Managing build artifacts
On This Page
Build artifacts persist data after a job is completed. They can be used for longer-term storage of your build process outputs. For example, when a Java build/test process finishes, the output of the process is saved as a .jar file. CircleCI can store this file as an artifact, keeping it available long after the process has finished.
Safe and unsafe content types
By default, only predefined artifact types are allowed to be rendered. This protects users from uploading, and potentially executing, malicious content. The 'allowed-list' is as follows:
| Category | Safe Type |
|---|---|
Text | Plain |
Application | JSON |
Image | PNG |
Image | JPG |
Image | GIF |
Image | BMP |
Video | WEBM |
Video | OGG |
Video | MP4 |
Audio | WEBM |
Audio | AAC |
Audio | MP4 |
Audio | MPEG |
Audio | OGG |
Audio | WAV |
Also, by default, the following types will be rendered as plain text:
| Category | Unsafe Type |
|---|---|
Text | HTML |
Text | CSS |
Text | JavaScript |
Text | ecmascript |
Application | JavaScript |
Application | ecmascript |
Text | XML |
Allow unsafe types
You can choose to allow unsafe types to be rendered, if required. Add the following to your values.yaml file:
serveUnsafeArtifacts: true