Feature non-zipped actions artifacts (action v7 / nodejs / npm v6.2.0)

models/actions/artifact.go

@@ -53,6 +53,11 @@ func init() {
 	db.RegisterModel(new(ActionArtifact))
 }
 
+const (
+	ContentEncodingV3Gzip = "gzip"
+	ContentTypeZip        = "application/zip"
+)
+
 // ActionArtifact is a file that is stored in the artifact storage.
 type ActionArtifact struct {
 	ID                 int64 `xorm:"pk autoincr"`
@@ -61,16 +66,26 @@ type ActionArtifact struct {
 	RepoID             int64 `xorm:"index"`
 	OwnerID            int64
 	CommitSHA          string
-	StoragePath        string             // The path to the artifact in the storage
-	FileSize           int64              // The size of the artifact in bytes
-	FileCompressedSize int64              // The size of the artifact in bytes after gzip compression
-	ContentEncoding    string             // The content encoding of the artifact
-	ArtifactPath       string             `xorm:"index unique(runid_name_path)"` // The path to the artifact when runner uploads it
-	ArtifactName       string             `xorm:"index unique(runid_name_path)"` // The name of the artifact when runner uploads it
-	Status             ArtifactStatus     `xorm:"index"`                         // The status of the artifact, uploading, expired or need-delete
-	CreatedUnix        timeutil.TimeStamp `xorm:"created"`
-	UpdatedUnix        timeutil.TimeStamp `xorm:"updated index"`
-	ExpiredUnix        timeutil.TimeStamp `xorm:"index"` // The time when the artifact will be expired
+	StoragePath        string // The path to the artifact in the storage
+	FileSize           int64  // The size of the artifact in bytes
+	FileCompressedSize int64  // The size of the artifact in bytes after gzip compression
+
+	// The content encoding or content type of the artifact
+	// * empty or null: legacy (v3) uncompressed content
+	// * magic string "gzip" (ContentEncodingV3Gzip): v3 gzip compressed content
+	//   * requires gzip decoding before storing in a zip for download
+	//   * requires gzip content-encoding header when downloaded single files within a workflow
+	// * mime type for "Content-Type":
+	//   * "application/zip" (ContentTypeZip), seems to be an abuse, fortunately there is no conflict, and it won't cause problems?
+	//   * "application/pdf", "text/html", etc.: real content type of the artifact
+	ContentEncodingOrType string `xorm:"content_encoding"`
+
+	ArtifactPath string             `xorm:"index unique(runid_name_path)"` // The path to the artifact when runner uploads it
+	ArtifactName string             `xorm:"index unique(runid_name_path)"` // The name of the artifact when runner uploads it
+	Status       ArtifactStatus     `xorm:"index"`                         // The status of the artifact, uploading, expired or need-delete
+	CreatedUnix  timeutil.TimeStamp `xorm:"created"`
+	UpdatedUnix  timeutil.TimeStamp `xorm:"updated index"`
+	ExpiredUnix  timeutil.TimeStamp `xorm:"index"` // The time when the artifact will be expired
 }
 
 func CreateArtifact(ctx context.Context, t *ActionTask, artifactName, artifactPath string, expiredDays int64) (*ActionArtifact, error) {
@@ -156,7 +171,8 @@ func (opts FindArtifactsOptions) ToConds() builder.Cond {
 	}
 	if opts.FinalizedArtifactsV4 {
 		cond = cond.And(builder.Eq{"status": ArtifactStatusUploadConfirmed}.Or(builder.Eq{"status": ArtifactStatusExpired}))
-		cond = cond.And(builder.Eq{"content_encoding": "application/zip"})
+		// see the comment of ActionArtifact.ContentEncodingOrType: "*/*" means the field is a content type
+		cond = cond.And(builder.Like{"content_encoding", "%/%"})
 	}
 
 	return cond

models/fixtures/action_artifact.yml

@@ -141,3 +141,39 @@
   created_unix: 1730330775
   updated_unix: 1730330775
   expired_unix: 1738106775
+
+-
+  id: 26
+  run_id: 792
+  runner_id: 1
+  repo_id: 4
+  owner_id: 1
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  storage_path: "27/5/1730330775594233150.chunk"
+  file_size: 1024
+  file_compressed_size: 1024
+  content_encoding: "application/pdf"
+  artifact_path: "report.pdf"
+  artifact_name: "report.pdf"
+  status: 2
+  created_unix: 1730330775
+  updated_unix: 1730330775
+  expired_unix: 1738106775
+
+-
+  id: 27
+  run_id: 792
+  runner_id: 1
+  repo_id: 4
+  owner_id: 1
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  storage_path: "27/5/1730330775594233150.chunk"
+  file_size: 1024
+  file_compressed_size: 1024
+  content_encoding: "application/html"
+  artifact_path: "report.html"
+  artifact_name: "report.html"
+  status: 2
+  created_unix: 1730330775
+  updated_unix: 1730330775
+  expired_unix: 1738106775

modules/actions/artifacts.go

@@ -5,44 +5,66 @@ package actions
 
 import (
 	"net/http"
+	"path"
+	"strings"
 
 	actions_model "code.gitea.io/gitea/models/actions"
+	"code.gitea.io/gitea/modules/httplib"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/services/context"
 )
 
