According to my tests, the authentication token seems is required when downloading an artifact from a public repository.
- When I tried to download an artifact from a public repository via the commands below, it returned the 403 error, and generated an invalid “artifact.zip” in the working directory.
# download without authentication token
curl -v -L -o artifact.zip \
< HTTP/1.1 403 Forbidden
< date: Wed, 01 Jul 2020 05:46:28 GMT
< content-type: application/json; charset=utf-8
< server: GitHub.com
< status: 403 Forbidden
- When I tried to download the artifact with the authentication token via the commands below, the artifact can be downloaded successfully.
# download with authentication token
curl -v -L -u BrightRan:$token -o artifact.zip \
I’m not sure if we have misunderstood the description in the docs.
If the token is not required, I think there may be an issue causes the 403 error.
If the token is required, I think the description in the docs is somewhat ambiguous, and it is easy to mislead the readers.
I have reported this question to the appropriate engineering team for further investigation and evaluation. If they have any progress, I will notify you in time, and sometimes the appropriate engineers may directly reply you here.