Bamboo Artifactory Plug-in

JFrog Integrations Documentation

ft:sourceType
Paligo

Overview

Artifactory provides tight integration with Bamboo through the Bamboo Artifactory Plug-in. Beyond managing efficient deployment of your artifacts to Artifactory, the plug-in lets you capture information about artifacts deployed, dependencies resolved, environment data associated with the Bamboo build runs and more. This data can be published to Artifactory as buildinfo using the Artifactory Publish Build Info task.

The Bamboo Artifactory Plug-in currently provides full support for Maven, Gradle, Ivy, NPM, Docker and NuGet through dedicated Artifactory tasks for each of these package managers. Generic download and upload using File Specs is also supported through dedicated tasks.

Sources

The Bamboo Artifactory Plugin is an open-source project on GitHub which you can freely browse and fork.

Download

Plugin Compatibility:

The Bamboo Artifactory Plugin is fully tested for compatibility with the version of Bamboo that is current when the plugin is released. When a new version of Bamboo is released, the Marketplace lists the Bamboo Artifactory Plugin as incompatible, however, since we regularly update the plugin it is likely to maintain compatibility with patch or minor version upgrades of Bamboo. We recommend testing new Bamboo and plugins releases on a staging environment before upgrading the production environment.

Versions

Note

Upgrading to version 2.x from version 1.x of the plugin requires new installation steps. For more information, see Installing the Plugin .

The full list of versions is available here.

Installing the Plugin

Requirements
  • Artifactory 2.2.5 or later. For best results and optimized communication, we recommend using the latest version of Artifactory.

  • Artifactory Pro is required for advanced features, such as License Control and enhanced Build Integration.Managing Licenses

  • Maven 3.

  • Gradle 4.10 or later.

  • Ant and Ivy 2.1.0 or later.

Upgrading to Versions 2.x from Versions 1.x

If you are currently using a version of the plugin below 2.0.0 and would like to upgrade to version 2.0.0 or above, you need to migrate your Artifactory configuration data to the format expected by the type 2 plugin as described in the following steps:

1. If you are not already on version 1.13.0 of the plugin, upgrade to that version first.

2. From Bamboo Administration | Artifactory Plugin, click on the "Migrate data to v2" button.

3. Remove plugin version 1.13.0 and restart Bamboo.

4. You're now ready to install version 2.x according to the below instructions.

Installing Versions 2.x

From version 2.0.0, the Bamboo Artifactory Plugin is released as a type 2 plugin. You can read about installing type 2 plugins in the Bamboo documentation for Installing add-ons.

Installing Versions 1.x

Remove older versions

If you have an older version of the plug-in, be sure to remove it before upgrading to a newer one

For versions below 2.0.0, the plugin was released as a type 1 plugin and is deployed to Bamboo by placing the packaged plugin jar file into the $BAMBOO_INSTALLATION_HOME/atlassian-bamboo/WEB-INF/lib folder and restarting Bamboo.

For more details please refer to the Bamboo documentation for Installing Plugins type 1 add-ons.

Integration Benefits JFrog Artifactory and Bamboo

Configuration

To use the Bamboo Artifactory plug-in you need to set up your Artifactory server(s) in Bamboo's server configuration. You can then set up a project builder to deploy artifacts and build-info to a repository on one of the configured Artifactory servers.

Configuring System-wide Artifactory Server(s)

To make Artifactory servers available to project configurations, they must be defined under Bamboo Administration | Manage Apps | Artifactory Plugin.

Press New Artifactory Server to add a new server, fill in the required fields and press save.

BambooAFServerConfig.png
Configuring Artifactory Tasks
The Artifactory Generic Resolve Task

The Artifactory Generic Resolve task allows downloading files from Artifactory using file specs. It allows collecting build-info, which can be later published to Artifactory using by the Artifactory Publish Build Info task.

Note

  1. Before version 2.2.0, specifying artifact patterns was possible through Legacy Patterns, which became deprecated in version 2.2.0.

  2. Tasks which were created before version 2.7.0, publish the build-info to Artifactory directly, and not by the Publish Build Info task.

image2021-11-8_15-13-39.png
The Artifactory Generic Deploy Task

The Artifactory Generic Deploy task allows uploading files to Artifactory using file specs. It allows collecting build-info, which can be later published to Artifactory using by the Artifactory Publish Build Info task.

Note

  1. Before version 2.2.0, specifying artifact patterns was possible through Legacy Patterns, which became deprecated in version 2.2.0.

