Jobs artifacts administration

  • Introduced in GitLab 8.2 and GitLab Runner 0.7.0.
  • Starting with GitLab 8.4 and GitLab Runner 1.0, the artifacts archive format changed to ZIP.
  • Starting with GitLab 8.17, builds are renamed to jobs.
  • This is the administration documentation. For the user guide see pipelines/job_artifacts.

Artifacts is a list of files and directories which are attached to a job after it finishes. This feature is enabled by default in all GitLab installations. Keep reading if you want to know how to disable it.

Disabling job artifacts

To disable artifacts site-wide, follow the steps below.

In Omnibus installations:

  1. Edit /etc/gitlab/gitlab.rb and add the following line:

    gitlab_rails['artifacts_enabled'] = false
  2. Save the file and reconfigure GitLab for the changes to take effect.

In installations from source:

  1. Edit /home/git/gitlab/config/gitlab.yml and add or amend the following lines:

    artifacts:
      enabled: false
  2. Save the file and restart GitLab for the changes to take effect.

Storing job artifacts

GitLab Runner can upload an archive containing the job artifacts to GitLab. By default, this is done when the job succeeds, but can also be done on failure, or always, via the artifacts:when parameter.

Most artifacts are compressed by GitLab Runner before being sent to the coordinator. The exception to this is reports artifacts, which are compressed after uploading.

Using local storage

To change the location where the artifacts are stored locally, follow the steps below.

In Omnibus installations:

The artifacts are stored by default in /var/opt/gitlab/gitlab-rails/shared/artifacts.

  1. To change the storage path for example to /mnt/storage/artifacts, edit /etc/gitlab/gitlab.rb and add the following line:

    gitlab_rails['artifacts_path'] = "/mnt/storage/artifacts"
  2. Save the file and reconfigure GitLab for the changes to take effect.

In installations from source:

The artifacts are stored by default in /home/git/gitlab/shared/artifacts.

  1. To change the storage path for example to /mnt/storage/artifacts, edit /home/git/gitlab/config/gitlab.yml and add or amend the following lines:

    artifacts:
      enabled: true
      path: /mnt/storage/artifacts
  2. Save the file and restart GitLab for the changes to take effect.

Using object storage

  • Introduced in GitLab Premium 9.4.
  • Since version 9.5, artifacts are browsable, when object storage is enabled. 9.4 lacks this feature.
  • Since version 10.6, available in GitLab Core
  • Since version 11.0, we support direct_upload to S3.

If you don't want to use the local disk where GitLab is installed to store the artifacts, you can use an object storage like AWS S3 instead. This configuration relies on valid AWS credentials to be configured already. Use an object storage option like AWS S3 to store job artifacts.

DANGER: Danger: If you configure GitLab to store CI logs and artifacts on object storage, you must also enable incremental logging. Otherwise, job logs will disappear or not be saved.

Read more about using object storage with GitLab.

Object Storage Settings

For source installations the following settings are nested under artifacts: and then object_store:. On Omnibus GitLab installs they are prefixed by artifacts_object_store_.

Setting Description Default
enabled Enable/disable object storage false
remote_directory The bucket name where Artifacts will be stored
direct_upload Set to true to enable direct upload of Artifacts without the need of local shared storage. Option may be removed once we decide to support only single storage for all files. false
background_upload Set to false to disable automatic upload. Option may be removed once upload is direct to S3 true
proxy_download Set to true to enable proxying all files served. Option allows to reduce egress traffic as this allows clients to download directly from remote storage instead of proxying all data false
connection Various connection options described below
S3 compatible connection settings

The connection settings match those provided by Fog, and are as follows:

Setting Description Default
provider Always AWS for compatible hosts AWS
aws_access_key_id AWS credentials, or compatible
aws_secret_access_key AWS credentials, or compatible
aws_signature_version AWS signature version to use. 2 or 4 are valid options. Digital Ocean Spaces and other providers may need 2. 4
enable_signature_v4_streaming Set to true to enable HTTP chunked transfers with AWS v4 signatures. Oracle Cloud S3 needs this to be false true
region AWS region us-east-1
host S3 compatible host for when not using AWS, for example localhost or storage.example.com s3.amazonaws.com
endpoint Can be used when configuring an S3 compatible service such as MinIO, by entering a URL such as http://127.0.0.1:9000 (optional)
path_style Set to true to use host/bucket_name/object style paths instead of bucket_name.host/object. Leave as false for AWS S3 false
use_iam_profile Set to true to use IAM profile instead of access keys false

In Omnibus installations:

The artifacts are stored by default in /var/opt/gitlab/gitlab-rails/shared/artifacts.

