Release
Management
   with
Artifactory
Yoav Landman & Frederic Simon
About us

    ★ Yoav Landman
      • Creator of Artifactory, JFrog’s CTO
    ★ Frederic Simon
      • JFrog’s Chief Archit...
Agenda
    ★ Intro
    ★ Configuration tips
    ★ Searches
    ★ Reproducible builds
    ★ Advanced features
    ★ Smart st...
What is a repository manager?
    ★ Artifacts storage and proxy
    ★ Avoid hitting public remote repositories
    ★ Ineffi...
What is                          ?
    ★ Advanced binaries repository - the binaries’ SCM
    ★ JavaFX and WebStart reposi...
Configuration tips - demo

    ★ Remote repositories sharing via REST
      • Reuse configuration
    ★ Automatically genera...
7
Searches
    ★ Search types
      • Quick search (wildcard part of path)
      • GAVC
      • Properties
      • Class/Jar...
9
Reproducible Builds
     ★ Sources have a reproducible context - compilation
       • Reproducible via SCM tagging.
     ★...
The Role of the CI Server
     ★ Captures all the information needed to reproduce the
        build
     ★ Published modul...
Artifactory and Hudson
     ★ Deploy from Hudson to Artifactory
     ★ Navigate the builds in Artifactory
     ★ Link back...
Build Scenario




13
The build jobs pyramid
     ★ SCM update
     ★ Retrieve
     ★ Test
     ★ Deploy

              Build time       unit te...
15
Advanced repository features
     ★ Checksum-based storage
     ★ Handling download bursts
     ★ Verifying uploaded artif...
Checksum-based storage
     ★ Many identical artifacts are produced and stored
        numerous times in the repositories
...
Concurrent downloads/
request bursts
     ★ New snapshot dependency available/ POM updated
        with a new dependency v...
Checksum for uploaded artifacts
     ★ No way to verify uploaded artifacts
     ★ Maven approach:
       • The repository ...
Locking
     ★ Artifactory applies RWLocks on all items
     ★ Avoid concurrent writes & dirty reads
     ★ Spans to metad...
POM cleanup
     ★ Many common third party POMs contain remote
        repository references making controlled resolution ...
Metadata backed into the core
     ★ Every repository element can hold metadata definitions
       • Both files and folders
...
Smart staging and promotion
     ★ Repository has two main roles
       • Proxy remote artifacts
       • Host deployed ar...
Search-based management
     ★ Makes bulk artifact management a lot easier
     ★ Shopping-cart of artifacts
     ★ Fill-u...
25
JavaFX
     ★ JavaFX/JNLP plugin
       • Compiles JavaFX sources
       • Uses standard Maven resources for classpath res...
27
Gradle integration
     ★ Artifactory and Gradle started a strong technical
        collaboration
     ★ Zero configuration...
Thank You!


       Q&A
29
Upcoming SlideShare
Loading in …5
×

Repository Management with JFrog Artifactory

6,514
-1

Published on

Presentation on managing artifacts with JFrog Artifactory given by Yoav Landman and Fred Simon at the March SvJugFx meeting.

0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
6,514
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
91
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Repository Management with JFrog Artifactory

