Custom-Dockers/docker-nexus3
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: Custom-Dockers/docker-nexus3:3.44.0
Branches Tags
Custom-Dockers/docker-nexus3:master Custom-Dockers/docker-nexus3:3.71.0-06 Custom-Dockers/docker-nexus3:INT-5699-ubi-minimal Custom-Dockers/docker-nexus3:use-jenkins-shared Custom-Dockers/docker-nexus3:use-ubi8 Custom-Dockers/docker-nexus3:NEXUS-19954-increase-mem-default Custom-Dockers/docker-nexus3:UBI
Custom-Dockers/docker-nexus3:3.70.3-01 Custom-Dockers/docker-nexus3:3.70.1-03 Custom-Dockers/docker-nexus3:3.70.1-02 Custom-Dockers/docker-nexus3:3.69.0-02 Custom-Dockers/docker-nexus3:3.67.1-01 Custom-Dockers/docker-nexus3:3.61.0-02 Custom-Dockers/docker-nexus3:3.54.1-01 Custom-Dockers/docker-nexus3:3.44.0-01 Custom-Dockers/docker-nexus3:3.44.0 Custom-Dockers/docker-nexus3:3.38.0 Custom-Dockers/docker-nexus3:3.37.3 Custom-Dockers/docker-nexus3:3.37.2 Custom-Dockers/docker-nexus3:3.32.1 Custom-Dockers/docker-nexus3:3.37.1 Custom-Dockers/docker-nexus3:3.37.0 Custom-Dockers/docker-nexus3:3.36.0 Custom-Dockers/docker-nexus3:3.35.0 Custom-Dockers/docker-nexus3:3.34.1 Custom-Dockers/docker-nexus3:3.34.0 Custom-Dockers/docker-nexus3:3.33.1 Custom-Dockers/docker-nexus3:3.33.0 Custom-Dockers/docker-nexus3:3.32.0 Custom-Dockers/docker-nexus3:3.31.1 Custom-Dockers/docker-nexus3:3.31.0 Custom-Dockers/docker-nexus3:3.30.1 Custom-Dockers/docker-nexus3:3.30.0 Custom-Dockers/docker-nexus3:3.29.2 Custom-Dockers/docker-nexus3:3.29.1 Custom-Dockers/docker-nexus3:3.29.0 Custom-Dockers/docker-nexus3:3.28.1 Custom-Dockers/docker-nexus3:3.28.0 Custom-Dockers/docker-nexus3:3.27.0 Custom-Dockers/docker-nexus3:3.26.1 Custom-Dockers/docker-nexus3:3.26.0 Custom-Dockers/docker-nexus3:3.25.0 Custom-Dockers/docker-nexus3:3.24.1 Custom-Dockers/docker-nexus3:3.24.0 Custom-Dockers/docker-nexus3:3.23.0 Custom-Dockers/docker-nexus3:3.22.1 Custom-Dockers/docker-nexus3:3.22.0 Custom-Dockers/docker-nexus3:3.21.2 Custom-Dockers/docker-nexus3:3.21.1 Custom-Dockers/docker-nexus3:3.21.0 Custom-Dockers/docker-nexus3:3.20.1 Custom-Dockers/docker-nexus3:3.20.0 Custom-Dockers/docker-nexus3:3.19.1 Custom-Dockers/docker-nexus3:3.19.0 Custom-Dockers/docker-nexus3:3.18.1 Custom-Dockers/docker-nexus3:3.18.0 Custom-Dockers/docker-nexus3:3.17.0 Custom-Dockers/docker-nexus3:3.16.2 Custom-Dockers/docker-nexus3:3.16.1 Custom-Dockers/docker-nexus3:3.16.0 Custom-Dockers/docker-nexus3:3.15.2 Custom-Dockers/docker-nexus3:3.15.1 Custom-Dockers/docker-nexus3:3.15.0 Custom-Dockers/docker-nexus3:3.14.0 Custom-Dockers/docker-nexus3:3.13.0-02 Custom-Dockers/docker-nexus3:3.13.0 Custom-Dockers/docker-nexus3:3.12.1 Custom-Dockers/docker-nexus3:3.12.0 Custom-Dockers/docker-nexus3:3.11.0 Custom-Dockers/docker-nexus3:3.10.0 Custom-Dockers/docker-nexus3:3.9.0-01 Custom-Dockers/docker-nexus3:3.8.0 Custom-Dockers/docker-nexus3:3.7.1 Custom-Dockers/docker-nexus3:3.7.0 Custom-Dockers/docker-nexus3:3.6.2 Custom-Dockers/docker-nexus3:3.6.1 Custom-Dockers/docker-nexus3:3.5.2 Custom-Dockers/docker-nexus3:3.5.0 Custom-Dockers/docker-nexus3:3.4.0 Custom-Dockers/docker-nexus3:3.3.2 Custom-Dockers/docker-nexus3:3.3.1 Custom-Dockers/docker-nexus3:3.3.0 Custom-Dockers/docker-nexus3:3.2.1 Custom-Dockers/docker-nexus3:3.2.0 Custom-Dockers/docker-nexus3:3.1.0 Custom-Dockers/docker-nexus3:3.0.2 Custom-Dockers/docker-nexus3:3.0.1
..
compare: Custom-Dockers/docker-nexus3:UBI
Branches Tags
Custom-Dockers/docker-nexus3:3.71.0-06 Custom-Dockers/docker-nexus3:master Custom-Dockers/docker-nexus3:INT-5699-ubi-minimal Custom-Dockers/docker-nexus3:use-jenkins-shared Custom-Dockers/docker-nexus3:use-ubi8 Custom-Dockers/docker-nexus3:NEXUS-19954-increase-mem-default Custom-Dockers/docker-nexus3:UBI
Custom-Dockers/docker-nexus3:3.70.3-01 Custom-Dockers/docker-nexus3:3.70.1-03 Custom-Dockers/docker-nexus3:3.70.1-02 Custom-Dockers/docker-nexus3:3.69.0-02 Custom-Dockers/docker-nexus3:3.67.1-01 Custom-Dockers/docker-nexus3:3.61.0-02 Custom-Dockers/docker-nexus3:3.54.1-01 Custom-Dockers/docker-nexus3:3.44.0-01 Custom-Dockers/docker-nexus3:3.44.0 Custom-Dockers/docker-nexus3:3.38.0 Custom-Dockers/docker-nexus3:3.37.3 Custom-Dockers/docker-nexus3:3.37.2 Custom-Dockers/docker-nexus3:3.32.1 Custom-Dockers/docker-nexus3:3.37.1 Custom-Dockers/docker-nexus3:3.37.0 Custom-Dockers/docker-nexus3:3.36.0 Custom-Dockers/docker-nexus3:3.35.0 Custom-Dockers/docker-nexus3:3.34.1 Custom-Dockers/docker-nexus3:3.34.0 Custom-Dockers/docker-nexus3:3.33.1 Custom-Dockers/docker-nexus3:3.33.0 Custom-Dockers/docker-nexus3:3.32.0 Custom-Dockers/docker-nexus3:3.31.1 Custom-Dockers/docker-nexus3:3.31.0 Custom-Dockers/docker-nexus3:3.30.1 Custom-Dockers/docker-nexus3:3.30.0 Custom-Dockers/docker-nexus3:3.29.2 Custom-Dockers/docker-nexus3:3.29.1 Custom-Dockers/docker-nexus3:3.29.0 Custom-Dockers/docker-nexus3:3.28.1 Custom-Dockers/docker-nexus3:3.28.0 Custom-Dockers/docker-nexus3:3.27.0 Custom-Dockers/docker-nexus3:3.26.1 Custom-Dockers/docker-nexus3:3.26.0 Custom-Dockers/docker-nexus3:3.25.0 Custom-Dockers/docker-nexus3:3.24.1 Custom-Dockers/docker-nexus3:3.24.0 Custom-Dockers/docker-nexus3:3.23.0 Custom-Dockers/docker-nexus3:3.22.1 Custom-Dockers/docker-nexus3:3.22.0 Custom-Dockers/docker-nexus3:3.21.2 Custom-Dockers/docker-nexus3:3.21.1 Custom-Dockers/docker-nexus3:3.21.0 Custom-Dockers/docker-nexus3:3.20.1 Custom-Dockers/docker-nexus3:3.20.0 Custom-Dockers/docker-nexus3:3.19.1 Custom-Dockers/docker-nexus3:3.19.0 Custom-Dockers/docker-nexus3:3.18.1 Custom-Dockers/docker-nexus3:3.18.0 Custom-Dockers/docker-nexus3:3.17.0 Custom-Dockers/docker-nexus3:3.16.2 Custom-Dockers/docker-nexus3:3.16.1 Custom-Dockers/docker-nexus3:3.16.0 Custom-Dockers/docker-nexus3:3.15.2 Custom-Dockers/docker-nexus3:3.15.1 Custom-Dockers/docker-nexus3:3.15.0 Custom-Dockers/docker-nexus3:3.14.0 Custom-Dockers/docker-nexus3:3.13.0-02 Custom-Dockers/docker-nexus3:3.13.0 Custom-Dockers/docker-nexus3:3.12.1 Custom-Dockers/docker-nexus3:3.12.0 Custom-Dockers/docker-nexus3:3.11.0 Custom-Dockers/docker-nexus3:3.10.0 Custom-Dockers/docker-nexus3:3.9.0-01 Custom-Dockers/docker-nexus3:3.8.0 Custom-Dockers/docker-nexus3:3.7.1 Custom-Dockers/docker-nexus3:3.7.0 Custom-Dockers/docker-nexus3:3.6.2 Custom-Dockers/docker-nexus3:3.6.1 Custom-Dockers/docker-nexus3:3.5.2 Custom-Dockers/docker-nexus3:3.5.0 Custom-Dockers/docker-nexus3:3.4.0 Custom-Dockers/docker-nexus3:3.3.2 Custom-Dockers/docker-nexus3:3.3.1 Custom-Dockers/docker-nexus3:3.3.0 Custom-Dockers/docker-nexus3:3.2.1 Custom-Dockers/docker-nexus3:3.2.0 Custom-Dockers/docker-nexus3:3.1.0 Custom-Dockers/docker-nexus3:3.0.2 Custom-Dockers/docker-nexus3:3.0.1

2 Commits
3.44.0 .. UBI

Author SHA1 Message Date
CMYanko 26ee0f7d34 moved n some rhel specific stuff 2019-02-26 16:35:35 -05:00
CMYanko b5f028837a Update to new UBI images from Red HAt 2019-02-26 11:51:01 -05:00
18 changed files with 242 additions and 1176 deletions
Expand all files Collapse all files
.drone.yml
-45
View File
@@ -1,45 +0,0 @@
kind: pipeline
type: docker
name: nexus3_Build
platform:
arch: arm64
steps:
- name: dryrun-nexus3-build
image: plugins/docker
settings:
repo:
from_secret: docker_repo
cache_from:
from_secret: docker_repo
dockerfile: Dockerfile.rh.ubi
mirror:
from_secret: docker_regst
insecure: true
auto_tag: true
dry_run: true
when:
branch:
exclude:
- master
- name: docker-build-push
image: plugins/docker
settings:
repo:
from_secret: docker_repo
username:
from_secret: docker_user
password:
from_secret: docker_pass
registry:
from_secret: docker_regst
cache_from:
from_secret: docker_repo
dockerfile: Dockerfile
auto_tag: true
insecure: true
when:
event:
- push
- tag
Dockerfile
+26 -54
View File
@@ -12,33 +12,17 @@
# See the License for the specific language governing permissions and
# limitations under the License.
FROM registry.access.redhat.com/ubi8/ubi-minimal
FROM registry.access.redhat.com/ubi7/ubi
LABEL name="Nexus Repository Manager" \
maintainer="Sonatype <support@sonatype.com>" \
vendor=Sonatype \
version="3.44.0-01" \
release="3.44.0" \
url="https://sonatype.com" \
summary="The Nexus Repository Manager server \
with universal support for popular component formats." \
description="The Nexus Repository Manager server \
with universal support for popular component formats." \
run="docker run -d --name NAME \
-p 8081:8081 \
IMAGE" \
stop="docker stop NAME" \
MAINTAINER Sonatype <cloud-ops@sonatype.com>
LABEL vendor=Sonatype \
com.sonatype.license="Apache License, Version 2.0" \
com.sonatype.name="Nexus Repository Manager base image" \
io.k8s.description="The Nexus Repository Manager server \
with universal support for popular component formats." \
io.k8s.display-name="Nexus Repository Manager" \
io.openshift.expose-services="8081:8081" \
io.openshift.tags="Sonatype,Nexus,Repository Manager"
com.sonatype.name="Nexus Repository Manager base image"
ARG NEXUS_VERSION=3.44.0-01
ARG NEXUS_VERSION=3.15.2-01
ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
ARG NEXUS_DOWNLOAD_SHA256_HASH=1b508c4494845c27a8afd56a5b2065039a1867a5a6ce022f12251e0a9b358b76
ARG NEXUS_DOWNLOAD_SHA256_HASH=acde357f5bbc6100eb0d5a4c60a1673d5f1f785e71a36cfa308b8dfa45cf25d0
# configure nexus runtime
ENV SONATYPE_DIR=/opt/sonatype
@@ -48,43 +32,31 @@ ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \
SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \
DOCKER_TYPE='rh-docker'
# Install Java & tar
RUN microdnf update -y \
&& microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install -y \
java-1.8.0-openjdk-headless tar procps shadow-utils gzip \
&& microdnf clean all \
&& groupadd --gid 200 -r nexus \
