Publishing Artifacts through Service Messages through API Calls

Created November 14, 2024 15:52

By using Service Messages, Artifacts can be published while the build is running (as per documentation). Service Messages are just stdout logs. Since logs can be added to a running build through API calls, Service Messages can also be added to a running build through API Calls by calling the /app/rest/builds/{buildLocator}/log route. This behavior is also documented in the API documentation.

However, using a Service Message added by an API call to publish an artifact doesn't work. Adding Service Messages through API calls to perform other tasks, like overriding the build status or number, is working. Service Messages to publish artifacts do appear in the log but they don't have any effect. I understand that can be a security issue, but I would like to understand the behavior of how this exactly works. Can you please clarify:

Is it expected for TeamCity to not publish artifacts from Service Messages added by API calls? If yes, maybe clarify this in the API documentation?
Is it expected for TeamCity to publish artifacts from Service Messages added by API calls? If yes, is it possible that there is a bug in the implementation?

This was tested with TeamCity Professional 2024.07.2 (build 160695)

3 comments

Mikhail Efremov

Created November 18, 2024 11:54

Hi Taha,

Some service messages are processed exclusively on the agent side; when you add a build log record via the REST API, it is added to the log from the server side, so the agent doesn't see it and, therefore, can't process it.

Could you please elaborate on your use case? Why do you want to publish artifacts using an external tool? Why not use the service message in the build itself?

Taha

Created November 18, 2024 12:58

Hi,

we actually don't want to publish artifacts through the API, but rather want to prevent this behavior for security reasons. For example, publishing artifacts through an API call can bypass artifact rules, which are only configured through code and reviewed through Pull Requests. We are relieved to know that this is not possible!

However, reading the documentation implied this possibility. Knowing about agent-side and server-side processing seems like internal knowledge about implementation details of TeamCity. Or have I missed the relevant documentation section? If this behavior is not documented, I kindly request to add it somewhere.

Thank you!

Mikhail Efremov

Created November 20, 2024 08:49

Thank you for your feedback. I'll discuss it internally to see how we can improve the documentation.

Please sign in to leave a comment.