Pipeline Steps
SkyU Pipelines have a few default steps that are executed in the pipeline. You can configure the build variables for those steps in this section.
Code Scan
Code scanning is a feature that scans your code for security vulnerabilities, bugs, and other issues. You can use code scanning to identify and fix security vulnerabilities and other issues in your code before they become a problem.
By default, SkyU uses Semgrep for code scanning. Semgrep is a lightweight static analysis tool that can scan your code for security vulnerabilities, bugs, and other issues. You can configure Semgrep to scan your code for specific issues and provide detailed reports.
Field | Description |
---|---|
Code Scan Configs.path | The path where your source code is available. This is usually the src folder |
Build and Push
Trivy Scan
Trivy is a simple and comprehensive vulnerability scanner for containers. It can scan container images for vulnerabilities and provide a detailed report. You can use Trivy to scan your container images for vulnerabilities and take necessary actions to fix them.
Image build also happens in the Trivy scan step. The image is built and scanned for vulnerabilities.
Field | Description | Editable |
---|---|---|
exitCode | The exit code of the trivy scan. If the exit code is not 0, the pipeline will fail. | false |
imageName | The name of the image that is built and scanned. | true |
resultFormat | The format of the result. json , table , sarif . Sarif is needed if the data is pushed to SkyU Security Center | false |
scanSeverity | The severity of the vulnerabilities that will be considered as a failure. CRITICAL , HIGH , MEDIUM , LOW | true |
dockerFilePath | The path to the Dockerfile. This is needed to build the image. | true |
dockerBuildArgs | The build arguments for the Dockerfile. This is needed to build the image. | true |
dockerBuildContext | The context for the Dockerfile. This is needed to build the image. | true |
ECR Push
ECR Push is a step that pushes the container image to the Amazon Elastic Container Registry (ECR). You can use ECR Push to push your container images to ECR and make them available for deployment.
Field | Description |
---|---|
imageName | The name of the image that will be pushed to ECR. |
dockerFilePath | The path to the Dockerfile. This is needed to build the image. |
dockerBuildArgs | The build arguments for the Dockerfile. This is needed to build the image. |
ecrCredentialId | The ID of the ECR credential that will be used to push the image. |
imgRepositoryName | The name of the ECR repository where the image will be pushed. |
dockerBuildContext | The context for the Dockerfile. This is needed to build the image. |
Trigger Helm Pipelines
Trigger Helm Pipelines is a step that triggers the Helm pipelines for the application. You can use Trigger Helm Pipelines to trigger the Helm pipelines for the application and deploy the application to the target environment.
Field | Description | Example |
---|---|---|
helmAppId | The ID of the target Helm application that will be deployed. | helmAppId |
Rule Env Vars.Rule Key | Override key of the values.yaml | globalImages.tag |
Rule Env Vars.Rule Value | Override value of the values.yaml This would probably be your commitID | $COMMIT_ID |
In Helm Trigger pipelines, you can override the values.yaml file with the values that you want to use for the deployment. You can define the key and value that you want to override in the Rule Env Vars section. You can use any environment variable that is available in the pipeline configuration. Simply put ${env.VARIABLE_NAME}
in the value field.
Build and Sync Webapp
Build and Sync Webapp is a step that builds the web application and syncs it to the target environment. You can use Build and Sync Webapp to build the web application and sync it to the target environment.
S3 Sync Webapp
S3 Sync Webapp is a step that builds and syncs the web application to an S3 bucket. You can use S3 Sync Webapp to sync the web application to an S3 bucket and make it available for use.
Field | Description |
---|---|
region | The region of the S3 bucket. |
depManager | The dependency manager for the web application. npm , yarn |
buildFolder | The folder where the web application is built. typically build or dist |
buildCommand | The command to build the web application. |
s3BucketName | The name of the S3 bucket where the web application will be synced. |
buildLibsFolder | The folder where the libraries are built. default is node_modules |
buildEnvironment*** | |
cloudCredentialId | The ID of the cloud credential that will be used to sync the web application. |
depManagerVersion | The version of the dependency manager. latest , specific version |
installDepsCommand | The command to install the dependencies. eg. npm install |
depManagerPreCommand | The command to run before the dependency manager command. eg. npm i -g yarn |
buildEnvironmentVersion*** | |
cloudfrontDistributionId | The ID of the cloudfront distribution where the web application will be synced. |
Build SSR App
Build SSR App is a step that builds the Server-Side Rendered (SSR) application. You can use Build SSR App to build the SSR application and make it available for use. Next.js is a popular framework for building SSR applications. In this step SSR applications are built and deployed to AWS Amplify.
