Build API

API to report builds and test results to Ketryx

Ketryx exposes an API to report builds and test results programmatically. There is also a formal OpenAPI specification defining this API. You can also take a look at the implementation of the Ketryx GitHub Action for how this API can be interacted with.

Builds

Report a build to Ketryx

Reports a build to Ketryx, potentially including test results. Additionally, certain checks can be performed, namely whether all software dependencies are accepted and controlled, and/or whether the given version(s) are fully released in Ketryx.

The reported build can be associated with a particular version directly (via version), or with any versions given a particular commit (via commitSha), based on the release ref pattern configured in the Ketryx project.

POSThttps://app.ketryx.com/api/v1/builds

Body

projectstring

Ketryx project ID

versionstring

Ketryx version ID or the full version name. Either this or the commitSha must be set.

commitShastring

Commit SHA associated with this build. Either this or the version must be set. If the given commit is associated with multiple versions in Ketryx (via the release ref pattern configured for the Ketryx project), the status of all those matching versions will be considered.

buildNamestring

Build name. For each unique name, the latest build is part of the set of effective builds for a project. Empty by default.

logstring

Log output to store for this build

sourceUrlstring

Source URL associated with this build. This is used for documentation purposes and to link back to the build from the Ketryx interface.

repositoryUrlsarray of string

This is important to find the relevant commits for a given version, and to trigger updates of the repositories before checking the build status. The URLs should match the repository URLs as configured in the Ketryx project settings.

syncRepositoryUpdateboolean

Whether to update the associated repositories (specified in repositoryUrls) synchronously before returning from this API. This is useful when checking for the status of dependencies (using checkDependenciesStatus), to ensure that Ketryx has up-to-date data from the repository before performing the check.

testsarray of object

artifactsarray of object

Build artifacts associated with the overall build, referencing files uploaded via the /build-artifacts API

checkDependenciesStatusboolean

Whether to perform a check of dependencies in the associated commit(s). If not all dependencies are accepted and in a controlled state

checkReleaseStatusboolean

Whether to perform a check of the overall release of the associated version(s).

Response

Body

ok*boolean

Whether the build was reported successfully and all checks passed

errorstring

Error message in case there was an error reporting the build or running any checks.

buildIdstring

Ketryx ID of the reported build

projectIdstring

Ketryx ID of the relevant project

repositoryIdsarray of string

Ketryx IDs of the associated repositories

versionIdsarray of string

Ketryx IDs of the associated project versions

commitShasarray of string

SHAs of the associated commits

dependenciesAcceptedboolean

Whether all dependencies have been accepted (if checkDependenciesStatus is active)

dependenciesControlledboolean

Whether all dependencies are in a controlled state (if checkDependenciesStatus is active)

Request

const response = await fetch('https://app.ketryx.com/api/v1/builds', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({}),
});
const data = await response.json();

Response

{
  "ok": false,
  "error": "text",
  "buildId": "text",
  "projectId": "text",
  "repositoryIds": [
    "text"
  ],
  "versionIds": [
    "text"
  ],
  "commitShas": [
    "text"
  ],
  "dependenciesAccepted": false,
  "dependenciesControlled": false
}

You should either pass in the version parameter to associate the build with a particular version, or set the commitSha parameter so the build will be associated with any version whose release ref pattern (as configured in the Ketryx project settings) resolves to that commit. The version parameter can be the Ketryx version ID (KXVSN...) or the full version name (e.g. App v1.0.0). Either way, automated tests need to be associated with a particular version (not the Current state), so they will not show up in Ketryx test management unless you create a version.

You can combine the reporting of test results with one or more checks (checkDependenciesStatus, checkReleaseStatus), or make separate requests. Typically, test results will be reported for all release candidate builds, while the final check for checkReleaseStatus would happen in the deployment script to production (before actually triggering the deployment).

Build artifacts

Upload a build artifact file to Ketryx

Uploads a build artifact to Ketryx, which can then be included in a build using the /builds API. The file is encoded in a request of type multipart/form-data.

