moved n some rhel specific stuff

Update to new UBI images from Red HAt
2019-02-26 16:35:35 -05:00 · 2019-02-26 11:51:01 -05:00
8 changed files with 80 additions and 469 deletions
@@ -12,33 +12,17 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-FROM registry.access.redhat.com/ubi8/ubi
+FROM registry.access.redhat.com/ubi7/ubi

-LABEL name="Nexus Repository Manager" \
-      maintainer="Sonatype <support@sonatype.com>" \
-      vendor=Sonatype \
-      version="3.29.1-01" \
-      release="3.29.1" \
-      url="https://sonatype.com" \
-      summary="The Nexus Repository Manager server \
-          with universal support for popular component formats." \
-      description="The Nexus Repository Manager server \
-          with universal support for popular component formats." \
-      run="docker run -d --name NAME \
-          -p 8081:8081 \
-          IMAGE" \
-      stop="docker stop NAME" \
+MAINTAINER Sonatype <cloud-ops@sonatype.com>
+
+LABEL vendor=Sonatype \
      com.sonatype.license="Apache License, Version 2.0" \
-      com.sonatype.name="Nexus Repository Manager base image" \
-      io.k8s.description="The Nexus Repository Manager server \
-          with universal support for popular component formats." \
-      io.k8s.display-name="Nexus Repository Manager" \
-      io.openshift.expose-services="8081:8081" \
-      io.openshift.tags="Sonatype,Nexus,Repository Manager"
+      com.sonatype.name="Nexus Repository Manager base image"

-ARG NEXUS_VERSION=3.29.1-01
+ARG NEXUS_VERSION=3.15.2-01
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=625337c820c32814bf6408c5bb00f5daac5d7dc0f88377d28c56630083a8b33b
+ARG NEXUS_DOWNLOAD_SHA256_HASH=acde357f5bbc6100eb0d5a4c60a1673d5f1f785e71a36cfa308b8dfa45cf25d0

 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
@@ -54,25 +38,25 @@ ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexu
 ADD solo.json.erb /var/chef/solo.json.erb

 # Install using chef-solo
-# Chef version locked to avoid needing to accept the EULA on behalf of whomever builds the image
-RUN yum install -y --disableplugin=subscription-manager hostname procps \
-    && curl -L https://www.getchef.com/chef/install.sh | bash -s -- -v 14.12.9 \
+RUN curl -L https://www.getchef.com/chef/install.sh | bash \
    && /opt/chef/embedded/bin/erb /var/chef/solo.json.erb > /var/chef/solo.json \
    && chef-solo \
+       --node_name nexus_repository_red_hat_docker_build \
       --recipe-url ${NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL} \
       --json-attributes /var/chef/solo.json \
    && rpm -qa *chef* | xargs rpm -e \
+    && rpm --rebuilddb \
    && rm -rf /etc/chef \
    && rm -rf /opt/chefdk \
    && rm -rf /var/cache/yum \
-    && rm -rf /var/chef \
-    && yum clean all
+    && rm -rf /var/chef

 VOLUME ${NEXUS_DATA}

 EXPOSE 8081
 USER nexus

-ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
+ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"

+ENTRYPOINT ["/uid_entrypoint.sh"]
 CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]
@@ -12,13 +12,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-FROM centos:centos7
+FROM registry.access.redhat.com/ubi7/ubi
+
+MAINTAINER Sonatype <cloud-ops@sonatype.com>

 LABEL name="Nexus Repository Manager" \
-      maintainer="Sonatype <support@sonatype.com>" \
      vendor=Sonatype \
-      version="3.29.1-01" \
-      release="3.29.1" \
+      version="3.15.2-01" \
+      release="3.15.2" \
      url="https://sonatype.com" \
      summary="The Nexus Repository Manager server \
          with universal support for popular component formats." \
@@ -36,9 +37,9 @@ LABEL name="Nexus Repository Manager" \
      io.openshift.expose-services="8081:8081" \
      io.openshift.tags="Sonatype,Nexus,Repository Manager"

