Update Repository Manager to 3.31.0-01.

Updated INSTALL4J_ADD_VM_PARAMS example memory settings to be in line with our recommendations, also put in a link to our memory requirements docs.

Dockerfile

@@ -15,10 +15,10 @@
 FROM registry.access.redhat.com/ubi8/ubi
 
 LABEL name="Nexus Repository Manager" \
-      maintainer="Sonatype <cloud-ops@sonatype.com>" \
+      maintainer="Sonatype <support@sonatype.com>" \
       vendor=Sonatype \
-      version="3.22.1-02" \
-      release="3.22.1" \
+      version="3.31.0-01" \
+      release="3.31.0" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,9 +36,9 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.22.1-02
+ARG NEXUS_VERSION=3.31.0-01
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=347a33dd55b556ac1130829c88b5f28b9281d53ac3b40fa78da5b0579e7f4766
+ARG NEXUS_DOWNLOAD_SHA256_HASH=975d113d293a2958dcb642e81e68ccd575de6e3a124ea00ad6c9f578a173a97b
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
@@ -73,6 +73,6 @@ VOLUME ${NEXUS_DATA}
 EXPOSE 8081
 USER nexus
 
-ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
+ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
 
 CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]

Dockerfile.rh.centos

@@ -15,10 +15,10 @@
 FROM centos:centos7
 
 LABEL name="Nexus Repository Manager" \
-      maintainer="Sonatype <cloud-ops@sonatype.com>" \
+      maintainer="Sonatype <support@sonatype.com>" \
       vendor=Sonatype \
-      version="3.22.1-02" \
-      release="3.22.1" \
+      version="3.31.0-01" \
+      release="3.31.0" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,9 +36,9 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.22.1-02
+ARG NEXUS_VERSION=3.31.0-01
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=347a33dd55b556ac1130829c88b5f28b9281d53ac3b40fa78da5b0579e7f4766
+ARG NEXUS_DOWNLOAD_SHA256_HASH=975d113d293a2958dcb642e81e68ccd575de6e3a124ea00ad6c9f578a173a97b
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
@@ -72,7 +72,7 @@ VOLUME ${NEXUS_DATA}
 EXPOSE 8081
 USER nexus
 
-ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
+ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
 
 ENTRYPOINT ["/uid_entrypoint.sh"]
 CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]

Dockerfile.rh.el

@@ -15,10 +15,10 @@
 FROM registry.access.redhat.com/rhel7/rhel
 
 LABEL name="Nexus Repository Manager" \
-      maintainer="Sonatype <cloud-ops@sonatype.com>" \
+      maintainer="Sonatype <support@sonatype.com>" \
       vendor=Sonatype \
-      version="3.22.1-02" \
-      release="3.22.1" \
+      version="3.31.0-01" \
+      release="3.31.0" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,9 +36,9 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.22.1-02
+ARG NEXUS_VERSION=3.31.0-01
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=347a33dd55b556ac1130829c88b5f28b9281d53ac3b40fa78da5b0579e7f4766
+ARG NEXUS_DOWNLOAD_SHA256_HASH=975d113d293a2958dcb642e81e68ccd575de6e3a124ea00ad6c9f578a173a97b
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
@@ -72,7 +72,7 @@ VOLUME ${NEXUS_DATA}
 EXPOSE 8081
 USER nexus
 
-ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
+ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
 
 ENTRYPOINT ["/uid_entrypoint.sh"]
 CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]

Dockerfile.rh.ubi

@@ -16,9 +16,9 @@ FROM registry.access.redhat.com/ubi8/ubi
 
 LABEL name="Nexus Repository Manager" \
       vendor=Sonatype \
-      maintainer="Sonatype <cloud-ops@sonatype.com>" \
-      version="3.22.1-02" \
-      release="3.22.1" \
+      maintainer="Sonatype <support@sonatype.com>" \
+      version="3.31.0-01" \
+      release="3.31.0" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,9 +36,9 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.22.1-02
+ARG NEXUS_VERSION=3.31.0-01
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=347a33dd55b556ac1130829c88b5f28b9281d53ac3b40fa78da5b0579e7f4766
+ARG NEXUS_DOWNLOAD_SHA256_HASH=975d113d293a2958dcb642e81e68ccd575de6e3a124ea00ad6c9f578a173a97b
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
@@ -73,7 +73,7 @@ VOLUME ${NEXUS_DATA}
 EXPOSE 8081
 USER nexus
 
-ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
+ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
 
 ENTRYPOINT ["/uid_entrypoint.sh"]
 CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]

Jenkinsfile

@@ -3,7 +3,7 @@
  * Includes the third-party code listed at http://links.sonatype.com/products/nexus/attributions.
  * "Sonatype" is a trademark of Sonatype, Inc.
  */
-@Library('ci-pipeline-library') _
+@Library(['private-pipeline-library', 'jenkins-shared']) _
 import com.sonatype.jenkins.pipeline.GitHub
 import com.sonatype.jenkins.pipeline.OsTools
 
@@ -14,6 +14,7 @@ properties([
     string(defaultValue: '', description: 'New Nexus Repository Manager Cookbook Version', name: 'nexus_repository_manager_cookbook_version'),
     booleanParam(defaultValue: false, description: 'Skip Pushing of Docker Image and Tags', name: 'skip_push'),
     booleanParam(defaultValue: false, description: 'Force Red Hat Certified Build for a non-master branch', name: 'force_red_hat_build'),
+    booleanParam(defaultValue: false, description: 'Skip Red Hat Certified Build', name: 'skip_red_hat_build'),
   ])
 ])
 
@@ -141,7 +142,7 @@ node('ubuntu-zion') {
           OsTools.runSafe(this, """
             docker login --username ${env.DOCKERHUB_API_USERNAME} --password ${env.DOCKERHUB_API_PASSWORD}
           """)
-          OsTools.runSafe(this, "docker push ${organization}/${dockerHubRepository}")
+          OsTools.runSafe(this, "docker push --all-tags ${organization}/${dockerHubRepository}")
 
           response = OsTools.runSafe(this, """
             curl -X POST https://hub.docker.com/v2/users/login/ \
@@ -174,7 +175,7 @@ node('ubuntu-zion') {
         OsTools.runSafe(this, "git tag -d ${version}")
       }
     }
-    if (branch == 'master' || params.force_red_hat_build) {
+    if ((! params.skip_red_hat_build) && (branch == 'master' || params.force_red_hat_build)) {
       stage('Trigger Red Hat Certified Image Build') {
         withCredentials([
             string(credentialsId: 'docker-nexus3-rh-build-project-id', variable: 'PROJECT_ID'),

README.md

@@ -45,6 +45,13 @@ To run, binding the exposed port 8081 to the host, use:
 $ docker run -d -p 8081:8081 --name nexus sonatype/nexus3
 ```
 
+When stopping, be sure to allow sufficient time for the databases to fully shut down.  
+
+```
+docker stop --time=120 <CONTAINER_NAME>
+```
+
+
 To test:
 
 ```
@@ -116,16 +123,18 @@ process, which runs as UID 200.
 
 * There is an environment variable that is being used to pass JVM arguments to the startup script
 
-  * `INSTALL4J_ADD_VM_PARAMS`, passed to the Install4J startup script. Defaults to `-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs`.
+  * `INSTALL4J_ADD_VM_PARAMS`, passed to the Install4J startup script. Defaults to `-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs`.
 
