Installation and Configuration - Sonatype for Bamboo Data Center
Installation
Download latest version:
Important
When migrated from Bamboo Server to Bamboo Data Center from version 2.42.0-01 or previous versions, uninstall the previous plugin and re-install a data center-compatible version
The server-compatible plugin versions cannot be automatically upgraded to data center-compatible versions.
Login as administrator in Bamboo and click on the gear icon in the top right toolbar.
Select Add-ons from the drop-down list.
In the Manage Add-ons section, click Upload Add-on/app link. A dialog opens, enabling you to specify a file, or a URL location.
Choose the location of the Sonatype for Bamboo Data Center file, downloaded previously.
Click Open, and then Upload button.
You will see a message confirming upload of Sonatype for Bamboo Data Center.
Sonatype for Bamboo Data Center will now appear as listed under User-installed add-ons.
Tip
In most cases, pausing your Bamboo server is a good idea.
Configure Sonatype for Bamboo Data Center
Navigate to Bamboo administration.
On the left-hand navigation menu, locate Sonatype. Click on the Configuration link to open the IQ Server Configuration window:
Enter the IQ Server URL.
Select an Authentication Method:
PKI Authentication: Delegate to the JVM for authentication.
User Authentication: Enter a username and password for authentication.
Tip
We recommend creating a unique machine account that has access to the application(s) to be linked to your Bamboo Build(s)/Plans.
Click the Save button. Your configuration is saved, displaying the application(s) the user has access to.
Add the Sonatype IQ task to Bamboo.
Optional: Use Bamboo Specs to configure the Sonatype Lifecycle analysis task
You can configure/add Sonatype Lifecycle Analysis task as code, using Bamboo Specs. This way you can automate your build plans by fetching its configuration from a file inside the repository.
Bamboo looks for either
bamboo-specs/bamboo.ymlorbamboo-specs/bamboo.yamlfiles. You should have them created in your repository.Go to Bamboo Administration (gear icon) > Linked repositories, select the repository containing the .yaml file, click the Bamboo Specs tab and activate the Scan for Bamboo Specs button. This allows Bamboo to scan the linked repository for Specs.
Here is a sample .yaml file for a build plan executing two tasks (refer section under tasks):
version: 2 plan: project-key: PK key: IQ name: SonatypePlan description: Integrating Sonatype for Bamboo Data Center stages: - Default Stage: manual: false final: false jobs: - Default Job Default Job: key: JOB1 tasks: - checkout: force-clean-build: 'false' description: Checkout Default Repository - maven: executable: Maven 3 jdk: JDK 17.0.4 goal: clean test tests: 'true' description: Clean Test Sample Project artifact-subscriptions: [] repositories: - SampleRepository: scope: global triggers: - polling: period: '180' branches: create: manually delete: never link-to-jira: true notifications: [] labels: [] dependencies: require-all-stages-passing: false enabled-for-branches: true block-strategy: none plans: [] other: concurrent-build-plugin: system-defaultTo add the Lifecycle Policy Evaluation Task, you add block any-task containing the Lifecycle configuration, under tasks section of the spec:
- any-task: plugin-key: com.sonatype.clm.ci.bamboo:clm-scan-task description: Bamboo Task configuration: failOnClmFailures: 'true' failOnScanningErrors: 'false' clmOrgIdType: specified clmOrgId: iq-org clmAppIdType: specified clmAppId: iq-app clmStageType: specified clmStageTypeId: build clmScanTargets: '**/*.jar' clmModuleExcludes: '**/my-module/target/**'Lifecycle Policy Evaluation Task Configuration Properties:
Key
Description
Required
Accepted values
plugin-key
The plugin identifier within Bamboo: The plugin's module used in the task. You can find the Sonatype plugin information in the Add-ons/apps administration section in Bamboo.
true
com.sonatype.clm.ci.bamboo:clm-scan-task
description
The task description to remember what the task does.
false
Default: empty
failOnClmFailures
If set to true the build will fail when a Lifecycle evaluation can’t be performed or if for any reason the evaluation is not generated.
false
true
false (default)
failOnScanningErrors
If set to true, the build will fail when errors are encountered during a scan such as malformed files.
false
true
false (default)
clmOrgIdType
Whether the Sonatype Organization ID is specified or selected from a list. In the Bamboo Specs scope any of the accepted values is valid.
false
specified (default)
selected
clmOrgId
The Organization ID assigned in IQ Server.
false
Default: none
clmAppIdType
Whether the Sonatype Application ID is specified or selected from a list. In the Bamboo Specs scope any of the accepted values is valid.
true
specified
selected
clmAppId
The Application ID assigned in IQ Server. If automatic application creation is enabled, an application with the specified ID will automatically be created if it does not exist in IQ Server.
true
clmStageType
Whether the Stage the policy evaluation runs is specified or selected from a list. In the Bamboo Specs scope any of the accepted values is valid.
true
specified
selected
clmStageTypeId
The Stage ID for which the policy evaluation of the application/project runs.
true
develop
source
build
stage-release
release
operate
clmScanTargets
A comma-separated list of Ant-style patterns relative to the workspace root that denote the files/archives to be scanned.
false
Default: **/*.jar, **/*.war, **/*.ear, **/*.zip, **/*.tar.gz
clmModuleExcludes
A comma-separated list of Ant-style patterns relative to the workspace root that denote the module information files (**/nexus-iq/module.xml) to be ignored.
false
Default: none
The first time you update the yaml Spec in your linked repository, you should see a successful build in the Bamboo's Plan Summary:
Any subsequent changes to the yaml Spec will trigger the Plan build in Bamboo and you can see the code commits in the Build Result Summary.