-ARG NEXUS_VERSION=3.29.1-01
+ARG NEXUS_VERSION=3.15.2-01
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=625337c820c32814bf6408c5bb00f5daac5d7dc0f88377d28c56630083a8b33b
+ARG NEXUS_DOWNLOAD_SHA256_HASH=acde357f5bbc6100eb0d5a4c60a1673d5f1f785e71a36cfa308b8dfa45cf25d0

 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
@@ -72,7 +73,7 @@ VOLUME ${NEXUS_DATA}
 EXPOSE 8081
 USER nexus

-ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
+ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"

 ENTRYPOINT ["/uid_entrypoint.sh"]
 CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]
@@ -12,13 +12,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-FROM registry.access.redhat.com/rhel7/rhel
+FROM registry.access.redhat.com/ubi7/ubi
+
+MAINTAINER Sonatype <cloud-ops@sonatype.com>

 LABEL name="Nexus Repository Manager" \
-      maintainer="Sonatype <support@sonatype.com>" \
      vendor=Sonatype \
-      version="3.29.1-01" \
-      release="3.29.1" \
+      version="3.15.2-01" \
+      release="3.15.2" \
      url="https://sonatype.com" \
      summary="The Nexus Repository Manager server \
          with universal support for popular component formats." \
@@ -36,9 +37,9 @@ LABEL name="Nexus Repository Manager" \
      io.openshift.expose-services="8081:8081" \
      io.openshift.tags="Sonatype,Nexus,Repository Manager"

-ARG NEXUS_VERSION=3.29.1-01
+ARG NEXUS_VERSION=3.15.2-01
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=625337c820c32814bf6408c5bb00f5daac5d7dc0f88377d28c56630083a8b33b
+ARG NEXUS_DOWNLOAD_SHA256_HASH=acde357f5bbc6100eb0d5a4c60a1673d5f1f785e71a36cfa308b8dfa45cf25d0

 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
@@ -72,7 +73,7 @@ VOLUME ${NEXUS_DATA}
 EXPOSE 8081
 USER nexus

-ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
+ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"

 ENTRYPOINT ["/uid_entrypoint.sh"]
 CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]
@@ -1,79 +0,0 @@
-# Copyright (c) 2016-present Sonatype, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM registry.access.redhat.com/ubi8/ubi
-
-LABEL name="Nexus Repository Manager" \
-      vendor=Sonatype \
-      maintainer="Sonatype <support@sonatype.com>" \
-      version="3.29.1-01" \
-      release="3.29.1" \
-      url="https://sonatype.com" \
-      summary="The Nexus Repository Manager server \
-          with universal support for popular component formats." \
-      description="The Nexus Repository Manager server \
-          with universal support for popular component formats." \
-      run="docker run -d --name NAME \
-          -p 8081:8081 \
-          IMAGE" \
-      stop="docker stop NAME" \
-      com.sonatype.license="Apache License, Version 2.0" \
-      com.sonatype.name="Nexus Repository Manager base image" \
-      io.k8s.description="The Nexus Repository Manager server \
-          with universal support for popular component formats." \
-      io.k8s.display-name="Nexus Repository Manager" \
-      io.openshift.expose-services="8081:8081" \
-      io.openshift.tags="Sonatype,Nexus,Repository Manager"
-
-ARG NEXUS_VERSION=3.29.1-01
-ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=625337c820c32814bf6408c5bb00f5daac5d7dc0f88377d28c56630083a8b33b
-
-# configure nexus runtime
-ENV SONATYPE_DIR=/opt/sonatype
-ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \
-    NEXUS_DATA=/nexus-data \
-    NEXUS_CONTEXT='' \
-    SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \
-    DOCKER_TYPE='rh-docker'
-
-ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20190212-155606.d1afdfe"
-ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz"
-
-ADD solo.json.erb /var/chef/solo.json.erb
-
-# Install using chef-solo
-# Chef version locked to avoid needing to accept the EULA on behalf of whomever builds the image
-RUN curl -L https://www.getchef.com/chef/install.sh | bash -s -- -v 14.12.9 \
-    && /opt/chef/embedded/bin/erb /var/chef/solo.json.erb > /var/chef/solo.json \
-    && chef-solo \
-       --node_name nexus_repository_red_hat_docker_build \
-       --recipe-url ${NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL} \
-       --json-attributes /var/chef/solo.json \
-    && rpm -qa *chef* | xargs rpm -e \
-    && rm -rf /etc/chef \
-    && rm -rf /opt/chefdk \
-    && rm -rf /var/cache/yum \
-    && rm -rf /var/chef \
-    && yum clean all
-
-VOLUME ${NEXUS_DATA}
-
-EXPOSE 8081
-USER nexus
-
-ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
-
-ENTRYPOINT ["/uid_entrypoint.sh"]
-CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]
@@ -3,7 +3,7 @@
 * Includes the third-party code listed at http://links.sonatype.com/products/nexus/attributions.
 * "Sonatype" is a trademark of Sonatype, Inc.
 */
-@Library(['private-pipeline-library', 'jenkins-shared']) _
+@Library('ci-pipeline-library') _
 import com.sonatype.jenkins.pipeline.GitHub
 import com.sonatype.jenkins.pipeline.OsTools