  2. Tasks which were created before version 2.7.0, publish the build-info to Artifactory directly, and not by the Publish Build Info task.

image2021-11-8_15-14-53.png
The Artifactory NuGet and Artifactory .NET Core tasks

Depending on whether you use the NuGet or .NET Core CLI to build your NuGet packages, the Artifactory NuGet and Artifactory .NET Core tasks support using the NuGet or .NET Core clients with Artifactory. The tasks allow resolving NuGet dependencies from Artifactory during the build, while collecting build-info, which can be later published to Artifactory using the Artifactory Publish Build Info task

Note

  • Depending on the client you use, please make sure either the nuget or dotnet clients are included in the build agent's PATH.

  • If you use the dotnet client, please note that .NET Core 3.1.200 SDK or above are supported.

The Collect Build Issues task

The build-info collected by the various Artifactory tasks, can also include the issues which were handled as part of the build. The list of issues is automatically collected by Bamboo from the git commit messages. This requires the project developers to use a consistent commit message format, which includes the issue ID and issue summary, for example:

BAP-1364 - Replace tabs with spaces

The list of issues can be then viewed in the Builds UI in Artifactory, along with a link to the issue in the issues tracking system.

The information required for collecting the issues is provided through a JSON configuration. This configuration can be provided as a file or as a JSON string.

Here's an example for issues collection configuration.

{
    "version": 1,
    "issues": {
        "trackerName": "JIRA",
        "regexp": "(.+-[0-9]+)\s-\s(.+)",
        "keyGroupIndex": 1,
        "summaryGroupIndex": 2,
        "trackerUrl": "http://my-jira.com/issues",
        "aggregate": "true",
        "aggregationStatus": "RELEASED"
    }
}

Configuration file properties:

Property name

Description

aggregate

Set to true, if you wish all builds to include issues from previous builds.

aggregationStatus

If aggregate is set to true, this property indicates how far in time should the issues be aggregated. In the above example, issues will be aggregated from previous builds, until a build with a RELEASE status is found. The RELEASE status is set to a build when it is promoted using the Build Promotion functionality added by the Bamboo Artifactory Plugin.

keyGroupIndex

The capturing group index in the regular expression used for retrieving the issue key. In the example above, setting the index to "1" retrieves BAP-1364 from this commit message:

BAP-1364 - Replace tabs with spaces

regexp

A regular expression used for matching the git commit messages. The expression should include two capturing groups - for the issue key (ID) and the issue summary. In the example above, the regular expression matches the commit messages as displayed in the following example:

BAP-1364 - Replace tabs with spaces

summaryGroupIndex

The capturing group index in the regular expression for retrieving the issue summary. In the example above, setting the index to "2" retrieves the sample issue from this commit message:

BAP-1364 - Replace tabs with spaces

trackerName

The name (type) of the issue tracking system. For example, JIRA. This property can take any value.

trackerUrl

The issue tracking URL. This value is used for constructing a direct link to the issues in the Artifactory build UI.

Version

The schema version is intended for internal use. Do not change!

image2021-11-8_15-15-39.png
The Publish Build Info task

The Publish Build Info task has been added in version 2.7.0. The task publishes the build-info collected by previous Artifactory tasks in the plan, if they are configured to collect build-info. For plans which include the Publish Build info task, the link to the published build-info is available in the Build Results area.

BambooBuildRunView.png

Note

Plan tasks which were created before version 2.7.0, publish the build-info to Artifactory without the use of the Publish Build Info task.

The Artifactory Xray Scan Task

The Bamboo Artifactory Plugin is integrated with JFrog Xray through JFrog Artifactory allowing you to have build artifacts scanned for vulnerabilities and other issues. If issues or vulnerabilities are found, you may choose to fail a build job. This integration requires JFrog Artifactory v4.16 and above and JFrog Xray v1.6 and above.

For Xray to scan builds, you need to configure a WatchConfiguring Xray Watches with the right filters that specify which artifacts and vulnerabilities should trigger an alert, and set a Fail Build Job Action for that Watch. You can read more about CI/CD integration with Xray here.CI-CD Integration with Xray

Next, add the Artifactory Xray Scan task to your plan and configure it.

Note

To scan a build with Xray, the build-info must be already published to Artifactory. You should therefore make sure that one or more of the previous plan tasks is configured to collect build info and that the build-info is published to Artifactory.

image2021-11-8_15-17-4.png
Using File Specs

File Spec are specified in JSON format. They are used in the Generic Resolve and Generic Deploy tasks and in Bamboo Deployment tasks, File Specs are used in the Artifactory Download task, to specify the dependencies to be resolved from Artifactory or artifacts to be deployed to it.

