Pipes for JFrog, a Fitting Match for BitBucket Pipelines
Many users of Atlassian Bitbucket already choose JFrog Artifactory as their artifact repository with Xray as their DevSecOps tool to bring certainty and trust to the binaries in their software delivery pipelines. With Atlassian’s launch of Pipes for Bitbucket Pipelines, it’s easy for developers to manage their software releases from code through testing and release. JFrog provides a set of Bitbucket Pipes for the most commonly performed set of Artifactory and Xray operations.
In Bitbucket, developers can construct Pipelines, a scripted set of CI/CD procedures, through a YAML configuration file.
Pipes are Atlassian’s way to simplify configuring your Bitbucket Pipeline. They’re very useful for frequently performed actions that would otherwise take several lines of script, especially when working with a supporting tool like Artifactory or Xray.
Just like a subroutine or object method in code; you invoke a pipe to perform a specific function according to parameters you provide.
It’s the easiest way to get your artifacts to start flowing through an Atlassian Bitbucket Pipeline.
Finding JFrog pipes
These pipes are made publicly available along with all other Atlassian-supported pipes. You can select them through the Bitbucket online editor, in the rightmost side panel.
Selecting one of the available pipes will present you the information you need to make use of it.
How a pipe works
In the YAML file that configures your Bitbucket Pipeline, you specify a path to the pipe, followed by a few key pieces of information.
For example, this is a code snippet for artifactory-generic-upload, the pipe that uploads a single artifact or set of artifacts to an Artifactory repository:
script:
- pipe: JfrogDev/artifactory-generic-upload:0.1.0
variables:
ARTIFACTORY_URL: $ARTIFACTORY_URL
ARTIFACTORY_USER: $ARTIFACTORY_USER
ARTIFACTORY_PASSWORD: $ARTIFACTORY_PASSWORD
FILE_SPEC: "false"
SOURCE_PATH: "generic/*.zip"
TARGET_PATH: "generic-local/"
BUILD_NAME: "generic-pipe-example"
To use a pipe in a Bitbucket Pipeline, copy the offered snippet to the YAML file, and replace the placeholder parameter text with the base Artifactory URL, credentials, and the source and target paths for the artifact to upload.
What JFrog Bitbucket pipes can do
These are the currently available set of pipes available for the most common Artifactory operations:
Pipe | Description |
---|---|
artifactory-generic-upload | Uploads an artifact to an Artifactory repository |
artifactory-generic-download | Downloads an artifact from an Artifactory repository. |
artifactory-maven | Triggers a Maven build, while resolving Maven dependencies and deploying Maven packages from and to Artifactory as a Maven repository. |
artifactory-npm | Triggers an npm build, while resolving npm dependencies and deploying npm packages from and to Artifactory as an NPM registry. |
artifactory-docker | Uploads a Docker image to an Artifactory repository that serves as a Docker registry. |
artifactory-build-promotion | Promotes a build within Artifactory to a specified repository.
Promoting a build copies (or moves) the built artifacts to another Artifactory repository to make them available for the next set of consumers in the software delivery pipeline. |
artifactory-xray-scan | Scans a build with JFrog Xray to identify security vulnerabilities and compliance issues. |
Let DevOps flow
Using these pipes is the fastest way to get your build artifacts in Bitbucket moving through Artifactory. Then you can use JFrog’s release management plugin for Bitbucket to view the builds you make.
If you already have a licensed installation of JFrog Artifactory, whether on-prem, hosted in your own cloud cluster, or SaaS through Cloud Pro, Pro X or Enterprise, you can start using JFrog Bitbucket Pipes right away. Just pass your credentials to your Artifactory URL through any of the available pipes. Otherwise, you’re welcome to get a trial of JFrog Artifactory.
Give these pipes a try! You’ll see how once Artifactory and Xray are coupled to your Bitbucket plumbing, delivering trusted software can be as easy as turning a valve on a spigot.