&& useradd --uid 200 -r nexus -g nexus -s /bin/false -d /opt/sonatype/nexus -c 'Nexus Repository Manager user'
ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20190212-155606.d1afdfe"
ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz"
WORKDIR ${SONATYPE_DIR}
ADD solo.json.erb /var/chef/solo.json.erb
# Download nexus & setup directories
RUN curl -L ${NEXUS_DOWNLOAD_URL} --output nexus-${NEXUS_VERSION}-unix.tar.gz \
&& echo "${NEXUS_DOWNLOAD_SHA256_HASH} nexus-${NEXUS_VERSION}-unix.tar.gz" > nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
&& sha256sum -c nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
&& tar -xvf nexus-${NEXUS_VERSION}-unix.tar.gz \
&& rm -f nexus-${NEXUS_VERSION}-unix.tar.gz nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
&& mv nexus-${NEXUS_VERSION} $NEXUS_HOME \
&& chown -R nexus:nexus ${SONATYPE_WORK} \
&& mv ${SONATYPE_WORK}/nexus3 ${NEXUS_DATA} \
&& ln -s ${NEXUS_DATA} ${SONATYPE_WORK}/nexus3
# Removing java memory settings from nexus.vmoptions since now we use INSTALL4J_ADD_VM_PARAMS
RUN sed -i '/^-Xms/d;/^-Xmx/d;/^-XX:MaxDirectMemorySize/d' $NEXUS_HOME/bin/nexus.vmoptions
RUN echo "#!/bin/bash" >> ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& echo "cd /opt/sonatype/nexus" >> ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& echo "exec ./bin/nexus run" >> ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& chmod a+x ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& sed -e '/^nexus-context/ s:$:${NEXUS_CONTEXT}:' -i ${NEXUS_HOME}/etc/nexus-default.properties
RUN microdnf remove -y tar gzip shadow-utils
# Install using chef-solo
RUN curl -L https://www.getchef.com/chef/install.sh | bash \
&& /opt/chef/embedded/bin/erb /var/chef/solo.json.erb > /var/chef/solo.json \
&& chef-solo \
--node_name nexus_repository_red_hat_docker_build \
--recipe-url ${NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL} \
--json-attributes /var/chef/solo.json \
&& rpm -qa *chef* | xargs rpm -e \
&& rpm --rebuilddb \
&& rm -rf /etc/chef \
&& rm -rf /opt/chefdk \
&& rm -rf /var/cache/yum \
&& rm -rf /var/chef
VOLUME ${NEXUS_DATA}
EXPOSE 8081
USER nexus
ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
CMD ["/opt/sonatype/nexus/bin/nexus", "run"]
ENTRYPOINT ["/uid_entrypoint.sh"]
CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]
Dockerfile.rh.centos
+26 -46
View File
@@ -12,13 +12,14 @@
# See the License for the specific language governing permissions and
# limitations under the License.
FROM centos:centos7
FROM registry.access.redhat.com/ubi7/ubi
MAINTAINER Sonatype <cloud-ops@sonatype.com>
LABEL name="Nexus Repository Manager" \
maintainer="Sonatype <support@sonatype.com>" \
vendor=Sonatype \
version="3.44.0-01" \
release="3.44.0" \
version="3.15.2-01" \
release="3.15.2" \
url="https://sonatype.com" \
summary="The Nexus Repository Manager server \
with universal support for popular component formats." \
@@ -36,9 +37,9 @@ LABEL name="Nexus Repository Manager" \
io.openshift.expose-services="8081:8081" \
io.openshift.tags="Sonatype,Nexus,Repository Manager"
ARG NEXUS_VERSION=3.44.0-01
ARG NEXUS_VERSION=3.15.2-01
ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
ARG NEXUS_DOWNLOAD_SHA256_HASH=1b508c4494845c27a8afd56a5b2065039a1867a5a6ce022f12251e0a9b358b76
ARG NEXUS_DOWNLOAD_SHA256_HASH=acde357f5bbc6100eb0d5a4c60a1673d5f1f785e71a36cfa308b8dfa45cf25d0
# configure nexus runtime
ENV SONATYPE_DIR=/opt/sonatype
@@ -48,52 +49,31 @@ ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \
SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \
DOCKER_TYPE='rh-docker'
# Install java & setup user
RUN yum install -y java-1.8.0-openjdk-headless \
&& yum clean all \
ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20190212-155606.d1afdfe"
ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz"
ADD solo.json.erb /var/chef/solo.json.erb
# Install using chef-solo
RUN curl -L https://www.getchef.com/chef/install.sh | bash \
&& /opt/chef/embedded/bin/erb /var/chef/solo.json.erb > /var/chef/solo.json \
&& chef-solo \
--node_name nexus_repository_red_hat_docker_build \
--recipe-url ${NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL} \
--json-attributes /var/chef/solo.json \
&& rpm -qa *chef* | xargs rpm -e \
&& rpm --rebuilddb \
&& rm -rf /etc/chef \
&& rm -rf /opt/chefdk \
&& rm -rf /var/cache/yum \
&& groupadd --gid 200 -r nexus \
&& useradd --uid 200 -r nexus -g nexus -s /bin/false -d /opt/sonatype/nexus -c 'Nexus Repository Manager user'
# Red Hat Certified Container commands
COPY rh-docker /
RUN usermod -a -G root nexus \
&& chmod -R 0755 /licenses \
&& chmod 0755 /help.1 \
&& chmod 0755 /uid_entrypoint.sh \
&& chmod 0755 /uid_template.sh \
&& bash /uid_template.sh \
&& chmod 0664 /etc/passwd
WORKDIR ${SONATYPE_DIR}
# Download nexus & setup directories
RUN curl -L ${NEXUS_DOWNLOAD_URL} --output nexus-${NEXUS_VERSION}-unix.tar.gz \
&& echo "${NEXUS_DOWNLOAD_SHA256_HASH} nexus-${NEXUS_VERSION}-unix.tar.gz" > nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
&& sha256sum -c nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
&& tar -xvf nexus-${NEXUS_VERSION}-unix.tar.gz \
&& rm -f nexus-${NEXUS_VERSION}-unix.tar.gz nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
&& mv nexus-${NEXUS_VERSION} $NEXUS_HOME \
&& chown -R nexus:nexus ${SONATYPE_WORK} \
&& mv ${SONATYPE_WORK}/nexus3 ${NEXUS_DATA} \
&& ln -s ${NEXUS_DATA} ${SONATYPE_WORK}/nexus3
# Removing java memory settings from nexus.vmoptions since now we use INSTALL4J_ADD_VM_PARAMS
RUN sed -i '/^-Xms/d;/^-Xmx/d;/^-XX:MaxDirectMemorySize/d' $NEXUS_HOME/bin/nexus.vmoptions
# Legacy start script
RUN echo "#!/bin/bash" >> ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& echo "cd /opt/sonatype/nexus" >> ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& echo "exec ./bin/nexus run" >> ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& chmod a+x ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& sed -e '/^nexus-context/ s:$:${NEXUS_CONTEXT}:' -i ${NEXUS_HOME}/etc/nexus-default.properties
&& rm -rf /var/chef
VOLUME ${NEXUS_DATA}
EXPOSE 8081
USER nexus
ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
ENTRYPOINT ["/uid_entrypoint.sh"]
CMD ["/opt/sonatype/nexus/bin/nexus", "run"]
CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]
