Skip to main content

Artifactory

Upload artifacts to JFrog Artifactory

Anodizer can upload release artifacts to JFrog Artifactory repositories.

Classification

GroupRequired (default)RollbackToken scope
Assetsfalseparallel HTTP DELETE per uploaded URL (404/410 treated as already-absent)ARTIFACTORY_{NAME}_SECRET delete

See Release resilience for the full classification table and the Submitter gate semantics.

The required: field

Default: false — an Artifactory upload failure is logged but does not fail the release.

Set required: true to make the release exit non-zero if this publisher fails:

artifactories:
  - name: production
    target: "https://artifactory.example.com/repo/path/"
    required: true

See Publish overview — the required: field for the full semantics.

Minimal config

artifactories:
  - name: production
    target: "https://artifactory.example.com/repo/path/"

Artifactory config fields

FieldTypeDefaultDescription
namestringrequiredIdentifier used for env var lookup
targetstringrequiredUpload URL (template, artifact-specific vars available)
modestringarchiveArtifact selection: "archive" or "binary"
usernamestringenv fallbackHTTP basic auth username
passwordstringenv fallbackHTTP basic auth password
idslistnoneFilter by build IDs
extslistnoneFilter by file extensions
methodstringPUTHTTP method (PUT or POST)
checksum_headerstringX-Checksum-SHA256Header name for SHA-256 checksum
custom_headersmapnoneExtra HTTP headers (template-rendered)
checksumboolfalseInclude checksum files
signatureboolfalseInclude signature files
metaboolfalseInclude metadata.json and artifacts.json
custom_artifact_nameboolfalseUse artifact name as-is (don't append to target URL)
extra_fileslistnoneAdditional files to upload
extra_files_onlyboolfalseOnly upload extra files, skip artifacts
client_x509_certstringnonePath to client TLS certificate
client_x509_keystringnonePath to client TLS private key
trusted_certificatesstringnonePath to CA certificate bundle
skipstring/boolnoneSkip this config

Full config reference

artifactories:
  - name: production          # required; sets ARTIFACTORY_{NAME}_SECRET env lookup
    target: "https://artifactory.example.com/repo/{{ Version }}/{{ ArtifactName }}"
    mode: archive             # archive | binary
    method: PUT               # PUT | POST
    username: ""              # falls back to ARTIFACTORY_{NAME}_USERNAME
    password: ""              # falls back to ARTIFACTORY_{NAME}_SECRET
    ids: []
    exclude: []               # drop artifacts whose name matches a glob
    exts: []
    checksum_header: "X-Checksum-SHA256"
    custom_headers: {}        # template-rendered
    checksum: false
    signature: false
    meta: false
    custom_artifact_name: false
    extra_files: []
    extra_files_only: false
    client_x509_cert: ""
    client_x509_key: ""
    trusted_certificates: ""
    skip: false

Excluding sidecars with exclude

exclude is a list of globs matched against each artifact's file name; anodizer drops every artifact whose name matches at least one glob from this Artifactory target only. Use it to keep heavy sidecars (checksums, signatures, SBOMs) out of a given repository while archives still upload.

artifactories:
  - target: "https://artifactory.example.com/repo/{{ Version }}/{{ ArtifactName }}"
    exclude:
      - "*.sha256"
      - "*.sig"
      - "*.cdx.json"

exclude composes with ids: and exts: — an artifact uploads only when it passes every filter. An empty or unset exclude keeps everything. Globs are validated at config-load; a malformed pattern is rejected with a clear error, and an exclude that drops every candidate raises a warning so a typo'd glob is never a silent empty upload.

Authentication

Credentials are resolved in this order:

VariableFallback
Usernameconfig value, then ARTIFACTORY_{NAME}_USERNAME
PasswordARTIFACTORY_{NAME}_SECRET, then ARTIFACTORY_SECRET, then config value

Where {NAME} is the uppercased name field.

Common gotchas

  • PUT vs POST: the default method is PUT. Some Artifactory configurations require POST for initial upload and reject PUT with a 405. Set method: POST if uploads fail with a 405.
  • Credential resolution order: username and password are tried in config value → env var order (see Authentication above). An empty config value falls through to the env var.
  • custom_artifact_name: true: uses the artifact filename as-is instead of appending it to the target URL. Use this when target already includes the full artifact path.

Target URL templating

The target URL and custom_headers values support artifact-specific template variables:

VariableDescription
{{ ArtifactName }}Artifact filename
{{ ArtifactExt }}File extension
{{ Os }}Target OS
{{ Arch }}Target architecture
{{ Target }}Rust target triple

Full example

artifactories:
  - name: production
    target: "https://artifactory.example.com/myapp/{{ Version }}/{{ ArtifactName }}"
    mode: archive
    custom_headers:
      X-Build-Number: "{{ Env.BUILD_NUMBER }}"
    checksum: true
    signature: true