# Working with Build Pipelines **Build** The Build section in ReleaseOwl enables developers to create MTAR artifacts and validate changes thoroughly for early feedback. ### **Build Pipeline (SAP BTP)** #### **Artifact** An artifact is a folder or a zip file containing files needed during the deployment of software to an environment. #### **Build Pipeline** A pipeline is the sequence of activities executed one at a time in the form of a workflow configured in your Continuous Integration and Delivery (CI/CD) platform. A Build Pipeline is used to generate artifacts from the source code. Build Pipelines can be created and run with ReleaseOwl. It fetches the source from the GIT Repository and packages the application as an MTA artifact. #### **MTA (Multitarget Application)** An MTA is logically a single application consisting of multiple related and interdependent parts, called modules. These modules are: * Developed using different technologies. * Designed to run on different target runtime environments. * Managed with a single, consistent lifecycle. {% hint style="info" %} **Note:** For more details on SAP BTP App Development, refer to the following link: [**SAP BTP App Development - Multitarget Application**](https://help.sap.com/docs/BTP/65de2977205c403bbc107264b8eccf4b/d04fc0e2ad894545aebfd7126384307c.html?q=Multitarget%20Application) {% endhint %} ### **MTAR File Generation** The MTA archive builder is a standalone command-line tool that builds a deployment-ready MTAR (`.mtar`) file from the artifacts of an MTA project according to the project’s MTA development descriptor (`mta.yaml` file). ### **Key Points about MTAR File Generation**: 1. The build process and the resulting MTA archive depend on the target platform. 2. The supported platforms currently by ReleaseOwl are: * **SAP BTP** * **SAP HANA Extended Application Services (XSA), Advanced Model Environment** ### **Prerequisites** 1. Create new project of type SAP BTP (MTAR) or SAP HANA XSA (MTAR) 2. Register BTP Credentials and BTP Environment with ReleaseOwl before starting to work with Build Pipelines. ### **Steps to Register Credentials** 1. **Access the Credential Manager** * In the administration view, navigate to the **Credential Manager**. * Click on **Register Credential**.

2. **Fill in the Credential Details** * **Credential Name**: Enter a name of your choice. * **Credential Type**: Choose **SAP Cloud Environment**. * **Authentication Type**: Select either **Basic** or **Authentication**. * **Scope** – Select the scope of the credential: * **Global** – Visible to all users. * **Private** – Visible only to the user who created it. * **Username**: Enter your SAP BTP Username. * **Credentials**: Use your SAP BTP password.

### **Steps to Register an SAP Cloud Environment** 1. **Navigate to SAP Cloud Environment** * Go to **Environments** and click on **SAP Cloud Environment**. * Select **Register SAP Cloud Environment**.

2. **Fill in the Required Details** * **Name**: Enter a reference name of your choice. * **Region**: Select the appropriate region. * **API Endpoint**: Automatically populates based on the selected region. * **Credential Name**: Select the registered credential from the drop-down menu. * **Org**: The organization will auto-populate in the drop-down menu. * **Space**: The space will also auto-populate in the drop-down menu. * **Environment**: Choose the desired environment (e.g., dev, QA, etc.). 3. **Save the Details** * Once all fields are filled, click on the **Save** button.

**Steps to Create a New Project** 1. **Create a New Project** * Go to **Projects** and click on **Create New Project**. * Fill in the required details: * **Name**: Enter a project name of your choice. * **Prefix Type**: Auto-populates from the project prefix. * **Project Type**: Select **SAP BTP Project**. * Click on the **Save** button.

2. **Access Project Settings** * Locate the newly created project. * Click on the three-dot menu (•••) and select **Project Settings**.

**Configure the Environment** 1. **Add Environment to the Project** * In **Project Settings**, go to the **Environments** section. * Click on the **Add** button. * From the drop-down menu, select the environment for the BTP project. * Check the **Source** option.

**Assign Permissions to Users** 1. **Assign User Permissions** * Go to the **Users** section. * Click on the **Lock** button to assign permissions to users.

**Deployment (Optional)** 1. **Enable Deployment** * If deployment is required, select the **Deploy** checkbox.

**Change Management** 1. **Add a User Story** * Go to the **Change Management** section. * Click on **User Story** and fill in the necessary details. * Click on the **Save** button.

#### **Build Pipelines** 1. **Create a Build Pipeline** * Navigate to the **Build Pipelines** section and click on **Create Build Pipeline**. * Enter the **Build Pipeline Name** and assign **Labels** for filtering.

2. **Repository Configuration** * Enter the **Repository URL** (e.g., Bitbucket or other platforms). * Select the **SCM Credentials** from the drop-down menu. * Choose the branch (e.g., QA, Master, or Dev). * Select the type of version control system (e.g., GitHub, GitLab, Bitbucket).