Field | Description |
---|---|
region | The region of the AWS Amplify deployment. |
Environment Variables | The environment variables that will be used in the deployment. |
depManager | The dependency manager for the SSR application. npm , yarn |
buildFolder | The folder where the SSR application is built. build , dist , .next |
buildCommand | The command to build the SSR application. |
buildLibsFolder | The folder where the libraries are built. default is node_modules |
gitCredentialId | The ID of the git credential that will be used to deploy the SSR app. |
buildEnvironment*** | |
cloudCredentialId | The ID of the cloud credential that will be used to deploy the SSR app. |
depManagerVersion | The version of the dependency manager. latest , specific version |
installDepsCommand | The command to install the dependencies. eg. npm install |
depManagerPreCommand | The command to run before the dependency manager command. eg. npm i -g yarn |
buildEnvironmentVersion*** |
Deploy
The Deploy step is the final step in the pipeline. It is used to deploy the application to the target environment. You can use the Deploy step to deploy the application to the target environment and make it available for use.
Deploy SAM
Deploy SAM is a step that deploys the Serverless Application Model (SAM) to the target environment. You can use Deploy SAM to deploy the SAM to the target environment and make it available for use.
Field | Description |
---|---|
region | The region of the SAM deployment. |
ymlPath | The path to the SAM template. |
samBuildArgs | The build arguments for the SAM deployment. |
deployCommand | The command to deploy the SAM. eg: sam deploy |
samDeployArgs | The deploy arguments for the SAM deployment. --stack-name , --capabilities etc |
additionalSteps | Additional steps that need to be executed before the deployment. |
samBuildCommand | The command to build the SAM. eg: sam build |
buildEnvironment*** | |
cloudCredentialId | The ID of the cloud credential that will be used to deploy the SAM. |
buildEnvironmentVersion*** |
Deploy Lambda from Zip
Deploy Lambda from Zip is a step that deploys the Lambda function from a zip file to the target environment. You can use Deploy Lambda from Zip to deploy the Lambda function from a zip file to the target environment and make it available for use.
Field | Description |
---|---|
region | The region of the Lambda deployment. |
handler | The handler of the Lambda function. |
depManager | The dependency manager for the Lambda function. npm , yarn |
lambdaName | The name of the Lambda function. |
buildFolder | The folder where the Lambda function is built. |
buildCommand | The command to build the Lambda function. |
lambdaTimeout | The timeout for the Lambda function. |
buildLibsFolder | The folder where the libraries are built. default is node_modules |
buildEnvironment | The runtime environment for the Lambda function. NODE |
lambdaMemorySize | The memory size for the Lambda function. |
cloudCredentialId | The ID of the cloud credential that will be used to deploy the Lambda function. |
depManagerVersion | The version of the dependency manager. latest , specific version |
installDepsCommand | The command to install the dependencies. eg. npm install |
lambdaDescription | The description of the Lambda function. |
lambdaEnvVariables | The environment variables for the Lambda function. |
depManagerPreCommand | The command to run before the dependency manager command. eg. npm i -g yarn |
lambdaEphemeralStorage | The ephemeral storage for the Lambda function. |
buildEnvironmentVersion | The version of the build environment. latest , specific version |
lambdaFunctionUrlAuthType | The authentication type for the Lambda function URL. AWS_IAM , ANONYMOUS , NONE |
Frequently Asked Questions
How do I add .npmrc file to a lambda build?
In the Deploy Lambda from Zip step, you sometimes need .npmrc file to authenticate with the npm registry. You can create the .npmrc file in the pipeline using the following command in installDepsCommand
field.
if you want to add lines to the .npmrc file, like the following:
//npm.pkg.github.com/:_authToken=********
@skyu-io:registry=https://npm.pkg.github.com
you can use the following command in the installDepsCommand
field.
echo "//npm.pkg.github.com/:_authToken=${NPM_AUTH_TOKEN}" > .npmrc && echo "@skyu-io:registry=https://npm.pkg.github.com" >> .npmrc && yarn install
Please note that the NPM_AUTH_TOKEN
is an environment variable that you need to set in the pipeline configuration. You can set the environment variable in the Environment Variables
section in the pipeline configuration.
I have a private npm package that I want to use in the docker build. How do I authenticate with the npm registry?
In your Dockerfile you need to add the following lines to authenticate with the npm registry.
ARG NPM_AUTH_TOKEN
RUN echo "//npm.pkg.github.com/:_authToken=${NPM_AUTH_TOKEN}" > .npmrc && echo "@skyu-io:registry=https://npm.pkg.github.com" >> .npmrc
You can set the NPM_AUTH_TOKEN
as a build argument in the Dockerfile. You can set the build argument in the dockerBuildArgs
field in the Build and Push
step in the pipeline configuration.