PublishBuildInfo

JFrog Pipelines Documentation

ft:sourceType
Paligo

The PublishBuildInfo step publishes BuildInfo to Artifactory. BuildInfo provides a manifest for the build and includes metadata about the modules, dependencies and other environment variables.

BuildInfo can also be published by any of the language-specific publish steps, when its autoPublishBuildInfo tag is set to true.

Note

A base exclude pattern always applies to published build info from Pipelines, to prevent environment variables containing security information (e.g., secrets) and other unnecessary data from being published. The base exclude pattern is:

buildinfo.env.res_*;buildinfo.env.int_*;buildinfo.env.current_*;*password*;*secret*;*key*;*token*

YAML Schema

The YAML schema for PublishBuildInfo native step is as follows:

PublishBuildInfo

pipelines:
  - name:   <string>
    steps:
      - name: <string>
        type: PublishBuildInfo
        configuration:
          #inherits all the tags from bash
          envInclude:       <string>   
          envExclude:       <string>   
          forceXrayScan:    <boolean>    # default false
          failOnScan:       <boolean>    # default true

          inputSteps:
            - name:         <any of the build steps or Bash step>  # required
          outputResources:
            - name:         <BuildInfo resource>                             # required


        execution:
          onStart:
            - echo "Preparing for work..."
          onSuccess:
            - echo "Job well done!"
          onFailure:
            - echo "uh oh, something went wrong"
          onComplete: #always
            - echo "Cleaning up some stuff"
Tags
name

An alphanumeric string (underscores are permitted) that identifies the step.

type

Must be PublishBuildInfo for this step type.

configuration

Specifies all configuration selections for the step's execution environment. This step inherits the Bash/ PowerShell step configuration tags, including these pertinenttags:

Tag

Description of usage

Required/Optional

inputSteps

Must specify a named step of one of the following types:

The step must not have set autoPublishBuildInfo to true.

Required

outputResources

Must specify a BuildInfo resource to publish. The buildName and buildNumber properties are automatically set to $buildName and $buildNumber if defined, or the JFROG_CLI_BUILD_NAME and/or JFROG_CLI_BUILD_NUMBER from the environment of the named step for native steps. If JFROG_CLI_BUILD_NAME or JFROG_CLI_BUILD_NUMBER was not set when the input step ran, the defaults are $pipeline_name and $run_number.

Note

If inputSteps is a Bash step and $buildName or $buildNumber are not defined, then this step will fail.

Required

In addition, these tags can be defined to support the step's native operation:

Note

All native steps derive from the Bash step. This means that all steps share the same base set of tags from Bash, while native steps have their own additional tags as well that support the step's particular function. So it's important to be familiar with the Bash step definition, since it's the core of the definition of all other steps.

Tag

Description of usage

Required/Optional

envInclude

Pattern for which environment variables to include. Default is to include all the environment variables.

Optional

envExclude

Pattern for which environment variables to exclude. This is applied in addition to the base exclude pattern applied to all build info.

Optional

forceXrayScan

When set to true, forces an Xray scan after publishing to Artifactory.

Default is false.

Optional

failOnScan

When set to true, and when the Xray Policy Rule Fail Build checkbox is checked, a failed Xray scan will result in a failure of the step.

Default is true.

Optional

execution

Declares collections of shell command sequences to perform for pre- and post-execution phases:

Tag

Description of usage

Required/Optional

onStart

Commands to execute in advance of the native operation

Optional

onSuccess

Commands to execute on successful completion

Optional

onFailure

Commands to execute on failed completion

Optional

onComplete

Commands to execute on any completion

Optional

The actions performed for the onExecute phase are inherent to this step type and may not be overridden.

Examples

The following examples show how to configure a PublishBuildInfo step.

Full Pipeline Example

Pushes the image created by the DockerBuild input step and published BuildInfo to Artifactory.

