Skip to main content

Upload

Upload artifacts to any HTTP server

The generic upload publisher lets you upload artifacts to any HTTP server. It works the same way as the Artifactory publisher but with different environment variable naming.

Classification

GroupRequired (default)RollbackToken scope
Assetsfalsewarn-only (no standard HTTP DELETE; implement rollback via after: hooks if needed)UPLOAD_{NAME}_SECRET or basic auth

See Release resilience for the full classification table and the Submitter gate semantics.

Minimal config

uploads:
  - name: myserver
    target: "https://files.example.com/releases/{{ Version }}/"

Full config reference

uploads:
  - name: upload                       # optional; identifier used for env-var lookup
    target: "https://files.example.com/releases/{{ Version }}/"  # required (template)
    mode: archive                      # optional; archive | binary
    method: PUT                        # optional; PUT | POST
    username: ""                       # optional; falls back to UPLOAD_{NAME}_USERNAME
    password: ""                       # optional; falls back to UPLOAD_{NAME}_SECRET
    ids: []                            # optional; filter by build IDs
    exclude: []                        # optional; drop artifacts whose name matches a glob
    exts: []                           # optional; filter by file extensions
    checksum_header: ""                # optional; HTTP header name for SHA-256
    custom_headers: {}                 # optional; extra HTTP headers (template-rendered)
    checksum: false                    # optional; also upload checksum files
    signature: false                   # optional; also upload signature files
    meta: false                        # optional; also upload metadata.json + artifacts.json
    custom_artifact_name: false        # optional; do not append artifact name to target URL
    extra_files: []                    # optional; additional files to upload
    extra_files_only: false            # optional; skip artifact uploads
    client_x509_cert: ""               # optional; client TLS cert path
    client_x509_key: ""                # optional; client TLS private key path
    trusted_certificates: ""           # optional; CA bundle path
    skip: false                        # optional

Excluding sidecars with exclude

exclude is a list of globs matched against each artifact's file name; anodizer drops every artifact whose name matches at least one glob from this upload target only. Use it to keep heavy sidecars (checksums, signatures, SBOMs) off a given endpoint while archives still upload.

uploads:
  - name: mirror
    target: "https://mirror.example.com/{{ ArtifactName }}"
    exclude:
      - "*.sha256"
      - "*.sig"
      - "*.cdx.json"

exclude composes with ids: and exts: — an artifact uploads only when it passes every filter. An empty or unset exclude keeps everything. Globs are validated at config-load; an exclude that drops every candidate raises a warning so a typo'd glob is never a silent empty upload.

Authentication

VariableFallback
Usernameconfig value, then UPLOAD_{NAME}_USERNAME
PasswordUPLOAD_{NAME}_SECRET, then config value

Where {NAME} is the uppercased name field.

Common gotchas

  • Same caveats as Artifactory: PUT is the default method; some servers require POST. Set method: POST if uploads fail with a 405.
  • custom_artifact_name: true uses the artifact filename as-is instead of appending it to the target URL.
  • No programmatic rollback — the upload publisher does not attempt HTTP DELETE on rollback. Use after: hooks for custom cleanup if needed.

Upload config fields

FieldTypeDefaultDescription
namestringuploadIdentifier used for env var lookup
targetstringrequiredUpload URL (template, artifact-specific vars available)
modestringarchiveArtifact selection: "archive" or "binary"
methodstringPUTHTTP method (PUT or POST)
usernamestringenv fallbackHTTP basic auth username
passwordstringenv fallbackHTTP basic auth password
idslistnoneFilter by build IDs
extslistnoneFilter by file extensions
checksum_headerstring""Header name for SHA-256 checksum
custom_headersmapnoneExtra HTTP headers (template-rendered)
checksumboolfalseInclude checksum files
signatureboolfalseInclude signature files
metaboolfalseInclude metadata.json and artifacts.json
custom_artifact_nameboolfalseUse artifact name as-is (don't append to target URL)
extra_fileslistnoneAdditional files to upload
extra_files_onlyboolfalseOnly upload extra files
client_x509_certstringnonePath to client TLS certificate
client_x509_keystringnonePath to client TLS private key
trusted_certificatesstringnonePath to CA certificate bundle
skipstring/boolnoneSkip this config (template-conditional)

Target URL templating

The target URL supports artifact-specific template variables:

VariableDescription
{{ ArtifactName }}Artifact filename
{{ ArtifactExt }}File extension
{{ Os }}Target OS
{{ Arch }}Target architecture
{{ Target }}Rust target triple

When custom_artifact_name is false (default), the artifact filename is automatically appended to the target URL.

Full example

uploads:
  - name: releases
    target: "https://releases.example.com/{{ ProjectName }}/{{ Version }}/"
    mode: archive
    checksum: true
    custom_headers:
      X-Deploy-Token: "{{ Env.DEPLOY_TOKEN }}"