The Capable Hub provides CI integrated, Cloudflare-backed, release storage for the CHERI ecosystem. This ensures that project artifacts remain permanent, highly available, and globally accessible — moving beyond the time-limited constraints of standard CI providers.
This page provides information on setup and use.
Public Access to Artifacts
Release artifacts are stored in project specific Cloudflare R2 buckets, public access to the bucket is provided at:
[project-name].dl.thecapablehub.org
Please note that there is no public directory listing for buckets - the filename of the artifact must be appended to the public R2 bucket URL. As such, we recommend that our Software map is used for documenting formal releases and to provide links to releases within the project R2 bucket.
Write Access Artifact Storage
A Cloudflare R2 bucket is created for each project with write access credentials given to project owner(s). To request access for your project please reach out to us at support@thecapablehub.org.
Please refer to the Cloudflare documentation for information on how to upload objects including use of it’s S3 compatible bucket API.
Integration with GitHub Actions
GitHub provides artifact and release storage. However, these may be limited in size or expire after a period of time. We therefore recommend using The Capable Hub’s artifact storage to overcome these limitations and eliminate GitHub hosting costs. The following steps describe how to upload artifacts from a GitHub Actions workflow, which may be used during releases.
Installing the required tooling in your workflow file (for a x86_64 host):
- name: Setup
run: |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
curl -o awscliv2.sig https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip.sig
# optional but important, verify the *.zip file
gpg --import $BUILD_DIR/ci/awsclikey
gpg --verify awscliv2.sig awscliv2.zip
unzip awscliv2.zip
sudo ./aws/install
aws --version
Then the aws utility can then be used to upload artifacts, in a GitHub workflow, to the CloudFlare R2 bucket:
- name: Upload Release to Cloudflare R2
env:
AWS_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
AWS_BUCKET_NAME: ${{ secrets.R2_BUCKET_NAME }}
AWS_ENDPOINT: ${{ secrets.R2_ENDPOINT }}
run: |
aws s3 sync ./build-output "s3://$AWS_BUCKET_NAME/${{ github.ref_name }}" \
--endpoint-url "$AWS_ENDPOINT" \
--region auto
Please note that this requires credentials that should not be publiccly visible, to overcome this please use GitHub secrets for storage of the R2 credentials. We would of course issue and share all of the required secrets.
Further Support
If you encounter issues or wish to request artifact storage for your project, please reach out to support@thecapablehub.org.