{"id":47602334,"url":"https://github.com/agriyakhetarpal/github-actions-artifacts-redirector-action","last_synced_at":"2026-04-01T18:55:35.823Z","repository":{"id":341084083,"uuid":"1168833766","full_name":"agriyakhetarpal/github-actions-artifacts-redirector-action","owner":"agriyakhetarpal","description":"A GitHub Action to add a GitHub CI job/commit status pointing directly to a GitHub Actions upload-artifact@v7 (and later) artifact URL viewable in the browser","archived":false,"fork":false,"pushed_at":"2026-03-19T22:17:48.000Z","size":2641,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-20T13:18:22.212Z","etag":null,"topics":["actions","github","github-actions","github-api"],"latest_commit_sha":null,"homepage":"https://github.com/marketplace/actions/github-actions-artifacts-redirector-action","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/agriyakhetarpal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-27T21:13:09.000Z","updated_at":"2026-03-19T22:17:09.000Z","dependencies_parsed_at":"2026-02-28T02:01:31.697Z","dependency_job_id":null,"html_url":"https://github.com/agriyakhetarpal/github-actions-artifacts-redirector-action","commit_stats":null,"previous_names":["agriyakhetarpal/github-actions-artifacts-redirector-action"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/agriyakhetarpal/github-actions-artifacts-redirector-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agriyakhetarpal%2Fgithub-actions-artifacts-redirector-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agriyakhetarpal%2Fgithub-actions-artifacts-redirector-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agriyakhetarpal%2Fgithub-actions-artifacts-redirector-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agriyakhetarpal%2Fgithub-actions-artifacts-redirector-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/agriyakhetarpal","download_url":"https://codeload.github.com/agriyakhetarpal/github-actions-artifacts-redirector-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agriyakhetarpal%2Fgithub-actions-artifacts-redirector-action/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31290977,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","github","github-actions","github-api"],"created_at":"2026-04-01T18:55:35.269Z","updated_at":"2026-04-01T18:55:35.800Z","avatar_url":"https://github.com/agriyakhetarpal.png","language":"HTML","readme":"# github-actions-artifacts-redirector-action\n\nThis is a GitHub Action to add a GitHub CI job status link directly to a GitHub Actions artifact.\n\nWhen a build workflow uploads an artifact, this action will create a named entry in the checks list for a pull request, and in a corresponding commit, whose **Details** link opens the artifact directly in your browser. This is possible to the new [`upload-artifact@v7`](https://github.com/actions/upload-artifact/releases/tag/v7.0.0) release and its `archive: false` input, with which single-file artifacts (HTML docs previews, coverage reports, images) can be rendered directly without downloading an archive and extracting it.\n\n## Security note\n\n\u003e [!IMPORTANT]\n\u003e Static analysis tools for GitHub Actions, such as [Zizmor](https://zizmor.sh/), will flag this action for responding to the `workflow_run` event (see https://docs.zizmor.sh/audits/#dangerous-triggers). However, this trigger is required for this redirector to work, as it is the only mechanism GitHub provides for one workflow to react to the completion of another workflow and get URL(s) to its generated artifact(s). That being said, this action is safe to use in your repository:\n\u003e\n\u003e 1. **No untrusted code is checked out or executed.** The recommended redirector workflow below, i.e., the one that uses `workflow_run`, never checks out PR code, and it only runs the published action from a tagged release here.\n\u003e 2. **The artifact content is never downloaded or evaluated.** The action calls the GitHub REST API to read artifact _metadata_ (name and ID) and constructs a URL. It never downloads, parses, or executes the contents of the artifact.\n\u003e\n\u003e To suppress the Zizmor finding, you may add an inline ignore comment in your redirector workflow:\n\u003e\n\u003e ```yaml\n\u003e on: # zizmor: ignore[dangerous-triggers]\n\u003e   workflow_run:\n\u003e ```\n\u003e\n\u003e However, please ensure that you **must not** check out or execute any untrusted code in the redirector workflow, or any sensitive post-processing steps. The security of this pattern depends on the redirector workflow remaining a thin API wrapper, and being limited to running this action.