Being I a very experienced professional in automation area, with many years of knowledge in a vast majority of marketing leader CI/CD Tools, like Gitlab-CI (ok, Gitlab-CI, mostly), I've recently got challenged to build some pipelines using this fantastic Atlassian tool: Bamboo.
Why? Because that's what the company uses and pays for, and it's the one I'm allowed to use.
Below I'll present a few things that I've discovered regarding this schizophrenic wonderful tool.
GUI Editor
If you are a experienced DevOps, there's probably a feature you like a lot and miss in all those simple, lightweight, cool CLI tools. That's it: a Graphical User Interface. Well, fear no more. Atlassian has put a lot of effort into building a very fast, practical and beautiful way to graphically edit your pipelines directly on Bamboo web interface. This way you can configure your pipeline just by click-click-click, drag, and always be unsure if the outcome will be as expected.
The only good thing on that is: you can export your pipeline to YAML (or Java) after it's done.
Encrypted Secrets
If you are creating your pipeline directly in the UI, you can just paste sensitive data in the Variables menu rows, and if Bamboo thinks the data is sensitive, based in the name of the variable (it MUST contain "password", "passphrase", "secret" or "sshkey" in the name) it will automatically convert the value to a encrypted secret for you.
Now, if you are coding your pipeline (YAML, Java), what would be better than using the same variables menu and just inject the values in the runtime? Exactly: Put encoded values in your YAML.
Bamboo has a very unique system for secrets encryption, where you insert your original value and it will be converted to some hashed value that looks like a standard text concatenated to some base64. Don't fool yourself, the value is encrypted with a key unique to your server, and won't work in any other instance of Bamboo.
Ok, now I can get this value and use anywhere I want on my YAML, right?
Yeah, kinda. But you MUST follow the same rules applied to the UI. That means, if you define your variable like this, it will never be decrypted/usable.
Now, if you just include secret in the name of the variable, you can see the magic happen in your pipeline.
Fantastic, isn't it?
Cache
Not much to write about this topic. If yo are building a CI pipeline, you want it to be as fast as it can. How can you save a lot of time from downloading dependencies everytime you run a build? Cache.
So, what about cache in Bamboo? It DOES-NOT-EXIST. Simply like that, nothing else to say.
Permission granularity
This may be a good feature, depending on the way you look. But listen:
- You have a project inside Bamboo. You gotta include users (or groups) and grant them permissions there.
- Then you have repositories, which are linked to your Git. And you gotta set permission to who can see the repositories you included in your project. And you have to also specify which users and groups can see each of the repositories you have included, despite having previously set permissions at project level.
- Now you get your project, and your repository, and you want to configure a plan. Guess what? Exactly. You have to set the same permissions again. Why? Well, somebody thought it was a good idea.
Top comments (1)
looks like bitnami/sealed-secrets rofl