artifact-management_skill

This skill helps you manage artifacts across registries and repositories, applying versioning, cleanup, and retention policies for reliable CI/CD.
  • Shell

2

GitHub Stars

1

Bundled Files

3 weeks ago

Catalog Refreshed

2 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstart where the catalogue uses aiagentskills.

npx veilstart add skill pluginagentmarketplace/custom-plugin-devops --skill artifact-management

  • SKILL.md847 B

Overview

This skill provides practical guidance and automation patterns for managing build artifacts across container registries (Docker Hub, ECR, GCR, ACR), Nexus Repository Manager, and JFrog Artifactory. It focuses on reliable storage, versioning, retention, and promotion of artifacts to support CI/CD pipelines. The skill is oriented to DevOps teams building reproducible release flows and secure artifact lifecycles.

How this skill works

The skill inspects common repository types and recommends configuration templates for hosting containers, Maven/Gradle packages, npm/PyPI packages, and Helm charts. It codifies artifact versioning strategies, retention and cleanup policies, and promotion workflows while optionally integrating SBOM, signing, and vulnerability scanning. Templates and examples are provided to plug into CI/CD pipelines and automation scripts.

When to use it

  • You need consistent artifact storage for builds across teams and environments.
  • You are standardizing versioning and promotion policies for releases.
  • You must enforce retention and cleanup to manage storage costs.
  • You want to integrate artifact checks (vulnerability, SBOM, signing) into CI/CD.
  • You are building a multi-site or highly available artifact platform.

Best practices

  • Use immutable versioning (semantic or build-hash) and avoid mutable tags for release artifacts.
  • Apply lifecycle policies: short retention for snapshots, longer for releases, and automatic cleanup of unreferenced artifacts.
  • Isolate public and private registries; enforce access controls and least privilege.
  • Automate promotion from staging to release repositories instead of re-tagging or republishing.
  • Integrate vulnerability scanning and artifact signing into the pipeline before promotion.

Example use cases

  • Set up ECR/GCR/ACR for container images and configure retention to remove images older than X days except tagged releases.
  • Configure Nexus or Artifactory with separate repositories for snapshots, releases, and third-party proxies.
  • Implement a promotion workflow that moves artifacts from a staging repo to a release repo after passing tests and scans.
  • Host a private PyPI or npm registry and mirror external dependencies to improve build stability.
  • Deploy multi-site replication for global teams and configure basic HA for the artifact platform.

FAQ

Use the same high-level lifecycle concepts but tailor retention and promotion rules: container registries often need different immutability and pruning settings than package repositories.

Is artifact signing supported?

Yes. The skill recommends signing and verification as part of the CI/CD pipeline and provides patterns to store keys and validate signatures before promotion.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational