For a full list of the Node.js-optimized Auto DevOps jobs, see Node.js-optimized Auto DevOps jobs.
The Build Code job runs the following commands:
npm install - to install the dependecies
npm run build - to build the project.
A package.json file must be present at the root of the project.
It is not necessary for the top-level directory of the project to be the root directory of the application that you want to build. For example, a repository might have a front-end directory that contains a standalone Node.js application. To specify the root directory, add the directory path to the extra.acquia.root_directory section in the package.json file of the root directory:
"extra": {
"acquia": {
"root_directory": "front-end/"
}
}The default root directory is <project_root>/.
The output directory contains the results of a build. The contents of this directory are the assets that Cloud Platform uses for static site hosting.
To specify the output directory, add the directory path to the extra.acquia.output_directory section in the package.json file of the root directory. For example:
"extra": {
"acquia": {
"output_directory": "assets/"
}
}The default output directory is <project_root>/.next/.
By default, Code Studio excludes the following file patterns from the build artifact:
.hg.git.gitmodules.svn.cache.eslintrc.now.vercel.npmignore.dockerignore.gitignore.*.swp.DS_Store.wafpicke-*.lock-wscript.env.local.env.*.local.venvnpm-debug.logconfig.gypinode_modules__pycache__venvCVSCode Studio does not exclude node_modules from the build artifacts when it is used with Advanced Frontend Hosting.
You can extend this job to run other necessary build commands. For more information, see Adding a before_script or after_script to a Code Studio job.
The Manage Secrets job is responsible for SSH key management.
The NPM Audit job audits package dependencies for security vulnerabilities. For more information, see the npmjs documentation.
To disable the job, add the NODE_JOBS_AUDIT environment variable in Code Studio and set it to false. For more information, see Adding environment variables.
The NPM Check job assesses outdated, incorrect, and unused dependencies. For more information, see the documentation for the npm-check package.
To disable the job, add the NPM_JOBS_CHECK environment variable in Code Studio and set it to false. For more information, see Adding environment variables.
The NPM ESLint job performs a static analysis of the code by using ESLint. If the root directory of the project already contains a .eslintrc file, Code Studio uses this file to determine the ESLint rules. Otherwise, Code Studio uses the default ESLint settings that adhere to the Standard.js rules.
To disable the job, add the NODE_JOBS_ESLINT environment variable in Code Studio and set it to false. For more information, see Adding environment variables.
The NPM Test job runs the predefined test commands. By default, this job is disabled. A predefined command must be specified in the test property of the scripts object of a package. For more information, see the npmjs documentation.
To enable the job, add the NODE_TASKS_TEST environment variable in Code Studio and set it to true. For more information, see Adding environment variables.
One or more SAST jobs perform a static scan of your code for security vulnerabilities.The number of jobs depends on the types of files committed to your repository. SAST results are saved as job artifacts. To access the SAST results within your Code Studio project, navigate to Build > Artifacts in the navigation bar.
For more information, see Static Application Security Testing (SAST).
The Secrets Detection job scans your code to ensure that you did not commit secrets, such as login credentials, to your repository. To access the results within your Code Studio project, navigate to Build > Artifacts in the navigation bar. For more information, see Secret Detection.
Create artifact from branch and Create artifact from tag jobs push the build artifact to Cloud Platform. You can deploy build artifacts to a Cloud Platform environment. For more information, see Deploying build artifacts in your Node.js environment.
Code Studio generates build artifacts using the following naming conventions:
<branch>-codestudio-build or <tag>-codestudio-build
To automate the deployment of tags to your production environment during the Deploy stage, set the ACQUIA_JOBS_DEPLOY_TAG_ARTIFACT environment variable to true in your Code Studio project. For more information, see Adding environment variables.
After you set the ACQUIA_JOBS_DEPLOY_TAG_ARTIFACT environment variable to true, Code Studio performs the following steps every time you create a tag in Code Studio:
<tag>-codestudio-buildTo automatically deploy tags to an environment other than production, set the ACQUIA_CLOUD_DESTINATION_ENVIRONMENT_ID environment variable to the environment ID of your target environment.
For more information about configuring continuous delivery in Code Studio, see How to implement real Continuous Delivery for Drupal on Acquia Developer Portal.
For Advanced Frontend Hosting applications, the system re-generates the artifact on Cloud Platform before it is deployed.
Build | Test | Deploy |
|---|---|---|
Build Code | NPM Audit | Create artifact from branch |
Manage Secrets | NPM Check | Create artifact from tag |
NPM ESLint |
| |
NPM Test |
| |
nodejs-scan-sast | ||
phpcs-security-audit-sast | ||
secret_detection | ||
semgrep-sast |
For information about the Node.js Auto DevOps pipeline, see Node.js Auto DevOps pipeline steps.
If this content did not answer your questions, try searching or contacting our support team for further assistance.
Tue Jul 29 2025 22:05:27 GMT+0000 (Coordinated Universal Time)