Skip to main content

Use Harness Cloud build infrastructure

With Harness Cloud you can run builds in isolation on Harness-hosted VMs that are preconfigured with the tools, packages, and settings commonly used in CI pipelines. Harness hosts, maintains, and upgrades these machines so that you can focus on building software instead of maintaining build infrastructure.

This topic describes how to use Harness-hosted build infrastructure for your Harness CI pipelines, as well as information about machine specifications, special considerations, and additional configuration required for certain use cases.

For more information about the Harness Cloud architecture, go to Get started with Harness Cloud. For a comparison of build infrastructure options, go to Which build infrastructure is right for me?


  • You must use Harness Secret Manager to store connector credentials and other secrets.
  • All connectors must connect through the Harness Platform, not the delegate.
  • AWS connectors can't use IRSA or AssumeRole.
  • GCP and Azure connectors can't inherit credentials from the delegate.

Platforms and image specifications

Harness Cloud offers the following operating systems and architectures:

  • Linux: amd64 and arm64
  • macOS: arm64 (M1)
  • Windows: amd64

To enable Windows and macOS for Harness Cloud, contact Harness Support.

Refer to the following image specification README files for more information about image components and preinstalled software.

Specify versions

If there are multiple versions of a tool installed, you can specify the version to use in a step's Command.

For example, with the Harness Cloud macOS build infrastructure, you could use the following command in a Run step to select an Xcode version:

sudo xcode-select -switch /Applications/
Install additional tools

If your build requires a tool that isn't already available on the VM, you can use a step to install it directly or run it in a Docker image. There are a variety of steps you can use to do this, such as:


Use the Bitrise plugin step to run Bitrise Integrations in your CI pipelines.

In the following YAML example, an Action step runs the actions/setup-java GitHub Action to load Java 17, and then the Run step confirms the Java version.

- step:
identifier: install_java
name: intall java version 17
type: Action
uses: actions/setup-[email protected]
distribution: 'zulu' # See 'Supported distributions' for available options
java-version: '17'
- step:
identifier: java_ver_check
name: java version check
type: Run
shell: Bash
command: |
JAVA_VER=$(java -version 2>&1 | head -1 | cut -d'"' -f2 | sed '/^1\./s///' | cut -d'.' -f1)
if [[ $JAVA_VER == 17 ]]; then
echo successfully installed $JAVA_VER
exit 1

The following YAML example demonstrates how a Run step can use a Docker image (specified in conectorRef and image) to leverage tools available on that image that aren't available on the host image:

    - stage:
name: Print welcome message
identifier: welcome_message
type: CI
cloneCodebase: true
platform: // Platform properties describe the target machine required by this stage.
os: Linux
arch: Amd64
type: Cloud // This build runs on Harness-provided infrastructure.
spec: {}
- step:
type: Run
name: Welcome
identifier: Welcome
connectorRef: my_dockerhub // Specify a Docker connector to pull an image from Docker.
image: alpine // If no image is specified, the step runs on the host machine.
shell: Sh
command: Echo "Welcome to Harness CI"

Steps running in containers can't communicate with Background steps running on the Harness Cloud build infrastructure, because they do not have a common host.

Use Harness Cloud

You can start using Harness Cloud in minutes.

  1. Go to the pipeline where you want to use Harness Cloud build infrastructure.
  2. Select the Build stage, and then select the Infrastructure tab.
  3. Select Harness Cloud and the desired Platform.
  4. Save and run your pipeline.

Build private repos with Harness Cloud


Whitelisting is only required if your code repository, Docker registry, or Artifactory registry isn't accessible by direct connection over the internet, such as those that are behind firewalls.

You can use Harness Cloud build infrastructure with private repositories. However, if your codebase repository or Docker/Artifactory registry is not publicly accessible, you must whitelist the following IPs in your firewall: