*What*
Investigate how to create a token based download url (is there a plugin that will create a token based url that could be put back on the build config via the OpenShfit sync plugin) or we could use an operator (essentially a small server program that would be running using a service account in OpenShift. This service account would have the right role to access the Jenkins running in the namespace. This small program would watch for mobile builds completing succesfully and with the right annoation (this is an annotation that would be added by the UI when the download link was created so would need to be discussed with whoever was doing the UI side of this) and then add a token based url which would resolve to a route and handler it controls. This handler would check the token and then use the SA to access and pipe the artefact back to the requesting user.
*Why*
In order to allow developers to give out links to artefacts to CI CD builds that can be installed on devices without needing to login to Jenkins
*How*
When the user clicks download in the UI, it will add an annotation to the build that they want a download url, something should see this and generate the download url and add it back to the build object as an annotation
Look in to a plugin that will generate a url with an access token.
Another option would be a side car or operator that watches the builds and when the build is complete creates a url with an access token that it annotates the build with. We did something similar to this in the PoC
the url for the download was the side car which would verify the token and then would use a SA token to access the download
|
|
