Gate 3 - Artifact Management

JFrog Artifactory

What is Artifactory?

  • Artifactory is a product by JFrog, that serves as a binary repository manager. The binary repository is a natural extension to the source code repository, in that it will store the outcome of your build process, often denoted as artifacts.
  • Most of you, or your teams use binary repositories every day with services such as Maven, NuGet, Pypi, npm, etc… Artifactory allows teams to now use it as the official, and approved way to store, and consume these artifacts from your build processes.
  • Artifactory also allows you to store peripheral build artifacts from your CI/CD pipelines in one central location that will continue to be even more important as the JDAI Gates process evolves.

ref 1 : Azure DevOps Extension

How do I on-board my team to Artifactory?

Your team will be set up with a development and production repository for each desired package type.

Roles and associated permissions are mapped your team's repositories and builds, via your team's permission target.

Here's an overview of the team roles and permissions for Artifactory:

role permissions
manager manages permissions for your team's resources and has read and write permissions to all your team's resources
devops has read and write permissions to all your team's resources
developer has read permissions to all your team's resources and write permissions to your team's non-prod resources
stakeholder has read permissions to all your team's resources

Once your team has been set up, please test access by logging in to the Artifactory UI here:

https://us.artifactory.gcso.cbre.com/webapp/#/home

We use SAML SSO and login with the corp ID.

Upon successful login, you can create an API token under your profile.

Save it to a secrue place with password. SDPROJECTCBREDATA

How to get my application to pass Cloud Gate 3?

follow the steps as blow:

I. deploy docker image to jfrog artifactory

step 1: pull the docker image from offical repo

$> docker pull nginx:latest
latest: Pulling from library/nginx
e1acddbe380c: Pull complete 
e21006f71c6f: Pull complete 
f3341cc17e58: Pull complete 
2a53fa598ee2: Pull complete 
12455f71a9b5: Pull complete 
b86f2ba62d17: Pull complete 
Digest: sha256:4d4d96ac750af48c6a551d757c1cbfc071692309b491b70b2b8976e102dd3fef
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest

step 2: modify, build, and commit your own docker image.

step 3: login in jfrog repo

$> docker login -u  yourname@your.com japandataplatform-docker-nonprod.us.artifactory.gcso.cbre.com
Password: 
AKCp8jRGcpADBfx1D5enYbyHhvqmJ8etydAYyQgEtmgK1rby1f7HAMwSvK7BmapqxiuzkJKfV

TODO

write a bash to make it automatically, and hide the password with aws secrets managerment

step 4: tag it

docker tag nginx japandataplatform-docker-nonprod.us.artifactory.gcso.cbre.com/nginx:latest

step 5: push it to the jfrog repo

$> docker push japandataplatform-docker-nonprod.us.artifactory.gcso.cbre.com/nginx:latest

II. use the docker image from jfrog artifactory

in the docker-compose.yml, yes we use docker-compose. Replace image from orignal with jfrog repo. like the below.

version: '2'

services:
    web:
        image: japandataplatform-docker-nonprod.us.artifactory.gcso.cbre.com/nginx:latest

        ...        

but when you first execute the docker-compose, you need docker login,

docker login -u  yourname@your.com japandataplatform-docker-nonprod.us.artifactory.gcso.cbre.com
Password: 


docker-compose up -d