You can use File Specs in one of the following ways:

  1. Manage them in your SCM, and then during the build, have them pulled to the workspace with the other sources. If you choose this option, you should select the "File" option in the "Upload spec source" or "Download spec source" field and specify the relative path to the File Spec in your workspace.

  2. Save the File Spec JSON as part of the job configuration. If you choose this option, you should select the "Job configuration" option in the "Upload spec source" or "Download spec source" field and specify the File Spec JSON content in your workspace in the "File path" field.

You can read the File Spec schema here.

Deployment Projects

The Bamboo Artifactory Plugin also supports Bamboo Deployment projects (read more about Deployment projects here).

  • The Artifactory Download task downloads artifacts from Artifactory. The artifacts to be downloaded are defined using File Specs.

  • The Artifactory Deployment task collects the build artifacts which are shared by the build plan associated with the deployment task, and uploads them to Artifactory. In addition, artifacts which were downloaded by Artifactory Download task are also available for deployment.

deployment_tasks.png

The "Artifacts Download" Task

The Artifacts Download task must be prior to the Artifactory Deployment task in the Deployment job flow.

Running a Build

Once you have completed setting up a project builder you can run it. The Artifactory plug-in commences at the end of the build and:

  1. Deploys all artifacts to the selected target repository in one go (as opposed to the deploy at the end of each module build, used by Maven/Ivy).

  2. Deploys the Artifactory build-info to the selected server, which provides full traceability of the build in Artifactory, with links back to the build in Bamboo.

Attaching Searchable Parameters

You can define parameters that should be attached to build info and artifacts that are deployed by the plugin.

To define a parameter, under Administration go to Build Resources | Global Variables, fill in a Key/Value pair and click Save.

The available parameter types are:

  • buildInfo.property.* - All properties starting with this prefix will be added to the root properties of the build-info.

  • artifactory.deploy.* - All properties starting with this prefix will be attached to any produced artifacts that are deployed.

Using a Properties File

Instead of defining properties manually, you can point the plug-in to a properties file.

To do so, define a property named buildInfoConfig.propertiesFile and set its value to the absolute path of the properties file.

SearchableParameters.png

Tip

The given path and file should be present on the machine that is running the build agent, not the server.

Overriding Plan values using Bamboo Variables

The Artifactory Plugin supports overriding variables in the plan configuration like Deployer credentials, Resolver credentials, repositories etc.

If you wish to override any of the values specified in the table below, you need to configure them as Bamboo variables either through the UI or append them to the REST URL request as a query parameters.

When assigning any value to these Bamboo variables, it will override the job configuration.

Example with REST

curl -ubamboo-user:bamboo-password -XPOST 
"http://<BAMBOO HOST>:8085/rest/api/latest/queue/MVN-JOB?stage&executeAllStages&bamboo.variable.artifactory.override.deployer.username=new_username&bamboo.variable.artifactory.override.deployer.password=new_password"

In the example above, we use CURL to remotely invoke a Bamboo plan. We set the Deployer username and Deployer password for this specific request.

Note that we add the "bamboo.varaible" prefix to the query parameters.

Warning

Note that the sent values will be applied only if the specific task support them. For example: currently Artifactory Gradle tasks do not support Resolver credentials, hence those values will be ignored if sent.

Parameter name

Description

Supported jobs

artifactory.override.deployer.username

Deployer username

Maven, Gradle, Ivy, Generic deploy

artifactory.override.deployer.password

Deployer password

Maven, Gradle, Ivy, Generic deploy

artifactory.override.resolver.username

Resolver username

Maven, Generic resolve

artifactory.override.resolver.password

Resolver password

Maven, Generic resolve

artifactory.override.resolve.repo

Resolve repository

Maven, Gradle

artifactory.override.deploy.repo

Deploy repository

Maven, Gradle, Ivy, Generic deploy

artifactory.task.override.jdk

If set to true, check the value of artifactory.task.override.jdk.env.var.

If that variable is populated with an environment variable,

use the value of that environment variable as the Build JDK path.

If artifactory.task.override.jdk.env.varis not defined, use the value of JAVA_HOME for the Build JDK.

Maven, Gradle, Ivy

artifactory.task.override.jdk.env.var

Stores the name of another environment variable whose value should be used for the build JDK.

Maven, Gradle, Ivy

Release Management

The Artifactory Plugin provides a powerful feature for release management and promotion. For details please refer to Bamboo Artifactory Plugin - Release Management.

Release Notes