          end
-        end
-
-        def to_s
-          @path
-        end
-
-        def ==(other)
-          @path == other.path && @entries == other.entries
-        end
-
-        def inspect
-          "#{self.class.name}: #{@path}"
-        end
-
-        private
-
-        def select_entries
-          selected = @entries.select { |path, _metadata| yield path }
-          selected.map { |path, _metadata| self.class.new(path, @entries) }
-        end
       end
     end
   end
diff --git a/lib/gitlab/ci/build/artifacts/path.rb b/lib/gitlab/ci/build/artifacts/path.rb
new file mode 100644
index 00000000000..9cd9b36c5f8
--- /dev/null
+++ b/lib/gitlab/ci/build/artifacts/path.rb
@@ -0,0 +1,51 @@
+module Gitlab
+  module Ci
+    module Build
+      module Artifacts
+        class Path
+          def initialize(path)
+            @path = path.dup.force_encoding('UTF-8')
+          end
+
+          def valid?
+            nonzero? && utf8?
+          end
+
+          def directory?
+            @path.end_with?('/')
+          end
+
+          def name
+            @path.split('/').last.to_s
+          end
+
+          def nodes
+            @path.count('/')
+          end
+
+          def to_s
+            @path.tap do |path|
+              unless nonzero?
+                raise ArgumentError, 'Path contains zero byte character!'
+              end
+
+              unless utf8?
+                raise ArgumentError, 'Path contains non-UTF-8 byte sequence!'
+              end
+            end
+          end
+
+          private
+
+          def nonzero?
+            @path.exclude?("\0")
+          end
+
+          def utf8?
+            @path.valid_encoding?
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/workhorse.rb b/lib/gitlab/workhorse.rb
index e5ad9b5a40c..7a94af2f8f1 100644
--- a/lib/gitlab/workhorse.rb
+++ b/lib/gitlab/workhorse.rb
@@ -121,10 +121,10 @@ module Gitlab
         ]
       end
 
-      def send_artifacts_entry(build, entry)
+      def send_artifacts_entry(build, path)
         params = {
           'Archive' => build.artifacts_file.path,
-          'Entry' => Base64.encode64(entry.path)
+          'Entry' => Base64.encode64(path.to_s)
         }
 
         [