Last month, JFrog announced the availability of Artifactory 4, a unified binary repository for Maven, NPM, Docker, Vagrant and many other packaging formats within a single service, now rebranded as a Universal Artifact Repository. Providing for security, scalability and reliability it is positioned to support the lifecycle from Dev to Ops.
Shlomi Ben Haim, CEO of JFrog explains the notion of a universal artifact repository: "The world doesn't need just another Docker registry or Maven repository. [Enterprises] live in a multi-platform world, with new technologies such as Docker arriving every year. They have been demanding a universal artifact repository that can scale to meet their most demanding workloads and give them freedom from lock-in to a particular platform." The press release summarizes new features of recent releases.
InfoQ spoke with Baruch Sadogursky, Developer Advocate at JFrog about the technical features underpinning Artifactory 4. Releases up to version 4.1 contain the following notable additions:
- New UI/UX: Artifactory 4 UI is reflecting the increased scope from a largely Java/Maven focused workflow to a universal repository used in the complete DevOps lifecycle. Configuration wizards and code snippets simplify the integration into clients and CI/DevOps tools.
- Metadata centricity: Artifactory supports workflows based on metadata and a query language (AQL). Attaching, reading and searching properties is done via a RESTful API. Artifactory is able to calculate metadata automatically when single package types are used.
- VCS proxy: Remote repositories such as git/github (including large files with git LFS) can be accessed through Artifactory for easier use from within a firewall and easier configuration management.
- Docker integration: Artifactory supports Docker workflows in multiple ways: It can act as a local Docker V1 and V2 registry/repository with security and image metadata search capabilities. It can act as a proxy for other Docker registries for a unified access through Artifactory. It is also available as a Docker image, for a simpler installation.
- Smart Remote repositories: Replication of artifacts can be implemented in scheduled pull, push and multiple push (enterprise licence necessary) replication modes for sharing artifacts automatically across multi-site organizations. "List remote folders" enables browsing of remote Artifactory repositories, while "Sync properties" replicates metadata back to the origin server.
- High availability: With the artifact repository sitting in the central position of the DevOps value stream, JFrog is providing a high availability mechanism to prevent single point of failure and bottlenecks. High availability is implemented as a simple multi-instance mechanism with a statically defined primary. An external central SQL DB, NFS for the repository storage and a loadbalancer need to be setup and a HA licence purchased.
The importance of a binary repository within the deployment pipeline is emphasized by Dave Farley, co-author of Continuous Delivery, in a previous InfoQ interview: "The artifact repository is a central idea because the core idea of continuous delivery is every change that you submit to go into production is giving birth to a release candidate and you want to evaluate that release candidate through its release cycle and see whether it can prove that it’s not fit to make it into production." Dave considers decoration and enrichment of metadata of artifacts travelling through the pipeline important so "we can capture the results [of tests] and make decisions on an automated basis based on this metadata that we collected."
Other artifact repositories such as RedHat community project Pulp, Apache Archiva and Sonatype Nexus also enable CD pipelines, with a more limited set of repository types. Nexus is currently adding support for Docker and extending its reach into the DevOps community, too.
Artifactory 4 is available online as a cloud service, on-prem variants (from Pro to Enterprise/HA) and a stripped-down Open Source version.