3. **Builder Section** * **Build Type**: Automatically populated. * **Build Tool Version**: Select the required version. * **Max # of Builds to Keep**: Set to 30 to store the latest versions and avoid storage issues in Jenkins.

4. **Scheduler** * Choose from **Manual**, **Schedule**, or **Webhook** options. 5. **Notification Emails** * Enter email addresses to receive notifications.

### **Tool Integrations** **Static Code Analysis** * Enable tools like **SonarQube** for code quality checks. **Malware Scanning** The purpose of a malware scan is to scan business documents for any potential threats. To perform a malware scan, you need to register the necessary credentials and configure it in your build pipeline. ### **Steps to Perform Malware Scanning** **Step 1: Register the Necessary Credentials** 1. **Navigate to the Administration View** * Open the **Administration** section of the application. * Click **Register Credential** to create a new credential entry.

2. **Enter the Required Details** * **Credential Name**: Provide a meaningful name, such as "**Malware Scanner.**" * **Credential Type**: Select **Malware** from the dropdown options.

* **Obtain Credentials**: * Log in to your **SAP BTP Cockpit**. * Navigate to **Services** and open the **Service Marketplace**. * Search for "**Malware**" and click **Create** to create an instance.

* Once created, go to **Instances and Subscriptions** to view the malware scan service. * Click **View Credentials** to copy the URL, username, and password.

3. **Save the Credentials** * Paste the copied details into the **Credential Manager**. * Click **Save** to register the credentials successfully.

**Step 2: Configure the Malware Scan in the Build Pipeline** 1. **Check the Malware Scan Stage** * Ensure the **Malware Scan** option is available in the **Tool Integration** stage. * Check the **Malware** box to enable the scan. * Select the **Registered Credential** from the dropdown menu. * Specify the timeout duration for the malware scan.

* Click **Save** to finalize the configuration.

**Step 3: Execute the Malware Scan** 1. **Run the Build Pipeline** * Click on the **Build Now** button in the **Build Pipeline** to start the process.

2. **View the Malware Scan Results** * Once the pipeline runs, click the arrow button next to the malware scan stage to view the results. * Review the malware scan results, including: * **Status**: Indicates if the scan was successful or failed. * **Timestamp**: Shows when the scan was performed. * **Duration**: Displays how long the scan took to complete.

3. **Review the Malware Report** * Access the **Build Log** section for a detailed malware scan report. * If malware is detected, the log will indicate that the malware status is "**true**."

**CVE Scan for Vulnerabilities** **Overview** CVE scans identify any vulnerable versions of libraries used in your **CAP application** by checking known vulnerabilities. **Steps to Enable CVE Scan** 1. **Enable the SAP CVE Scan Option** * Go to the **Tool Integration** section. * Enable the option for **SAP CVE Scan**. * Click **Save** to apply the changes.

2. **Configure CVE Settings** * In the **Project Settings**, go to the **CVE** section. * Enter the necessary details: * **CVE ID**: Enter the CVE ID (e.g., CVE-2023-50422) associated with the vulnerability. * **Library Name**: Specify the name of the affected library. * **Versions**: Provide the version(s) of the library that are vulnerable. * Click **Save** to ensure the scan is correctly set up.

#### **Running the Build Pipeline** 1. **Save and Run the Build Pipeline** * Click on the **Save** button to create the build pipeline. * Click on the **Build** button to run the pipeline.

2. **Action Button** **Edit :** Use **Edit** to modify the existing build pipeline configuration. This option allows you to update details such as the repository, branch, build type, schedules, or any pipeline-related settings. Changes made here affect the same pipeline. **Commits :** The **Commits** option lets you view the list of code commits associated with this build pipeline. **Save as:** Use **Save As** to create a copy of the existing build pipeline. **Archive :** The **Archive** option is used to deactivate the build pipeline. Archived pipelines are not deleted but are removed from active use.

3. **View the Results** * Once the pipeline runs, click the arrow button next to it to view the results.

1. **Pipeline Status** * The results display the status of various stages such as **Build** and **Prepare**. * Key details include: * **Status**: Indicates whether the result was successful or failed. * **Timestamp**: Shows the date and time the stage was performed. * **Duration**: Displays the time taken to complete the stage.

{% hint style="info" %} **Note:** You can now access build log information even after the logs have expired. This allows you to review past build activities for better tracking and understanding of your deployment history. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://releaseowl.gitbook.io/releaseowl-docs/releaseowl-user-guide/sap-btp/working-with-build-pipelines.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.