Overview
Artifactory provides tight integration with Bamboo through the Bamboo Artifactory Plug-in. Beyond managing efficient deployment of your artifacts to Artifactory, the plug-in lets you capture information about artifacts deployed, dependencies resolved, environment data associated with the Bamboo build runs and more. This data can be published to Artifactory as buildinfo using the Artifactory Publish Build Info task.
The Bamboo Artifactory Plug-in currently provides full support for Maven, Gradle, Ivy, NPM, Docker and NuGet through dedicated Artifactory tasks for each of these package managers. Generic download and upload using File Specs is also supported through dedicated tasks.
Sources
The Bamboo Artifactory Plugin is an open-source project on GitHub which you can freely browse and fork.
Download
Plugin Compatibility:
The Bamboo Artifactory Plugin is fully tested for compatibility with the version of Bamboo that is current when the plugin is released. When a new version of Bamboo is released, the Marketplace lists the Bamboo Artifactory Plugin as incompatible, however, since we regularly update the plugin it is likely to maintain compatibility with patch or minor version upgrades of Bamboo. We recommend testing new Bamboo and plugins releases on a staging environment before upgrading the production environment.
Versions
Note
Upgrading to version 2.x from version 1.x of the plugin requires new installation steps. For more information, see Installing the Plugin .
The full list of versions is available here.
Installing the Plugin
Requirements
Artifactory 2.2.5 or later. For best results and optimized communication, we recommend using the latest version of Artifactory.
Artifactory Pro is required for advanced features, such as License Control and enhanced Build Integration.
Maven 3.
Gradle 4.10 or later.
Ant and Ivy 2.1.0 or later.
Upgrading to Versions 2.x from Versions 1.x
If you are currently using a version of the plugin below 2.0.0 and would like to upgrade to version 2.0.0 or above, you need to migrate your Artifactory configuration data to the format expected by the type 2 plugin as described in the following steps:
1. If you are not already on version 1.13.0 of the plugin, upgrade to that version first.
2. From Bamboo Administration | Artifactory Plugin, click on the "Migrate data to v2" button.
3. Remove plugin version 1.13.0 and restart Bamboo.
4. You're now ready to install version 2.x according to the below instructions.
Installing Versions 2.x
From version 2.0.0, the Bamboo Artifactory Plugin is released as a type 2 plugin. You can read about installing type 2 plugins in the Bamboo documentation for Installing add-ons.
Installing Versions 1.x
Remove older versions
If you have an older version of the plug-in, be sure to remove it before upgrading to a newer one
For versions below 2.0.0, the plugin was released as a type 1 plugin and is deployed to Bamboo by placing the packaged plugin jar file into the $BAMBOO_INSTALLATION_HOME/atlassian-bamboo/WEB-INF/lib
folder and restarting Bamboo.
For more details please refer to the Bamboo documentation for Installing Plugins type 1 add-ons.
Integration Benefits JFrog Artifactory and Bamboo
Configuration
To use the Bamboo Artifactory plug-in you need to set up your Artifactory server(s) in Bamboo's server configuration. You can then set up a project builder to deploy artifacts and build-info to a repository on one of the configured Artifactory servers.
Configuring System-wide Artifactory Server(s)
To make Artifactory servers available to project configurations, they must be defined under Bamboo Administration | Manage Apps | Artifactory Plugin.
Press New Artifactory Server to add a new server, fill in the required fields and press save.
Configuring Artifactory Tasks
The Artifactory Generic Resolve Task
The Artifactory Generic Resolve task allows downloading files from Artifactory using file specs. It allows collecting build-info, which can be later published to Artifactory using by the Artifactory Publish Build Info task.
Note
Before version 2.2.0, specifying artifact patterns was possible through Legacy Patterns, which became deprecated in version 2.2.0.
Tasks which were created before version 2.7.0, publish the build-info to Artifactory directly, and not by the Publish Build Info task.
The Artifactory Generic Deploy Task
The Artifactory Generic Deploy task allows uploading files to Artifactory using file specs. It allows collecting build-info, which can be later published to Artifactory using by the Artifactory Publish Build Info task.
Note
Before version 2.2.0, specifying artifact patterns was possible through Legacy Patterns, which became deprecated in version 2.2.0.
Tasks which were created before version 2.7.0, publish the build-info to Artifactory directly, and not by the Publish Build Info task.
The Artifactory NuGet and Artifactory .NET Core tasks
Depending on whether you use the NuGet or .NET Core CLI to build your NuGet packages, the Artifactory NuGet and Artifactory .NET Core tasks support using the NuGet or .NET Core clients with Artifactory. The tasks allow resolving NuGet dependencies from Artifactory during the build, while collecting build-info, which can be later published to Artifactory using the Artifactory Publish Build Info task
Note
Depending on the client you use, please make sure either the nuget or dotnet clients are included in the build agent's PATH.
If you use the dotnet client, please note that .NET Core 3.1.200 SDK or above are supported.
The Collect Build Issues task
The build-info collected by the various Artifactory tasks, can also include the issues which were handled as part of the build. The list of issues is automatically collected by Bamboo from the git commit messages. This requires the project developers to use a consistent commit message format, which includes the issue ID and issue summary, for example:
BAP-1364 - Replace tabs with spaces
The list of issues can be then viewed in the Builds UI in Artifactory, along with a link to the issue in the issues tracking system.
The information required for collecting the issues is provided through a JSON configuration. This configuration can be provided as a file or as a JSON string.
Here's an example for issues collection configuration.
{ "version": 1, "issues": { "trackerName": "JIRA", "regexp": "(.+-[0-9]+)\s-\s(.+)", "keyGroupIndex": 1, "summaryGroupIndex": 2, "trackerUrl": "http://my-jira.com/issues", "aggregate": "true", "aggregationStatus": "RELEASED" } }
Configuration file properties:
Property name | Description |
---|---|
aggregate | Set to true, if you wish all builds to include issues from previous builds. |
aggregationStatus | If aggregate is set to true, this property indicates how far in time should the issues be aggregated. In the above example, issues will be aggregated from previous builds, until a build with a RELEASE status is found. The RELEASE status is set to a build when it is promoted using the Build Promotion functionality added by the Bamboo Artifactory Plugin. |
keyGroupIndex | The capturing group index in the regular expression used for retrieving the issue key. In the example above, setting the index to "1" retrieves BAP-1364 from this commit message: BAP-1364 - Replace tabs with spaces |
regexp | A regular expression used for matching the git commit messages. The expression should include two capturing groups - for the issue key (ID) and the issue summary. In the example above, the regular expression matches the commit messages as displayed in the following example: BAP-1364 - Replace tabs with spaces |
summaryGroupIndex | The capturing group index in the regular expression for retrieving the issue summary. In the example above, setting the index to "2" retrieves the sample issue from this commit message: BAP-1364 - Replace tabs with spaces |
trackerName | The name (type) of the issue tracking system. For example, JIRA. This property can take any value. |
trackerUrl | The issue tracking URL. This value is used for constructing a direct link to the issues in the Artifactory build UI. |
Version | The schema version is intended for internal use. Do not change! |
The Publish Build Info task
The Publish Build Info task has been added in version 2.7.0. The task publishes the build-info collected by previous Artifactory tasks in the plan, if they are configured to collect build-info. For plans which include the Publish Build info task, the link to the published build-info is available in the Build Results area.
Note
Plan tasks which were created before version 2.7.0, publish the build-info to Artifactory without the use of the Publish Build Info task.
The Artifactory Xray Scan Task
The Bamboo Artifactory Plugin is integrated with JFrog Xray through JFrog Artifactory allowing you to have build artifacts scanned for vulnerabilities and other issues. If issues or vulnerabilities are found, you may choose to fail a build job. This integration requires JFrog Artifactory v4.16 and above and JFrog Xray v1.6 and above.
For Xray to scan builds, you need to configure a Watch with the right filters that specify which artifacts and vulnerabilities should trigger an alert, and set a Fail Build Job Action for that Watch. You can read more about CI/CD integration with Xray here.
Next, add the Artifactory Xray Scan task to your plan and configure it.
Note
To scan a build with Xray, the build-info must be already published to Artifactory. You should therefore make sure that one or more of the previous plan tasks is configured to collect build info and that the build-info is published to Artifactory.
Using File Specs
File Spec are specified in JSON format. They are used in the Generic Resolve and Generic Deploy tasks and in Bamboo Deployment tasks, File Specs are used in the Artifactory Download task, to specify the dependencies to be resolved from Artifactory or artifacts to be deployed to it.
