Gate 3 - Artifact Management
JFrog Artifactory
What is Artifactory?
- Artifactory is a product by JFrog, that serves as a binary repository manager. The binary repository is a natural extension to the source code repository, in that it will store the outcome of your build process, often denoted as artifacts.
- Most of you, or your teams use binary repositories every day with services such as Maven, NuGet, Pypi, npm, etc… Artifactory allows teams to now use it as the official, and approved way to store, and consume these artifacts from your build processes.
- Artifactory also allows you to store peripheral build artifacts from your CI/CD pipelines in one central location that will continue to be even more important as the JDAI Gates process evolves.
ref 1 : Azure DevOps Extension
How do I on-board my team to Artifactory?
Your team will be set up with a development and production repository for each desired package type.
Roles and associated permissions are mapped your team's repositories and builds, via your team's permission target.
Here's an overview of the team roles and permissions for Artifactory:
| role | permissions |
|---|---|
| manager | manages permissions for your team's resources and has read and write permissions to all your team's resources |
| devops | has read and write permissions to all your team's resources |
| developer | has read permissions to all your team's resources and write permissions to your team's non-prod resources |
| stakeholder | has read permissions to all your team's resources |
Once your team has been set up, please test access by logging in to the Artifactory UI here:
https://us.artifactory.gcso.cbre.com/webapp/#/home
We use SAML SSO and login with the corp ID.
Upon successful login, you can create an API token under your profile.
Save it to a secrue place with password. SDPROJECTCBREDATA
How to get my application to pass Cloud Gate 3?
follow the steps as blow:
I. deploy docker image to jfrog artifactory
step 1: pull the docker image from offical repo
$> docker pull nginx:latest
latest: Pulling from library/nginx
e1acddbe380c: Pull complete
e21006f71c6f: Pull complete
f3341cc17e58: Pull complete
2a53fa598ee2: Pull complete
12455f71a9b5: Pull complete
b86f2ba62d17: Pull complete
Digest: sha256:4d4d96ac750af48c6a551d757c1cbfc071692309b491b70b2b8976e102dd3fef
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
step 2: modify, build, and commit your own docker image.
step 3: login in jfrog repo
$> docker login -u yourname@your.com japandataplatform-docker-nonprod.us.artifactory.gcso.cbre.com
Password:
AKCp8jRGcpADBfx1D5enYbyHhvqmJ8etydAYyQgEtmgK1rby1f7HAMwSvK7BmapqxiuzkJKfV
TODO
write a bash to make it automatically, and hide the password with aws secrets managerment
step 4: tag it
docker tag nginx japandataplatform-docker-nonprod.us.artifactory.gcso.cbre.com/nginx:latest
step 5: push it to the jfrog repo
$> docker push japandataplatform-docker-nonprod.us.artifactory.gcso.cbre.com/nginx:latest
II. use the docker image from jfrog artifactory
in the docker-compose.yml, yes we use docker-compose. Replace image from orignal with jfrog repo. like the below.
version: '2'
services:
web:
image: japandataplatform-docker-nonprod.us.artifactory.gcso.cbre.com/nginx:latest
...
but when you first execute the docker-compose, you need docker login,
docker login -u yourname@your.com japandataplatform-docker-nonprod.us.artifactory.gcso.cbre.com
Password:
docker-compose up -d