# Generic ## Overview Generic artifacts extend Bluebricks orchestration beyond native IaC tools. They let you run any containerized task (scripts, CLIs, data migrations, automation flows) as a one-shot Kubernetes Job that executes your code, captures outputs, and cleans up.

Feature	Details
Bring-your-own Docker image	Run any language or runtime that fits in a container
No-code plan	Planning always reports "no changes"
Container I/O wiring	Props and secrets injected as JSON files and environment variables
Portable outputs	Your script writes `outputs.json`; Bluebricks stores the values for downstream use
Ephemeral execution	Kubernetes Job, auto-cleaned after exit

Common use cases:

Use case	Example image	Typical command
Shell automation	`alpine:latest`	`sh run.sh`
Python script	`python:3.12`	`python main.py`
Ansible playbook	`alpine/ansible`	`ansible-playbook site.yml`
Database migration	`python:3.11-slim`	`python migrate.py`
API integration	`curlimages/curl:latest`	`sh api_call.sh`

For a complete guide to how inputs and outputs work across all IaC tools, see [Inputs & Outputs](https://bluebricks.co/docs/core-concepts/packages/inputs-and-outputs). ## Required files and directory structure A Generic artifact requires user-defined scripts or executables in the directory specified by `native.path`: ``` my-generic-artifact/ ├── bricks.json # Artifact manifest └── src/ # native.path points here → mounted at /workspace ├── main.py # Entry script ├── helper.py └── sidefiles/ └── config.json ``` The `native.path` directory is mounted as `/workspace` inside the container at runtime. This is the working directory and the only writable mount point. ## bricks.json reference

Field	Required	Description
`image`	No	Docker image (default: `busybox:stable`). Must come from an approved registry.
`command`	No	Entry command array. Omit to use the image's default entrypoint.
`args`	No	Arguments array appended to command.
`path`	Yes	Folder in the artifact to mount as `/workspace`.
`env_vars`	No	Key-value map of environment variables injected into the container. See Container Configuration for details.
`lifecycle`	No	Per-stage overrides for plan, apply, and destroy. See Lifecycle and Execution.

## Approved container registries Only images from the registries below are accepted at publish time. Attempting to use an image from any other registry will be rejected. | Registry | Description | | --------------------------------- | ---------------------------- | | `docker.io` | Docker Hub | | `ghcr.io` | GitHub Container Registry | | `quay.io` | Red Hat Quay | | `registry.gitlab.com` | GitLab Container Registry | | `mcr.microsoft.com` | Microsoft Container Registry | | `gcr.io` | Google Container Registry | | `artifactregistry.googleapis.com` | Google Artifact Registry | | `ecr.aws` | AWS ECR | | `*.us-east-1.amazonaws.com` | AWS ECR us-east-1 | | `*.eu-west-1.amazonaws.com` | AWS ECR eu-west-1 | {% hint style="warning" %} Images from registries not on this list are rejected at publish time. See [Container Configuration](https://bluebricks.co/docs/core-concepts/packages/artifacts-overview/generic/container-config) for image selection best practices. {% endhint %} ## How to create this artifact The only requirement is a directory with your script or executable. Any language, any runtime: if it runs in a container, Bluebricks can orchestrate it. Bluebricks handles input injection, output capture, and container lifecycle for you. You can create a Generic artifact in two ways: * **In the Bluebricks app** during [blueprint creation](https://github.com/bluebricks-dev/Bluebricks-Documentation/blob/main/core-concepts/packages/artifacts-overview/blueprints-overview/creating-blueprints.md): select your repository and the directory containing your code, and Bluebricks generates the artifact automatically * **Via CLI**: run `bricks bprint publish` from the directory containing your code. See [Creating Artifacts](https://github.com/bluebricks-dev/Bluebricks-Documentation/blob/main/core-concepts/packages/artifacts-overview/generic/creating-artifacts.md) for the full workflow *** > The sections below explain how Bluebricks maps your code to inputs, outputs, and operations under the hood. Everything here is optional reading. To get started, head to [Creating Blueprints](https://bluebricks.co/docs/core-concepts/packages/blueprints-overview/creating-blueprints). ## Inputs ### What becomes an input Generic artifacts have no native input construct; all inputs are declared explicitly as `props` in `bricks.json`. There is no auto-discovery. ### How inputs are delivered at runtime Bluebricks delivers inputs through three mechanisms simultaneously:

Mechanism	Location inside the container	Notes
Environment variables	`GREETING`, `REGION`, ... (one per prop/secret)	Secrets are also passed; avoid printing them
`/workspace/vars.json`	JSON file with all props	Non-secret configuration
`/workspace/secrets.json`	JSON file with all secrets	0600 permissions