   This can be adjusted at runtime:
 
   ```
-  $ docker run -d -p 8081:8081 --name nexus -e INSTALL4J_ADD_VM_PARAMS="-Xms2g -Xmx2g -XX:MaxDirectMemorySize=3g  -Djava.util.prefs.userRoot=/some-other-dir" sonatype/nexus3
+  $ docker run -d -p 8081:8081 --name nexus -e INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=/some-other-dir" sonatype/nexus3
   ```
 
   Of particular note, `-Djava.util.prefs.userRoot=/some-other-dir` can be set to a persistent path, which will maintain
   the installed Nexus Repository License if the container is restarted.
+  
+  Be sure to check the [memory requirements](https://help.sonatype.com/display/NXRM3/System+Requirements#SystemRequirements-MemoryRequirements) when deciding how much heap and direct memory to allocate.
 
 * Another environment variable can be used to control the Nexus Context Path
 
@@ -169,3 +178,7 @@ Looking to contribute to our Docker image but need some help? There's a few ways
 * File an issue [on our public JIRA](https://issues.sonatype.org/projects/NEXUS/)
 * Check out the [Nexus3](http://stackoverflow.com/questions/tagged/nexus3) tag on Stack Overflow
 * Check out the [Nexus Repository User List](https://groups.google.com/a/glists.sonatype.com/forum/?hl=en#!forum/nexus-users)
+
+## License Disclaimer
+
+_Nexus Repository OSS is distributed with Sencha Ext JS pursuant to a FLOSS Exception agreed upon between Sonatype, Inc. and Sencha Inc. Sencha Ext JS is licensed under GPL v3 and cannot be redistributed as part of a closed source work._

