actions.downloadArtifact follows the redirect instead of returning the URL

[pluma]

Checklist

• I checked all open bugs and none of them matched my problem.

Environment

• https://api.github.com
• GitHub Enterprise Server:
• GitHub Enterprise Cloud
• Node.js
• Browsers:
• Others:

Versions

├── @octokit/rest@18.0.15

What happened?

According to the documentation actions.downloadArtifact should return a redirect URL for downloading the artifact. Instead it returns after following the redirect, which means data contains the entire artifact as a buffer.

Minimal test case to reproduce the problem

1. Have a workflow generate an artifact and set up a PAT for accessing it.
2. Create an auhorized octokit instance.
3. Run await octokit.actions.downloadArtifact against the artifact.
4. Wait several seconds for hundreds of megabytes of data being downloaded and loaded into V8 to create a buffer.
5. The function eventually returns with data set to the buffer.

What did you expect to happen?

According to the documentation, the API responds with a redirect and the response from octokit should be the URL (via the location header) which is good for one minute. This seems useful as the user might want to use something else to perform the download, e.g. to avoid loading hundreds of megabytes into memory.

What the problem might be

The underlying `@octokit/request´ library likely follows redirects by default. Either the documentation of the method needs to be changed to reflect this behavior or the request needs to be performed in a way that ensures the redirect is not followed in this case.

[gr2m]

The documentation of the method is directly taken from GitHub's OpenAPI specification at https://github.com/github/rest-api-description/, we do not maintain these manually. We have several issues related to redirects are blocked by GitHub's API: https://github.com/octokit/rest.js/issues?q=is%3Aissue+is%3Aopen+label%3Ablocked

If you work in Node, what I would recommend is to use a different request library to retrieve the redirect URL without following it automatically. That is something that cannot be done in browsers. I've been asking for a special media type to retrieve the redirect URL in the response body for a long time, unfortunately to no avail: https://gr2m.github.io/github-api-wishlist/wishlist/link-media-type/

Anyway, you can do this to retrieve the request options, then pass it to another request library

const requestOptions = octokit.actions.downloadArtifact.endpoint({
  owner,
  repo,
  artifact_id,
  archive_format,
});
// token for Authorization header: `Authorization: token ${token}`
const { token } = await octokit.auth()

You can also pass node-fetch options by setting them on the request option, can you try this?

const { headers } = await octokit.actions.downloadArtifact({
  request: {
    // node-only fetch option: https://github.com/node-fetch/node-fetch#options
    follow: 0
  },
  owner,
  repo,
  artifact_id,
  archive_format,
});

[pluma]

@gr2m Thanks for the detailed answer! That looks like it should be a good workaround. I ended up going a different route entirely, though, that no longer involves downloading artifacts. Feel free to close this issue.

[bobisjan]

I've encountered the same issue, and I was able to solve this with the redirect option, leaving following snippet for the future travellers.

const { headers } = await octokit.actions.downloadArtifact({
  request: {
    redirect: 'manual',
  },
  owner,
  repo,
  artifact_id,
  archive_format,
});