How to fully integrate JFrog Artifactory with your Atlassian suite


Posted by
Christophe MERLOTTI

August 24, 2017

At Valiantys we were pleased to recently announce the launch of a partnership with JFrog. Beyond giving Valiantys the ability to accompany our clients further with their solutions, from a technical standpoint the integration of JFrog Artifactory and Atlassian tools is rather fascinating. We’ve recently explored a bit further into the subject to share some tips on how to make your Atlassian tools even more powerful.

So what is Artifactory exactly?

Artifactory is a repository manager which fully supports software packages created by any language or technology. Most of you certainly already used a Maven repository (like Nexus), sometimes without even noticing. Artifactory is more than that because it handles a large range of repositories. You can store any type of archive, including Maven, npm, docker, rpm and nuget. You can also store raw files without a known structure.

It strives to be a repository manager suited for the enterprise level which integrates with all major CI/CD and DevOps tools – providing an end-to-end, automated solution for tracking artefacts.

Discovering Artifactory at Valiantys

Initially at Valiantys, we used a Nexus repository where we stored our internal Maven archives. At the time it wasn’t a significant tool, as our customers downloaded our archives from the Atlassian Marketplace and also because our internal needs weren’t strongly dependent on the technology.

As time passed and our products grew, we developed more dependencies on many different types of archives, some of which needed to be available internally and externally. For example, nFeed has a public API that needs to be available to the public.

Instead of upgrading the existing repository, we decided to give Artifactory a try.

Installation

Artifactory runs on a tomcat, so if you are familiar with the latter it is easy to configure manually as the documentation is comprehensive.

It also comes with a bunch of scripts that can install everything for you, such as defining users, permissions and services correctly.

First impressions

Initially it seems like there is a lot of information on the screen, but it’s easy to navigate after a few minutes. The interface is pretty cool as it is relatively stable and dynamic.

Crowd integration

As we use the whole Atlassian suite, we use Crowd for user and group management. Artifactory Pro comes with a Crowd integration. I was thrilled to have all the needed users and groups created for me.

Set me up

The set me up gadget is great. This gadget generates the code snippet that you need to add a repository to your local configuration.

For a Maven repository, you can generate the distribution management for deployment or the whole settings.xml structure, credentials included.

Encrypted password

When you configure Maven, you need to encrypt your password or setup a ssh public/private key. If you’re not familiar with keys and key stores, this can be complicated.

With Artifactory, your password is encrypted with a key stored only on Artifactory and you can use this as password in your Maven settings. So, yes this is like a password which can be used to access the repository, but you do not expose your real password to anyone – especially if you use it for many tools.

Build promotion principle – Integration with Bamboo and Bitbucket

If you’re a Maven user, you are familiar with the snapshot / release version scheme. Development builds generate snapshot versions and release builds generate release version (without the -snapshot extension and with an extra build).

Artifactory prefers the promotion scheme. Artifacts are ‘promoted’ to another repository when they pass the test. The pros and cons of these two schemes are not in the scope of this article, but in case you want to try build promotion, JFrog provides two Atlassian add-ons that can help. One add-on is for Bamboo which allows full integration with the Artifactory repository and allows build promotion. The second add-on is for Bitbucket which proposes a dashboard where you can follow up your release pipeline.

JFrog Artifactory provides some compelling extensions to the Atlassian suite, so we are looking forward to exploring this work in the future. As well, Artifactory is not the only product in the JFrog suite. For example, JFrog XRay is a powerful tool that inspects your packages in Artifactory to check for vulnerabilities or license compliance. A must have if you’re delivering sensitive products!

If your thinking about integrating your Atlassian and JFrog tools, we’d be happy to discuss your project and share our experiences!