Dockerfile.rh.el
+26 -46
View File
@@ -12,13 +12,14 @@
# See the License for the specific language governing permissions and
# limitations under the License.
FROM registry.access.redhat.com/rhel7/rhel
FROM registry.access.redhat.com/ubi7/ubi
MAINTAINER Sonatype <cloud-ops@sonatype.com>
LABEL name="Nexus Repository Manager" \
maintainer="Sonatype <support@sonatype.com>" \
vendor=Sonatype \
version="3.44.0-01" \
release="3.44.0" \
version="3.15.2-01" \
release="3.15.2" \
url="https://sonatype.com" \
summary="The Nexus Repository Manager server \
with universal support for popular component formats." \
@@ -36,9 +37,9 @@ LABEL name="Nexus Repository Manager" \
io.openshift.expose-services="8081:8081" \
io.openshift.tags="Sonatype,Nexus,Repository Manager"
ARG NEXUS_VERSION=3.44.0-01
ARG NEXUS_VERSION=3.15.2-01
ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
ARG NEXUS_DOWNLOAD_SHA256_HASH=1b508c4494845c27a8afd56a5b2065039a1867a5a6ce022f12251e0a9b358b76
ARG NEXUS_DOWNLOAD_SHA256_HASH=acde357f5bbc6100eb0d5a4c60a1673d5f1f785e71a36cfa308b8dfa45cf25d0
# configure nexus runtime
ENV SONATYPE_DIR=/opt/sonatype
@@ -48,52 +49,31 @@ ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \
SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \
DOCKER_TYPE='rh-docker'
# Install java & setup user
RUN yum install -y java-1.8.0-openjdk-headless \
&& yum clean all \
ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20190212-155606.d1afdfe"
ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz"
ADD solo.json.erb /var/chef/solo.json.erb
# Install using chef-solo
RUN curl -L https://www.getchef.com/chef/install.sh | bash \
&& /opt/chef/embedded/bin/erb /var/chef/solo.json.erb > /var/chef/solo.json \
&& chef-solo \
--node_name nexus_repository_red_hat_docker_build \
--recipe-url ${NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL} \
--json-attributes /var/chef/solo.json \
&& rpm -qa *chef* | xargs rpm -e \
&& rpm --rebuilddb \
&& rm -rf /etc/chef \
&& rm -rf /opt/chefdk \
&& rm -rf /var/cache/yum \
&& groupadd --gid 200 -r nexus \
&& useradd --uid 200 -r nexus -g nexus -s /bin/false -d /opt/sonatype/nexus -c 'Nexus Repository Manager user'
# Red Hat Certified Container commands
COPY rh-docker /
RUN usermod -a -G root nexus \
&& chmod -R 0755 /licenses \
&& chmod 0755 /help.1 \
&& chmod 0755 /uid_entrypoint.sh \
&& chmod 0755 /uid_template.sh \
&& bash /uid_template.sh \
&& chmod 0664 /etc/passwd
WORKDIR ${SONATYPE_DIR}
# Download nexus & setup directories
RUN curl -L ${NEXUS_DOWNLOAD_URL} --output nexus-${NEXUS_VERSION}-unix.tar.gz \
&& echo "${NEXUS_DOWNLOAD_SHA256_HASH} nexus-${NEXUS_VERSION}-unix.tar.gz" > nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
&& sha256sum -c nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
&& tar -xvf nexus-${NEXUS_VERSION}-unix.tar.gz \
&& rm -f nexus-${NEXUS_VERSION}-unix.tar.gz nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
&& mv nexus-${NEXUS_VERSION} $NEXUS_HOME \
&& chown -R nexus:nexus ${SONATYPE_WORK} \
&& mv ${SONATYPE_WORK}/nexus3 ${NEXUS_DATA} \
&& ln -s ${NEXUS_DATA} ${SONATYPE_WORK}/nexus3
# Removing java memory settings from nexus.vmoptions since now we use INSTALL4J_ADD_VM_PARAMS
RUN sed -i '/^-Xms/d;/^-Xmx/d;/^-XX:MaxDirectMemorySize/d' $NEXUS_HOME/bin/nexus.vmoptions
# Legacy start script
RUN echo "#!/bin/bash" >> ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& echo "cd /opt/sonatype/nexus" >> ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& echo "exec ./bin/nexus run" >> ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& chmod a+x ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& sed -e '/^nexus-context/ s:$:${NEXUS_CONTEXT}:' -i ${NEXUS_HOME}/etc/nexus-default.properties
&& rm -rf /var/chef
VOLUME ${NEXUS_DATA}
EXPOSE 8081
USER nexus
ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
ENTRYPOINT ["/uid_entrypoint.sh"]
CMD ["/opt/sonatype/nexus/bin/nexus", "run"]
CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]
Dockerfile.rh.ubi
-103
View File
@@ -1,103 +0,0 @@
# Copyright (c) 2016-present Sonatype, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM registry.access.redhat.com/ubi8/ubi-minimal
LABEL name="Nexus Repository Manager" \
vendor=Sonatype \
maintainer="Sonatype <support@sonatype.com>" \
version="3.44.0-01" \
release="3.44.0" \
url="https://sonatype.com" \
summary="The Nexus Repository Manager server \
with universal support for popular component formats." \
description="The Nexus Repository Manager server \
with universal support for popular component formats." \
run="docker run -d --name NAME \
-p 8081:8081 \
IMAGE" \
stop="docker stop NAME" \
com.sonatype.license="Apache License, Version 2.0" \
com.sonatype.name="Nexus Repository Manager base image" \
io.k8s.description="The Nexus Repository Manager server \
with universal support for popular component formats." \
io.k8s.display-name="Nexus Repository Manager" \
io.openshift.expose-services="8081:8081" \
io.openshift.tags="Sonatype,Nexus,Repository Manager"
ARG NEXUS_VERSION=3.44.0-01
ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
ARG NEXUS_DOWNLOAD_SHA256_HASH=1b508c4494845c27a8afd56a5b2065039a1867a5a6ce022f12251e0a9b358b76
# configure nexus runtime
ENV SONATYPE_DIR=/opt/sonatype
ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \
NEXUS_DATA=/nexus-data \
NEXUS_CONTEXT='' \
SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \
DOCKER_TYPE='rh-docker'
# Install java & setup user
RUN microdnf update -y \
&& microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install -y \
java-1.8.0-openjdk-headless tar procps shadow-utils gzip \
&& microdnf clean all \
&& groupadd --gid 200 -r nexus \
&& useradd --uid 200 -r nexus -g nexus -s /bin/false -d /opt/sonatype/nexus -c 'Nexus Repository Manager user'
# Red Hat Certified Container commands
COPY rh-docker /
RUN usermod -a -G root nexus \
&& chmod -R 0755 /licenses \
&& chmod 0755 /help.1 \
&& chmod 0755 /uid_entrypoint.sh \
&& chmod 0755 /uid_template.sh \
&& bash /uid_template.sh \
&& chmod 0664 /etc/passwd
WORKDIR ${SONATYPE_DIR}
# Download nexus & setup directories
RUN curl -L ${NEXUS_DOWNLOAD_URL} --output nexus-${NEXUS_VERSION}-unix.tar.gz \
&& echo "${NEXUS_DOWNLOAD_SHA256_HASH} nexus-${NEXUS_VERSION}-unix.tar.gz" > nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
&& sha256sum -c nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
&& tar -xvf nexus-${NEXUS_VERSION}-unix.tar.gz \
&& rm -f nexus-${NEXUS_VERSION}-unix.tar.gz nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
&& mv nexus-${NEXUS_VERSION} $NEXUS_HOME \
&& chown -R nexus:nexus ${SONATYPE_WORK} \
&& mv ${SONATYPE_WORK}/nexus3 ${NEXUS_DATA} \
&& ln -s ${NEXUS_DATA} ${SONATYPE_WORK}/nexus3
# Removing java memory settings from nexus.vmoptions since now we use INSTALL4J_ADD_VM_PARAMS
RUN sed -i '/^-Xms/d;/^-Xmx/d;/^-XX:MaxDirectMemorySize/d' $NEXUS_HOME/bin/nexus.vmoptions
# Legacy start script
RUN echo "#!/bin/bash" >> ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& echo "cd /opt/sonatype/nexus" >> ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& echo "exec ./bin/nexus run" >> ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& chmod a+x ${SONATYPE_DIR}/start-nexus-repository-manager.sh \
&& sed -e '/^nexus-context/ s:$:${NEXUS_CONTEXT}:' -i ${NEXUS_HOME}/etc/nexus-default.properties
# Cleanup
RUN microdnf remove -y tar gzip shadow-utils
VOLUME ${NEXUS_DATA}
EXPOSE 8081
USER nexus
ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
ENTRYPOINT ["/uid_entrypoint.sh"]
CMD ["/opt/sonatype/nexus/bin/nexus", "run"]
Jenkinsfile
Vendored
+150 -25
View File
@@ -3,12 +3,21 @@
* Includes the third-party code listed at http://links.sonatype.com/products/nexus/attributions.
