What's new on Cloudsmith

Cloudsmith is your friendly neighbourhood Package Management SaaS; for secure delivery of the world's software. For DevOps-y people.

New
November 11, 2024

Simplify your pipelines with Cloudsmith’s Azure DevOps extension 🚀

Integrating Cloudsmith with Azure DevOps pipelines just got easier with the release of Cloudsmith’s command-line interface (CLI) extension for Azure DevOps. With this extension, there’s no need to manually install or configure the Cloudsmith CLI. Our task automates everything, ensuring the Cloudsmith CLI is ready to go on Linux and Windows runners.

With this extension, you can:

  • Automate CLI setup: Install the Cloudsmith CLI—on both Linux and Windows agents—directly from your Azure DevOps pipeline. Specify a version or let the extension install the latest one for you.

  • Specify the authentication option that works for you 🔐: Authenticate with API keys, or use OIDC for ephemeral, token-based authentication.

  • Streamline artifact management 📦: Our extension pushes artifacts from your build pipelines to Cloudsmith repositories without manual setup.

How to use the Cloudsmith Azure DevOps extension

Step 1: Install and Authenticate the Cloudsmith CLI

Add the following step to your Azure DevOps YAML pipeline to install the Cloudsmith CLI and authenticate:

This step will automatically download and configure the Cloudsmith CLI on both Windows and Linux agents—no manual setup required.

steps:
- task: CloudsmithCliInstallAndAuthenticate@1

  inputs:

    authMethod: 'oidc'  # Choose 'oidc' or 'apiKey'

    apiKey: '$(CLOUDSMITH_API_KEY)'  # Required if using API key authentication

    clientId: '$(YOUR_CLIENT_ID)'  # Required for OIDC

    clientSecret: '$(YOUR_CLIENT_SECRET)'  # Required for OIDC

    appIdUri: '$(YOUR_APP_ID_URI)'  # Required for OIDC

    tenantId: '$(YOUR_TENANT_ID)'  # Required for OIDC
    oidcNamespace: '$(your-namespace)'  # Required for OIDC

    oidcServiceSlug: '$(your-service-slug)'  #  Required for OIDC

    cliVersion: '1.3.1'  #  optional

Step 2: Push artifacts to Cloudsmith repositories

After the CLI is installed and authenticated, you can upload your build artifacts directly to Cloudsmith:

- script: |
    cloudsmith whoami  # Verify authentication
    cloudsmith push raw $(CLOUDSMITH_ORG)/$(CLOUDSMITH_REPO) my-package.zip
  displayName: 'Upload Artifact to Cloudsmith'

This ensures that your artifacts are securely stored and versioned within Cloudsmith repositories for easy access and deployment.

Secure your CI/CD pipeline with a few best practices:

  • Use OIDC authentication: OIDC authentication lets you avoid using long-lived API keys.
  • Store secrets securely: Use Azure DevOps Secrets to store API keys and tokens, keeping your pipelines secure.
  • Pin CLI version: For production pipelines, specify a CLI version to maintain stability across builds.

Check out the Cloudsmith Azure DevOps documentation for more information and start automating your pipelines today. 🎈

Create your own newsfeed