\n\u003e\n\u003e Please feel free to reach out via a GitHub issue if you have any security concerns or suggestions.\n\n## Usage\n\n### 1. Configure your build workflow (which uploads the artifact)\n\nFor example, this is a self-contained HTML test report generated by [`pytest-html`'s `--self-contained-html` option](https://pypi.org/project/pytest-html/) and uploaded with `upload-artifact@v7` + `archive: false`:\n\n```yaml\n# .github/workflows/tests.yml\nname: Test Suite\n\non: [pull_request, push]\n\njobs:\n  test:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v6\n        with:\n          persist-credentials: false\n      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0\n        with:\n          python-version: \"3.12\"\n      - run: pip install pytest pytest-html\n      - run: pytest --html=test-report.html --self-contained-html\n\n      # use `upload-artifact@v7` or later with `archive: false` for a\n      # browser-viewable single file. The `if: always()` check ensures\n      # the report is uploaded even when tests fail.\n      is uploaded even when tests fail\n      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0\n        if: always()\n        with:\n          path: test-report.html\n          archive: false\n          # N.B. With archive: false, `name` is ignored.\n          # The artifact name becomes the filename: \"test-report\"\n```\n\n### 2. Add a redirector workflow (that creates the status link)\n\n\u003e [!NOTE]\n\u003e GitHub Actions always runs the `workflow_run` workflow from the context of the **default branch**, not from the PR branch. Therefore, any changes to this file must be merged to your default branch before they take effect.\n\n```yaml\n# .github/workflows/test_report_redirect.yml\nname: View test report here\n\non:\n  workflow_run:\n    # must match the build workflow's `name:` exactly, i.e., \"Test Suite\", and\n    # not \"tests\", or any other variation\n    workflows: [\"Test Suite\"]\n    # or just `completed`, if you would only want it to show up after\n    # \"Test Suite\" completes and not when it is pending/in progress.\n    types: [requested, in_progress, completed]\n\npermissions: {}\n\njobs:\n  github_artifacts_redirector_job:\n    runs-on: ubuntu-latest\n    permissions:\n      statuses: write\n      actions: read\n    steps:\n      - uses: agriyakhetarpal/github-actions-artifacts-redirector-action@683d25ace2cb0aefe8e6719c39c2ac7f3d22dd8c # v1.0.0\n        id: redirect\n        with:\n          repo-token: ${{ secrets.GITHUB_TOKEN }}\n          artifact-name: test-report # matches the uploaded filename (without .html)\n          job-title: Check the test report here!\n\n      - name: Check the URL\n        run: echo \"${{ steps.redirect.outputs.url }}\"\n```\n\n## Screenshots\n\nFor a visual example, here are a few screenshots of what the above configuration looks like in practice:\n\n\u003cdetails\u003e\n\u003csummary\u003eTap to expand\u003c/summary\u003e\n\n1.  When the workflows are added and configured, the PR checks list shows the redirector job with a pending status, while the workflow that uploads the artifact (in this case, \"Tests\") is in progress:\n    ![GitHub pull request checks list showing 1 pending check \"Check the test report here!\" waiting for status, and 1 in-progress check \"Tests / test (pull_request)\" that has just started](images/waiting.png)\n\n2.  When the workflow that uploads the artifact completes, the redirector job's status updates accordingly:\n    ![GitHub pull request checks list showing all 2 checks passed: \"Check the test report here!\" linking to test-report.html, and \"Tests / test (pull_request)\" successful in 9s](images/completed.png)\n    - 2.1. You may also view the same via the indicator next to the latest pushed commit:\n      ![GitHub commit row showing \"Run tests and generate HTML\" with a Verified badge and a green checkmark next to commit 7c4847a](images/commit.png)\n    - 2.2. If you click on it, you will see the redirector job in the checks list, and clicking on its \"Details\" link will open the artifact directly in your browser if it is a supported MIME type.\n      ![GitHub commit status popup showing all 2 checks passed, with \"Tests / test (pull_request)\" and \"Check the test report here!\" both successful with Details links](images/commit_checks.png)\n\n3.  When you click on the redirector job's \"Details\" link or the \"Check the test report here!\" link in the checks list, you will be taken directly to the artifact in your browser, without needing to download and extract it first:\n    ![GitHub pull request checks list with the cursor hovering over the \"Check the test report here!