-// Artifacts using the v4 backend are stored as a single combined zip file per artifact on the backend
-// The v4 backend ensures ContentEncoding is set to "application/zip", which is not the case for the old backend
+// IsArtifactV4 detects whether the artifact is likely from v4.
+// V4 backend stores the files as a single combined zip file per artifact, and ensures ContentEncoding contains a slash
+// (otherwise this uses application/zip instead of the custom mime type), which is not the case for the old backend.
 func IsArtifactV4(art *actions_model.ActionArtifact) bool {
-	return art.ArtifactName+".zip" == art.ArtifactPath && art.ContentEncoding == "application/zip"
+	return strings.Contains(art.ContentEncodingOrType, "/")
 }
 
-func DownloadArtifactV4ServeDirectOnly(ctx *context.Base, art *actions_model.ActionArtifact) (bool, error) {
-	if setting.Actions.ArtifactStorage.ServeDirect() {
-		u, err := storage.ActionsArtifacts.ServeDirectURL(art.StoragePath, art.ArtifactPath, ctx.Req.Method, nil)
-		if u != nil && err == nil {
-			ctx.Redirect(u.String(), http.StatusFound)
-			return true, nil
-		}
+func GetArtifactV4ServeDirectURL(art *actions_model.ActionArtifact, method string) (string, error) {
+	contentType := art.ContentEncodingOrType
+	u, err := storage.ActionsArtifacts.ServeDirectURL(art.StoragePath, art.ArtifactPath, method, &storage.ServeDirectOptions{ContentType: contentType})
+	if err != nil {
+		return "", err
+	}
+	return u.String(), nil
+}
+
+func DownloadArtifactV4ServeDirect(ctx *context.Base, art *actions_model.ActionArtifact) bool {
+	if !setting.Actions.ArtifactStorage.ServeDirect() {
+		return false
 	}
-	return false, nil
+	u, err := GetArtifactV4ServeDirectURL(art, ctx.Req.Method)
+	if err != nil {
+		log.Error("GetArtifactV4ServeDirectURL: %v", err)
+		return false
+	}
+	ctx.Redirect(u, http.StatusFound)
+	return true
 }
 
-func DownloadArtifactV4Fallback(ctx *context.Base, art *actions_model.ActionArtifact) error {
+func DownloadArtifactV4ReadStorage(ctx *context.Base, art *actions_model.ActionArtifact) error {
 	f, err := storage.ActionsArtifacts.Open(art.StoragePath)
 	if err != nil {
 		return err
 	}
 	defer f.Close()
-	http.ServeContent(ctx.Resp, ctx.Req, art.ArtifactName+".zip", art.CreatedUnix.AsLocalTime(), f)
+
+	contentType := art.ContentEncodingOrType
+	contentLength := int64(-1) // TODO: do we know the content length (by artifact)?
+	httplib.ServeContentByReader(ctx.Req, ctx.Resp, contentLength, f, httplib.ServeHeaderOptions{
+		Filename:           path.Base(art.ArtifactPath),
+		ContentType:        contentType,
+		ContentDisposition: httplib.ContentDispositionInline,
+	})
 	return nil
 }
 
 func DownloadArtifactV4(ctx *context.Base, art *actions_model.ActionArtifact) error {
-	ok, err := DownloadArtifactV4ServeDirectOnly(ctx, art)
-	if ok || err != nil {
-		return err
+	if DownloadArtifactV4ServeDirect(ctx, art) {
+		return nil
 	}
-	return DownloadArtifactV4Fallback(ctx, art)
+	return DownloadArtifactV4ReadStorage(ctx, art)
 }