* "Sonatype" is a trademark of Sonatype, Inc.
*/
@Library(['private-pipeline-library', 'jenkins-shared']) _
@Library('ci-pipeline-library') _
import com.sonatype.jenkins.pipeline.GitHub
import com.sonatype.jenkins.pipeline.OsTools
properties([
parameters([
string(defaultValue: '', description: 'New Nexus Repository Manager Version', name: 'nexus_repository_manager_version'),
string(defaultValue: '', description: 'New Nexus Repository Manager Version Sha256', name: 'nexus_repository_manager_version_sha'),
string(defaultValue: '', description: 'New Nexus Repository Manager Cookbook Version', name: 'nexus_repository_manager_cookbook_version'),
])
])
node('ubuntu-zion') {
def commitId, commitDate, imageId, branch
def commitId, commitDate, version, imageId, branch, dockerFileLocations
def organization = 'sonatype',
gitHubRepository = 'docker-nexus3',
credentialsId = 'integrations-github-api',
@@ -20,23 +29,45 @@ node('ubuntu-zion') {
try {
stage('Preparation') {
deleteDir()
OsTools.runSafe(this, 'docker system prune -a -f')
OsTools.runSafe(this, "docker system prune -a -f")
def checkoutDetails = checkout scm
branch = checkoutDetails.GIT_BRANCH == 'origin/main' ? 'main' : checkoutDetails.GIT_BRANCH
dockerFileLocations = [
"${pwd()}/Dockerfile",
"${pwd()}/Dockerfile.rh.centos",
"${pwd()}/Dockerfile.rh.el"
]
branch = checkoutDetails.GIT_BRANCH == 'origin/master' ? 'master' : checkoutDetails.GIT_BRANCH
commitId = checkoutDetails.GIT_COMMIT
commitDate = OsTools.runSafe(this, "git show -s --format=%cd --date=format:%Y%m%d-%H%M%S ${commitId}")
OsTools.runSafe(this, 'git config --global user.email sonatype-ci@sonatype.com')
OsTools.runSafe(this, 'git config --global user.name Sonatype CI')
version = readVersion()
def apiToken
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: credentialsId,
usernameVariable: 'GITHUB_API_USERNAME', passwordVariable: 'GITHUB_API_PASSWORD']]) {
apiToken = env.GITHUB_API_PASSWORD
}
gitHub = new GitHub(this, "${organization}/${gitHubRepository}", apiToken)
if (params.nexus_repository_manager_version && params.nexus_repository_manager_version_sha) {
stage('Update Repository Manager Version') {
OsTools.runSafe(this, "git checkout ${branch}")
dockerFileLocations.each { updateRepositoryManagerVersion(it) }
version = getShortVersion(params.nexus_repository_manager_version)
}
}
if (params.nexus_repository_manager_cookbook_version) {
stage('Update Repository Manager Cookbook Version') {
OsTools.runSafe(this, "git checkout ${branch}")
dockerFileLocations.each { updateRepositoryCookbookVersion(it) }
}
}
}
stage('Build') {
gitHub.statusUpdate commitId, 'pending', 'build', 'Build is running'
@@ -56,49 +87,115 @@ node('ubuntu-zion') {
def gemInstallDirectory = getGemInstallDirectory()
withEnv(["PATH+GEMS=${gemInstallDirectory}/bin"]) {
OsTools.runSafe(this, 'gem install --user-install rspec')
OsTools.runSafe(this, 'gem install --user-install serverspec')
OsTools.runSafe(this, 'gem install --user-install docker-api')
OsTools.runSafe(this, "gem install --user-install rspec")
OsTools.runSafe(this, "gem install --user-install serverspec")
OsTools.runSafe(this, "gem install --user-install docker-api")
OsTools.runSafe(this, "IMAGE_ID=${imageId} rspec --backtrace spec/Dockerfile_spec.rb")
}
if (currentBuild.result == 'FAILURE') {
gitHub.statusUpdate commitId, 'failure', 'test', 'Tests failed'
return
} else {
gitHub.statusUpdate commitId, 'success', 'test', 'Tests succeeded'
}
gitHub.statusUpdate commitId, 'success', 'test', 'Tests succeeded'
}
stage('Evaluate Policies') {
runEvaluation({ stage ->
nexusPolicyEvaluation(
iqStage: stage,
iqApplication: 'docker-nexus3',
iqScanPatterns: [[scanPattern: "container:${imageName}"]],
failBuildOnNetworkError: true,
)}, (branch == 'main') ? 'build' : 'develop')
}
if (currentBuild.result == 'FAILURE') {
return
}
if (params.nexus_repository_manager_version && params.nexus_repository_manager_version_sha
|| params.nexus_repository_manager_cookbook_version) {
stage('Commit Automated Code Update') {
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'integrations-github-api',
usernameVariable: 'GITHUB_API_USERNAME', passwordVariable: 'GITHUB_API_PASSWORD']]) {
def commitMessage = [
params.nexus_repository_manager_version && params.nexus_repository_manager_version_sha ?
"Update Repository Manager to ${params.nexus_repository_manager_version}." : "",
params.nexus_repository_manager_cookbook_version ?
