After you've set up your Artifactory service account, you can pull artifacts from the platform's caching repositories. If you wish to push to Artifactory, you will need an Artifactory project and private repository first. After your set up your private repository, follow these instructions to pull from them.
These steps apply to all Docker-type repositories, not just DockerHub. These steps work for any private docker registry, not just Artifactory. Change out the Artifactory URL for the URL of your preferred registry.
To test your account and start to pull locally, do the following:
- On the command line, log in to the registry. Type the following:
docker login -u <USER_NAME> -p <USER_PASSWORD> artifacts.developer.gov.bc.ca/<REPO_NAME>
For example, the DockerHub caching repository looks like this:
docker login -u <USER_NAME> -p <USER_PASSWORD> artifacts.developer.gov.bc.ca/docker-remote
- Pull from the registry on your local machine. Do this for local development and to test your account credentials. Type the following:
docker pull artifacts.developer.gov.bc.ca/<REPO_NAME>/<IMAGE>:<TAG>
REPO_NAME is unique to each docker repository and must be a part of the URL to pull or push from docker registries hosted in Artifactory.
To pull from Artifactory in OpenShift, you need the following:
- A pull secret in the correct namespace.
- A reference to that pull secret in your build/deployment configuration.
- A reference to the Artifactory URL wherever you reference your image.
Make your pull secret.
- Use the following command:
oc create secret docker-registry <pull-secret-name> \ --docker-server=artifacts.developer.gov.bc.ca \ --docker-username=<username> \ --docker-password=<password> \ --docker-email=<username>@<namespace>.local
Make sure you have the correct username and password from the
- Add the secret to the
builderOpenShift service account to allow the account to use this pull secret:
oc secrets link default <pull_secret_name> oc secrets link builder <pull_secret_name>
Note: Some OpenShift documentation implies that linking the secrets in this way is the only necessary step, without having to add the pull secret to your deployment/build configurations as below. You can try this method, but we've found that users often run into problems. We recommend you specify the pull secret in your configurations to avoid problems.
- Add your pull secret to your deployment configuration. Do the following:
apiVersion: v1 kind: Pod metadata: name: <pod-name> spec: containers: - name: <container-name> image: artifacts.developer.gov.bc.ca/<repo-name>/<image>:<tag> imagePullSecrets: - name: <pull-secret-name>
You can also use the following:
apiVersion: v1 kind: BuildConfig metadata: name: <build-name> spec: strategy: dockerStrategy: pullSecret: name: artifactory-creds from: kind: DockerImage name: artifacts.developer.gov.bc.ca/<repo-name>/<image>:<tag>
You don't need to use dockerStrategy here. It works the same way under other types of strategy as well.
Don't forget that you need to update the image URL to point explicitly at Artifactory. If there's no URL, it will default to DockerHub.
You can now use this image in your build or deployment.
npm-remote repository in Artifactory points to the public default NPM repository. If you wish to pull from a different repository, such as a private one, replace all references to
npm-remote below with your repository's name.
- Set the NPM registry:
$ npm config set registry https://artifacts.developer.gov.bc.ca/artifactory/api/npm/npm-remote/
- Authenticate to the registry:
$ npm login Username: <username> Password: Email: <username>@<namespace>.local
- Once the authentication is complete, you can pull artifacts from this registry:
$ npm install inspectpack --registry https://artifacts.developer.gov.bc.ca/artifactory/api/npm/npm-remote/ + firstname.lastname@example.org updated 1 package in 3.131s 4 packages are looking for funding run `npm fund` for details
Note: The user that has authenticated to Artifactory must have appropriate permissions to pull from the repository. Otherwise, this command returns with permissions errors. For example:
npm ERR! code E403 npm ERR! 403 403 Forbidden - GET https://artifacts.developer.gov.bc.ca/artifactory/api/npm/npm-remote/inspectpack npm ERR! 403 In most cases, you or one of your dependencies are requesting npm ERR! 403 a package version that is forbidden by your security policy.
When you're ready to build and deploy on OpenShift, add the following to your assemble file:
npm config set registry https://artifacts.developer.gov.bc.ca/artifactory/api/npm/npm-remote/ curl -u $AF_USERID:$AF_PASSWD https://artifacts.developer.gov.bc.ca/artifactory/api/npm/auth >> ~/.npmrc
For example, you can check out the Repo-Mountie assemble file.
To deploy build artifacts through Artifactory you need to add a deployment element with the URL of a target local repository where you want to deploy your artifacts. For example:
<distributionManagement> <repository> <id>central</id> <name>artifactory-ha-primary-0-releases</name> <url>https://artifacts.developer.gov.bc.ca/artifactory/test-maven-repo</url> </repository> <snapshotRepository> <id>snapshots</id> <name>artifactory-ha-primary-0-snapshots</name> <url>https://artifacts.developer.gov.bc.ca/artifactory/test-maven-repo</url> </snapshotRepository> </distributionManagement>
There are many different repository types in Artifactory. This documentation covers only those package types which are used commonly or for which teams have written documentation. If you are looking for instructions on how to pull other types of artifacts from Artifactory, see JFrog's documentation on various repository types for instructions.
If your team uses a specific package type not shown here, consider creating a pull request for this document to share your knowledge.
- Set up an Artifactory service account
- Set up an Artifactory project and repository
- NPM repository
- repo-mountie assemble file