Introduction
Architecture
Introduction
IntroductionPromote an image in Amazon ECRDownload a file from JFrog ArtifactoryMove or copy an image from JFrog ArtifactoryUpload a file to JFrog ArtifactoryStore an object on Amazon S3Retrieve an object from Amazon S3
IntroductionCreate or update a functionInvoke a function
IntroductionRun an AWS CodePipelineRun a Bamboo projectRun a Bitbucket pipelineRun a CloudBees CI jobRun a CircleCI workflowRun a GitHub Actions workflowRun a GitLab pipelineRun a Harness pipelineRun a Jenkins® jobRun a JFrog pipelineRun a TeamCity project
Check out a Git repository
IntroductionAWS credentialsECR credentialsEKS credentialsGit global credentialsOCI credentials
IntroductionRun Argo WorkflowsDeploy a binary with EC2Deploy to ECSRender an ECS task definitionBuild a container image with KanikoDeploy with OctopusDeploy with Spinnaker
IntroductionHelm chart installHelm chart packageHelm chart publishHelm chart uninstall
IntroductionCreate a Kubernetes namespaceCreate/update a Kubernetes resourceDeploy to a Kubernetes cluster
IntroductionVerify with NewRelic
Execute remote commands via SSH
IntroductionAnchoreAquasecJFrog XraySnyk ContainerSonatype (Nexus) ContainerTrivy
IntroductionStackhawkZAP
IntroductionCheckmarxFind Security BugsGitHub Security ScannerGosecMendNexus IQSnykSonarQube bundledSonarQube
IntroductionMendSnyk
Components

An example workflow

4 minute read

The following is an example workflow YAML that includes a build job and a deploy job:

An example workflow YAML file
apiVersion: automation.cloudbees.io/v1alpha1
kind: workflow
name: build-n-deploy
# This repository event triggers the workflow.
on:
  push:
    branches:
      - 'main'
jobs:
# Defines a job named `build`.
  build:
    steps:
    - uses: cloudbees-io/checkout@v1
    - name: build code
      uses: docker://golang:1.20.3-alpine3.17
      shell: sh
      run: |
        export GOPATH=$HOME/go
        export PATH=$PATH:$GOPATH/bin
        go version
        CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o build/app-main .
    - uses: cloudbees-io/configure-aws-credentials@v0
      id: aws-login
      with:
        aws-region: us-east-1
# A non-secret property defined in your CloudBees platform configuration, and visible to this component.
        aws-access-key-id: ${{ vars.cloudbees_saas_test_access_key_id }}
# A secret property defined in your CloudBees platform configuration, and visible to this component.
        aws-secret-access-key: ${{ secrets.cloudbees_saas_test_secret_access_key }}
        role-to-assume: service-ecr-role
        role-duration-seconds: "3600"
    - uses: cloudbees-io/configure-ecr-credentials@v0
    - uses: cloudbees-io/kaniko@implicit-dockerconfig
      with:
# Refers to the AWS account ID, output by the previous step (and using the step ID of `aws-login`).
        destination: ${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com/hello-go-app-image:latest
    - uses: docker://mikefarah/yq:4-githubaction
      env:
        CHART_REPO: ${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com/hello-go-app-image
        CHART_TAG: latest
      run: |
        yq -i '.image.repository = strenv(CHART_REPO) | .image.tag = strenv(CHART_TAG)' charts/app/values.yaml
    - id: helmpkg
      name: Package Helm chart
      uses: cloudbees-io/helm-package
      with:
        chart: ./charts/app
        destination: ./packaged-charts
        version: "0.0.1"
    - name: Publish Helm chart
      uses: cloudbees-io/helm-push
      with:
        chart: ${{ steps.helmpkg.outputs.chart }}
        remote: oci://${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com
    outputs:
      chart-location: oci://${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com/hello-go-app
      chart-version: "0.0.1"
# Defines a job named `deploy`.
  deploy:
    needs:
      - build
    steps:
    - uses: cloudbees-io/configure-aws-credentials@v0
      with:
        aws-region: us-east-1
        aws-access-key-id: ${{ vars.cloudbees_saas_test_access_key_id }}
        aws-secret-access-key: ${{ secrets.cloudbees_saas_test_secret_access_key }}
        role-to-assume: service-eks-role
        role-duration-seconds: "3600"
    - uses: cloudbees-io/configure-eks-credentials@v0
      with:
        name: arch-saas
    - uses: cloudbees-io/configure-ecr-credentials@v0
    - uses: docker://alpine/helm:latest
# The `version` command parameter value refers to the chart version that is output by the `build` job, using `${{ needs.build.outputs.chart-version }}`.
      run: |
        helm upgrade \
          --namespace dry-run-1702-2 \
          --create-namespace \
          --install \
          --version ${{ needs.build.outputs.chart-version }} \
          app-chart ${{ needs.build.outputs.chart-location }}

The workflow trigger

The example workflow starts with a push command to the main repository branch, using the keyword on.