"Update Repository Manager Cookbook to ${params.nexus_repository_manager_cookbook_version}." : ""
].findAll({ it }).join(' ')
OsTools.runSafe(this, """
git add .
git commit -m '${commitMessage}'
git push https://${env.GITHUB_API_USERNAME}:${env.GITHUB_API_PASSWORD}@github.com/${organization}/${gitHubRepository}.git ${branch}
""")
}
}
}
stage('Archive') {
dir('build/target') {
OsTools.runSafe(this, "docker save ${imageName} | gzip > ${archiveName}.tar.gz")
archiveArtifacts artifacts: "${archiveName}.tar.gz", onlyIfSuccessful: true
}
}
if (branch != 'master') {
return
}
input 'Push image and tags?'
stage('Push image') {
def dockerhubApiToken
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'docker-hub-credentials',
usernameVariable: 'DOCKERHUB_API_USERNAME', passwordVariable: 'DOCKERHUB_API_PASSWORD']]) {
OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:${version}")
OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:latest")
OsTools.runSafe(this, """
docker login --username ${env.DOCKERHUB_API_USERNAME} --password ${env.DOCKERHUB_API_PASSWORD}
""")
OsTools.runSafe(this, "docker push ${organization}/${dockerHubRepository}")
response = OsTools.runSafe(this, """
curl -X POST https://hub.docker.com/v2/users/login/ \
-H 'cache-control: no-cache' -H 'content-type: application/json' \
-d '{ "username": "${env.DOCKERHUB_API_USERNAME}", "password": "${env.DOCKERHUB_API_PASSWORD}" }'
""")
token = readJSON text: response
dockerhubApiToken = token.token
def readme = readFile file: 'README.md', encoding: 'UTF-8'
readme = readme.replaceAll("(?s)<!--.*?-->", "")
readme = readme.replace("\"", "\\\"")
readme = readme.replace("\n", "\\n")
response = httpRequest customHeaders: [[name: 'authorization', value: "JWT ${dockerhubApiToken}"]],
acceptType: 'APPLICATION_JSON', contentType: 'APPLICATION_JSON', httpMode: 'PATCH',
requestBody: "{ \"full_description\": \"${readme}\" }",
url: "https://hub.docker.com/v2/repositories/${organization}/${dockerHubRepository}/"
}
}
stage('Push tags') {
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: credentialsId,
usernameVariable: 'GITHUB_API_USERNAME', passwordVariable: 'GITHUB_API_PASSWORD']]) {
OsTools.runSafe(this, "git tag ${version}")
OsTools.runSafe(this, """
git push \
https://${env.GITHUB_API_USERNAME}:${env.GITHUB_API_PASSWORD}@github.com/${organization}/${gitHubRepository}.git \
${version}
""")
}
OsTools.runSafe(this, "git tag -d ${version}")
}
} finally {
OsTools.runSafe(this, 'docker logout')
OsTools.runSafe(this, 'docker system prune -a -f')
OsTools.runSafe(this, 'git clean -f && git reset --hard origin/main')
OsTools.runSafe(this, "docker logout")
OsTools.runSafe(this, "docker system prune -a -f")
OsTools.runSafe(this, 'git clean -f && git reset --hard origin/master')
}
}
def readVersion() {
def content = readFile 'Dockerfile'
for (line in content.split('\n')) {
if (line.startsWith('ARG NEXUS_VERSION=')) {
return getShortVersion(line.substring(18))
}
}
error 'Could not determine version.'
}
def getShortVersion(version) {
return version.split('-')[0]
}
def getGemInstallDirectory() {
def content = OsTools.runSafe(this, 'gem env')
def content = OsTools.runSafe(this, "gem env")
for (line in content.split('\n')) {
if (line.startsWith(' - USER INSTALLATION DIRECTORY: ')) {
return line.substring(33)
@@ -106,3 +203,31 @@ def getGemInstallDirectory() {
}
error 'Could not determine user gem install directory.'
}
def updateRepositoryManagerVersion(dockerFileLocation) {
def dockerFile = readFile(file: dockerFileLocation)
def metaVersionRegex = /(version=")(\d\.\d{1,3}\.\d\-\d{2})(" \\)/
def metaShortVersionRegex = /(release=")(\d\.\d{1,3}\.\d)(" \\)/
def versionRegex = /(ARG NEXUS_VERSION=)(\d\.\d{1,3}\.\d\-\d{2})/
def shaRegex = /(ARG NEXUS_DOWNLOAD_SHA256_HASH=)([A-Fa-f0-9]{64})/
dockerFile = dockerFile.replaceAll(metaVersionRegex, "\$1${params.nexus_repository_manager_version}\$3")
dockerFile = dockerFile.replaceAll(metaShortVersionRegex,
"\$1${params.nexus_repository_manager_version.substring(0, params.nexus_repository_manager_version.indexOf('-'))}\$3")
dockerFile = dockerFile.replaceAll(versionRegex, "\$1${params.nexus_repository_manager_version}")
dockerFile = dockerFile.replaceAll(shaRegex, "\$1${params.nexus_repository_manager_version_sha}")
writeFile(file: dockerFileLocation, text: dockerFile)
}
def updateRepositoryCookbookVersion(dockerFileLocation) {
def dockerFile = readFile(file: dockerFileLocation)
def cookbookVersionRegex = /(ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION=")(release-\d\.\d\.\d{8}\-\d{6}\.[a-z0-9]{7})(")/
dockerFile = dockerFile.replaceAll(cookbookVersionRegex, "\$1${params.nexus_repository_manager_cookbook_version}\$3")
writeFile(file: dockerFileLocation, text: dockerFile)
}
Jenkinsfile-Release
-260
View File
@@ -1,260 +0,0 @@
/*
* Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
* Includes the third-party code listed at http://links.sonatype.com/products/nexus/attributions.
* "Sonatype" is a trademark of Sonatype, Inc.
