Overview
Artifactory supportsbowerrepositories on top itsexisting supportfor advanced artifact management.
Artifactory support for Bower provides:
- The ability to provision Bower packages from Artifactory to the Bower command line tool from all repository types.
- Calculation of Metadata for Bower packages hosted in Artifactory's local repositories.
- Access to remote Bower registries (such as
https://registry.bower.io) throughRemote Repositorieswhich provide the usual proxy and caching functionality. - The ability to access multiple Bower registries from a single URL by aggregating them under aVirtual Repositories.
- Assign access privileges according to projects or development teams.
Configuration
局部存储库
To enable calculation of Bower package metadata,in theAdministrationmodule, go toRepositories|Repositories|Localand click onNew Local Repository. Select鲍尔from theSelectPackage Typedialog to create your local Bower repository.
Deploying Bower Packages
The Bower client does not provide a way to deploy packages and relies on a Git repository to host the Bower package code.
To deploy a Bower package into Artifactory, you need to use Artifactory'sREST APIor theWeb UI.
A Bower package is a simpletar.gzfile which contains your project code as well as abower.jsonfile describing the package name and version.
Usually, you will use a customGrunt/Gulp项目任务包成一个存档文件deploy it to Artifactory.
Version property
Make sure to include aversionproperty in yourbower.jsonfile. You can add the property manually or by using thebower versioncommand.
Remote Repositories
The publicbower registrydoes not contain any actual binary packages; it is a simple key-value store pointing from a package name to its equivalent Git repository.
Since most of the packages are hosted in GitHub, you will want to create aRemote Repositorieswhich serves as a caching proxy forgithub.com. If necessary, you can do the same forbitbucket.orgor any otherremote repository you want to access.
Working with Bitbucket?
If your packages are hosted on Bitbucket (formerly Stash), you need to ensure that the Bitbucket Archive Plugin is installed on your Bitbucket server.
Artifacts (such astar.gzfiles) requested from a remote repository are cached on demand. You can remove downloaded artifacts from the remote repository cache, however you can not manually deploy artifacts to a remote repository.
To define a remote repository to proxy github.com as well as the public Bower registry follow the steps below:
- Create a new remote repository in theAdministrationmodule, underRepositories | Repositories | Remote,click "New Remote Repository" and set鲍尔to be itsPackage Type
- Set theRepository Keyvalue, and enter
https://github.comin theURLfield as displayed below.
- In the鲍尔Settingssection, selectGitHubas theGit Provider.
Finally, click "Save & Finish"
鲍尔Registry URL
Usually, you will point the鲍尔Registry URLfield at the public registry as displayed above.
However, if you are using a private bower registry or a remote Artifactory instance, simply set the same URL as configured inURLfield.
从def鲍尔已经改变了他们的注册表的URLault configured in Artifactory. In order to resolve from the public registry, set the Registry URL tohttps://registry.bower.io.
Virtual Repositories
A Virtual Repository defined in Artifactory aggregates packages from both local and remote repositories.
This allows you to access both locally hosted Bower packages and remote proxied Bower registries from a single URL defined for the virtual repository.
To create a virtual Bower repositoryset鲍尔to be itsPackage Type,andselect the underlying local and remote Bower repositories to include under theRepositoriessection.
Advanced Configuration
The fields underExternal Dependency Rewriteare connected toautomatically rewriting external dependenciesfor Bower packages that need them.
Enable Dependency Rewrite |
When checked, automatically rewriting external dependencies is enabled. |
Remote Repository For Cache |
The remote repository aggregated by this virtual repository in which the external dependency will be cached. |
Patterns Allow List |
An Allow List of Ant-style path expressions that specify where external dependencies may be downloaded from. By default, this is set to**which means that dependencies may be downloaded from any external source. For example, if you wish to limit external dependencies to only be downloaded from |
Using the Bower Command Line
鲍尔repositories must be prefixed with api/bower in the path
When accessing a Bower repository through Artifactory, the repository URL must be prefixed withapi/bowerin the path. This applies to all Bower commands includingbower installandbower info.
For example, if you are using Artifactory standalone or as a local service, you would access your Bower repositories using the following URL:
http://localhost:8081/artifactory/api/bower/
Or, if you are using Artifactory Cloud, the URL would be:
https://
Artifactory has been updated to work seamlessly with the latest version of the Bower client from version 1.5, and also supports older versions of Bower.
Older versions of Bower
If your version of Bower is below 1.5, please refer toUsing Older Versions of Bower.
Using Bower Version 1.5 and above
In order to use Bower with Artifactory you need 2 components (npm packages):
- bower-art-resolver- A custom, pluggable Bower resolver which is dedicated to integrate with Artifactory.
- bower- Bower version1.5.0and above.
一旦安装了凉亭,添加Artifactory鲍尔resolver by editing your~/.bowerrcconfiguration file
{ "resolvers": [ "bower-art-resolver" ] }
鲍尔Documentation
For more information, please refer to the Bower documentation onPluggable Resolvers.
Replace the default registry with a URL pointing to a Bower repository in Artifactory by editing your~/.bowerrcconfiguration file (the example below uses a repository with the keybower-repo):
{ "registry": "http://localhost:8081/artifactory/api/bower/bower-repo" }
Using the Bower Shorthand Resolver
If you want to configure the Bower Shorthand Resolver to work with Artifactory, please refer to鲍尔Shorthand Resolverbelow.
