shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-04 05:28:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a2d64c08c15d582a893772691fea554bf0c4649e
coder/docs/platforms/jfrog.md
T

5.6 KiB
Raw Blame History

JFrog

Use Coder and JFrog together to secure your development environments without disturbing your developers' existing workflows.

This guide will demonstrate how to use JFrog Artifactory as a package registry within a workspace. We'll use Docker as the underlying compute. But, these concepts apply to any compute platform.

The full example template can be found here.

Requirements

  • A JFrog Artifactory instance
  • An admin-level access token for Artifactory
  • 1:1 mapping of users in Coder to users in Artifactory by email address
  • An npm repository in Artifactory named "npm"
The admin-level access token is used to provision user tokens and is never exposed to developers or stored in workspaces.

Provisioner Authentication

The most straight-forward way to authenticate your template with Artifactory is by using Terraform-managed variables.

See the following example:

terraform {
  required_providers {
    coder = {
      source  = "coder/coder"
      version = "~> 0.11.1"
    }
    docker = {
      source  = "kreuzwerker/docker"
      version = "~> 3.0.1"
    }
    artifactory = {
      source  = "registry.terraform.io/jfrog/artifactory"
      version = "6.22.3"
    }
  }
}

variable "jfrog_url" {
  type        = string
  description = "The URL of the JFrog instance."
}

variable "artifactory_access_token" {
  type        = string
  description = "The admin-level access token to use for JFrog."
}

# Configure the Artifactory provider
provider "artifactory" {
  url           = "${var.jfrog_url}/artifactory"
  access_token  = "${var.artifactory_access_token}"
}

When pushing the template, you can pass in the variables using the -V flag:

coder templates push --var 'jfrog_url=https://YYY.jfrog.io' --var 'artifactory_access_token=XXX'

Installing JFrog CLI

jf is the JFrog CLI. It can do many things across the JFrog platform, but we'll focus on its ability to configure package managers, as that's the relevant functionality for most developers.

The generic method of installing the JFrog CLI is the following command:

curl -fL https://install-cli.jfrog.io | sh

Other methods are listed here.

In our Docker-based example, we install jf by adding these lines to our Dockerfile:

RUN curl -fL https://install-cli.jfrog.io | sh && chmod 755 $(which jf)

and use this coder_agent block:

resource "coder_agent" "main" {
  arch                   = data.coder_provisioner.me.arch
  os                     = "linux"
  startup_script_timeout = 180
  startup_script         = <<-EOT
    set -e

    # install and start code-server
    curl -fsSL https://code-server.dev/install.sh | sh -s -- --method=standalone --prefix=/tmp/code-server --version 4.11.0
    /tmp/code-server/bin/code-server --auth none --port 13337 >/tmp/code-server.log 2>&1 &

    # The jf CLI checks $CI when determining whether to use interactive
    # flows.
    export CI=true

    jf c rm 0 || true
    echo ${artifactory_access_token.me.access_token} | \
      jf c add --access-token-stdin --url ${var.jfrog_url} 0
  EOT
}

You can verify that jf is configured correctly in your workspace by running jf c show. It should display output like:

coder@jf:~$ jf c show
Server ID:                      0
JFrog Platform URL:             https://cdr.jfrog.io/
Artifactory URL:                https://cdr.jfrog.io/artifactory/
Distribution URL:               https://cdr.jfrog.io/distribution/
Xray URL:                       https://cdr.jfrog.io/xray/
Mission Control URL:            https://cdr.jfrog.io/mc/
Pipelines URL:                  https://cdr.jfrog.io/pipelines/
User:                           ammar@....com
Access token:                   ...
Default:                        true

Installing the JFrog VS Code Extension

You can install the JFrog VS Code extension into workspaces automatically by inserting the following lines into your startup_script:

  # Install the JFrog VS Code extension.
  # Find the latest version number at
  # https://open-vsx.org/extension/JFrog/jfrog-vscode-extension.
  JFROG_EXT_VERSION=2.4.1
  curl -o /tmp/jfrog.vsix -L "https://open-vsx.org/api/JFrog/jfrog-vscode-extension/$JFROG_EXT_VERSION/file/JFrog.jfrog-vscode-extension-$JFROG_EXT_VERSION.vsix"
  /tmp/code-server/bin/code-server --install-extension /tmp/jfrog.vsix

Note that this method will only work if your developers use code-server.

Configuring npm

Add the following line to your startup_script to configure npm to use Artifactory:

    # Configure the `npm` CLI to use the Artifactory "npm" registry.
    cat << EOF > ~/.npmrc
    email = ${data.coder_workspace.me.owner_email}
    registry=${var.jfrog_url}/artifactory/api/npm/npm/
    EOF
    jf rt curl /api/npm/auth >> .npmrc

Now, your developers can run npm install, npm audit, etc. and transparently use Artifactory as the package registry. You can verify that npm is configured correctly by running npm install --loglevel=http react and checking that npm is only hitting your Artifactory URL.

You can apply the same concepts to Docker, Go, Maven, and other package managers supported by Artifactory.

More reading

  • See the full example template here.
  • To serve extensions from your own VS Code Marketplace, check out code-marketplace.
Reference in New Issue View Git Blame Copy Permalink