DockerPush

# This config file is templatized so that it can be easily customized. Values can be provided with a values.yml file.
template: true   # required for local templates
valuesFilePath: ./values.yml

resources:
  - name: app_repo1
    type: GitRepo
    configuration:
      gitProvider: {{ .Values.gitIntegration }}                      
      path: {{ .Values.gitRepositoryPath }}    
      branches:
        include: master

  - name: app_buildinfo1
    type: BuildInfo
    configuration:
      sourceArtifactory: {{ .Values.artifactoryIntegration }}

  - name: app_promoted_buildinfo1
    type: BuildInfo
    configuration:
      sourceArtifactory: {{ .Values.artifactoryIntegration }}

pipelines:
  - name: app_dev_pipeline
    steps:
      - name: app_build
        type: DockerBuild
        configuration:
          affinityGroup: docker_group
          dockerFileLocation: .
          dockerFileName: Dockerfile
          dockerImageName: {{ .Values.artifactoryUrl }}/{{ .Values.sourceRepository }}/{{ .Values.imageName }}  
          dockerImageTag: ${run_number}
          inputResources:
            - name: app_repo
          integrations:
            - name: {{ .Values.artifactoryIntegration }}         
            
      - name: app_push
        type: DockerPush
        configuration:
          affinityGroup: docker_group
          targetRepository: {{ .Values.sourceRepository }}
          integrations:
            - name: {{ .Values.artifactoryIntegration }}                            
          inputSteps:
            - name: app_build

      - name: publish_app_build
        type: PublishBuildInfo
        configuration:
          affinityGroup: docker_group
          inputSteps:
            - name: app_push
          outputResources:
            - name: app_buildinfo
MvnBuild Example

This extends the first MvnBuild example to publish the build info using a PublishBuildInfo step.

PublishBuildInfo

pipelines:
  - name: MyMavenPipeline
    steps:
      - name: MavenWithArtifactory
        type: MvnBuild
        configuration:
          integrations:
            - name: art
          inputResources:
            - name: mvn_repo
      - name: publishBuildInfoStep
        type: PublishBuildInfo
        configuration:
          inputSteps:
            - name: MavenWithArtifactory
          outputResources:
            - name: buildInfoResource
NpmBuild and NpmPublish Example

An NpmBuild and NpmPublish example publishing the build info using a PublishBuildInfo step and triggering an Xray scan in the PublishBuildInfo step.

PublishBuildInfo

pipelines:
  - name: npmBuildPipeline
    steps:
      - name: npmBuildStep
        type: NpmBuild
        configuration:
          inputResources:
            - name: gitRepoResource
          integrations:
            - name: artifactory_integration
      - name: npmPublishStep
        type: NpmPublish
        configuration:
          deployerRepo: npm-repo
          inputSteps:
            - name: npmBuildStep
          outputResources:
            - name: outputBuildInfo
      - name: publishBuildInfoStep
        type: PublishBuildInfo
        configuration:
          forceXrayScan: true
          inputSteps:
            - name: npmPublishStep
          outputResources:
            - name: buildInfoResource
Bash and GoPublishModule Step

A Bash step input to the PublishBuildInfo step following an earlier GoPublishModule step.

PublishBuildInfo

pipelines:
  - name: goPublishModulePipeline
    steps:
      - name: goPublishModuleStep
        type: GoPublishModule
        configuration:
          version: "v0.0.${run_number}"
          targetRepository: go-repo
          self: true
          deps: ALL
          inputResources:
            - name: gitRepoResource
          integrations:
            - name: artifactory_integration
      - name: moduleTestStep
        type: Bash
        configuration:
          inputSteps:
            - name: goPublishModuleStep
        execution:
          onExecute:
            - "echo 'Running some tests.'"
      - name: publishBuildInfoStep
        type: PublishBuildInfo
        configuration:
          environmentVariables:
            buildStepName: goPublishModuleStep
          inputSteps:
            - name: moduleTestStep
          outputResources:
            - name: buildInfoResource
How it Works

When you use the PublishBuildInfo native step in a pipeline, it performs the following functions in the background:

  • jfrog rt config (configure the JFrog CLI with the BuildInfo output credentials)

  • jfrog rt use (specify the configured credentials to use)

  • restore_run_files (copy the output and build info from the input step)

  • jfrog rt build-publish (publish the build info)

  • jfrog rt build-scan (if forceXrayScan is true, trigger a scan)

  • write_output (if autoPublishBuildInfo is true, update the output BuildInfo resource)

  • add_run_files (update the build info saved in run state)