.bowerrc file location
Windows:%userprofile%\.bowerrc
Linux:~/.bowerrc
We recommend referencing aVirtual RepositoriesURL as a registry. This gives you the flexibilityto reconfigure and aggregate other external sources and local repositories of Bower packages you deployed.
Once the Bower command line tool is configured, everybower installcommand will fetch packages from the bower repository specified above. For example:
$ bower install bootstrap bower bootstrap#* not-cached art://twbs/bootstrap#* bower bootstrap#* resolve art://twbs/bootstrap#* bower bootstrap#* extract archive.tar.gz bower bootstrap#* resolved art://twbs/bootstrap#e-tag:0b9cb774e1
Using Older Versions of Bower
Working with Artifactory without Anonymous Access
By default, Artifactory allows anonymous access to Bower repositories. This is defined underSecurity | General Configuration. For details please refer toAllow Anonymous Access.
If you want to be able to trace how users interact with your repositories you need to uncheck theAllow Anonymous Accesssetting. This means that users will be required to enter their username and password.
Unfortunately, the Bower command line tool does not support authentication and you will need to add your credentials to the URL of the bower registry configured in~/.bowerrc:
{ "registry": "http://admin:password@localhost:8081/artifactory/api/bower/bower-repo" }
Use an encrypted password
Use an encrypted password instead of clear-text; seeCentrally Secure Passwords.
Cleaning Up the Local Bower Cache
The Bower client saves caches of packages that were downloaded, as well as metadata responses.
We recommend removing the Bower caches (both packages and metadata responses) before using Artifactory for the first time. This is to ensure that your caches only contain elements that are due to requests from Artifactory and not directly fromhttps://registry.bower.io.
To clear the bower cache use:
bower cache clean
Automatically Rewriting External Dependencies
Packages requested by the Bower client frequently use external dependencies as defined in the packages'bower.jsonfile. These dependencies may, in turn, need additional dependencies. Therefore, when downloading a Bower package, you may not have full visibility into the full set of dependencies that your original package needs (whether directly or transitively). As a result, you are at risk of downloading malicious dependencies from unknown external resources. To manage this risk, and maintain the best practice of consuming external packages through Artifactory, you may specify a "safe" whitelist from which dependencies may be downloaded, cached in Artifactory and configure to rewrite the dependencies so that the鲍尔client accesses dependencies through a virtual repository as follows:
- CheckEnable Dependency Rewritein the Bower virtual repository advanced configuration.
- 指定一个白名单patterns of external resources from which dependencies may be downloaded.
- Specify the remote repository in which those dependencies should be cached.
It is preferable to configure a dedicated remote repository for that purpose so it is easier to maintain.
In the example below the external dependencies will be cached in "bower" remote repository and only package fromhttps://github.com/jfrogdevare allowed to be cached.
Rewriting Workflow
When downloading a Bower package, Artifactory analyzes the list of dependencies needed by the package.
If any of the dependencies are hosted on external resources (e.g. on
github.com), and those resources are specified in the white list,Artifactory will download the dependency from the external resource.
Artifactory will cache the dependency in the remote repository configured to cache the external dependency.
Artifactory will then modify the dependency's entry in the package'spackage.jsonfile indicating its new location in the Artifactory remote repository cache before returning it to the Bower client.
Consequently, every time the Bower client needs to access the dependency, it will be provisioned from its new location in the Artifactory remote repository cache.
Using the Bower Shorthand Resolver
When runningbower installon abower.jsonfile that is hosted on your local machine, you need to define a custom template in .bowerrcfile by adding the following line.
shorthand-resolver": "art://{{owner}}/{{package}}"
From version v4.11, for bower packages downloaded from remote repositories, Artifactory supports resolving dependencies that are specified using the鲍尔shorthand resolverfor dependencies hosted on GitHub. Use of the shorthand resolver is reflected in the Bower install output, in the shorthand resolver dependencies, which are prefixed with$$$art-shorthand-resolver$$$. For example:
bower mypackagetest#$$$art-shorthand-resolver$$$--mypackagetest-master.tar.gz not-cachedart:// /mypackagetest#$$$art-shorthand-resolver$$$- -mypackagetest-master.tar.gz bower mypackagetest#$$$art-shorthand-resolver$$$- -mypackagetest-master.tar.gz resolveart:// /mypackagetest#$$$art-shorthand-resolver$$$- -mypackagetest-master.tar.gz bower mypackagetest#$$$art-shorthand-resolver$$$- -mypackagetest-master.tar.gz resolvedart:// /mypackagetest#$$$art-shorthand-resolver$$$- -mypackagetest-master.tar.gz
Registering Bower Packages
From version 4.6, Artifactory is a Bower registry and lets you register bower packages through remote and virtual repositories. This means you can retrieve bower packages directly from your private Git repositories.
When creating private remote repositories, the Registry URL is redundant and can be left as is.
For example, a private Stash server hosted athttp://stash.mycompany.com:7990with a project named "artifactory" will be registered as follows:
bower register artifactory ssh://git@stash.mycompany.com:7999/artifactory/artifactory.git
Once the server is registered, to download a Bower package from the stash server and cache it in the remote Bower repository in Artifactory (ready for access by users) you can simply run
bower install artifactory
Viewing Individual Bower Package Information
Artifactory lets you view selected metadata of a Bower package directly from the UI.
In theArtifactstab, selectTree Browserand drill down to select thezip/tar.gzfile you want to inspect. The metadata is displayed in the鲍尔Infotab.
