Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Where to keep YAML specs for a Bamboo build plan?


We are trying to switch to using YAML specs file for our Bamboo build plan but can't decide where to keep the file.

First, some background. As many teams do, we do feature development on separate branches on BitBucket. Bamboo is configured to auto-create build plan branches based on source control branches so CI builds are run on each branch.

Now, we can keep the YAML file in the same BB repository with the product source code or we can keep the YAML file in a separate BB repository. Below are the two requirements that we can't find a common solution for.

Since a build plan is capable of running arbitrary scripts on the build server, we want to limit the people who can modify the plan definition, even on non-master branches. Not every developer that can modify the product code should be able to modify the build plan.

On the other hand,  While doing development of a major feature that requires updating the build plan, we want to be able to modify the build plan so the modified plan is just used for building the new feature branch on BB. The modifications on the plan should not affect other branches until the feature is merged into master.

So ... where should we keep the build plan YAML and how should we configure this setup ?


2 answers

> Since a build plan is capable of running arbitrary scripts on the build server, (...)

Well, not really, unless you use Local Agents, which I would strongly recommend against if you care about security. Builds are run on Bamboo Agents and those do not have to be on the same hardware as Bamboo Server.


>Not every developer that can modify the product code should be able to modify the build plan.

Those developers will still have the power to modify your test code in a harmful way, so you're not actually gaining anything by putting that limitation in place.

0 votes

Hello @Emre Toptancı _OBSS_ !

Plans written in YAML Bamboo Specs should be placed inside the bamboo-specs folder inside the root of the repository with Bamboo Specs enabled. Bamboo Specs YAML expects a single file named bamboo.yaml inside this folder, and you are free to create and include other YAML file, so your configurations are keep organized.

Note that this doesn't necessarily means that these Bamboo Specs will be creating a plan for this repository. Bamboo Specs can define various plans for various projects using different repositories.

The scope of what each repository enabled to be scanned for Bamboo Specs is configured inside the same interface where you enable Bamboo Specs, or inside the respective repositories, projects or deployment projects.

For your case, you would look in the direction of creating repositories that can have Bamboo Specs scanned, and different repositories to store code. It will work for the first scenario you described, but this is not how Bamboo Specs YAML was designed to be used and the modifications in different branches will not necessarily work as smoothly as if you would have the plans configured next to their source code (using a single repository).

On the other hand, I might remind you that virtually every developer with access to any of the repositories that a plan touches, either a plan configuration or a source code for an application, will always have access to the Bamboo Agent and the permissions given to it. There are ways to mitigate risks and mistakes, but never complete remove them. You might review into why these protections are required in the first place, and maybe enjoy the features and benefits that running Bamboo Specs on the branches can provide.

I hope these will help you move forward!

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events