@@ -11,10 +11,8 @@ properties([
  parameters([
    string(defaultValue: '', description: 'New Nexus Repository Manager Version', name: 'nexus_repository_manager_version'),
    string(defaultValue: '', description: 'New Nexus Repository Manager Version Sha256', name: 'nexus_repository_manager_version_sha'),
+
    string(defaultValue: '', description: 'New Nexus Repository Manager Cookbook Version', name: 'nexus_repository_manager_cookbook_version'),
-    booleanParam(defaultValue: false, description: 'Skip Pushing of Docker Image and Tags', name: 'skip_push'),
-    booleanParam(defaultValue: false, description: 'Force Red Hat Certified Build for a non-master branch', name: 'force_red_hat_build'),
-    booleanParam(defaultValue: false, description: 'Skip Red Hat Certified Build', name: 'skip_red_hat_build'),
  ])
 ])

@@ -38,8 +36,7 @@ node('ubuntu-zion') {
      dockerFileLocations = [
        "${pwd()}/Dockerfile",
        "${pwd()}/Dockerfile.rh.centos",
-        "${pwd()}/Dockerfile.rh.el",
-        "${pwd()}/Dockerfile.rh.ubi"
+        "${pwd()}/Dockerfile.rh.el"
      ]

      branch = checkoutDetails.GIT_BRANCH == 'origin/master' ? 'master' : checkoutDetails.GIT_BRANCH
@@ -106,7 +103,7 @@ node('ubuntu-zion') {
    if (currentBuild.result == 'FAILURE') {
      return
    }
-    if (params.nexus_repository_manager_version && params.nexus_repository_manager_version_sha
+    if (params.nexus_repository_manager_version && params.nexus_repository_manager_version_sha 
          || params.nexus_repository_manager_cookbook_version) {
      stage('Commit Automated Code Update') {
        withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'integrations-github-api',
@@ -131,59 +128,50 @@ node('ubuntu-zion') {
        archiveArtifacts artifacts: "${archiveName}.tar.gz", onlyIfSuccessful: true
      }
    }
-    if (branch == 'master' && ! params.skip_push) {
-      input 'Push image and tags?'
-      stage('Push image') {
-        def dockerhubApiToken
-        withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'docker-hub-credentials',
-            usernameVariable: 'DOCKERHUB_API_USERNAME', passwordVariable: 'DOCKERHUB_API_PASSWORD']]) {
-          OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:${version}")
-          OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:latest")
-          OsTools.runSafe(this, """
-            docker login --username ${env.DOCKERHUB_API_USERNAME} --password ${env.DOCKERHUB_API_PASSWORD}
-          """)
-          OsTools.runSafe(this, "docker push ${organization}/${dockerHubRepository}")
+    if (branch != 'master') {
+      return
+    }
+    input 'Push image and tags?'
+    stage('Push image') {
+      def dockerhubApiToken
+      withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'docker-hub-credentials',
+          usernameVariable: 'DOCKERHUB_API_USERNAME', passwordVariable: 'DOCKERHUB_API_PASSWORD']]) {
+        OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:${version}")
+        OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:latest")
+        OsTools.runSafe(this, """
+          docker login --username ${env.DOCKERHUB_API_USERNAME} --password ${env.DOCKERHUB_API_PASSWORD}
+        """)
+        OsTools.runSafe(this, "docker push ${organization}/${dockerHubRepository}")

