Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Where to keep YAML specs for a Bamboo build plan? Edited

We are trying to switch to using YAML specs file for our Bamboo build plan but can't decide where to keep the file.

First, some background. As many teams do, we do feature development on separate branches on BitBucket. Bamboo is configured to auto-create build plan branches based on source control branches so CI builds are run on each branch.

Now, we can keep the YAML file in the same BB repository with the product source code or we can keep the YAML file in a separate BB repository. Below are the two requirements that we can't find a common solution for.

Since a build plan is capable of running arbitrary scripts on the build server, we want to limit the people who can modify the plan definition, even on non-master branches. Not every developer that can modify the product code should be able to modify the build plan.

On the other hand,  While doing development of a major feature that requires updating the build plan, we want to be able to modify the build plan so the modified plan is just used for building the new feature branch on BB. The modifications on the plan should not affect other branches until the feature is merged into master.

So ... where should we keep the build plan YAML and how should we configure this setup ?

 

2 answers

0 votes

Hello @Emre Toptancı _OBSS_ !

Plans written in YAML Bamboo Specs should be placed inside the bamboo-specs folder inside the root of the repository with Bamboo Specs enabled. Bamboo Specs YAML expects a single file named bamboo.yaml inside this folder, and you are free to create and include other YAML file, so your configurations are keep organized.

Note that this doesn't necessarily means that these Bamboo Specs will be creating a plan for this repository. Bamboo Specs can define various plans for various projects using different repositories.

The scope of what each repository enabled to be scanned for Bamboo Specs is configured inside the same interface where you enable Bamboo Specs, or inside the respective repositories, projects or deployment projects.

For your case, you would look in the direction of creating repositories that can have Bamboo Specs scanned, and different repositories to store code. It will work for the first scenario you described, but this is not how Bamboo Specs YAML was designed to be used and the modifications in different branches will not necessarily work as smoothly as if you would have the plans configured next to their source code (using a single repository).

On the other hand, I might remind you that virtually every developer with access to any of the repositories that a plan touches, either a plan configuration or a source code for an application, will always have access to the Bamboo Agent and the permissions given to it. There are ways to mitigate risks and mistakes, but never complete remove them. You might review into why these protections are required in the first place, and maybe enjoy the features and benefits that running Bamboo Specs on the branches can provide.

I hope these will help you move forward!

> Since a build plan is capable of running arbitrary scripts on the build server, (...)

Well, not really, unless you use Local Agents, which I would strongly recommend against if you care about security. Builds are run on Bamboo Agents and those do not have to be on the same hardware as Bamboo Server.

 

>Not every developer that can modify the product code should be able to modify the build plan.

Those developers will still have the power to modify your test code in a harmful way, so you're not actually gaining anything by putting that limitation in place.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bamboo

Bamboo 7.2 is here!

I'm happy to announce that Bamboo 7.2 has been released and it’s overflowing with awesome new features. This will be the last major Server release before the launch of Bamboo DC. Bamboo logs We...

489 views 5 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you