The workflow trigger
apiVersion: automation.cloudbees.io/v1alpha1
kind: workflow
name: build-n-deploy
# This repository event triggers the workflow.
on:
  push:
    branches:
      - 'main'

Steps in the build job

A job named build is defined in the example workflow, and contains the following steps:

  1. CloudBees action: Check out a Git repository is invoked to check out the repository code.

  2. A shell script to build a standard Go app is run in the specified container.

  3. CloudBees action: Configure AWS credentials is invoked to fetch credentials from AWS for use in subsequent steps.

  4. CloudBees action: Configure Amazon ECR credentials is invoked to sign in to an ECR private registry.

  5. CloudBees action: Build and publish Docker images with Kaniko is invoked to build container images from a Dockerfile.

  6. A GHA YAML processor is invoked.

  7. CloudBees action: Package a Helm chart is invoked to package the referenced image as a Helm chart.

  8. CloudBees action: Push a Helm chart is invoked to publish the Helm chart.

The build job containing the above steps
jobs:
# Defines a job named `build`.
  build:
    steps:
    - uses: cloudbees-io/checkout@v1(1)
    - name: build code(2)
      uses: docker://golang:1.20.3-alpine3.17
      shell: sh
      run: |
        export GOPATH=$HOME/go
        export PATH=$PATH:$GOPATH/bin
        go version
        CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o build/app-main .
    - uses: cloudbees-io/configure-aws-credentials@v0(3)
      id: aws-login
      with:
        aws-region: us-east-1
# A non-secret property defined in your CloudBees platform configuration, and visible to this component.
        aws-access-key-id: ${{ vars.cloudbees_saas_test_access_key_id }}
# A secret property defined in your CloudBees platform configuration, and visible to this component.
        aws-secret-access-key: ${{ secrets.cloudbees_saas_test_secret_access_key }}
        role-to-assume: service-ecr-role
        role-duration-seconds: "3600"
    - uses: cloudbees-io/configure-ecr-credentials@v0(4)
    - uses: cloudbees-io/kaniko@implicit-dockerconfig(5)
      with:
# Refers to the AWS account ID, output by the previous step (and using the step ID of `aws-login`).
        destination: ${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com/hello-go-app-image:latest
    - uses: docker://mikefarah/yq:4-githubaction(6)
      env:
        CHART_REPO: ${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com/hello-go-app-image
        CHART_TAG: latest
      run: |
        yq -i '.image.repository = strenv(CHART_REPO) | .image.tag = strenv(CHART_TAG)' charts/app/values.yaml
    - id: helmpkg(7)
      name: Package Helm chart
      uses: cloudbees-io/helm-package
      with:
        chart: ./charts/app
        destination: ./packaged-charts
        version: "0.0.1"
    - name: Publish Helm chart(8)
      uses: cloudbees-io/helm-push
      with:
        chart: ${{ steps.helmpkg.outputs.chart }}
        remote: oci://${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com
    outputs:
      chart-location: oci://${{ steps.aws-login.outputs.aws-account-id }}.dkr.ecr.us-east-1.amazonaws.com/hello-go-app
      chart-version: "0.0.1"

Steps in the deploy job

A job named deploy is defined in the example workflow, and contains the following steps:

  1. CloudBees action: Configure AWS credentials is invoked to fetch credentials from AWS for use in subsequent steps.

  2. CloudBees action: Configure EKS credentials is invoked to connect to an EKS cluster.

  3. CloudBees action: Configure Amazon ECR credentials is invoked to sign in to an ECR private registry.

  4. A Helm version is updated.

The deploy job containing the above steps
# Defines a job named `deploy`.
  deploy:
    needs:
      - build
    steps:
    - uses: cloudbees-io/configure-aws-credentials@v0(1)
      with:
        aws-region: us-east-1
        aws-access-key-id: ${{ vars.cloudbees_saas_test_access_key_id }}
        aws-secret-access-key: ${{ secrets.cloudbees_saas_test_secret_access_key }}
        role-to-assume: service-eks-role
        role-duration-seconds: "3600"
    - uses: cloudbees-io/configure-eks-credentials@v0(2)
      with:
        name: arch-saas
    - uses: cloudbees-io/configure-ecr-credentials@v0(3)
    - uses: docker://alpine/helm:latest(4)
# The `version` command parameter value refers to the chart version that is output by the `build` job, using `${{ needs.build.outputs.chart-version }}`.
      run: |
        helm upgrade \
          --namespace dry-run-1702-2 \
          --create-namespace \
          --install \
          --version ${{ needs.build.outputs.chart-version }} \
          app-chart ${{ needs.build.outputs.chart-location }}
Overview
Manage workflows