-          response = OsTools.runSafe(this, """
-            curl -X POST https://hub.docker.com/v2/users/login/ \
-              -H 'cache-control: no-cache' -H 'content-type: application/json' \
-              -d '{ "username": "${env.DOCKERHUB_API_USERNAME}", "password": "${env.DOCKERHUB_API_PASSWORD}" }'
-          """)
-          token = readJSON text: response
-          dockerhubApiToken = token.token
+        response = OsTools.runSafe(this, """
+          curl -X POST https://hub.docker.com/v2/users/login/ \
+            -H 'cache-control: no-cache' -H 'content-type: application/json' \
+            -d '{ "username": "${env.DOCKERHUB_API_USERNAME}", "password": "${env.DOCKERHUB_API_PASSWORD}" }'
+        """)
+        token = readJSON text: response
+        dockerhubApiToken = token.token

-          def readme = readFile file: 'README.md', encoding: 'UTF-8'
-          readme = readme.replaceAll("(?s)<!--.*?-->", "")
-          readme = readme.replace("\"", "\\\"")
-          readme = readme.replace("\n", "\\n")
-          response = httpRequest customHeaders: [[name: 'authorization', value: "JWT ${dockerhubApiToken}"]],
-              acceptType: 'APPLICATION_JSON', contentType: 'APPLICATION_JSON', httpMode: 'PATCH',
-              requestBody: "{ \"full_description\": \"${readme}\" }",
-              url: "https://hub.docker.com/v2/repositories/${organization}/${dockerHubRepository}/"
-        }
-      }
-      stage('Push tags') {
-        withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: credentialsId,
-                          usernameVariable: 'GITHUB_API_USERNAME', passwordVariable: 'GITHUB_API_PASSWORD']]) {
-          OsTools.runSafe(this, "git tag ${version}")
-          OsTools.runSafe(this, """
-            git push \
-            https://${env.GITHUB_API_USERNAME}:${env.GITHUB_API_PASSWORD}@github.com/${organization}/${gitHubRepository}.git \
-              ${version}
-          """)
-        }
-        OsTools.runSafe(this, "git tag -d ${version}")
+        def readme = readFile file: 'README.md', encoding: 'UTF-8'
+        readme = readme.replaceAll("(?s)<!--.*?-->", "")
+        readme = readme.replace("\"", "\\\"")
+        readme = readme.replace("\n", "\\n")
+        response = httpRequest customHeaders: [[name: 'authorization', value: "JWT ${dockerhubApiToken}"]],
+            acceptType: 'APPLICATION_JSON', contentType: 'APPLICATION_JSON', httpMode: 'PATCH',
+            requestBody: "{ \"full_description\": \"${readme}\" }",
+            url: "https://hub.docker.com/v2/repositories/${organization}/${dockerHubRepository}/"
      }
    }
-    if ((! params.skip_red_hat_build) && (branch == 'master' || params.force_red_hat_build)) {
-      stage('Trigger Red Hat Certified Image Build') {
-        withCredentials([
-            string(credentialsId: 'docker-nexus3-rh-build-project-id', variable: 'PROJECT_ID'),
-            string(credentialsId: 'rh-build-service-api-key', variable: 'API_KEY')]) {
-          final redHatVersion = "${version}-ubi"
-          runGroovy('ci/TriggerRedHatBuild.groovy', [redHatVersion, PROJECT_ID, API_KEY].join(' '))
-        }
+    stage('Push tags') {
+      withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: credentialsId,
+                        usernameVariable: 'GITHUB_API_USERNAME', passwordVariable: 'GITHUB_API_PASSWORD']]) {
+        OsTools.runSafe(this, "git tag ${version}")
+        OsTools.runSafe(this, """
+          git push \
+          https://${env.GITHUB_API_USERNAME}:${env.GITHUB_API_PASSWORD}@github.com/${organization}/${gitHubRepository}.git \
+            ${version}
+        """)
      }
+      OsTools.runSafe(this, "git tag -d ${version}")
    }
  } finally {
    OsTools.runSafe(this, "docker logout")
@@ -20,7 +20,7 @@