  1. Edit /etc/gitlab/gitlab.rb and add the following lines, substituting the values you want:

    gitlab_rails['artifacts_enabled'] = true
    gitlab_rails['artifacts_object_store_enabled'] = true
    gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
    gitlab_rails['artifacts_object_store_connection'] = {
      'provider' => 'AWS',
      'region' => 'eu-central-1',
      'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
      'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY'
    }

    NOTE: For GitLab 9.4+, if you're using AWS IAM profiles, be sure to omit the AWS access key and secret access key/value pairs. For example:

    gitlab_rails['artifacts_object_store_connection'] = {
      'provider' => 'AWS',
      'region' => 'eu-central-1',
      'use_iam_profile' => true
    }
  2. Save the file and reconfigure GitLab for the changes to take effect.

  3. Migrate any existing local artifacts to the object storage:

    gitlab-rake gitlab:artifacts:migrate

CAUTION: CAUTION: JUnit test report artifact (junit.xml.gz) migration is not supported by the gitlab:artifacts:migrate script.

In installations from source:

The artifacts are stored by default in /home/git/gitlab/shared/artifacts.

  1. Edit /home/git/gitlab/config/gitlab.yml and add or amend the following lines:

    artifacts:
      enabled: true
      object_store:
        enabled: true
        remote_directory: "artifacts" # The bucket name
        connection:
          provider: AWS # Only AWS supported at the moment
          aws_access_key_id: AWS_ACCESS_KEY_ID
          aws_secret_access_key: AWS_SECRET_ACCESS_KEY
          region: eu-central-1
  2. Save the file and restart GitLab for the changes to take effect.

  3. Migrate any existing local artifacts to the object storage:

    sudo -u git -H bundle exec rake gitlab:artifacts:migrate RAILS_ENV=production

CAUTION: CAUTION: JUnit test report artifact (junit.xml.gz) migration is not supported by the gitlab:artifacts:migrate script.

OpenStack compatible connection settings

The connection settings match those provided by Fog, and are as follows:

Setting Description Default
provider Always OpenStack for compatible hosts OpenStack
openstack_username OpenStack username
openstack_api_key OpenStack API key
openstack_temp_url_key OpenStack key for generating temporary URLs
openstack_auth_url OpenStack authentication endpoint
openstack_region OpenStack region
openstack_tenant_id OpenStack tenant ID

In Omnibus installations:

The uploads are stored by default in /var/opt/gitlab/gitlab-rails/shared/artifacts.

  1. Edit /etc/gitlab/gitlab.rb and add the following lines, substituting the values you want:

    gitlab_rails['artifacts_enabled'] = true
    gitlab_rails['artifacts_object_store_enabled'] = true
    gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
    gitlab_rails['artifacts_object_store_connection'] = {
     'provider' => 'OpenStack',
     'openstack_username' => 'OS_USERNAME',
     'openstack_api_key' => 'OS_PASSWORD',
     'openstack_temp_url_key' => 'OS_TEMP_URL_KEY',
     'openstack_auth_url' => 'https://auth.cloud.ovh.net',
     'openstack_region' => 'GRA',
     'openstack_tenant_id' => 'OS_TENANT_ID',
    }
  2. Save the file and reconfigure GitLab for the changes to take effect.

  3. Migrate any existing local artifacts to the object storage:

    gitlab-rake gitlab:artifacts:migrate

In installations from source:

The uploads are stored by default in /home/git/gitlab/shared/artifacts.