POSThttps://app.ketryx.com/api/v1/build-artifacts

Body

contentstring (binary)

Response

Body

okboolean

Whether the upload was successful

idstring

Artifact ID, which can be referenced in the /builds API (under artifacts)

Request

const response = await fetch('https://app.ketryx.com/api/v1/build-artifacts', {
    method: 'POST',
    headers: {
      "Content-Type": "multipart/form-data"
    },
    body: JSON.stringify({}),
});
const data = await response.json();

Response

{
  "ok": false,
  "id": "text"
}

Configure required build documents

A particular set of uploaded build artifacts may be detected as required build documents to either block the release of a Ketryx version, or help gathering important build documents for a release in an automated way.

To enable tracking for required build documents on the release / Git commit level, please refer to the relevant Advanced settings section for more details.

Examples

Reporting a Cucumber test result

Upload a Cucumber JSON build artifact to Ketryx:

POST https://app.ketryx.com/api/v1/build-artifacts?project=KXPRJ11T0R3MGR39WCVN0PEKP77HVP0
Content-Type: multipart/form-data
Authorization: Bearer KXTK_...

with an attached file (e.g., cucumber.json) as multipart form data. This returns a JSON response of the following form:

{
  "ok": true,
  "id": "KXUPF..."
}

Using the id from the response, make another request to report a build that produced this build artifact:

POST https://app.ketryx.com/api/v1/builds
Content-Type: application/json
Authorization: Bearer KXTK_...

{
  "project": "KXPRJ11T0R3MGR39WCVN0PEKP77HVP0",
  "version": "1.0",
  "artifacts": [
    {
      "id": "KXUPF...",
      "type": "cucumber-json"
    }
  ]
}

Ketryx will parse the Cucumber JSON file and create corresponding automatic test executions, based on annotations in the test file as described in MAN-06 Test Management.

Reporting individual test results directly

As an alternative to uploading Cucumber JSON or JUnit XML files to Ketryx, you can report individual test results directly, using the tests property:

POST https://app.ketryx.com/api/v1/builds
Content-Type: application/json
Authorization: Bearer KXTK_...

{
  "project": "KXPRJ11T0R3MGR39WCVN0PEKP77HVP0",
  "version": "1.0",
  "tests": [
    {
      "testedItem": "SAMD-45",
      "result": "pass",
      "title": "My automated test",
      "log": "Log output from executing this test"
    }
  ]
}

Each test may optionally reference one or more artifacts as well.

Uploading an SPDX file

Upload an SPDX build artifact to Ketryx:

POST https://app.ketryx.com/api/v1/build-artifacts?project=KXPRJ11T0R3MGR39WCVN0PEKP77HVP0
Content-Type: multipart/form-data
Authorization: Bearer KXTK_...

with an attached file (e.g., spdx.json) as multipart form data. This returns a JSON response of the following form:

{
  "ok": true,
  "id": "KXUPF..."
}

Using the id from the response, make another request to report a build that produced this build artifact:

POST https://app.ketryx.com/api/v1/builds
Content-Type: application/json
Authorization: Bearer KXTK_...

{
  "project": "KXPRJ11T0R3MGR39WCVN0PEKP77HVP0",
  "version": "1.0",
  "artifacts": [
    {
      "id": "KXUPF...",
      "type": "spdx-json"
    }
  ]
}

Ketryx will parse the SPDX JSON file and create corresponding dependencies as defined within these files. It extracts crucial information about software packages, including version, license, and advisory information (introduced in SPDX version 2.3), which pertains to any vulnerabilities associated with the software packages.

Check the approval status of dependencies

To check whether all SOUP dependencies in a particular version of a project are controlled:

POST https://app.ketryx.com/api/v1/builds
Content-Type: application/json
Authorization: Bearer KXTK_...

{
  "project": "KXPRJ11T0R3MGR39WCVN0PEKP77HVP0",
  "version": "1.0",
  "checkDependenciesStatus": true
}

This returns a JSON response containing an ok property which will be true if all dependencies are accepted and fully approved, or false otherwise. If ok is false, the error property provides more details about what is missing.

Check the release status of a version

To check whether a version has been released in Ketryx (e.g., to block the deployment of an unreleased version to production):

POST https://app.ketryx.com/api/v1/builds
Content-Type: application/json
Authorization: Bearer KXTK_...

{
  "project": "KXPRJ11T0R3MGR39WCVN0PEKP77HVP0",
  "version": "1.0",
  "checkReleaseStatus": true
}

This returns a JSON response containing an ok property which will be true if the version has been fully released in Ketryx, or false otherwise.

PreviousAuthentication

Last updated 1 month ago