\" link, showing it is clickable and links to test-report.html](images/click_checks.png)\n\n4.  This is how the artifact appears. In this case, it is an HTML report generated by `pytest-html` with the `--self-contained-html` option, which includes all CSS and JS inline and can be rendered directly by the browser without needing to download and extract any additional files: \u003cbr\u003e\u003cbr\u003e\n    ![Browser view of the test-report.html artifact generated by pytest-html, showing an environment summary and 3 passed tests: test_addition, test_subtraction, and test_multiplication](images/html_artifact_view.png)\n\n\u003c/details\u003e\n\n## Inputs\n\n| Input           | Required | Default                      | Description                                                                                                                                                                                                      |\n| --------------- | -------- | ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `repo-token`    | ✅       | —                            | `${{ secrets.GITHUB_TOKEN }}`                                                                                                                                                                                    |\n| `artifact-name` |          | `\"\"`                         | Name of the artifact to link to. For `upload-artifact@v7` with `archive: false`, this is the filename without extension. For v4/v5/v6 this is the `name:` you passed. If omitted, uses the first artifact found. |\n| `job-title`     |          | `\"\u003cworkflow name\u003e artifact\"` | Label shown in the PR checks list                                                                                                                                                                                |\n\n## Outputs\n\n| Output | Description                                                                                                     |\n| ------ | --------------------------------------------------------------------------------------------------------------- |\n| `url`  | The direct URL to the artifact (set when the workflow run completed and an artifact was found, even on failure) |\n\n## Some notes and caveats\n\n- The `workflow_run` trigger fires for the **default branch**'s version of the redirector workflow, even when the build workflow is triggered by a PR from a fork.\n\n- You should include all three `types: [requested, in_progress, completed]` if you want to get the live pending, success/failure status progression in the checks UI. If you only use `completed`, the check appear only after the build is done and passed.\n\n- The `statuses: write` permission is required to call `createCommitStatus`. The `actions: read` permission is required to list artifacts for the triggering run.\n\n- The `archive: false` feature only supports single files right now. I can look into supporting multiple files and folders in the future if GitHub adds support for doing so.\n\n- Artifacts expire, and so will the commit status URL. If you need long-lived links, please consider using GitHub Pages or GitHub Releases.\n\n## Contributing\n\nPlease make any changes to `index.js` and open a PR. Changes will automatically be\ncompiled into `dist/index.js` by the [autofix.ci bot](https://autofix.ci/).\n\nAlternatively, if you want to rebuild locally:\n\n```bash\nnpm install\nnpm run package\n```\n\nAny other changes (documentation, workflows, tests, etc.) are welcome as well. Thank you for your interest in improving this project! 🙌\n\n## Thanks\n\n- https://github.com/scientific-python/circleci-artifacts-redirector-action, where I got this idea from, and whose code I referred to when writing this action. This GitHub Action is a similar redirector but for GitHub Actions artifacts instead of CircleCI artifacts, and it uses the `workflow_run` trigger instead of `status`, as the latter is available for Apps such as CircleCI.\n- The GitHub Actions contributors and team, for adding [the `archive: false` option](https://github.com/actions/upload-artifact/pull/764/) to `upload-artifact@v7` and the proxy URLs that make browser-viewable artifacts for supported MIME types work.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fagriyakhetarpal%2Fgithub-actions-artifacts-redirector-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fagriyakhetarpal%2Fgithub-actions-artifacts-redirector-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fagriyakhetarpal%2Fgithub-actions-artifacts-redirector-action/lists"}