  1. Edit /home/git/gitlab/config/gitlab.yml and add or amend the following lines:

    uploads:
      object_store:
        enabled: true
        direct_upload: false
        background_upload: true
        proxy_download: false
        remote_directory: "artifacts"
        connection:
          provider: OpenStack
          openstack_username: OS_USERNAME
          openstack_api_key: OS_PASSWORD
          openstack_temp_url_key: OS_TEMP_URL_KEY
          openstack_auth_url: 'https://auth.cloud.ovh.net'
          openstack_region: GRA
          openstack_tenant_id: OS_TENANT_ID
  2. Save the file and restart GitLab for the changes to take effect.

  3. Migrate any existing local artifacts to the object storage:

    sudo -u git -H bundle exec rake gitlab:artifacts:migrate RAILS_ENV=production

Migrating from object storage to local storage

In Omnibus installations:

In order to migrate back to local storage:

  1. Set both direct_upload and background_upload to false in gitlab.rb, under the artifacts object storage settings.
  2. Reconfigure GitLab.
  3. Run gitlab-rake gitlab:artifacts:migrate_to_local.
  4. Disable object_storage for artifacts in gitlab.rb:
    • Set gitlab_rails['artifacts_object_store_enabled'] = false.
    • Comment out all other artifacts_object_store settings, including the entire artifacts_object_store_connection section, including the closing }.
  5. Reconfigure GitLab.

Expiring artifacts

If artifacts:expire_in is used to set an expiry for the artifacts, they are marked for deletion right after that date passes. Otherwise, they will expire per the default artifacts expiration setting.

Artifacts are cleaned up by the expire_build_artifacts_worker cron job which Sidekiq runs every hour at 50 minutes (50 * * * *).

To change the default schedule on which the artifacts are expired, follow the steps below.

In Omnibus installations:

  1. Edit /etc/gitlab/gitlab.rb and add the following line (or uncomment it if it already exists and is commented out), substituting your schedule in cron syntax:

    gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *"
  2. Save the file and reconfigure GitLab for the changes to take effect.

In installations from source:

  1. Edit /home/git/gitlab/config/gitlab.yml and add or amend the following lines:

    expire_build_artifacts_worker:
      cron: "50 * * * *"
  2. Save the file and restart GitLab for the changes to take effect.

If the expire directive is not set explicitly in your pipeline, artifacts will expire per the default artifacts expiration setting, which you can find in the CI/CD Admin settings.

Validation for dependencies

Introduced in GitLab 10.3.

To disable the dependencies validation, you can enable the ci_disable_validates_dependencies feature flag from a Rails console.

In Omnibus installations:

  1. Enter the Rails console:

    sudo gitlab-rails console
  2. Enable the feature flag to disable the validation:

    Feature.enable(:ci_disable_validates_dependencies)

In installations from source:

  1. Enter the Rails console:

    cd /home/git/gitlab
    sudo -u git -H bundle exec rails console -e production
  2. Enable the feature flag to disable the validation:

    Feature.enable(:ci_disable_validates_dependencies)

Set the maximum file size of the artifacts

If artifacts are enabled, you can change the maximum file size of the artifacts through the Admin Area settings.

Storage statistics

You can see the total storage used for job artifacts on groups and projects in the administration area, as well as through the groups and projects APIs.

Implementation details

When GitLab receives an artifacts archive, an archive metadata file is also generated by GitLab Workhorse. This metadata file describes all the entries that are located in the artifacts archive itself. The metadata file is in a binary format, with additional Gzip compression.

GitLab does not extract the artifacts archive in order to save space, memory and disk I/O. It instead inspects the metadata file which contains all the relevant information. This is especially important when there is a lot of artifacts, or an archive is a very large file.

When clicking on a specific file, GitLab Workhorse extracts it from the archive and the download begins. This implementation saves space, memory and disk I/O.

Troubleshooting

Job artifacts using too much disk space

Job artifacts can fill up your disk space quicker than expected. Some possible reasons are:

  • Users have configured job artifacts expiration to be longer than necessary.
  • The number of jobs run, and hence artifacts generated, is higher than expected.
  • Job logs are larger than expected, and have accumulated over time.

