Artifact Registry
Introduction
Artifact Registry enables you to centrally store artifacts and build dependencies as part of an integrated Google Cloud experience. Artifact Registry provides a single location for storing and managing your packages and Docker container images
Computational Sciences Unified Registry
Computational Sciences has a single unified artifact registry available for you use. The Artifact
Registry is hosted in GCP at jax-cs-registry.
What about Jfrog Artifactory?
We're working hard on the requisition process to purchase a Jfrog Artifactory subscription. We
will provide information on this resource once it becomes available. We anticipate that we will
be able to mirror the artifacts in jax-cs-registry GCP Artifact registry into Jfrog
Artifactory once available.
If the GCP Artifact registry does not meet you needs, please reach out to the #devops Slack
channel, or add a ticket to the DevOps Backlog
to prioritize a broader conversation about your needs.
Supported Artifacts
- Docker / OCI
- Name:
docker
- Name:
- Python / PyPI
- Name:
python
- Name:
- NPM
- Name:
npm
- Name:
- Java Maven
- Name:
maven
- Name:
Production, Testing and Development Registries
Each registry has a prod, dev, and test instance. The name of the production instance is
listed above, and the dev and test instances are appended with -dev and -test
respectively.
Access
The production and testing instances should only be written to by CI/CD automated
processes. There is a service account available in Bitbucket cloud that has permissions
to do this. All @jax.org users should have read access to production and testing
artifact registries.
All @jax.org users should have read and write access to all development
registries. These registers end with -dev.
Access for Service Accounts
If you need to allow services within a GCP project to read from the artifact registry, you will need to add the associated service account to the permissions for the repository or repositories you want to grant access to. You may need to do this if you are deploying an application to GKE, Cloud Run or performing an automated build that uses a package or artifact from the registry. In general, processes that you set up that require access to the registry will need to be granted access to the registry.
To set up access for a service account, you will need to know the service account's email address. You can find this in the IAM section of the GCP console. Once you have the email address, an admin can add it to the permissions for the repository or repositories you want to grant access to.
Jax CS Registry Admins
Adding a Service Account to a Repository (for admins)
Ad admin can provide a service account read access by going to the artifact registry page in the jax-cs-registry GCP
project, selecting on the repository you want to grant access to, and clicking the "Show Info Panel" button on the top
right. This will open a panel on the right side of the screen. Click the "Permissions" tab and then click the "Add
Principal" button. Enter the service account's email address and select the role you want to grant to the service
account, in general this should only be the "Artifact Registry Reader" role.
Google Cloud Access
You will need access to Jax's Google Cloud. If you don't already have access, contact the RIT Service Desk.