 [![Join the chat at https://gitter.im/sonatype/nexus-developers](https://badges.gitter.im/sonatype/nexus-developers.svg)](https://gitter.im/sonatype/nexus-developers?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)

-A Dockerfile for Sonatype Nexus Repository Manager 3, starting with 3.18 the image is based on the [Red Hat Universal Base Image](https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image) while earlier versions used CentOS.
+A Dockerfile for Sonatype Nexus Repository Manager 3, based on CentOS.

 * [Contribution Guidlines](#contribution-guidelines)
 * [Running](#running)
@@ -39,23 +39,16 @@ we would like things to flow.

 ## Running

-To run, binding the exposed port 8081 to the host, use:
+To run, binding the exposed port 8081 to the host.

 ```
 $ docker run -d -p 8081:8081 --name nexus sonatype/nexus3
 ```

-When stopping, be sure to allow sufficient time for the databases to fully shut down.  
-
-```
-docker stop --time=120 <CONTAINER_NAME>
-```
-
-
 To test:

 ```
-$ curl http://localhost:8081/
+$ curl -u admin:admin123 http://localhost:8081/service/metrics/ping
 ```

 ## Building the Nexus Repository Manager image
@@ -88,25 +81,19 @@ We are using `rspec` as the test framework. `serverspec` provides a docker backe

 ## Red Hat Certified Image

-A Red Hat certified container image can be created using `Dockerfile.rh.ubi` which is built to be compliant with Red Hat certification.
+A Red Hat certified container image can be created using `Dockerfile.rh.el` which is built to be compliant with Red Hat certification.
 The image includes additional meta data to comform with Kubernetes and OpenShift standards, a directory with the
 licenses applicable to the software and a man file for help on how to use the software. It also uses an ENTRYPOINT
-script the ensure the running user has access to the appropriate permissions for OpenShift 'restricted' SCC. 
+script the ensure the running user has access to the appropriate permissions for OpenShift 'restricted' SCC. In addition to the
+Red Hat Enterprise Linux image, `Dockerfile.rh.centos` provides the same additions but with a CentOS base.

 The Red Hat certified container image is available from the 
 [Red Hat Container Catalog](https://access.redhat.com/containers/#/registry.connect.redhat.com/sonatype/nexus-repository-manager)
 and qualified accounts can pull it from registry.connect.redhat.com.

-## Other Red Hat Images
-
-In addition to the Universal Base Image, we can build images based on:
-* Red Hat Enterprise Linux: `Dockerfile.rh.el`
-* CentOS: `Dockerfile.rh.centos`
-
 ## Notes

-* Our [system requirements](https://help.sonatype.com/display/NXRM3/System+Requirements) should be taken into account when provisioning the Docker container.
-* Default user is `admin` and the uniquely generated password can be found in the `admin.password` file inside the volume. See [Persistent Data](#user-content-persistent-data) for information about the volume.
+* Default credentials are: `admin` / `admin123`

 * It can take some time (2-3 minutes) for the service to launch in a
 new container.  You can tail the log to determine once Nexus is ready:
@@ -123,7 +110,7 @@ process, which runs as UID 200.

