Artifact Repository

The artifact repository is an integral part of uDeploy. It is the piece that allows uDeploy to make the guarantee that the bits that were deployed to Production are identical to the bits that were tested and approved in a lower environment. This guarantee can be made because the artifact repository provides a secure and temper-proof storage for the binary artifacts that are deployed. Without the artifact repository, the user would need to pull artifacts from a network share or some other system. Network shares are typically not very secure nor tamper proof. And other systems essentially come down to having a separate artifact repository. At that point, you need to ask yourself ... why have an external artifact repository that is not integrated with your deployment server? If there is a good reason, then uDeploy can integrate with the external repository and pull deployment artifact out of there.

Efficient Storage

The artifact repository uses content addressable storage to minimize the amount of disk space utilized and maximize efficiency. Even if a file is delivered by multiple builds, if it does not change, it is stored only once. The artifact repository tracks versions of files as they change and holds a full history of all file versions for each Component. Maximizing efficiency is important, since the artifact repository stores files that are much larger than source files.

Association of files with Components is built into the system. Without any configuration, each Component gets its own area of the repository for its files. There is no chance of confusion or mix-up of files to Components. And, each Component Package is mapped to a specific set of files and versions corresponding to the Component.

Secure and Tamper Resistant

The artifact repository has built-in security that limits the users that can access an area of the repository and what actions the users can take. Areas of the repository correspond to Components and use the security settings on the components.

The artifact repository stores cryptographic hashes of all content in the repository and verifies that the stored files have not been tampered with (by recomputing the cryptographic hashes and comparing the calculated hash against the expected value that was stored when the file was added to the repository). The storage of the original, or base value, cryptographic hash takes place at the time that a file is added to the repository. The verification of the file content against the expected cryptographic hash value takes place every time the file is requested from the repository.

APIs

The artifact repository comes with a client application that provides remote access to the repository. Using the client, the user can add/modify files, create Packages, retrieve files, as well as view the history of changes. The client application provides a file transfer capability that can be used to deliver files to target servers during deployments. This built-in transfer mechanism verifies the integrity of all transferred files against their expected cryptographic signatures, thus guaranteeing that files have not been corrupted during transmission or tampered with during storage.

In addition to the client application, the artifact repository exposes RESTful web services. These services are used to build integrations between build systems such as AnthillPro and uDeploy. Such integrations automatically place the artifacts produced by the build process in the artifact repository, thus making the artifacts available for deployment.