@@ -13,8 +13,7 @@ The full example template can be found
1313## Requirements
1414
1515- A JFrog Artifactory instance
16- - An admin-level access token for Artifactory
17- - 1:1 mapping of users in Coder to users in Artifactory by email address and
16+ - 1:1 mapping of users in Coder to users in Artifactory by email address or
1817 username
1918- Repositories configured in Artifactory for each package manager you want to
2019 use
@@ -31,230 +30,52 @@ You can skip the whole page and use [JFrog module](https://registry.coder.com/mo
3130## Provisioner Authentication
3231
3332The most straight-forward way to authenticate your template with Artifactory is
34- by using
35- [ Terraform-managed variables] ( https://coder.com/docs/v2/latest/templates/parameters#terraform-template-wide-variables ) .
33+ by using our officaial Coder [ modules] ( rhttps://egistry.coder.com ) . We publish two type of modules that automate the JFrog Artifactory and Coder integartion.
3634
37- See the following example:
35+ 1 . JFrog-OAuth:
36+ 2 . JFrog-Token:
3837
39- ``` hcl
40- terraform {
41- required_providers {
42- coder = {
43- source = "coder/coder"
44- }
45- docker = {
46- source = "kreuzwerker/docker"
47- }
48- artifactory = {
49- source = "registry.terraform.io/jfrog/artifactory"
50- }
51- }
52- }
53-
54- variable "jfrog_url" {
55- type = string
56- description = "JFrog instance URL. e.g. https://jfrog.example.com"
57- # validate the URL to ensure it starts with https:// or http://
58- validation {
59- condition = can(regex("^https?://", var.jfrog_url))
60- error_message = "JFrog URL must start with https:// or http://"
61- }
62- }
63-
64- variable "artifactory_admin_access_token" {
65- type = string
66- description = "The admin-level access token to use for JFrog with scope applied-permissions/admin"
67- }
68-
69- # Configure the Artifactory provider
70- provider "artifactory" {
71- url = "${var.jfrog_url}/artifactory"
72- access_token = "${var.artifactory_admin_access_token}"
73- }
74-
75- resource "artifactory_scoped_token" "me" {
76- # This is hacky, but on terraform plan the data source gives empty strings,
77- # which fails validation.
78- username = length(local.artifactory_username) > 0 ? local.artifactory_username : "plan"
79- }
80- ```
81-
82- When pushing the template, you can pass in the variables using the ` --var ` flag:
38+ ### JFrog-OAuth
8339
84- ``` shell
85- coder templates push --var ' jfrog_url=https://YYY.jfrog.io' ' artifactory_admin_access_token=XXX'
86- ```
87-
88- ## Installing JFrog CLI
89-
90- ` jf ` is the JFrog CLI. It can do many things across the JFrog platform, but
91- we'll focus on its ability to configure package managers, as that's the relevant
92- functionality for most developers.
93-
94- Most users should be able to install ` jf ` by running the following command:
95-
96- ``` shell
97- curl -fL https://install-cli.jfrog.io | sh
98- ```
99-
100- Other methods are listed [ here] ( https://jfrog.com/getcli/ ) .
101-
102- In our Docker-based example, we install ` jf ` by adding these lines to our
103- ` Dockerfile ` :
104-
105- ``` Dockerfile
106- RUN curl -fL https://install-cli.jfrog.io | sh && chmod 755 $(which jf)
107- ```
108-
109- ## Configuring Coder workspace to use JFrog Artifactory repositories
110-
111- Create a ` locals ` block to store the Artifactory repository keys for each
112- package manager you want to use in your workspace. For example, if you want to
113- use artifactory repositories with keys ` npm ` , ` pypi ` , and ` go ` , you can create a
114- ` locals ` block like this:
40+ This module is usable by Jfrog self-hossted(on-premises) Artifactory as it requires configuring a custom integration. This integration benefits from Coder's [ external-auth] ( https://coder.com/docs/v2/latest/admin/external-auth ) feature and allows each user to authticate with Artifactory using an OAuth flow and issues user-scoped tokens to each user. For instrutions on how to set this up, please see the details at: https://registry.coder.com/modules/jfrog-oauth
11541
11642``` hcl
117- locals {
118- artifactory_repository_keys = {
119- npm = "npm"
120- python = "pypi"
121- go = "go"
43+ module "jfrog" {
44+ source = "registry.coder.com/modules/jfrog-oauth/coder"
45+ version = "1.0.0"
46+ agent_id = coder_agent.example.id
47+ jfrog_url = "https://jfrog.example.com"
48+ username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
49+ package_managers = {
50+ "npm": "npm",
51+ "go": "go",
52+ "pypi": "pypi"
12253 }
123- # Make sure to use the same field as the username field in the Artifactory
124- # It can be either the username or the email address.
125- artifactory_username = data.coder_workspace.me.owner_email
126- jfrog_host = replace(var.jfrog_url, "^https://", "")
12754}
12855```
12956
130- To automatically configure ` jf ` CLI and Artifactory repositories for each user,
131- add the following lines to your ` startup_script ` in the ` coder_agent ` block:
132-
133- ``` hcl
134- resource "coder_agent" "main" {
135- arch = data.coder_provisioner.me.arch
136- os = "linux"
137- startup_script_timeout = 180
138- startup_script = <<-EOT
139- set -e
140-
141- # install and start code-server
142- curl -fsSL https://code-server.dev/install.sh | sh -s -- --method=standalone --prefix=/tmp/code-server
143- /tmp/code-server/bin/code-server --auth none --port 13337 >/tmp/code-server.log 2>&1 &
144-
145- # The jf CLI checks $CI when determining whether to use interactive
146- # flows.