### Reading inputs in code {% tabs %} {% tab title="Python" %} ```python import json with open('/workspace/vars.json', 'r') as f: vars = json.load(f) database_host = vars['database_host'] ``` {% endtab %} {% tab title="Node.js" %} ```javascript const fs = require('fs'); const vars = JSON.parse(fs.readFileSync('/workspace/vars.json', 'utf8')); const databaseHost = vars.database_host; ``` {% endtab %} {% tab title="Bash" %} ```bash #!/bin/bash VARS_FILE="/workspace/vars.json" DATABASE_HOST=$(jq -r '.database_host' "$VARS_FILE") DATABASE_NAME=$(jq -r '.database_name' "$VARS_FILE") ``` {% endtab %} {% endtabs %} ### Auto-injected environment variables Bluebricks injects the following environment variables into every Generic artifact execution, in addition to any `env_vars` you define: | Variable | Description | | --------------- | ----------------------------------------------------------------------- | | `BRICKS_ACTION` | Current deployment stage: `plan`, `apply`, `plan-destroy`, or `destroy` | | `BRICKS_STATE` | Base64-encoded JSON of previous deployment state (when state exists) | | `BRICKS_JOB_ID` | UUID identifying the current job execution | See [Lifecycle and Execution](https://bluebricks.co/docs/core-concepts/packages/artifacts-overview/generic/lifecycle) for details on using these variables. ## Outputs ### What becomes an output Your code defines the outputs by writing a JSON file. There is no native output construct; outputs are whatever your script produces. ### Output contract Your code must create `/workspace/outputs.json` before exiting:

Rule	Detail
File name	`outputs.json` (exact)
Location	`/workspace/outputs.json`
Size limit	1 MiB maximum
Format	Flat JSON object (nested objects/arrays allowed)
Auto-added	`job_id` is automatically included

### Writing outputs in code {% tabs %} {% tab title="Python" %} ```python import json, pathlib with open("/workspace/vars.json") as f: variables = json.load(f) (pathlib.Path("/workspace") / "outputs.json").write_text( json.dumps({"message": "done", "records": 42}, indent=2) ) ``` {% endtab %} {% tab title="Node.js" %} ```javascript const fs = require('fs'); const outputs = { migration_status: 'success', rows_affected: 150, completion_time: new Date().toISOString() }; fs.writeFileSync('/workspace/outputs.json', JSON.stringify(outputs, null, 2)); ``` {% endtab %} {% tab title="Bash" %} ```bash #!/bin/bash cat > /workspace/outputs.json < /tmp/vars.json << 'EOF' { "database_host": "localhost", "database_name": "test_db" } EOF # Run the container with mounted files docker run --rm \ -v /tmp/vars.json:/workspace/vars.json \ -v $(pwd)/src:/workspace \ python:3.11-slim \ python /workspace/main.py # Check the outputs cat /workspace/outputs.json ``` ## Supported operations

Operation	What happens	Notes
Plan	Always returns an empty plan (`{}`) and lists outputs as "known after apply"	No resources are previewed; Generic is execution-only
Apply	Launches a Kubernetes Job with your image, mounts your artifact, runs the command, captures `outputs.json`, then cleans up	Job fails if exit code is not 0, timeout is hit, or `outputs.json` is invalid
Plan Destroy	Also always empty	Nothing to show; there are no persistent resources
Apply Destroy	No-op. Marks the deployment destroyed immediately.	Any cleanup must be coded into your script.

## Runtime environment

Resource	Value
CPU	0.1 core guaranteed, burstable
Memory	256 MiB request, 256 MiB limit
Timeout	60 minutes (hard stop)
User	UID 1000 (non-root); no privilege escalation
Filesystem	`/workspace` is read-write; remainder is read-only

Need more resources? Split the task, optimize code, or run it in your own environment and call back to Bluebricks via API. ## Python dependencies If your Python script needs remote dependencies at runtime: ```sh export HOME=${CWD} && pip install --user -r requirements.txt ``` This installs dependencies to the user's local Python package directory, avoiding system-wide permissions. ## Best practices * Pick a minimal image with only what you need; smaller = faster pull * Pin image digests (`python@sha256:...`) for reproducible builds * Log verbosely to stdout; Bluebricks streams logs in real time * Validate inputs early; exit 1 with a helpful message if invalid * Keep execution under 5 minutes or design for resumable/partitioned runs * Never echo secrets; they're in env vars, so accidental `print(os.environ)` will leak them to logs