 * There is an environment variable that is being used to pass JVM arguments to the startup script

-  * `INSTALL4J_ADD_VM_PARAMS`, passed to the Install4J startup script. Defaults to `-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs`.
+  * `INSTALL4J_ADD_VM_PARAMS`, passed to the Install4J startup script. Defaults to `-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs`.

  This can be adjusted at runtime:

@@ -1,79 +0,0 @@
-<!--
-
-    Copyright (c) 2011-present Sonatype, Inc. All rights reserved.
-    Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
-    "Sonatype" is a trademark of Sonatype, Inc.
-
-->
-
-# Reporting Security Vulnerabilities
-
-## When to report
-
-First check
-[Important advisories of known security vulnerabilities in Sonatype products](https://support.sonatype.com/hc/en-us/sections/203012668-Security-Advisories)
-to see if this has been previously reported.
-
-## How to report
-
-Please email reports regarding security related issues you find to [mailto:security@sonatype.com](security@sonatype.com).
-
-Use our public key below to keep your message safe.
-
-## What to include
-
-Please use a descriptive subject line in your email report.
-
-Your name and/or affiliation.
-
-A detailed technical description of the vulnerability, attack scenario and where
-possible, how we can reproduce your findings.
-
-Provide us with a secure way to respond.
-
-## What to expect
-
-Your email will be acknowledged within 1 - 2 business days, and you'll receive a
-more detailed response to your email within 7 business days.
-
-We ask that everyone please follow responsible disclosure practices and allow
-time for us to release a fix prior to public release.
-
-Once an issue is reported, Sonatype uses the following disclosure process:
-
-When a report is received, we confirm the issue and determine its severity.
-
-If third-party services or software require mitigation before publication, those
-projects will be notified.
-
-## Our public key
-
-```console
-----BEGIN PUBLIC KEY BLOCK-----
-mQENBFF+a9ABCADQWSAAU7w9i71Zn3TQ6k7lT9x57cRdtX7V709oeN/c/1it+gCw
-onmmCyf4ypor6XcPSOasp/x0s3hVuf6YfMbI0tSwJUWWihrmoPGIXtmiSOotQE0Q
-Sav41xs3YyI9LzQB4ngZR/nhp4YhioD1dVorD6LGXk08rvl2ikoqHwTagbEXZJY7
-3VYhW6JHbZTLwCsfyg6uaSYF1qXfUxHPOiHYKNbhK/tM3giX+9ld/7xi+9f4zEFQ
-eX9wcRTdgdDOAqDOK7MV30KXagSqvW0MgEYtKX6q4KjjRzBYjkiTdFW/yMXub/Bs
-5UckxHTCuAmvpr5J0HIUeLtXi1QCkijyn8HJABEBAAG0KVNvbmF0eXBlIFNlY3Vy
-aXR5IDxzZWN1cml0eUBzb25hdHlwZS5jb20+iQE4BBMBAgAiBQJRfmvQAhsDBgsJ
-CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAgkmxsNtgwfUzbCACLtCgieq1kJOqo
-2i136ND5ZOj31zIzNENLn8dhSg5zQwTHOcntWAtS8uCNq4fSlslwvlbPYWTLD7fE
-iJn1z7BCU8gBk+pkAJJFWEPweMVt+9bYQ4HfKceGbJeuwBBhS34SK9ZIp9gfxxfA
-oTm0aGYwKR5wH3sqL/mrhwKhPt9wXR4qwlE635STEX8wzJ5SBqf3ArJUtCp1rzgR
-Dx+DiZed5HE1pOI2Kyb6O80bm485WThPXxpvp3bfzTNYoGzeLi/F7WkmgggkXxsT
-Pyd0sSx0B/MO4lJtQvEBlIHDFno9mXa30fKl+rzp2geG5UxNHJUjaC5JhfWLEXEX
-wV0ErBsmuQENBFF+a9ABCADXj04+GLIz8VCaZH554nUHEhaKoiIXH3Tj7UiMZDqy
-o4WIw2RFaCQNA8T0R5Q0yxINU146JQMbA2SN59AGcGYZcajyEvTR7tLG0meMO6S0
-JWpkX7s3xaC0s+5SJ/ba00oHGzW0aotgzG9BWA5OniNHK7zZKMVu7M80M/wB1RvK