modules/httplib/content_disposition.go

@@ -0,0 +1,65 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package httplib
+
+import (
+	"mime"
+	"strings"
+
+	"code.gitea.io/gitea/modules/setting"
+)
+
+type ContentDispositionType string
+
+const (
+	ContentDispositionInline     ContentDispositionType = "inline"
+	ContentDispositionAttachment ContentDispositionType = "attachment"
+)
+
+func needsEncodingRune(b rune) bool {
+	return (b < ' ' || b > '~') && b != '\t'
+}
+
+// getSafeName replaces all invalid chars in the filename field by underscore
+func getSafeName(s string) (_ string, needsEncoding bool) {
+	var out strings.Builder
+	for _, b := range s {
+		if needsEncodingRune(b) {
+			needsEncoding = true
+			out.WriteRune('_')
+		} else {
+			out.WriteRune(b)
+		}
+	}
+	return out.String(), needsEncoding
+}
+
+func EncodeContentDispositionAttachment(filename string) string {
+	return encodeContentDisposition(ContentDispositionAttachment, filename)
+}
+
+func EncodeContentDispositionInline(filename string) string {
+	return encodeContentDisposition(ContentDispositionInline, filename)
+}
+
+// encodeContentDisposition encodes a correct Content-Disposition Header
+func encodeContentDisposition(t ContentDispositionType, filename string) string {
+	safeFilename, needsEncoding := getSafeName(filename)
+	result := mime.FormatMediaType(string(t), map[string]string{"filename": safeFilename})
+	// No need for the utf8 encoding
+	if !needsEncoding {
+		return result
+	}
+	utf8Result := mime.FormatMediaType(string(t), map[string]string{"filename": filename})
+
+	// The mime package might have unexpected results in other go versions
+	// Make tests instance fail, otherwise use the default behavior of the go mime package
+	if !strings.HasPrefix(result, string(t)+"; filename=") || !strings.HasPrefix(utf8Result, string(t)+"; filename*=") {
+		setting.PanicInDevOrTesting("Unexpected mime package result %s", result)
+		return utf8Result
+	}
+
+	encodedFileName := strings.TrimPrefix(utf8Result, string(t))
+	return result + encodedFileName
+}

modules/httplib/content_disposition_test.go

@@ -0,0 +1,64 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package httplib
+
+import (
+	"mime"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestContentDisposition(t *testing.T) {
+	type testEntry struct {
+		disposition ContentDispositionType
+		filename    string
+		header      string
+	}
+	table := []testEntry{
+		{disposition: ContentDispositionInline, filename: "test.txt", header: "inline; filename=test.txt"},
+		{disposition: ContentDispositionInline, filename: "test❌.txt", header: "inline; filename=test_.txt; filename*=utf-8''test%E2%9D%8C.txt"},
+		{disposition: ContentDispositionInline, filename: "test ❌.txt", header: "inline; filename=\"test _.txt\"; filename*=utf-8''test%20%E2%9D%8C.txt"},
+		{disposition: ContentDispositionInline, filename: "\"test.txt", header: "inline; filename=\"\\\"test.txt\""},
+		{disposition: ContentDispositionInline, filename: "hello\tworld.txt", header: "inline; filename=\"hello\tworld.txt\""},
+		{disposition: ContentDispositionAttachment, filename: "hello\tworld.txt", header: "attachment; filename=\"hello\tworld.txt\""},
+		{disposition: ContentDispositionAttachment, filename: "hello\nworld.txt", header: "attachment; filename=hello_world.txt; filename*=utf-8''hello%0Aworld.txt"},
+		{disposition: ContentDispositionAttachment, filename: "hello\rworld.txt", header: "attachment; filename=hello_world.txt; filename*=utf-8''hello%0Dworld.txt"},
+	}
+
+	// Check the needsEncodingRune replacer ranges except tab that is checked above
+	// Any change in behavior should fail here
+	for c := ' '; !needsEncodingRune(c); c++ {
+		var header string
+		switch {
+		case strings.ContainsAny(string(c), ` (),/:;<=>?@[]`):
+			header = "inline; filename=\"hello" + string(c) + "world.txt\""
+		case strings.ContainsAny(string(c), `"\`):
+			// This document advises against for backslash in quoted form:
+			// https://datatracker.ietf.org/doc/html/rfc6266#appendix-D
+			// However the mime package is not generating the filename* in this scenario
+			header = "inline; filename=\"hello\\" + string(c) + "world.txt\""
+		default:
+			header = "inline; filename=hello" + string(c) + "world.txt"
+		}
+		table = append(table, testEntry{
+			disposition: ContentDispositionInline,
+			filename:    "hello" + string(c) + "world.txt",
+			header:      header,
+		})
+	}
+
+	for _, entry := range table {
+		t.Run(string(entry.disposition)+"_"+entry.filename, func(t *testing.T) {
+			encoded := encodeContentDisposition(entry.disposition, entry.filename)
+			assert.Equal(t, entry.header, encoded)
+			disposition, params, err := mime.ParseMediaType(encoded)
+			require.NoError(t, err)
+			assert.Equal(t, string(entry.disposition), disposition)
+			assert.Equal(t, entry.filename, params["filename"])
+		})
+	}
+}