In these and other cases, you'll need to identify the projects most responsible for disk space usage, figure out what types of artifacts are using the most space, and in some cases, manually delete job artifacts to reclaim disk space.

One possible first step is to clean up orphaned artifact files.

List projects by total size of job artifacts stored

List the top 20 projects, sorted by the total size of job artifacts stored, by running the following code in the Rails console (sudo gitlab-rails console):

include ActionView::Helpers::NumberHelper
ProjectStatistics.order(build_artifacts_size: :desc).limit(20).each do |s|
  puts "#{number_to_human_size(s.build_artifacts_size)} \t #{s.project.full_path}"
end

You can change the number of projects listed by modifying .limit(20) to the number you want.

List largest artifacts in a single project

List the 50 largest job artifacts in a single project by running the following code in the Rails console (sudo gitlab-rails console):

include ActionView::Helpers::NumberHelper
project = Project.find_by_full_path('path/to/project')
Ci::JobArtifact.where(project: project).order(size: :desc).limit(50).map { |a| puts "ID: #{a.id} - #{a.file_type}: #{number_to_human_size(a.size)}" }

You can change the number of job artifacts listed by modifying .limit(50) to the number you want.

Delete job artifacts from jobs completed before a specific date

CAUTION: CAUTION: These commands remove data permanently from the database and from disk. We highly recommend running them only under the guidance of a Support Engineer, or running them in a test environment with a backup of the instance ready to be restored, just in case.

If you need to manually remove job artifacts associated with multiple jobs while retaining their job logs, this can be done from the Rails console (sudo gitlab-rails console):

  1. Select jobs to be deleted:

    To select all jobs with artifacts for a single project:

    project = Project.find_by_full_path('path/to/project')
    builds_with_artifacts =  project.builds.with_downloadable_artifacts

    To select all jobs with artifacts across the entire GitLab instance:

    builds_with_artifacts = Ci::Build.with_downloadable_artifacts
  2. Delete job artifacts older than a specific date:

    NOTE: NOTE: This step will also erase artifacts that users have chosen to "keep".

    builds_to_clear = builds_with_artifacts.where("finished_at < ?", 1.week.ago)
    builds_to_clear.find_each do |build|
      build.artifacts_expire_at = Time.now
      build.erase_erasable_artifacts!
    end

    1.week.ago is a Rails ActiveSupport::Duration method which calculates a new date or time in the past. Other valid examples are:

    • 7.days.ago
    • 3.months.ago
    • 1.year.ago

Delete job artifacts and logs from jobs completed before a specific date

CAUTION: CAUTION: These commands remove data permanently from the database and from disk. We highly recommend running them only under the guidance of a Support Engineer, or running them in a test environment with a backup of the instance ready to be restored, just in case.

If you need to manually remove all job artifacts associated with multiple jobs, including job logs, this can be done from the Rails console (sudo gitlab-rails console):

  1. Select jobs to be deleted:

    To select jobs with artifacts for a single project:

    project = Project.find_by_full_path('path/to/project')
    builds_with_artifacts =  project.builds.with_existing_job_artifacts(Ci::JobArtifact.trace)

    To select jobs with artifacts across the entire GitLab instance:

    builds_with_artifacts = Ci::Build.with_existing_job_artifacts(Ci::JobArtifact.trace)
  2. Select the user which will be mentioned in the web UI as erasing the job:

    admin_user = User.find_by(username: 'username')
  3. Erase job artifacts and logs older than a specific date:

    builds_to_clear = builds_with_artifacts.where("finished_at < ?", 1.week.ago)
    builds_to_clear.find_each do |build|
      print "Ci::Build ID #{build.id}... "
    
      if build.erasable?
        build.erase(erased_by: admin_user)
        puts "Erased"
      else
        puts "Skipped (Nothing to erase or not erasable)"
      end
    end

    1.week.ago is a Rails ActiveSupport::Duration method which calculates a new date or time in the past. Other valid examples are:

    • 7.days.ago
    • 3.months.ago
    • 1.year.ago