-x775hAeJ+8F9MDJ+ijydBtaOfDdkbg+0kU1xR6Io+vVLPk38ghlWU8QFP4/B0oWi
-jK4xiDqK6cG7kyH9kC9nau+ckH8MrJ/RzEpsc4GRwqS4IEnvHWe7XbgydWS1bCp6
-8uP5ma3d02elQmSEa+PABIPKnZcAf1YKLr9O/+IzEdOhABEBAAGJAR8EGAECAAkF
-AlF+a9ACGwwACgkQIJJsbDbYMH3WzAf/XOm4YQZFOgG2h9d03m8me8d1vrYico+0
-pBYU9iCozLgamM4er9Efb+XzfLvNVKuqyR0cgvGszukIPQYeX58DMrZ07C+E0wDZ
-bG+ZAYXT5GqsHkSVnMCVIfyJNLjR4sbVzykyVtnccBL6bP3jxbCP1jJdT7bwiKre
-1jQjvyoL0yIegdiN/oEdmx52Fqjt4NkQsp4sk625UBFTVISr22bnf60ZIGgrRbAP
-DU1XMdIrmqmhEEQcXMp4CeflDMksOmaIeAUkZY7eddnXMwQDJTnz5ziCal+1r0R3
-dh0XISRG0NkiLEXeGkrs7Sn7BAAsTsaH/1zU6YbvoWlMlHYT6EarFQ== =sFGt
-----END PUBLIC KEY BLOCK-----
-```
@@ -1,192 +0,0 @@
-/*
- * Copyright (c) 2020-present Sonatype, Inc. All rights reserved.
- * Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
- * "Sonatype" is a trademark of Sonatype, Inc.
- */
-
-/**
- * This script triggers the build service for a certified docker image at Red Hat.
- * It's meant to be used by Jenkins via the Jenkinsfile.
- */
-@Grab('io.github.http-builder-ng:http-builder-ng-core:1.0.4')
-
-import groovyx.net.http.HttpBuilder
-import groovyx.net.http.HttpException
-
-if (args.size() < 3) {
-  System.err.println('Usage: groovy TriggerRedhatBuild.groovy <version> <projectId> <apiKey>')
-  System.exit(1)
-}
-
-new BuildClient(*args).run()
-
-class BuildClient {
-  private static final Integer TIMEOUT_MINUTES = 20
-
-  private final String version
-  private final String projectId
-
-  private final HttpBuilder builder
-
-  BuildClient(String version, String projectId, String apiKey) {
-    this.version = version
-    this.projectId = projectId
-
-    builder = HttpBuilder.configure {
-      request.uri = 'https://connect.redhat.com'
-      request.headers['Authorization'] = "Bearer ${apiKey}"
-      request.contentType = 'application/json'
-      request.body = [:]
-    }
-  }
-
-  /**
-   * fire off a series of requests to build and publish
-   * a container.
-   */
-  void run() {
-    final nextTag = getNextTag(version)
-    println "Triggering build as ${nextTag}"
-
-    final buildStatus = build(nextTag)
-
-    if (buildStatus.status != 'Created') {
-      fail(buildStatus)
-    }
-
-    final completedBuild = getCompletedBuild(nextTag)
-
-    if (completedBuild.failure) {
-      fail(completedBuild.failure)
-    }
-
-    final published = publish(completedBuild.digest, completedBuild.name)
-
-    if (published.failure) {
-      fail(published.failure)
-    }
-
-    println published
-  }
-
-  /**
-   * calculate the cutoff time in the future in miliseconds
-   * for comparison to System.currentTimeMillis()
-   * @param start start time in millis
-   * @param minutes minutes into the future
-   * @return future time in millis
-   */
-  private Long calcCutoffTime(Long start, Integer minutes) {
-    return minutes * 60 * 1000 + start
-  }
-
-  /**
-  * fail with message and exit with an error code for jenkins to see
-  * @param message message to print
-  */
-  private void fail(String message) {
-    System.err.println(message)
-    System.exit(1)
-  }
-
-
-  /**
-  * Request current version tags available at Red Hat.
-  * @return the list of all tags
-  */
