For a full list of the Node.js-optimized Auto DevOps jobs, visit Node.js-optimized Auto DevOps jobs.
The Build Code job runs the following commands:
npm install - to install the dependencies
npm run build - to build the project
An acquia_config.yaml file must exist at the root of the project.
A package.json file must be present at the root of the project.
The top-level directory of your project does not need to be kept as the application's root directory. To specify the root directory, add the directory path to the root_directory key in the acquia_config.yaml or acquia_config.yml file:
root_directory: "./"The default root directory is <project_root>/.
The output directory contains the results of a build. To specify the output directory, add the directory path to the output_directory section in the acquia_config.yaml file of the root directory.
The default output directory for Frontend Hosting Basic is <project_root>/out/.
For Frontend Hosting Advanced, if output_directory is not set in acquia_config.yaml, Code Studio assumes that no build artifact are to be generated and does not run the npm build command.
By default, Code Studio excludes the following file patterns from the build artifact:
.hg.git.gitmodules.svn.cache.eslintrc.now.vercel.npmignore.dockerignore.gitignore.*.swp.DS_Store.wafpicke-*.lock-wscript.env.local.env.*.local.venvnpm-debug.logconfig.gypinode_modules__pycache__venvCVSCode Studio does not exclude node_modules from the build artifacts when it is used with Frontend Hosting Advanced .
This job can be extended to run other necessary build commands.
The Manage Secrets job is responsible for SSH key management.
The NPM Audit job audits package dependencies for security vulnerabilities. For more information, visit the npmjs documentation.
To disable the job, add the NODE_JOBS_AUDIT environment variable in Code Studio and set it to false. For more information, visit Adding environment variables.
The NPM Check job assesses outdated, incorrect, and unused dependencies. For more information, visit the documentation for the npm-check package.
To disable the job, add the NPM_JOBS_CHECK environment variable in Code Studio and set it to false. For more information, visit Adding environment variables.
The NPM ESLint job performs a static analysis of the code by using ESLint. If the root directory of the project already contains a .eslintrc file, Code Studio uses this file to determine the ESLint rules. Otherwise, Code Studio uses the default ESLint settings that adhere to the Standard.js rules.
To disable the job, add the NODE_JOBS_ESLINT environment variable in Code Studio and set it to false. For more information, visit Adding environment variables.
The NPM Test job runs the predefined test commands. By default, this job is disabled. A predefined command must be specified in the test property of the scripts object of a package. For more information, visit the npmjs documentation.
To enable the job, add the NODE_TASKS_TEST environment variable in Code Studio and set it to true. For more information, visit Adding environment variables.
One or more SAST jobs perform a static scan of your code for security vulnerabilities.The number of jobs depends on the types of files committed to your repository. SAST results are saved as job artifacts. To access the SAST results within your Code Studio project, navigate to Build > Artifacts in the navigation bar.
For more information, visit Static Application Security Testing (SAST).
The Secrets Detection job scans your code to ensure that you did not commit secrets, such as login credentials, to your repository. To access the results within your Code Studio project, navigate to Build > Artifacts in the navigation bar. For more information, visit Secret Detection.
These jobs push the build artifact to Cloud Platform. You can deploy build artifacts to a Cloud Platform environment. Build artifact names use <branch>-codestudio-build or <tag>-codestudio-build.
To automate tag deployment to your production environment, set the ACQUIA_JOBS_DEPLOY_TAG_ARTIFACT environment variable to true. Code Studio then:
<tag>-codestudio-build.To deploy to an environment other than production, set the ACQUIA_CLOUD_SOURCE_ENVIRONMENT_ID variable to the target environment ID.
To automate branch deployment to a target environment, set ACQUIA_JOBS_DEPLOY_BRANCH_ARTIFACT to true and set ACQUIA_CLOUD_BRANCH_DEPLOY_ENV_ID to the target environment's ID. Code Studio then:
<branch>-codestudio-build.Branch-based deployments fail if ACQUIA_CLOUD_BRANCH_DEPLOY_ENV_ID is not set.
Branch-based deployment is skipped if the branch built in Code Studio already exists in the target Cloud Platform environment.
Build | Test | Deploy |
|---|---|---|
Build Code | NPM Audit | Create artifact from branch |
Manage Secrets | NPM Check | Create artifact from tag |
NPM ESLint | Deploy tag artifact to the environment | |
NPM Test | Deploy branch artifact to the environment | |
nodejs-scan-sast | ||
phpcs-security-audit-sast | ||
secret_detection | ||
semgrep-sast |
For information about the Node.js Auto DevOps pipeline, visit Node.js Auto DevOps pipeline steps.
If this content did not answer your questions, try searching or contacting our support team for further assistance.
Thu Sep 25 2025 08:32:03 GMT+0000 (Coordinated Universal Time)