Run Private CI/CD Pipelines on Alibaba Cloud’s Cloud Effect Inside a Secure Intranet

Scenario

Code repositories, artifact stores and other data assets reside in an internal corporate network that is not reachable from the public internet. The objective is to use Alibaba Cloud Effect pipelines to orchestrate CI/CD while keeping all traffic inside the private network.

Solution Overview

Effect pipelines can host build machines inside the private network, schedule build jobs on those machines, and ensure that interactions with code and artifact repositories remain within the intranet.

Step‑by‑Step Implementation

3.1 Create a Private Build Cluster

In the Effect Flow console go to Global Settings → Build Cluster Management → New Build Cluster , fill in the required information and create the cluster.

Enter the newly created cluster and click Connect New Node . Nodes can be added in two ways:

Manual Runner Installation : copy the Runner installation command and run it on a self‑managed machine; the Runner runs as a service.

Alibaba Cloud ECS : select this option and the pipeline will invoke the Cloud Assistant API to install the Runner automatically.

3.2 Create a Code Repository Service Connection

Assume the internal repository URL is https://myrepo.com . Create a service connection so the pipeline can pull code.

Navigate to Global Settings → Service Connection Management → New Service Connection → Generic Git .

Click Next , then New Service Authorization/Certificate and provide the repository credentials.

Confirm to create the certificate; it will be automatically selected on the service‑connection page. Click Create to finish.

3.3 Define Pipeline with Source and Build Tasks

In Effect Flow go to My Pipelines → New Pipeline , choose an empty template and select YAML Orchestration .

Configure the code source:

sources:
  my_repo:
    type: git
    name: MyCodeSource
    endpoint: http://myrepo.com/ns/code-repo.git  # replace with your repository URL
    branch: master
    triggerEvents: push
    certificate:
      type: serviceConnection
      serviceConnection: <code>YOUR_SERVICE_CONNECTION_ID</code>

Configure the build environment and select the private cluster:

stages:
  build_stage:
    name: BuildStage
    jobs:
      build_job:
        name: BuildTask
        runsOn: <code>YOUR_BUILD_CLUSTER_ID</code>
        steps:
          build_step:
            step: JavaBuild
            name: JavaBuild
            with:
              jdkVersion: "1.8"
              mavenVersion: "3.5.2"
              run: "mvn -B clean package -Dmaven.test.skip=true -Dautoconfig.skip"

Replace YOUR_SERVICE_CONNECTION_ID and YOUR_BUILD_CLUSTER_ID with the IDs created in the previous steps, then save and run the pipeline.

3.4 Run the Pipeline

Execute the pipeline. Build logs will show that the job runs on the private build machine, and only that machine needs network access to the internal repository—no public exposure is required.

Additional References

YAML syntax specifications – https://help.aliyun.com/document_detail/609178.html?spm=a2c4g.2831722.0.i1

Pipeline Runner details – https://help.aliyun.com/document_detail/2825830.html?spm=a2c4g.2831722.0.i2

Pipeline caching – https://help.aliyun.com/document_detail/2831720.html?spm=a2c4g.2831722.0.i3