You can use File Specs in one of the following ways:
Manage them in your SCM, and then during the build, have them pulled to the workspace with the other sources. If you choose this option, you should select the "File" option in the "Upload spec source" or "Download spec source" field and specify the relative path to the File Spec in your workspace.
Save the File Spec JSON as part of the job configuration. If you choose this option, you should select the "Job configuration" option in the "Upload spec source" or "Download spec source" field and specify the File Spec JSON content in your workspace in the "File path" field.
You can read the File Spec schema here.
Deployment Projects
The Bamboo Artifactory Plugin also supports Bamboo Deployment projects (read more about Deployment projects here).
The Artifactory Download task downloads artifacts from Artifactory. The artifacts to be downloaded are defined using File Specs.
The Artifactory Deployment task collects the build artifacts which are shared by the build plan associated with the deployment task, and uploads them to Artifactory. In addition, artifacts which were downloaded by Artifactory Download task are also available for deployment.
The "Artifacts Download" Task
The Artifacts Download task must be prior to the Artifactory Deployment task in the Deployment job flow.
Running a Build
Once you have completed setting up a project builder you can run it. The Artifactory plug-in commences at the end of the build and:
Deploys all artifacts to the selected target repository in one go (as opposed to the deploy at the end of each module build, used by Maven/Ivy).
Deploys the Artifactory build-info to the selected server, which provides full traceability of the build in Artifactory, with links back to the build in Bamboo.
Attaching Searchable Parameters
You can define parameters that should be attached to build info and artifacts that are deployed by the plugin.
To define a parameter, under Administration go to Build Resources | Global Variables, fill in a Key/Value pair and click Save.
The available parameter types are:
buildInfo.property.*
- All properties starting with this prefix will be added to the root properties of the build-info.artifactory.deploy.*
- All properties starting with this prefix will be attached to any produced artifacts that are deployed.
Using a Properties File
Instead of defining properties manually, you can point the plug-in to a properties file.
To do so, define a property named buildInfoConfig.propertiesFile
and set its value to the absolute path of the properties file.
Tip
The given path and file should be present on the machine that is running the build agent, not the server.
Overriding Plan values using Bamboo Variables
The Artifactory Plugin supports overriding variables in the plan configuration like Deployer credentials, Resolver credentials, repositories etc.
If you wish to override any of the values specified in the table below, you need to configure them as Bamboo variables either through the UI or append them to the REST URL request as a query parameters.
When assigning any value to these Bamboo variables, it will override the job configuration.
Example with REST
curl -ubamboo-user:bamboo-password -XPOST "http://<BAMBOO HOST>:8085/rest/api/latest/queue/MVN-JOB?stage&executeAllStages&bamboo.variable.artifactory.override.deployer.username=new_username&bamboo.variable.artifactory.override.deployer.password=new_password"
In the example above, we use CURL to remotely invoke a Bamboo plan. We set the Deployer username and Deployer password for this specific request.
Note that we add the "bamboo.varaible" prefix to the query parameters.
Warning
Note that the sent values will be applied only if the specific task support them. For example: currently Artifactory Gradle tasks do not support Resolver credentials, hence those values will be ignored if sent.
Parameter name | Description | Supported jobs |
---|---|---|
artifactory.override.deployer.username | Deployer username | Maven, Gradle, Ivy, Generic deploy |
artifactory.override.deployer.password | Deployer password | Maven, Gradle, Ivy, Generic deploy |
artifactory.override.resolver.username | Resolver username | Maven, Generic resolve |
artifactory.override.resolver.password | Resolver password | Maven, Generic resolve |
artifactory.override.resolve.repo | Resolve repository | Maven, Gradle |
artifactory.override.deploy.repo | Deploy repository | Maven, Gradle, Ivy, Generic deploy |
artifactory.task.override.jdk | If set to true, check the value of artifactory.task.override.jdk.env.var. If that variable is populated with an environment variable, use the value of that environment variable as the Build JDK path. If artifactory.task.override.jdk.env.varis not defined, use the value of JAVA_HOME for the Build JDK. | Maven, Gradle, Ivy |
artifactory.task.override.jdk.env.var | Stores the name of another environment variable whose value should be used for the build JDK. | Maven, Gradle, Ivy |
Release Management
The Artifactory Plugin provides a powerful feature for release management and promotion. For details please refer to Bamboo Artifactory Plugin - Release Management.