GitLab Templates for JFrog
This repository includes pipeline templates for GitLab CI, for a quick and easy integration with the JFrog Platform.
The templates use the .setup-jfrog.yml pipeline scripts. The script is included by each of the templates, and sets up the integration between the pipeline and the JFrog Platform.
The script does the following:
Installs JFrog CLI
Configures JFrog CLI to work with the JFrog Platform
Sets the build name and build number values with the values of
$CI_PROJECT_PATH_SLUG-$CI_COMMIT_REF_NAME
and$CI_PIPELINE_ID
respectively, to allow publishing build-info to ArtifactoryOptionally replaces the default Docker Registry with an Artifactory Docker Registry
Installation
Ensure you have the connection details for the JFrog Platform.
Store the JFrog Platform connection details on GitLab
Optionally set the URL of your Artifactory Docker Registry as the value of the JF_DOCKER_REGISTRY variable
Add the setup-jfrog pipeline script in your GitLab pipeline
Storing the JFrog Platform Connection Details
Store the connection details of your JFrog Platform as GitLab CI/CD variables by using one of the following variables combinations:
JF_URL - Anonymous access (no authentication)
JF_URL + JF_USER + JF_PASSWORD - Basic authentication
JF_URL + JF_ACCESS_TOKEN - Authentication with JFrog Access Token. NOTE: When pulling and pushing docker images from/to Artifactory, the JF_USER variable is also required, in addition to the JF_ACCESS_TOKEN variables
Adding the setup-jfrog Script in Your Pipeline
Including the Script
The templates included in this repository already have the setup-jfrog script included as follows:
For Windows agents, use:
You also have the option of downloading the matching script from releases.jfrog.io, adding it to your project, and including it in your pipeline as follows:
You can also include it from one of your projects as follows:
Referencing the Script
Once the script is included in your pipeline, you'll need to reference it from any script
or before_script
sections in the pipeline as shown below:
At the end of your script
, or as part of after_script
, you should add the cleanup reference:
Downloading the setup-jfrog script and JFrog CLI from Artifactory
If your GitLab environment is air-gapped, you would want your pipeline to avoid downloading the setup-jfrog script and also JFrog CLI from https://releases.jfrog.io/artifactory
. Here's how you do this:
As shown in the above Including the Script and Referencing the Script sections, you have the option of copying the setup-jfrog script into your pipeline, and thus avoiding its download. Since the setup-jfrog script downloads JFrog CLI from https://releases.jfrog.io/artifactory
, you should also configure the script to download JFrog CLI from a remote repository in your JFrog Artifactory instance. Follow these steps to have JFrog CLI downloaded from your Artifactory instance:
Create a remote generic repository in Artifactory pointing to
https://releases.jfrog.io/artifactory/
Add the JF_RELEASES_REPO variable to GitLab with the name of the repository you created
Additional Optional Variables
Configurations can be done via Project Settings > CI/CD > Variables:
JF_DOCKER_REGISTRY
Docker registry in Artifactory. For more info, see Getting Started with Artifactory as a Docker Registry
JFROG_CLI_BUILD_PROJECT
JFrog project key to be used by commands which expect build name and build number. Determines the project of the published build.
JFROG_CLI_VERSION
Use a specific JFrog CLI version instead of the latest version. The minimal version allowed is: 2.17.0
See more environment variables in the JFrog CLI documentation.
Prerequisites
For Linux / Mac: cURL
Limitations
If the
JF_DOCKER_REGISTRY
andJF_ACCESS_TOKEN
variables are set, then theJF_USER
variable is required.Build info collection is unavailable when:
Working with a docker registry without JFrog CLI.
Running separate jobs on temporary agents or docker containers.
Behind the Scenes
The setup-jfrog scripts are maintained in the jfrog-cli repository. Each yaml includes two hidden jobs with scripts named .setup_jfrog
and .cleanup_jfrog
, which can be referenced by the pipeline after the script is included.
Templates
Build and Upload to JFrog Artifactory
.NET
Go
Gradle
Maven
npm
NuGet
Pip
Pipenv
Yarn Berry
Security Audit with JFrog Xray
.NET
Go
Gradle
Maven
npm
NuGet
Pip
Pipenv
Yarn Berry
Last updated