SECURITY.md

@@ -0,0 +1,79 @@
+<!--
+
+    Copyright (c) 2011-present Sonatype, Inc. All rights reserved.
+    Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
+    "Sonatype" is a trademark of Sonatype, Inc.
+
+-->
+
+# Reporting Security Vulnerabilities
+
+## When to report
+
+First check
+[Important advisories of known security vulnerabilities in Sonatype products](https://support.sonatype.com/hc/en-us/sections/203012668-Security-Advisories)
+to see if this has been previously reported.
+
+## How to report
+
+Please email reports regarding security related issues you find to [mailto:security@sonatype.com](security@sonatype.com).
+
+Use our public key below to keep your message safe.
+
+## What to include
+
+Please use a descriptive subject line in your email report.
+
+Your name and/or affiliation.
+
+A detailed technical description of the vulnerability, attack scenario and where
+possible, how we can reproduce your findings.
+
+Provide us with a secure way to respond.
+
+## What to expect
+
+Your email will be acknowledged within 1 - 2 business days, and you'll receive a
+more detailed response to your email within 7 business days.
+
+We ask that everyone please follow responsible disclosure practices and allow
+time for us to release a fix prior to public release.
+
+Once an issue is reported, Sonatype uses the following disclosure process:
+
+When a report is received, we confirm the issue and determine its severity.
+
+If third-party services or software require mitigation before publication, those
+projects will be notified.
+
+## Our public key
+
+```console
+-----BEGIN PUBLIC KEY BLOCK-----
+mQENBFF+a9ABCADQWSAAU7w9i71Zn3TQ6k7lT9x57cRdtX7V709oeN/c/1it+gCw
+onmmCyf4ypor6XcPSOasp/x0s3hVuf6YfMbI0tSwJUWWihrmoPGIXtmiSOotQE0Q
+Sav41xs3YyI9LzQB4ngZR/nhp4YhioD1dVorD6LGXk08rvl2ikoqHwTagbEXZJY7
+3VYhW6JHbZTLwCsfyg6uaSYF1qXfUxHPOiHYKNbhK/tM3giX+9ld/7xi+9f4zEFQ
+eX9wcRTdgdDOAqDOK7MV30KXagSqvW0MgEYtKX6q4KjjRzBYjkiTdFW/yMXub/Bs
+5UckxHTCuAmvpr5J0HIUeLtXi1QCkijyn8HJABEBAAG0KVNvbmF0eXBlIFNlY3Vy
+aXR5IDxzZWN1cml0eUBzb25hdHlwZS5jb20+iQE4BBMBAgAiBQJRfmvQAhsDBgsJ
+CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAgkmxsNtgwfUzbCACLtCgieq1kJOqo
+2i136ND5ZOj31zIzNENLn8dhSg5zQwTHOcntWAtS8uCNq4fSlslwvlbPYWTLD7fE
+iJn1z7BCU8gBk+pkAJJFWEPweMVt+9bYQ4HfKceGbJeuwBBhS34SK9ZIp9gfxxfA
+oTm0aGYwKR5wH3sqL/mrhwKhPt9wXR4qwlE635STEX8wzJ5SBqf3ArJUtCp1rzgR
+Dx+DiZed5HE1pOI2Kyb6O80bm485WThPXxpvp3bfzTNYoGzeLi/F7WkmgggkXxsT
+Pyd0sSx0B/MO4lJtQvEBlIHDFno9mXa30fKl+rzp2geG5UxNHJUjaC5JhfWLEXEX
+wV0ErBsmuQENBFF+a9ABCADXj04+GLIz8VCaZH554nUHEhaKoiIXH3Tj7UiMZDqy
+o4WIw2RFaCQNA8T0R5Q0yxINU146JQMbA2SN59AGcGYZcajyEvTR7tLG0meMO6S0
+JWpkX7s3xaC0s+5SJ/ba00oHGzW0aotgzG9BWA5OniNHK7zZKMVu7M80M/wB1RvK
+x775hAeJ+8F9MDJ+ijydBtaOfDdkbg+0kU1xR6Io+vVLPk38ghlWU8QFP4/B0oWi
+jK4xiDqK6cG7kyH9kC9nau+ckH8MrJ/RzEpsc4GRwqS4IEnvHWe7XbgydWS1bCp6
+8uP5ma3d02elQmSEa+PABIPKnZcAf1YKLr9O/+IzEdOhABEBAAGJAR8EGAECAAkF
+AlF+a9ACGwwACgkQIJJsbDbYMH3WzAf/XOm4YQZFOgG2h9d03m8me8d1vrYico+0
+pBYU9iCozLgamM4er9Efb+XzfLvNVKuqyR0cgvGszukIPQYeX58DMrZ07C+E0wDZ
+bG+ZAYXT5GqsHkSVnMCVIfyJNLjR4sbVzykyVtnccBL6bP3jxbCP1jJdT7bwiKre
+1jQjvyoL0yIegdiN/oEdmx52Fqjt4NkQsp4sk625UBFTVISr22bnf60ZIGgrRbAP
+DU1XMdIrmqmhEEQcXMp4CeflDMksOmaIeAUkZY7eddnXMwQDJTnz5ziCal+1r0R3
+dh0XISRG0NkiLEXeGkrs7Sn7BAAsTsaH/1zU6YbvoWlMlHYT6EarFQ== =sFGt
+-----END PUBLIC KEY BLOCK-----
+```

ci/TriggerRedHatBuild.groovy

@@ -14,7 +14,8 @@ import groovyx.net.http.HttpBuilder
 import groovyx.net.http.HttpException
 
 if (args.size() < 3) {
-  fail('Usage: groovy TriggerRedhatBuild.groovy <version> <projectId> <apiKey>')
+  System.err.println('Usage: groovy TriggerRedhatBuild.groovy <version> <projectId> <apiKey>')
+  System.exit(1)
 }
 
 new BuildClient(*args).run()
@@ -145,12 +146,17 @@ class BuildClient {
       println 'Waiting for build to finish.'
       sleep 60000
 
-      final completedBuild = getTags().find {
-        it.name == nextTag && it.scan_status == 'passed'
-      }
+      try {
+        final completedBuild = getTags().find {
+          it.name == nextTag && it.scan_status == 'passed'
+        }
 
-      if (completedBuild) {
-        return completedBuild
+        if (completedBuild) {
+          return completedBuild
+        }
+      } catch (HttpException ex) {
+        ex.printStackTrace()
+        System.err.println "Failed retrieving completed builds, but still trying: ${ex.statusCode} [${ex.body}]"
       }
     }