Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,556,459
Community Members
 
Community Events
184
Community Groups

Where to keep YAML specs for a Bamboo build plan?

Edited
Emre Toptancı _OBSS_
Emre Toptancı _OBSS_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
Feb 12, 2021

We are trying to switch to using YAML specs file for our Bamboo build plan but can't decide where to keep the file.

First, some background. As many teams do, we do feature development on separate branches on BitBucket. Bamboo is configured to auto-create build plan branches based on source control branches so CI builds are run on each branch.

Now, we can keep the YAML file in the same BB repository with the product source code or we can keep the YAML file in a separate BB repository. Below are the two requirements that we can't find a common solution for.

Since a build plan is capable of running arbitrary scripts on the build server, we want to limit the people who can modify the plan definition, even on non-master branches. Not every developer that can modify the product code should be able to modify the build plan.

On the other hand,  While doing development of a major feature that requires updating the build plan, we want to be able to modify the build plan so the modified plan is just used for building the new feature branch on BB. The modifications on the plan should not affect other branches until the feature is merged into master.

So ... where should we keep the build plan YAML and how should we configure this setup ?

 

Answer
Watch
Like Be the first to like this
345 views

2 answers

0 votes
Marcin Gardias
Marcin Gardias
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Feb 16, 2021 • edited

> Since a build plan is capable of running arbitrary scripts on the build server, (...)

Well, not really, unless you use Local Agents, which I would strongly recommend against if you care about security. Builds are run on Bamboo Agents and those do not have to be on the same hardware as Bamboo Server.

 

>Not every developer that can modify the product code should be able to modify the build plan.

Those developers will still have the power to modify your test code in a harmful way, so you're not actually gaining anything by putting that limitation in place.

Reply
0 votes
Victor Debone
Victor Debone
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Feb 16, 2021

Hello @Emre Toptancı _OBSS_ !

Plans written in YAML Bamboo Specs should be placed inside the bamboo-specs folder inside the root of the repository with Bamboo Specs enabled. Bamboo Specs YAML expects a single file named bamboo.yaml inside this folder, and you are free to create and include other YAML file, so your configurations are keep organized.

Note that this doesn't necessarily means that these Bamboo Specs will be creating a plan for this repository. Bamboo Specs can define various plans for various projects using different repositories.

The scope of what each repository enabled to be scanned for Bamboo Specs is configured inside the same interface where you enable Bamboo Specs, or inside the respective repositories, projects or deployment projects.

For your case, you would look in the direction of creating repositories that can have Bamboo Specs scanned, and different repositories to store code. It will work for the first scenario you described, but this is not how Bamboo Specs YAML was designed to be used and the modifications in different branches will not necessarily work as smoothly as if you would have the plans configured next to their source code (using a single repository).

On the other hand, I might remind you that virtually every developer with access to any of the repositories that a plan touches, either a plan configuration or a source code for an application, will always have access to the Bamboo Agent and the permissions given to it. There are ways to mitigate risks and mistakes, but never complete remove them. You might review into why these protections are required in the first place, and maybe enjoy the features and benefits that running Bamboo Specs on the branches can provide.

I hope these will help you move forward!

Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

See all events