*/
@Library(['private-pipeline-library', 'jenkins-shared']) _
import com.sonatype.jenkins.pipeline.GitHub
import com.sonatype.jenkins.pipeline.OsTools
properties([
parameters([
string(defaultValue: '', description: 'New Nexus Repository Manager Version', name: 'nexus_repository_manager_version'),
string(defaultValue: '', description: 'New Nexus Repository Manager Version Sha256', name: 'nexus_repository_manager_version_sha'),
string(defaultValue: '', description: 'New Nexus Repository Manager Cookbook Version', name: 'nexus_repository_manager_cookbook_version'),
booleanParam(defaultValue: false, description: 'Skip Pushing of Docker Image and Tags', name: 'skip_push'),
booleanParam(defaultValue: false, description: 'Only update the latest tag', name: 'update_latest_only')
])
])
node('ubuntu-zion-legacy') {
def commitId, commitDate, version, imageId, branch, dockerFileLocations
def organization = 'sonatype',
gitHubRepository = 'docker-nexus3',
credentialsId = 'integrations-github-api',
imageName = 'sonatype/nexus3',
archiveName = 'docker-nexus3',
dockerHubRepository = 'nexus3'
GitHub gitHub
try {
stage('Preparation') {
deleteDir()
OsTools.runSafe(this, "docker system prune -a -f")
def checkoutDetails = checkout scm
dockerFileLocations = [
"${pwd()}/Dockerfile",
"${pwd()}/Dockerfile.rh.centos",
"${pwd()}/Dockerfile.rh.el",
"${pwd()}/Dockerfile.rh.ubi"
]
branch = checkoutDetails.GIT_BRANCH == 'origin/main' ? 'main' : checkoutDetails.GIT_BRANCH
commitId = checkoutDetails.GIT_COMMIT
commitDate = OsTools.runSafe(this, "git show -s --format=%cd --date=format:%Y%m%d-%H%M%S ${commitId}")
OsTools.runSafe(this, 'git config --global user.email sonatype-ci@sonatype.com')
OsTools.runSafe(this, 'git config --global user.name Sonatype CI')
version = readVersion()
def apiToken
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: credentialsId,
usernameVariable: 'GITHUB_API_USERNAME', passwordVariable: 'GITHUB_API_PASSWORD']]) {
apiToken = env.GITHUB_API_PASSWORD
}
gitHub = new GitHub(this, "${organization}/${gitHubRepository}", apiToken)
if (params.nexus_repository_manager_version && params.nexus_repository_manager_version_sha) {
stage('Update Repository Manager Version') {
OsTools.runSafe(this, "git checkout ${branch}")
dockerFileLocations.each { updateRepositoryManagerVersion(it) }
version = getShortVersion(params.nexus_repository_manager_version)
}
}
if (params.nexus_repository_manager_cookbook_version) {
stage('Update Repository Manager Cookbook Version') {
OsTools.runSafe(this, "git checkout ${branch}")
dockerFileLocations.each { updateRepositoryCookbookVersion(it) }
}
}
}
stage('Build') {
gitHub.statusUpdate commitId, 'pending', 'build', 'Build is running'
def hash = OsTools.runSafe(this, "docker build --quiet --no-cache --tag ${imageName} .")
imageId = hash.split(':')[1]
if (currentBuild.result == 'FAILURE') {
gitHub.statusUpdate commitId, 'failure', 'build', 'Build failed'
return
} else {
gitHub.statusUpdate commitId, 'success', 'build', 'Build succeeded'
}
}
stage('Test') {
gitHub.statusUpdate commitId, 'pending', 'test', 'Tests are running'
def gemInstallDirectory = getGemInstallDirectory()
withEnv(["PATH+GEMS=${gemInstallDirectory}/bin"]) {
OsTools.runSafe(this, "gem install --user-install rspec")
OsTools.runSafe(this, "gem install --user-install serverspec")
OsTools.runSafe(this, "gem install --user-install docker-api")
OsTools.runSafe(this, "IMAGE_ID=${imageId} rspec --backtrace spec/Dockerfile_spec.rb")
}
if (currentBuild.result == 'FAILURE') {
gitHub.statusUpdate commitId, 'failure', 'test', 'Tests failed'
return
} else {
gitHub.statusUpdate commitId, 'success', 'test', 'Tests succeeded'
}
}
stage('Evaluate Policies') {
runEvaluation({ stage ->
nexusPolicyEvaluation(
iqStage: stage,
iqApplication: 'docker-nexus3',
iqScanPatterns: [[scanPattern: "container:${imageName}"]],
failBuildOnNetworkError: true,
)}, 'release')
}
if (currentBuild.result == 'FAILURE') {
return
}
if (params.nexus_repository_manager_version && params.nexus_repository_manager_version_sha
|| params.nexus_repository_manager_cookbook_version) {
stage('Commit Automated Code Update') {
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'integrations-github-api',
usernameVariable: 'GITHUB_API_USERNAME', passwordVariable: 'GITHUB_API_PASSWORD']]) {
def commitMessage = [
params.nexus_repository_manager_version && params.nexus_repository_manager_version_sha ?
"Update Repository Manager to ${params.nexus_repository_manager_version}." : "",
params.nexus_repository_manager_cookbook_version ?
"Update Repository Manager Cookbook to ${params.nexus_repository_manager_cookbook_version}." : ""
].findAll({ it }).join(' ')
if (!params.update_latest_only) {
OsTools.runSafe(this, """
git add .
git commit -m '${commitMessage}'
git push https://${env.GITHUB_API_USERNAME}:${env.GITHUB_API_PASSWORD}@github.com/${organization}/${gitHubRepository}.git ${branch}
""")
}
}
}
}
stage('Archive') {
dir('build/target') {
OsTools.runSafe(this, "docker save ${imageName} | gzip > ${archiveName}.tar.gz")
archiveArtifacts artifacts: "${archiveName}.tar.gz", onlyIfSuccessful: true
}
}
if (branch == 'main' && !params.skip_push && !params.update_latest_only) {
input 'Push image and tags?'
stage('Push image') {
def dockerhubApiToken
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'docker-hub-credentials',
usernameVariable: 'DOCKERHUB_API_USERNAME', passwordVariable: 'DOCKERHUB_API_PASSWORD']]) {
OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:${version}")
OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:latest")
OsTools.runSafe(this, """
docker login --username ${env.DOCKERHUB_API_USERNAME} --password ${env.DOCKERHUB_API_PASSWORD}
""")
OsTools.runSafe(this, "docker push --all-tags ${organization}/${dockerHubRepository}")
response = OsTools.runSafe(this, """
curl -X POST https://hub.docker.com/v2/users/login/ \
-H 'cache-control: no-cache' -H 'content-type: application/json' \
-d '{ "username": "${env.DOCKERHUB_API_USERNAME}", "password": "${env.DOCKERHUB_API_PASSWORD}" }'
""")
token = readJSON text: response
dockerhubApiToken = token.token
def readme = readFile file: 'README.md', encoding: 'UTF-8'
readme = readme.replaceAll("(?s)<!--.*?-->", "")
readme = readme.replace("\"", "\\\"")
readme = readme.replace("\n", "\\n")
response = httpRequest customHeaders: [[name: 'authorization', value: "JWT ${dockerhubApiToken}"]],
acceptType: 'APPLICATION_JSON', contentType: 'APPLICATION_JSON', httpMode: 'PATCH',
requestBody: "{ \"full_description\": \"${readme}\" }",
url: "https://hub.docker.com/v2/repositories/${organization}/${dockerHubRepository}/"
}
}
stage('Push tags') {
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: credentialsId,
usernameVariable: 'GITHUB_API_USERNAME', passwordVariable: 'GITHUB_API_PASSWORD']]) {
OsTools.runSafe(this, "git tag ${version}")
OsTools.runSafe(this, """
git push \
https://${env.GITHUB_API_USERNAME}:${env.GITHUB_API_PASSWORD}@github.com/${organization}/${gitHubRepository}.git \
${version}
""")
}
OsTools.runSafe(this, "git tag -d ${version}")
}
}
else if(params.update_latest_only) {
stage('Push tags') {
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'docker-hub-credentials',
usernameVariable: 'DOCKERHUB_API_USERNAME', passwordVariable: 'DOCKERHUB_API_PASSWORD']]) {
OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:latest")
OsTools.runSafe(this, """
docker login --username ${env.DOCKERHUB_API_USERNAME} --password ${env.DOCKERHUB_API_PASSWORD}
""")
OsTools.runSafe(this, "docker push --all-tags ${organization}/${dockerHubRepository}")
}
}
}
} finally {
OsTools.runSafe(this, "docker logout")
OsTools.runSafe(this, "docker system prune -a -f")
OsTools.runSafe(this, 'git clean -f && git reset --hard origin/main')
}
}
def readVersion() {
def content = readFile 'Dockerfile'
for (line in content.split('\n')) {
if (line.startsWith('ARG NEXUS_VERSION=')) {
return getShortVersion(line.substring(18))
}
}
error 'Could not determine version.'