147- export CI=true
148-
149- jf c rm 0 || true
150- echo ${artifactory_scoped_token.me.access_token} | \
151- jf c add --access-token-stdin --url ${var.jfrog_url} 0
152-
153- # Configure the `npm` CLI to use the Artifactory "npm" repository.
154- cat << EOF > ~/.npmrc
155- email = ${data.coder_workspace.me.owner_email}
156- registry = ${var.jfrog_url}/artifactory/api/npm/${local.artifactory_repository_keys["npm"]}
157- EOF
158- jf rt curl /api/npm/auth >> .npmrc
57+ ### JFrog-Token
15958
160- # Configure the `pip` to use the Artifactory "python" repository.
161- mkdir -p ~/.pip
162- cat << EOF > ~/.pip/pip.conf
163- [global]
164- index-url = https://${local.artifactory_username}:${artifactory_scoped_token.me.access_token}@${local.jfrog_host}/artifactory/api/pypi/${local.artifactory_repository_keys["python"]}/simple
165- EOF
59+ This module makes use of the [ Artifactory terraform provider] ( https://registry.terraform.io/providers/jfrog/artifactory/latest/docs ) and an admin-scoped token to create user-scoped tokens for each user by matching their Coder email or username with Artifactory. This can be used for both SaaS and self-hosted(on-premisis) Artifactory instances. For Instrctions on how to configure this, please see the details at: https://registry.coder.com/modules/jfrog-token
16660
167- EOT
168- # Set GOPROXY to use the Artifactory "go" repository.
169- env = {
170- GOPROXY : "https://${local.artifactory_username}:${artifactory_scoped_token.me.access_token}@${local..jfrog_host}/artifactory/api/go/${local.artifactory_repository_keys["go"]}"
61+ ``` hcl
62+ module "jfrog" {
63+ source = "registry.coder.com/modules/jfrog-token/coder"
64+ version = "1.0.0"
65+ agent_id = coder_agent.example.id
66+ jfrog_url = "https://XXXX.jfrog.io"
67+ artifactory_access_token = var.artifactory_access_token
68+ package_managers = {
69+ "npm": "npm",
70+ "go": "go",
71+ "pypi": "pypi"
17172 }
17273}
17374```
17475
175- You can verify that ` jf ` is configured correctly in your workspace by running
176- ` jf c show ` . It should display output like:
177-
178- ``` text
179- coder@jf:~$ jf c show
180- Server ID: 0
181- JFrog Platform URL: https://YYY.jfrog.io/
182- Artifactory URL: https://YYY.jfrog.io/artifactory/
183- Distribution URL: https://YYY.jfrog.io/distribution/
184- Xray URL: https://YYY.jfrog.io/xray/
185- Mission Control URL: https://YYY.jfrog.io/mc/
186- Pipelines URL: https://YYY.jfrog.io/pipelines/
187- User: ammar@....com
188- Access token: ...
189- Default: true
190- ```
191-
192- ## Installing the JFrog VS Code Extension
193-
194- You can install the JFrog VS Code extension into workspaces by inserting the
195- following lines into your ` startup_script ` :
196-
197- ``` shell
198- # Install the JFrog VS Code extension.
199- # Find the latest version number at
200- # https://open-vsx.org/extension/JFrog/jfrog-vscode-extension.
201- /tmp/code-server/bin/code-server --install-extension jfrog.jfrog-vscode-extension
202- ```
203-
204- Note that this method will only work if your developers use code-server.
205-
206- ## Configuring npm
207-
208- Add the following line to your ` startup_script ` to configure ` npm ` to use
209- Artifactory:
210-
211- ``` shell
212- # Configure the `npm` CLI to use the Artifactory "npm" registry.
213- cat << EOF > ~/.npmrc
214- email = ${data.coder_workspace.me.owner_email}
215- registry = ${var.jfrog_url} /artifactory/api/npm/npm/
216- EOF
217- jf rt curl /api/npm/auth >> .npmrc
218- ` ` `
219-
220- Now, your developers can run ` npm install` , ` ` , etc. and transparently
221- use Artifactory as the package registry. You can verify that ` npm` is configured
222- correctly by running ` npm install --loglevel=http react` and checking that npm
223- is only hitting your Artifactory URL.
224-
225- # # Configuring pip
226-
227- Add the following lines to your ` startup_script` to configure ` ` to use
228- Artifactory:
229-
230- ` ` `
231- mkdir -p ~/.pip
232- cat << EOF > ~/.pip/pip.conf
233- [global]
234- index-url = https://${data.coder_workspace.me.owner} :${artifactory_scoped_token.me.access_token} @${local.jfrog_host} /artifactory/api/pypi/pypi/simple
235- EOF
236- ` ` `
237-
238- Now, your developers can run ` pip install` and transparently use Artifactory as
239- the package registry. You can verify that ` pip` is configured correctly by
240- running ` pip install --verbose requests` and checking that pip is only hitting
241- your Artifactory URL.
242-
243- # # Configuring Go
244-
245- Add the following environment variable to your ` coder_agent` block to configure
246- ` ` to use Artifactory:
247-
248- ` ` `
249- env = {
250- GOPROXY : "https://${data.coder_workspace.me.owner} :${artifactory_scoped_token.me.access_token} @${local.jfrog_host} /artifactory/api/go/go"
251- }
252- ` ` `
76+ ## Offline Deployments
25377
254- You can apply the same concepts to Docker, Maven, and other package managers
255- supported by Artifactory. See the
256- [JFrog documentation](https://jfrog.com/help/r/jfrog-artifactory-documentation/package-management)
257- for more information.
78+ TODO
25879
25980## More reading
26081
0 commit comments