Anybody using Artifactory?

We are moving to Artifactory soon (we don’t allow our servers internet access so they can’t get to myget.org) and I’m interested in hearing others’ experience with it.

The good, the bad, and the ugly

I assume we can set up Artifactory to pull everything from myget.org on a periodic basis, then point Orchestrator at Artifactory. Is this accurate?

Not yet, but I have plans to move our published packages to Artifactory in the future. We have Artifactory within our company already, but my group doesn’t directly manage it, so I’m going to see if I can get administration rights to a non-prod instance so I can direct how we need the Repos configured in the production Artifactory.

I have a couple goals

• Looking at using Virtual Repositories to manage which of our published packages are available to each Orchestrator environment (Production, Staging, Preproduction, Dev/Build) based on published package version Beta, RCs, Final, etc.
• Will probably have the packages published directly from Studio to start, and in time will move the build processes to an integration pipeline when committed and tests pass, etc.
• Mirror approved public repositories to increase our security posture and lower the management overhead of maintaining Library packages at the host or tenant level.

In past years, I’ve used Artifactory to mirror public repositories for Java environments using Maven. As a end user it was seamless other than initial configuration of Maven to indicate where the mirror repo was located. Also great for those systems that are restricted from the public space.

The one thing that is not clear to me is when you point Orchestrator to an external repository, is it a 2-way publishing. In that, if a user publishes to Orchestator does it push the package to the external repository, or if you publish directly to the external repository does Orchestrator pick up on the new packages and populates the meta data?

I have a few projects a head of this one to tackle first, but when I dig into it more I’ll keep you posted!

I’m not traditionally a comp sci guy, but I’m trying to understand the use and benefit of artifactory. Read some articles but I’m trying to picture how it’d be helpful for an RPA COE. Currently we use Github to store and maintain our source code with separate branches for dev and prod.

I see that you could use artifactory as an additional feed to replace other uipath feeds, but shouldn’t be the official feed be enough and the tenant/host feeds good for your own platform for any custom libraries/packages created?

My integration pipeline covers pushing commits to git and publish/deploying them to Orchestrator. Considering also saving them to artifactory but I’m not really understanding the benefits as well.

We are in a highly regulated industry and getting the official feed whitelisted was a challenge. For a long time, we couldn’t access it and needed to manually add every package to Orchestrator. We need the control that a solution like Artifactory provides. This isn’t about the packages we write. It’s about dependency packages because they’re written by others.

I see. so do you create a nuget repo in artifactory for all the allowed dependency packages from Orchestrator? If so, what’s your process to go through every single dependency in Official feed?

I don’t know the process, we haven’t migrated to it yet.