Artifactory: Publishing Ivy Descriptors to Repository via Script

Question

It has been explained to me that if you want to have Artifactory manage your repository (which I do), and if you do not wish to hand-write your own Ivy descriptors yourself (which I don't), then your options are to either:

• Use Ivy RoundUp, which contains Ivy descriptors in addition to the artifacts themselves; or
• Write a script to generate the descriptors for you; or
• Write an XML transform to convert between Maven and Ivy descriptor schemas

After carefully weighing my options, I have decided to write a Python script to generate these descriptors. I will place all the artifacts I wish to deploy/install to my repository into a deploy/ folder, and the script will iterate over any artifacts it finds in this folder, query the user for information about it, and then perform the deployment for me, right there inside the script.

Although this last requirement is not mandatory, it would be nice to just have the script hit Artifactory's RESTful API and deploy the descriptor and the artifact for me, in the right location.

This page explains the API, and is the topic of my question.

The only PUT based operation the API exposes is this:

PUT http://localhost:8080/artifactory/<repo>/<organization>/<module>/<version>/<artifact>:sample-metadata

<xml-metadata-content/>

The description for this operation is:

Attach the XML metadata to an item (file or folder).

Is this what I'm looking for? For instance, if I have a jar called my-utils-2.3.jar, then I want to be able to place this in the deploy/ directory, and have my script not only generate my-utils-2.3-ivy.xml, but to deploy both of these items to my repository at the right location (which, in this example, would be http://localhost:8080/artifactory/my-repo/my/utils/2.3/).

If this is not what I'm looking for, then does Artifactory's API even support what I want (and where is the documentation on this!)?

And, if it is what I'm looking for, then I have a 2nd security-related question. I would like to keep all of my repositories secured. Ideally, the user executing this Python script would have to provide the Artifactory admin username & password in order for the deployment to carry out successfully.

But nowhere in this operation's definition do I see any support for authentication!! Am I to assume that Artifactory doesn't authenticate REST calls?!?

Thanks in advance!

Edit:
I found the following example on the Artifactory/Users old nabble forum:

curl -X PUT -u user:password --data-binary @/absolute/path/my-utils-2.3.jar "http://localhost/artifactory/my-repo/my/utils/2.3/"

Would this be what I'm looking for? That way, I could use PyCurl for the curl/libcurl interface, and still achieve security. If so, then why am I being asked for authentication by curl, as opposed to Artifactory?

Answer 1

Artifactory uses HTTP BASIC authentication for all REST calls. The curl example you mentioned will not work, since you need to specify the full target path for the file (the current command will just (re)create the directory in Artifactory and ignore the file stream). You should use:

curl -XPUT -f -uadmin:password --data-binary @/absolute/path/my-utils-2.3.jar "http://localhost/artifactory/my-repo/my/utils/2.3/my-utils-2.3.jar"

However, you can use Ivy to resolve directly from 3rd party Maven repos via the IBiblio resolver (see "usepoms"), or automatically convert poms to ivy descriptors using the convertpom task.

Artifactory also allows you to apply this type of pom->ivy conversion internally and store the ivy file into its cache via a groovy-based user plugin that intercepts the 'afterRemoteDownload' event.

Answer 2

Although Artifactory is flexible enough to support ivy repositories, I would recommend running it as a Maven repository.

Why?

1. Maven has established itself as the defacto Java repository standard.
2. Other builds tools, Ivy, Gradle, sbt,etc all understand Maven repositories.

The following answer describes how ivy can deploy to a Maven repository:

Convert ivy.xml to pom.xml