-  private List getTags() {
-    return builder.post {
-      request.uri.path = "/api/v2/projects/${projectId}/tags"
-    }.tags
-  }
-
-  /**
-  * Request current version tags available at Red Hat,
-  * and calculate the next tag to use in this build.
-  * @param version the base version we're currently building
-  * @return the full new version string to submit for the next build
-  */
-  private String getNextTag(String version) {
-    final tags = getTags()*.name.collectMany {
-      it.split(', ').collect()
-    }
-
-    final currentIndex = tags.findAll {
-      it.startsWith(version)
-    }.collect {
-      it.replaceAll(/${version}-(\d+)-?.*/, '$1') as Integer
-    }.sort().reverse()[0]
-
-    final nextIndex =((currentIndex ?: 0) as Integer) + 1
-
-    return "${version}-${nextIndex}"
-  }
-
-  /**
-  * Trigger build of the certified image at Red Hat,
-  * @param nextTag the full version tag to be assigned to the new build
-  * @return the map from json with the status of the submitted build
-  */
-  private Map build(String nextTag) {
-    return builder.post {
-      request.uri.path = "/api/v2/projects/${projectId}/build"
-      request.body = [tag: nextTag]
-    }
-  }
-
-  /**
-  * Poll for the completed (built and scanned) build at Red Hat build service.
-  * @param nextTag the full version tag assigned to the new build
-  * @return the map from json with info about the completed build
-  */
-  private Map getCompletedBuild(String nextTag) {
-    final endTime = calcCutoffTime(System.currentTimeMillis(), TIMEOUT_MINUTES)
-
-    while (System.currentTimeMillis() < endTime) {
-      println 'Waiting for build to finish.'
-      sleep 60000
-
-      try {
-        final completedBuild = getTags().find {
-          it.name == nextTag && it.scan_status == 'passed'
-        }
-
-        if (completedBuild) {
-          return completedBuild
-        }
-      } catch (HttpException ex) {
-        ex.printStackTrace()
-        System.err.println "Failed retrieving completed builds, but still trying: ${ex.statusCode} [${ex.body}]"
-      }
-    }
-
-    return [failure: "TIMEOUT waiting for complete build: ${TIMEOUT_MINUTES} minutes"]
-  }
-
-  /**
-  * Trigger publishing of the new image at Red Hat build service.
-  * @param digest hash string that identifies the container to publish
-  * @param name tag name (version) of the container image to publish
-  * @return the map from json with status of the published container image
-  */
-  private Map publish(String digest, String name) {
-    final publishPath = [
-      '/api/v2/projects',
-      projectId,
-      'containers',
-      digest,
-      'tags',
-      name,
-      'publish'
-    ].join('/')
-
-    try {
-      return builder.post {
-        request.uri.path = publishPath
-      }
-    } catch (HttpException ex) {
-      ex.printStackTrace()
-      return [failure: "Failed to publish: ${ex.statusCode} [${ex.body}]"]
-    }
-  }
-}
Author	SHA1	Message	Date
CMYanko	26ee0f7d34	moved n some rhel specific stuff	2019-02-26 16:35:35 -05:00
CMYanko	b5f028837a	Update to new UBI images from Red HAt	2019-02-26 11:51:01 -05:00