  1. 1. Release Management with Artifactory Yoav Landman & Frederic Simon
  2. 2. About us ★ Yoav Landman • Creator of Artifactory, JFrog’s CTO ★ Frederic Simon • JFrog’s Chief Architect ★ 10+ years experience in commercial enterprise build and development environments ★ Serving the community since 2006 with OSS tools (Artifactory, Jade Maven Plugins and AnnoMojo, Dependency Analyzer, Stellarium for Java, IDEA plugins...) 2
  3. 3. Agenda ★ Intro ★ Configuration tips ★ Searches ★ Reproducible builds ★ Advanced features ★ Smart staging and promotion ★ Web Start and JavaFX ★ Gradle integration 3
  4. 4. What is a repository manager? ★ Artifacts storage and proxy ★ Avoid hitting public remote repositories ★ Inefficient, unreliable, content quality, non-secure... ★ Deploy, manage and share local artifacts ★ Full control over artifacts resolution and delivery 4
  5. 5. What is ? ★ Advanced binaries repository - the binaries’ SCM ★ JavaFX and WebStart repository ★ Supports REST, Maven*, Gradle*, Ivy/Ant*, Buildr * native support ★ First “real” web-driven repository manager (2006) ★ Upload through UI, indexed searches… ★ +80,000 downloads (02/2010) ★ OSS | Enterprise PowerPack | Cloud hosting 5
  6. 6. Configuration tips - demo ★ Remote repositories sharing via REST • Reuse configuration ★ Automatically generate the client configuration • Maven - settings.xml • Gradle plug-in ★ Centrally controlled encrypted password <credentials host="localhost" realm="Artifactory Realm" username="admin" passwd="{DESede}OyxbjkRcS9JxKmi2Rm8RcA==" /> 6
  7. 7. 7
  8. 8. Searches ★ Search types • Quick search (wildcard part of path) • GAVC • Properties • Class/Jar resource ‣ See the actual class found! ‣ View source + syntax highlighting • XPath - also search inside POM, Ivy.xml content! ★ Grouping support • E.g. group by repository, groupId etc. ★ Always possible to locate the results in the repo tree browser 8
  9. 9. 9
  10. 10. Reproducible Builds ★ Sources have a reproducible context - compilation • Reproducible via SCM tagging. ★ Binaries also have a context - packaging and publishing ★ A lot of things are only resolved at build time: • Version ranges • Dynamic property values • Latest snapshot and release versions (latest.integration/latest.release) ‣ For both Dependencies and Plugins 10
  11. 11. The Role of the CI Server ★ Captures all the information needed to reproduce the build ★ Published module artifacts ★ Resolved dependencies of all scopes ★ General Build Environment • JVM • Architecture • CI server version • General properties • Build statistics • User who executed the build • Etc. 11
  12. 12. Artifactory and Hudson ★ Deploy from Hudson to Artifactory ★ Navigate the builds in Artifactory ★ Link back to Hudson builds ★ Relate artifacts to build ★ Export/promote/manipulate build artifacts ★ More efficient multi-module deployment 12
  13. 13. Build Scenario 13
  14. 14. The build jobs pyramid ★ SCM update ★ Retrieve ★ Test ★ Deploy Build time unit tests smoke tests Integ, tests GA Retrieve/Deploy No. of builds 14
  15. 15. 15
  16. 16. Advanced repository features ★ Checksum-based storage ★ Handling download bursts ★ Verifying uploaded artifacts ★ Locking ★ Cleanup bad remote repo references ★ Built-in metadata 16
  17. 17. Checksum-based storage ★ Many identical artifacts are produced and stored numerous times in the repositories • Unique snapshots that are exactly the same between subsequent builds • Other artifacts that are copied ‣ Mainly needed for more natural security control ★ Artifactory uses a checksum-based storage ★ Identical artifacts are stored on the server exactly once! • No matter how many references are there ★ Copy and move are very cheap • Pointer operations 17
  18. 18. Concurrent downloads/ request bursts ★ New snapshot dependency available/ POM updated with a new dependency version ★ Dependency can be as big as hundreds of megs • Assemblies ★ All clients download at once • Network blockage (DOSing) ★ Artifactory will identify this • Queue all incoming request until the first one finishes • Others will get the cached version 18
  19. 19. Checksum for uploaded artifacts ★ No way to verify uploaded artifacts ★ Maven approach: • The repository is passive • All calculations done on client • Repository to accept and store client checksum ★ Artifactory • Compare client checksum with the one calculated on the repository • If in conflict return 409 until a good checksum is found • This behavior is configurable 19
  20. 20. Locking ★ Artifactory applies RWLocks on all items ★ Avoid concurrent writes & dirty reads ★ Spans to metadata as well - cannot create metadata conflicts ★ Built-in utility for debugging lock contention in runtime (zero overhead) 20
  21. 21. POM cleanup ★ Many common third party POMs contain remote repository references making controlled resolution a nightmare ★ Global mirroring is not a solution • Forces a unified repository for releases/snapshots/plugins ★ Artifactory can facade POMs through a Virtual Repository • Can configure remote repo references to be removed • Original POM is intact 21
  22. 22. Metadata backed into the core ★ Every repository element can hold metadata definitions • Both files and folders ★ Metadata is any XML document • Can be queried using XPath • All exposed via UI and REST API ★ Properties tagging • Similar to SVN props • Internally stored as XML • “Strongly typed” props can be defined via UI ‣ Open/closed lists, multi-select, single-select etc. • Applied via UI or REST • Also on deploy time with zero build tool tweaking! 22
  23. 23. Smart staging and promotion ★ Repository has two main roles • Proxy remote artifacts • Host deployed artifacts ‣ Artifacts (should) come from CI server ★ Promotion of artifacts starts with a build ★ The Binaries Repository & the CI Server are always interconnected 23
  24. 24. Search-based management ★ Makes bulk artifact management a lot easier ★ Shopping-cart of artifacts ★ Fill-up the cart by searching and saving the search results - any search type! ★ Do other searches and add/subtract the results from the original ★ Can tweak the result manually • E.g. remove sources ★ Once done move/promote/copy/export the result ★ Does not enforce narrow concepts to support only specific limited use cases • E.g. promotion 24
  25. 25. 25
  26. 26. JavaFX ★ JavaFX/JNLP plugin • Compiles JavaFX sources • Uses standard Maven resources for classpath resolution • Creates Web Start JNLP files - standalone and/or browser ★ WebStart Virtual Repository • Sign jars automatically • Transform JNLP file href • Provision JNLP files and dependencies 26
  27. 27. 27
  28. 28. Gradle integration ★ Artifactory and Gradle started a strong technical collaboration ★ Zero configuration plugin to deploy and resolve from Artifactory when using Gradle in enterprise env. ★ Extract BuildInfo on the fly • Done! • Integrating with the Hudson Gradle plug-in ★ Gradle shows great potential • Zero intrusiveness • Ivy for mature resolution and deployments • Flexible control • Terse and easy to understand configuration • Ideal for integrating with a repo manager 28
  29. 29. Thank You! Q&A 29
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×