Skip to content
Concourse resource to interact with Pivotal Network
Branch: master
Clone or download
pnikonowicz update go-pivnet
Latest commit 0672c69 Mar 11, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
acceptance clean up test suite before tests run Mar 11, 2019
bin Remove bucket and region from pivnet-resource Oct 19, 2018
check Return an error if no release could be found. Jun 25, 2018
cmd Make polling for product file async transfers configurable Mar 5, 2019
concourse Make polling for product file async transfers configurable Mar 5, 2019
downloader Accommodate to changes in the new go-pivnet library Mar 5, 2019
gp Accommodate to changes in the new go-pivnet library Mar 5, 2019
in Added slugs to in_command metadata for product dependencies, + tests Aug 28, 2018
metadata remove old file groups documentation Mar 4, 2019
out Make polling for product file async transfers configurable Mar 5, 2019
scripts added go modules Oct 18, 2018
semver Use logger.Logger interface everywhere that remains. [#133075159] Nov 5, 2016
uploader Use the s3_filepath_prefix returned from /api/v2/product/:slug instead Oct 5, 2018
NOTICE Update README and PR template to use new names. Sep 7, 2016
go.mod update go-pivnet Mar 11, 2019
go.sum update go-pivnet Mar 11, 2019

Pivnet Resource

Interact with Pivotal Network from concourse.


The recommended method to use this resource is with resource_types in the pipeline config as follows:

- name: pivnet
  type: docker-image
    repository: pivotalcf/pivnet-resource
    tag: latest-final

Using tag: latest-final will automatically pull the latest final release, which can be found on the releases page.

To avoid automatically upgrading, use a fixed tag instead e.g. tag: v0.6.3

Releases are semantically versioned; these correspond to the git tags in this repository.

Source Configuration

- name: p-mysql
  type: pivnet
    api_token: {{api-token}}
    product_slug: p-mysql
  • api_token: Required. Token from your Pivotal Network profile. Accepts either your Legacy API Token or UAA Refresh Token.

  • product_slug: Required. Name of product on Pivotal Network.

  • release_type: Optional. Lock to a specific release type.

  • copy_metadata: Optional. Set to true to copy metadata from the latest All Users release within the minor. Defaults to false. The following metadata is copied:

    • Release Notes URL
    • End of General Support
    • End of Technical Guidance
    • End of Availability
    • EULA
    • License Exception
    • ECCN
    • Controlled
    • Dependency Specifiers
    • Upgrade Path Specifiers
  • endpoint: Optional. Endpoint of Pivotal Network.

    Defaults to

  • product_version: Optional. Regex to match product version e.g. 1\.2\..*.

    Empty values match all product versions.

  • sort_by: Optional. Mechanism for sorting releases.

    Defaults to none which returns them in the order they come back from Pivotal Network.

    Other permissible values for sort_by include:

    • semver - this will order the releases by semantic version, returning the release with the highest-valued version.

Example Pipeline Configuration

See example pipeline configurations.


check: Check for new product versions on Pivotal Network.

Discovers all versions of the provided product. Returned versions are optionally filtered and ordered by the source configuration.

in: Download the product from Pivotal Network.

Downloads the provided product from Pivotal Network. You will be required to accept a EULA for any product you're downloading for the first time.

The metadata for the product is written to both metadata.json and metadata.yaml in the working directory (typically /tmp/build/get). Use this to programmatically determine metadata of the release.

See metadata for more details on the structure of the metadata file.


  • globs: Optional. Array of globs matching files to download.

    If multiple files are matched, they are all downloaded.

    • The globs match on the actual file names, not the display names in Pivotal Network. This is to provide a more consistent experience between uploading and downloading files.
    • If the globs fail to match any files the release download fails with error.
    • If one or more globs fails to match any files, only the matched files will be downloaded.
    • If globs is not provided (or is nil), all files will be downloaded.
    • Setting globs to the empty array (i.e. globs: []) will not attempt to download any files.
    • Files are downloaded to the working directory (e.g. /tmp/build/get) and the file names will be the same as they are on Pivotal Network - e.g. a file with name some-file.txt will be downloaded to /tmp/build/get/some-file.txt.
  • unpack: Optional. Whether to unpack the downloaded file.
    This can be used to use a root filesystem that is packaged as a archive file on as the image to run a given concourse task

    Example of how to unpack with get and pass as image to task definition

    - name: image
      type: pivnet
        api_token: {{pivnet_token}}
        product_slug: {{image-slug}}
        product_version: 0\.0\..*
    - name: sample
      serial: true
      - get: tasks
      - get: image
        resource: pcf-automation
          globs: ["image-*.tar"]
          unpack: true
      - task: say hello
        image: image
        file: tasks/say-hello.yml

out: Upload a product to Pivotal Network.

