I'm looking to use the upload spec to upload artifacts to artifactory from a jenkins job. I'd like to be able to use it to additionally attach a classifier to the artifact for if it is referenced through Maven.
Do you know if there's a way to do this? I'd like to use the upload spec for simplicity and ideally avoid having to get my hands too dirty with Maven.
I realised the answer to my own question. You assign a repository layout to your repo. For example maven-2-default. This describes the file format and how that relates to version number, classifier etc.
You can use file specs to upload or download from artifactory in a Jenkins Free Style job (simply check the Generic-Artifactory Integration) or a Jenkins Pipeline Job.
HTH,
Or
Related
Is there a way to capture the actual snapshot version and let's say output it to file?
[INFO] Uploading to nexus: https://xxxx/repository/xxx/xxx/0.0.1-SNAPSHOT/xxx-0.0.1-2
0180809.182425-2.pom
I can see it in the console output, but I am looking for a reliable way to extract it and use it for some post processing, by example, assemble it in a docker image and deploy it.
As khmarbaise suggests, you could get the snapshot info from a Maven extension such as https://github.com/khmarbaise/deployment-recorder-extension Recording a timestamp would also give you a good approximation as normally snapshot ids are timestamp-based.
It is worth being cautious about how much value you put on the snapshot for traceability as snapshots are typically not retained in nexus indefinitely. If you're looking to trace the code in a docker image that is itself using a latest/snapshot tag then you might find more value in the last git commit (https://github.com/ktoso/maven-git-commit-id-plugin). If the image will have its own dedicated tag then it would be advisable to also create a corresponding tag in the source code.
This is very difficult to achieve during the build process as the deploy-plugin uses the very timestamp of the deployment to version the artifact and it will not share that information other than in the log. That means that any timestamp that you catch during the build process will be before that timstamp and will therefore not be suitable.
To solve the issue, you either need to parse the command output or use external tools:
Use khmarbais's Deployment recorder (as mentioned by #Ryan Dawson)
Read the maven-metadata from Nexus which contains the latest snapshot info
Search whether Nexus has an api that exposes that information (I am using Artifactory and am therefore not an expert for Nexus)
I had a task to delete old SNAPSHOT artefacts which are under many folders/directories.
We can't go and delete each and every artefact manually so I would like to go with restAPI.
For clear info:
https://artifactory.com/artifactory/maven-local/com/aa/bbb/cccc/dddd/XYZ-SNAPSHOT/abc.jar
https://artifactory.com/artifactory/maven-local/com/aa/bbb/cccc/dddd/XYZ-SNAPSHOT/xyz.jar
https://artifactory.com/artifactory/maven-local/com/aa/bbb/cccc/eeee/XYZ-SNAPSHOT/pqr.jar
https://artifactory.com/artifactory/maven-local/com/aa/bbb/dddd/eeee/XYZ-SNAPSHOT/lmn.jar
Above 4 examples have different directories.
My script needs to go each and every directory and have to verify for XYZ-SNAPSHOT, if it found then we can make a url and delete through CURL.
How can we achieve this? Or is there any other way to do it?
You should probably want to use Artifactory Query Language (AQL) which is the easiest way to find artifacts and modules according to patterns. You can find bunch of examples in the page. Moreover, to perform the deletion easily and even automate the process in the future, I advise using JFrog CLI. You can also read this interesting blog about similar use case.
Also, there is the 'Max Unique Snapshots' field in your local Maven repository settings. You can use that for Artifactory to keep a specified number of unique snapshots per artifact.
I want to store RTL modules (Mostly VHDL files - .vhd) in Artifactory, and be able to trace the dependencies of those packages with Xray and the other Jfrog services.
I already have a pretty clean "package" format, I just want to have Artifactory parse my meta-data files on upload that are part of that package, the same way it does control files in a debian package.
Is this possible? And where would I start?
