#release-engineering (2021-12)
All things CI/CD. Specific emphasis on Codefresh and CodeBuild with CodePipeline.
CI/CD Discussions
Archive: https://archive.sweetops.com/release-engineering/
2021-12-01
2021-12-02
2021-12-08
This is likely not the right place to post this questions, but is anyone using something besides Artifactory to host / store their Artifacts? If so, what are you using?
We have a customer using Nexus, which is open source, but beyond that don’t have much insight. I would start by mentioning the problem you want to solve. E.g. vulnerability scanning, caching, attribution, compliance, etc and for what languages
Depend on your CI. Gitlab have now a lot of registeries. Having Artifactory/Nexus for releases is very good practise indeed. I would first ask what are your releases? NPM? Java? Dotnet? Docker? Packages? This is key for choosing the right solution.
We are using it for apt repos, generic binaries, ci/cd configs, app configs, helm charts…. Just about everything.
The problem I am looking to solve is that;
- its expensive
- Their support sucks
- We have been effectively down for 2 days and they don’t know why.
- If you want to be able to test upgrades you need to buy extra licensees. Overall just dissatisfied with the product.
Are you using the SaaS or self-hosted version? Just curious if the SaaS has been stable or not.
(it is expensive!)
Self Hosted. We have requirement around ITAR and FedRamp that make using SaaS very rare for us.
Since you mentioned FedRamp I’ll assume you’re somewhere in the US Gov space?
USAF Platform One packages Nexus as part of their Big Bang product, here’s the repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus
Includes pre-hardened DoD-approved container images through USAF Iron Bank:
• https://ironbank.dso.mil/repomap/details;registry1Path=sonatype%252Fnexus%252Fnexus
• https://registry1.dso.mil/harbor/projects/3/repositories/sonatype%2Fnexus%2Fnexus You can self-register an account for access to all of those systems.
• Full Big Bang repo: https://repo1.dso.mil/platform-one/big-bang/bigbang
• Example of deploying Big Bang for local PoC really easily using my company’s product called Zarf: https://github.com/defenseunicorns/zarf/tree/master/examples/big-bang (The Zarf example won’t have Nexus, just the core cybersecurity stack. We’re working on another example called Big Bang Umbrella that has other stuff in it)
Thanks @roth.andy We’ll check it out.
We are using Artifactory SaaS and have had major issues the past couple of weeks also. I hate it. It’s so complex for what should be a very simple tool.
We are looking to migrate to simpler alternatives that mostly provide hosting for a single repository type only. The value we get from unified NPM + Docker + everything repositories is not that high
Late to the party but I feel like I should add an obligatory mention of Cloudsmith - we (Cloudsmith) host the packages for Cloudposse. When it comes to user adoption, we often hear that users compare us to Artifactory a lot, except favourably so, and we’re “stubbornly” Cloud-native (it does mean no on-premises / self-hosted option, though! Which of course doesn’t fit every user out there, but This Is The Way)