Infos: We use a self-hosted Gitlab-Server with 15.8 and, to my knowledge, it uses local file storage if that even is important.
Goal: The main Use-Case are "test-releases", ci changes/testing, and malicious releases. But in general, the goal is to not indefinitely increase the used space by the server. The releases are just the biggest files in our case.
What we currently use:
POST /projects/:id/uploadsdocu- this can be used to upload files just like you would do when dropping them in an issue description
- it returns a url that can be used for linking and download
- the files will be stored in the filesystem using a hash in its path
- the files are not managed, if all references to the file are removed it will not be deleted
What I found so far:
- How to create releases in GitLab? does describe options to create releases and linking urls, but nothing helpful
- How to store releases/binaries in GitLab? mentions upload for releases but not the problem of not deleting them
- Asking ChatGPT I got
DELETE /projects/:id/uploads/:upload_idfor deletion, but I cannot find any documentation for this endpoint, so curretnly the files just exist forever POST /projects/:id/releases/:tag_name/assets/linksdocu- this can be used to link a file to a release
- in this case we can just use the url we received by the
/uploadscall - when later deleting a release and its tag the linked files will not be removed, even though the prompt states that all assets would be removed too
PUT /projects/:id/packages/generic/:package_name/:package_version/:file_name?status=:statusdocu- could be an alternative to the
/uploadsendpoint as here at least the delete endpoint is documented, but it still has no strong linkage to the releases and is not managed DELETE /projects/:id/packages/:package_iddocu can be used to delete packages
- could be an alternative to the
- EDIT: I also found this GraphQL endpoint
mutation{uploadDelete(input:{...docu- but either it is not compatable with
/uploadsor I just did not guess correctly on how to use it - this is the only example I found:
uploadDelete(input: {projectPath: "group/project", secret: "9eccc88cb6a8b8b7ad3ba1b79c1426ea", filename: "sample.txt"})link
- but either it is not compatable with
Questions:
- Is there a way to delete files uploaded via
/uploadsor should I not use that anyway? - Is the package endpoint the best one and what are the drawbacks? Can I even have a public download link that can be used my anyone that can see the release it is meant for?
- Or are there others that better suite my Use-Case? Any that automatically handle deletions of unreferenced files?
- Is there maybe a way for the releases, to truly link/upload files, so there will be automatic deletion?