Since you mentioned Xray, it’s important to note that XRay supports only the certain types of files it supports (and these have to reside within a supported repository type). I’m not sure what you mean by “tracking dependencies” but I should note that XRay is mostly good at scanning code components and identifying vulnerabilities.
To simply track dependencies (i.e methodically know which dependencies are associated with a certain package) you can use the various Build Info integrations. Read about this here:
https://www.jfrog.com/confluence/display/RTF/Build+Integration
If you associate your files with a certain build info object (a metadata object that stores build-related information), you’ll be able to track build artifacts and dependencies in the Artifactory UI and even query for them using the Artifactory Query Language. There are various options (CI plugins) depending on which CI server you are using, but in general all of the JFrog CI plugins serve the same purpose, which is uploading your content to Artifactory and keeping track of build metadata, such as build dependencies.
With regards to your question, you didn’t elaborate on your end goal but you should be able to achieve this using a User Plugin. User Plugins can be used to extend Artifactory’s built-in capabilities and add your own business logic to procedures in Artifactory (like a deployment of a file). You can read more about this here:
https://www.jfrog.com/confluence/display/RTF/User+Plugins
There are many examples on our public Github repository that will probably help:
https://github.com/JFrogDev/artifactory-user-plugins
I'm working on a strategy to tag builds in my continuous integration and delivery pipeline. When a fresh build is produced it then goes through multiple stages of testing; after each stage I would like to tag the build. My idea was to expand on the standard Maven system, so an example would be:
my-artifact-1.0-SNAPSHOT.jar
my-artifact-1.0-PASSED_TESTS_1.jar
my-artifact-1.0-PASSED_TESTS_2.jar
...
my-artifact-1.0-RELEASE.jar
As a build passes each stage its tag, which is part of its name/version, gets updated. Eventually, after all testing stages the build is tagged as releasable with RELEASE.
I'm using a Jenkins server and storing artifacts on Artifactory (non-Pro) in Maven repositories. My plan is to use separate Maven repositories for each tag type above, and to move an artifact from one to the other as its tag is updated.
My pseudo-code for the promotion looks like:
(1) Download artifacts that passed in Jenkins
(2) Text-replace the tag (maybe pom.xml as well?)
(3) Upload to new repository
(4) Update the associated Git commit with tag also
I'm not sure how to actually implement this cleanly - is this a common way of doing things? Am I missing something important? Can a Jenkins + Artifactory (non-Pro) + Maven (repos only, Gradle for builds) system accomplish this?
Thanks!
I can see where the idea of adding more metadata to the file names come. Usually, we don't have any other place to add this kind of information, except of the name. But with a proper artifact repository manager (as Artifactory), you don't need it anymore. You can attach any metadata to the artifacts in the repository manager, and then manipulate (e.g. promote) the artifacts based on those properties.
Here's a screencast showing what it takes to add this kind of metadata to the artifacts, and how to promote artifacts based on it.
I'm looking for a way to list all available artifacts programmatically for given repo url, group and artifact. The repo is maven-based.
I know about maven-metadata.xml but the repo that is in use doesn't provide classifier details which are crucial for me.
Solution may be based on ivy, gradle or other compatible tools. If anybody has an idea please let mi know :)
I hope to find a code sample that will allow me to browse repo in an easy and friendly way.
Use the search features of your Maven repository manager.
If you're using Nexus, it supports searches of it's Lucene index. For example the following URL returns all the artifacts matching the string "log4j":
https://repository.sonatype.org/service/local/lucene/search?q=log4j
The response is verbose but includes information like classfiers (which is what you're looking for)
maven-metdata.xml only has module information, and classifier belongs to artifact (not module). Gradle is probably not a good fit here. I'd consider a low-level approach with some GET requests and HTML parsing. In case the repository is backed by a repository manager such as Artifactory and Nexus, their REST API might also be an option.
Thanks guys for all hints. Yesterday I've managed to solve the problem using artifactory REST search API and parsing the incoming JSON respones. Thanks once again.