home / skills / pluginagentmarketplace / custom-plugin-devops / artifact-management

artifact-management skill

safe

This skill helps you manage artifacts across registries and repositories, applying versioning, cleanup, and retention policies for reliable CI/CD.

npx playbooks add skill pluginagentmarketplace/custom-plugin-devops --skill artifact-management

Review the files below or copy the command above to add this skill to your agents.

Files (8)

SKILL.md

847 B

---
name: artifact-management
description: Artifact repositories with Nexus, Artifactory, and container registries for build artifact storage
sasmp_version: "1.3.0"
bonded_agent: 05-cicd-automation
bond_type: SECONDARY_BOND
---

# Artifact Management Skill

## MANDATORY
- Container registries (Docker Hub, ECR, GCR, ACR)
- Nexus Repository Manager basics
- JFrog Artifactory fundamentals
- Artifact versioning strategies
- Cleanup and retention policies

## OPTIONAL
- Private PyPI/npm registries
- Maven/Gradle repository management
- Helm chart repositories
- SBOM generation and storage
- Artifact promotion workflows

## ADVANCED
- Multi-site replication
- High availability setup
- Integration with CI/CD
- Vulnerability integration
- Artifact signing and verification

## Assets
- See `assets/artifact-config.yaml` for repository templates

Overview

This skill provides practical guidance and automation patterns for managing build artifacts across container registries (Docker Hub, ECR, GCR, ACR), Nexus Repository Manager, and JFrog Artifactory. It focuses on reliable storage, versioning, retention, and promotion of artifacts to support CI/CD pipelines. The skill is oriented to DevOps teams building reproducible release flows and secure artifact lifecycles.

How this skill works

The skill inspects common repository types and recommends configuration templates for hosting containers, Maven/Gradle packages, npm/PyPI packages, and Helm charts. It codifies artifact versioning strategies, retention and cleanup policies, and promotion workflows while optionally integrating SBOM, signing, and vulnerability scanning. Templates and examples are provided to plug into CI/CD pipelines and automation scripts.

When to use it

You need consistent artifact storage for builds across teams and environments.
You are standardizing versioning and promotion policies for releases.
You must enforce retention and cleanup to manage storage costs.
You want to integrate artifact checks (vulnerability, SBOM, signing) into CI/CD.
You are building a multi-site or highly available artifact platform.

Best practices

Use immutable versioning (semantic or build-hash) and avoid mutable tags for release artifacts.
Apply lifecycle policies: short retention for snapshots, longer for releases, and automatic cleanup of unreferenced artifacts.
Isolate public and private registries; enforce access controls and least privilege.
Automate promotion from staging to release repositories instead of re-tagging or republishing.
Integrate vulnerability scanning and artifact signing into the pipeline before promotion.

Example use cases

Set up ECR/GCR/ACR for container images and configure retention to remove images older than X days except tagged releases.
Configure Nexus or Artifactory with separate repositories for snapshots, releases, and third-party proxies.
Implement a promotion workflow that moves artifacts from a staging repo to a release repo after passing tests and scans.
Host a private PyPI or npm registry and mirror external dependencies to improve build stability.
Deploy multi-site replication for global teams and configure basic HA for the artifact platform.

FAQ

Can I use the same policies for containers and language packages?

Use the same high-level lifecycle concepts but tailor retention and promotion rules: container registries often need different immutability and pruning settings than package repositories.

Is artifact signing supported?

Yes. The skill recommends signing and verification as part of the CI/CD pipeline and provides patterns to store keys and validate signatures before promotion.