Creates a new release on Pivotal Network with the provided version and metadata.

It can also upload one or more files to Pivotal Network bucket and calculate the MD5 checksum locally for each file in order to add MD5 checksum to the file metadata in Pivotal Network.

Existing product files with the same AWS key will no longer be deleted and recreated.

If you want to associate an existing product file with a new release, you can do so by specifying the existing AWS key when creating the release. This will no longer break past release associations.

If the AWS key matches an existing file, but the SHA does not match, you will now receive an error and need to rename the file.

Existing releases with the same version will not be deleted and recreated by default, and will instead result in an error.

See metadata for more details on the structure of the metadata file.


  • file_glob: Optional. Glob for matching files to upload.

    If multiple files are matched by the glob, they are all uploaded. If no files are matched, release creation fails with an error.

  • metadata_file: Required. File containing metadata for releases and product files.

    See metadata for more details on the structure of the metadata file.

  • skip_product_file_polling: Optional. Boolean. Skip product file validation checks after upload. Pivotal Network still validates the files asynchronously but waiting for the results will not happen as part of the put: process. Note: All associated product files in a release must still clear validation before the release can be promoted from Admins Only visibility.

  • override: Optional. Boolean. Forces re-upload of releases of releases and versions that are already present on the Pivotal Network.

Some Common Gotchas

Using Glob Patterns Instead of Regex Patterns

We commonly see product_version patterns that look something like these:

product_version: Go*          # Go Buildpack
product_version: 1\.12\.*       # ERT

These superficially resemble Globs, not Regexes. They will generally work, but not because they are a glob. They work because the regex will also match.

For example, the first pattern, Go* will match "Go Buildpack 1.1.1". But it would also match "Goooooooo" or "Go Tell It On A Mountain". The second pattern, 1\.12\.*, will match "1.12.0". But it will also match "1.12........." and "1.12.notanumber"

Instead, try patterns like:

product_version: Go.*\d+\.\d+\.\d+  # Go Buildpack
product_version: 1\.12\.\d+         # ERT

Note that the regex syntax is Go's, which is slightly limited compared to PCRE and other popular syntaxes.

Using check-resource for sorted but non-sequential releases (eg. Buildpacks, Stemcells)

When doing a check, pivnet-resource defaults to using the server-provided order. This works fine for simple cases where the response from the server is already in semver order. For example, imagine this order from a product:


This list is in descending semver order. All the 1.12 patch releases are together, followed by all the 1.11 patch releases and so on.

Some products do not group into major or major.minor groups in their responses. This is usually because a product has multiple concurrent version releases. For example, Stemcells typically have multiple major versions available. When a CVE is announced affected them, multiple releases occur at once, giving a order like:


In this example, the Stemcell versions 9999 and 7777 are sorted but not sequential.

To fix, use sort_by: semver in your resource definition.

Note: Buildpack "versions" are actually a name and a version combined. You'll need to escape spaces in your check-resource command for it to work properly. Eg:

fly -t pivnet check-resource \
  --resource pivnet-resource-bug-152616708/binary-buildpack \
  --from product_version:Binary\ 1.0.11#2017-03-23T13:57:51.214Z

In this example we escaped the space between "Binary" and "1.0.11".

Integration Environment

The Pivotal Network team maintain an integration environment at

This environment is useful for teams to develop against, as changes to products in this account are separated from the live account.

Example configuration for the integration environment:

- name: p-mysql
  type: pivnet
    api_token: {{api-token}}
    product_slug: p-mysql



A valid install of golang is required - version 1.7.x is tested; earlier versions may also work.


We use go modules for dependencies, so you will have to make sure to turn them on with GO111MODULE=on.

Running the tests

Install the ginkgo executable with:

go get -u

The tests require a valid Pivotal Network API token and valid AWS S3 configuration.

Refer to the official docs for more details on obtaining a Pivotal Network API token.

It is advised to run the acceptance tests against the Pivotal Network integration environment endpoint

Run the tests with the following command (dummy values must be replaced by user):

PRODUCT_SLUG=my-product-slug-eg-pivotal-diego-pcf \
API_TOKEN=my-token \
PIVNET_ENDPOINT=some-pivnet-endpoint \
PIVNET_RESOURCE_REFRESH_TOKEN=some-pivnet-resource-token \


Please make all pull requests to the master branch, and ensure the tests pass locally.

You can’t perform that action at this time.