Documentation
Applications
Pipelines
Steps

Pipeline Steps

SkyU Pipelines have a few default steps that are executed in the pipeline. You can configure the build variables for those steps in this section.

Code Scan

Code scanning is a feature that scans your code for security vulnerabilities, bugs, and other issues. You can use code scanning to identify and fix security vulnerabilities and other issues in your code before they become a problem.

By default, SkyU uses Semgrep for code scanning. Semgrep is a lightweight static analysis tool that can scan your code for security vulnerabilities, bugs, and other issues. You can configure Semgrep to scan your code for specific issues and provide detailed reports.

FieldDescription
Code Scan Configs.pathThe path where your source code is available. This is usually the src folder

Build and Push

Trivy Scan

Trivy is a simple and comprehensive vulnerability scanner for containers. It can scan container images for vulnerabilities and provide a detailed report. You can use Trivy to scan your container images for vulnerabilities and take necessary actions to fix them.

Image build also happens in the Trivy scan step. The image is built and scanned for vulnerabilities.

FieldDescriptionEditable
exitCodeThe exit code of the trivy scan. If the exit code is not 0, the pipeline will fail.false
imageNameThe name of the image that is built and scanned.true
resultFormatThe format of the result. json, table, sarif. Sarif is needed if the data is pushed to SkyU Security Centerfalse
scanSeverityThe severity of the vulnerabilities that will be considered as a failure. CRITICAL, HIGH, MEDIUM, LOWtrue
dockerFilePathThe path to the Dockerfile. This is needed to build the image.true
dockerBuildArgsThe build arguments for the Dockerfile. This is needed to build the image.true
dockerBuildContextThe context for the Dockerfile. This is needed to build the image.true

ECR Push

ECR Push is a step that pushes the container image to the Amazon Elastic Container Registry (ECR). You can use ECR Push to push your container images to ECR and make them available for deployment.

FieldDescription
imageNameThe name of the image that will be pushed to ECR.
dockerFilePathThe path to the Dockerfile. This is needed to build the image.
dockerBuildArgsThe build arguments for the Dockerfile. This is needed to build the image.
ecrCredentialIdThe ID of the ECR credential that will be used to push the image.
imgRepositoryNameThe name of the ECR repository where the image will be pushed.
dockerBuildContextThe context for the Dockerfile. This is needed to build the image.

Trigger Helm Pipelines

Trigger Helm Pipelines is a step that triggers the Helm pipelines for the application. You can use Trigger Helm Pipelines to trigger the Helm pipelines for the application and deploy the application to the target environment.

FieldDescriptionExample
helmAppIdThe ID of the target Helm application that will be deployed.helmAppId
Rule Env Vars.Rule KeyOverride key of the values.yamlglobalImages.tag
Rule Env Vars.Rule ValueOverride value of the values.yaml This would probably be your commitID$COMMIT_ID

In Helm Trigger pipelines, you can override the values.yaml file with the values that you want to use for the deployment. You can define the key and value that you want to override in the Rule Env Vars section. You can use any environment variable that is available in the pipeline configuration. Simply put ${env.VARIABLE_NAME} in the value field.

Build and Sync Webapp

Build and Sync Webapp is a step that builds the web application and syncs it to the target environment. You can use Build and Sync Webapp to build the web application and sync it to the target environment.

S3 Sync Webapp

S3 Sync Webapp is a step that builds and syncs the web application to an S3 bucket. You can use S3 Sync Webapp to sync the web application to an S3 bucket and make it available for use.

FieldDescription
regionThe region of the S3 bucket.
depManagerThe dependency manager for the web application. npm, yarn
buildFolderThe folder where the web application is built. typically build or dist
buildCommandThe command to build the web application.
s3BucketNameThe name of the S3 bucket where the web application will be synced.
buildLibsFolderThe folder where the libraries are built. default is node_modules
buildEnvironment***
cloudCredentialIdThe ID of the cloud credential that will be used to sync the web application.
depManagerVersionThe version of the dependency manager. latest, specific version
installDepsCommandThe command to install the dependencies. eg. npm install
depManagerPreCommandThe command to run before the dependency manager command. eg. npm i -g yarn
buildEnvironmentVersion***
cloudfrontDistributionIdThe ID of the cloudfront distribution where the web application will be synced.

Build SSR App

Build SSR App is a step that builds the Server-Side Rendered (SSR) application. You can use Build SSR App to build the SSR application and make it available for use. Next.js is a popular framework for building SSR applications. In this step SSR applications are built and deployed to AWS Amplify.

FieldDescription
regionThe region of the AWS Amplify deployment.
Environment VariablesThe environment variables that will be used in the deployment.
depManagerThe dependency manager for the SSR application. npm, yarn
buildFolderThe folder where the SSR application is built. build, dist, .next
buildCommandThe command to build the SSR application.
buildLibsFolderThe folder where the libraries are built. default is node_modules
gitCredentialIdThe ID of the git credential that will be used to deploy the SSR app.
buildEnvironment***
cloudCredentialIdThe ID of the cloud credential that will be used to deploy the SSR app.
depManagerVersionThe version of the dependency manager. latest, specific version
installDepsCommandThe command to install the dependencies. eg. npm install
depManagerPreCommandThe command to run before the dependency manager command. eg. npm i -g yarn
buildEnvironmentVersion***

Deploy

The Deploy step is the final step in the pipeline. It is used to deploy the application to the target environment. You can use the Deploy step to deploy the application to the target environment and make it available for use.

Deploy SAM

Deploy SAM is a step that deploys the Serverless Application Model (SAM) to the target environment. You can use Deploy SAM to deploy the SAM to the target environment and make it available for use.

FieldDescription
regionThe region of the SAM deployment.
ymlPathThe path to the SAM template.
samBuildArgsThe build arguments for the SAM deployment.
deployCommandThe command to deploy the SAM. eg: sam deploy
samDeployArgsThe deploy arguments for the SAM deployment. --stack-name, --capabilities etc
additionalStepsAdditional steps that need to be executed before the deployment.
samBuildCommandThe command to build the SAM. eg: sam build
buildEnvironment***
cloudCredentialIdThe ID of the cloud credential that will be used to deploy the SAM.
buildEnvironmentVersion***

Deploy Lambda from Zip

Deploy Lambda from Zip is a step that deploys the Lambda function from a zip file to the target environment. You can use Deploy Lambda from Zip to deploy the Lambda function from a zip file to the target environment and make it available for use.

FieldDescription
regionThe region of the Lambda deployment.
handlerThe handler of the Lambda function.
depManagerThe dependency manager for the Lambda function. npm, yarn
lambdaNameThe name of the Lambda function.
buildFolderThe folder where the Lambda function is built.
buildCommandThe command to build the Lambda function.
lambdaTimeoutThe timeout for the Lambda function.
buildLibsFolderThe folder where the libraries are built. default is node_modules
buildEnvironmentThe runtime environment for the Lambda function. NODE
lambdaMemorySizeThe memory size for the Lambda function.
cloudCredentialIdThe ID of the cloud credential that will be used to deploy the Lambda function.
depManagerVersionThe version of the dependency manager. latest, specific version
installDepsCommandThe command to install the dependencies. eg. npm install
lambdaDescriptionThe description of the Lambda function.
lambdaEnvVariablesThe environment variables for the Lambda function.
depManagerPreCommandThe command to run before the dependency manager command. eg. npm i -g yarn
lambdaEphemeralStorageThe ephemeral storage for the Lambda function.
buildEnvironmentVersionThe version of the build environment. latest, specific version
lambdaFunctionUrlAuthTypeThe authentication type for the Lambda function URL. AWS_IAM, ANONYMOUS , NONE

Frequently Asked Questions

How do I add .npmrc file to a lambda build?

In the Deploy Lambda from Zip step, you sometimes need .npmrc file to authenticate with the npm registry. You can create the .npmrc file in the pipeline using the following command in installDepsCommand field.

if you want to add lines to the .npmrc file, like the following:

//npm.pkg.github.com/:_authToken=********
@skyu-io:registry=https://npm.pkg.github.com

you can use the following command in the installDepsCommand field.

echo "//npm.pkg.github.com/:_authToken=${NPM_AUTH_TOKEN}" > .npmrc && echo "@skyu-io:registry=https://npm.pkg.github.com" >> .npmrc && yarn install

Please note that the NPM_AUTH_TOKEN is an environment variable that you need to set in the pipeline configuration. You can set the environment variable in the Environment Variables section in the pipeline configuration.

I have a private npm package that I want to use in the docker build. How do I authenticate with the npm registry?

In your Dockerfile you need to add the following lines to authenticate with the npm registry.

ARG NPM_AUTH_TOKEN
RUN echo "//npm.pkg.github.com/:_authToken=${NPM_AUTH_TOKEN}" > .npmrc && echo "@skyu-io:registry=https://npm.pkg.github.com" >> .npmrc

You can set the NPM_AUTH_TOKEN as a build argument in the Dockerfile. You can set the build argument in the dockerBuildArgs field in the Build and Push step in the pipeline configuration.