}
def getShortVersion(version) {
return version.split('-')[0]
}
def getGemInstallDirectory() {
def content = OsTools.runSafe(this, "gem env")
for (line in content.split('\n')) {
if (line.startsWith(' - USER INSTALLATION DIRECTORY: ')) {
return line.substring(33)
}
}
error 'Could not determine user gem install directory.'
}
def updateRepositoryManagerVersion(dockerFileLocation) {
def dockerFile = readFile(file: dockerFileLocation)
def metaVersionRegex = /(version=")(\d\.\d{1,3}\.\d\-\d{2})(" \\)/
def metaShortVersionRegex = /(release=")(\d\.\d{1,3}\.\d)(" \\)/
def versionRegex = /(ARG NEXUS_VERSION=)(\d\.\d{1,3}\.\d\-\d{2})/
def shaRegex = /(ARG NEXUS_DOWNLOAD_SHA256_HASH=)([A-Fa-f0-9]{64})/
dockerFile = dockerFile.replaceAll(metaVersionRegex, "\$1${params.nexus_repository_manager_version}\$3")
dockerFile = dockerFile.replaceAll(metaShortVersionRegex,
"\$1${params.nexus_repository_manager_version.substring(0, params.nexus_repository_manager_version.indexOf('-'))}\$3")
dockerFile = dockerFile.replaceAll(versionRegex, "\$1${params.nexus_repository_manager_version}")
dockerFile = dockerFile.replaceAll(shaRegex, "\$1${params.nexus_repository_manager_version_sha}")
writeFile(file: dockerFileLocation, text: dockerFile)
}
def updateRepositoryCookbookVersion(dockerFileLocation) {
def dockerFile = readFile(file: dockerFileLocation)
def cookbookVersionRegex = /(ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION=")(release-\d\.\d\.\d{8}\-\d{6}\.[a-z0-9]{7})(")/
dockerFile = dockerFile.replaceAll(cookbookVersionRegex, "\$1${params.nexus_repository_manager_cookbook_version}\$3")
writeFile(file: dockerFileLocation, text: dockerFile)
}
Jenkinsfile.rh
-49
View File
@@ -1,49 +0,0 @@
/*
* Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
* Includes the third-party code listed at http://links.sonatype.com/products/nexus/attributions.
* "Sonatype" is a trademark of Sonatype, Inc.
*/
@Library(['private-pipeline-library', 'jenkins-shared']) _
properties([
parameters([
string(
name: 'version',
description: 'Version tag to apply to the image, like 3.41.0-ubi-1.'
),
]),
])
node('ubuntu-zion') {
try {
stage('Preparation') {
deleteDir()
checkout scm
sh 'docker system prune -a -f'
sh '''
wget -q -O preflight \
https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/1.4.1/preflight-linux-amd64
chmod 755 preflight
'''
}
stage('Build') {
withCredentials([
usernamePassword(
credentialsId: 'red-hat-quay-nexus-repository-manager',
usernameVariable: 'REGISTRY_LOGIN',
passwordVariable: 'REGISTRY_PASSWORD'),
string(
credentialsId: 'red-hat-api-token',
variable: 'API_TOKEN')
]) {
sh 'PATH="$PATH:." VERSION=$version ./build_red_hat_image.sh'
}
}
} finally {
sh 'docker logout'
sh 'docker system prune -a -f'
sh 'git clean -f && git reset --hard origin/main'
}
}
README.md
+11 -30
View File
@@ -20,7 +20,7 @@
[![Join the chat at https://gitter.im/sonatype/nexus-developers](https://badges.gitter.im/sonatype/nexus-developers.svg)](https://gitter.im/sonatype/nexus-developers?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
A Dockerfile for Sonatype Nexus Repository Manager 3, starting with 3.18 the image is based on the [Red Hat Universal Base Image](https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image) while earlier versions used CentOS.
A Dockerfile for Sonatype Nexus Repository Manager 3, based on CentOS.
* [Contribution Guidlines](#contribution-guidelines)
* [Running](#running)
@@ -34,33 +34,26 @@ A Dockerfile for Sonatype Nexus Repository Manager 3, starting with 3.18 the ima
## Contribution Guidelines
Go read [our contribution guidelines](https://github.com/sonatype/docker-nexus3/blob/main/.github/CONTRIBUTING.md) to get a bit more familiar with how
Go read [our contribution guidelines](https://github.com/sonatype/docker-nexus3/blob/master/.github/CONTRIBUTING.md) to get a bit more familiar with how
we would like things to flow.
## Running
To run, binding the exposed port 8081 to the host, use:
To run, binding the exposed port 8081 to the host.
```
$ docker run -d -p 8081:8081 --name nexus sonatype/nexus3
```
When stopping, be sure to allow sufficient time for the databases to fully shut down.
```
docker stop --time=120 <CONTAINER_NAME>
```
To test:
```
$ curl http://localhost:8081/
$ curl -u admin:admin123 http://localhost:8081/service/metrics/ping
```
## Building the Nexus Repository Manager image
To build a docker image from the [Dockerfile](https://github.com/sonatype/docker-nexus3/blob/main/Dockerfile) you can use this command:
To build a docker image from the Docker file you can use this command:
```
$ docker build --rm=true --tag=sonatype/nexus3 .
@@ -88,25 +81,19 @@ We are using `rspec` as the test framework. `serverspec` provides a docker backe
## Red Hat Certified Image
A Red Hat certified container image can be created using [Dockerfile.rh.ubi](https://github.com/sonatype/docker-nexus3/blob/main/Dockerfile.rh.ubi) which is built to be compliant with Red Hat certification.
A Red Hat certified container image can be created using `Dockerfile.rh.el` which is built to be compliant with Red Hat certification.
The image includes additional meta data to comform with Kubernetes and OpenShift standards, a directory with the
licenses applicable to the software and a man file for help on how to use the software. It also uses an ENTRYPOINT
script the ensure the running user has access to the appropriate permissions for OpenShift 'restricted' SCC.
script the ensure the running user has access to the appropriate permissions for OpenShift 'restricted' SCC. In addition to the
Red Hat Enterprise Linux image, `Dockerfile.rh.centos` provides the same additions but with a CentOS base.
The Red Hat certified container image is available from the
[Red Hat Container Catalog](https://access.redhat.com/containers/#/registry.connect.redhat.com/sonatype/nexus-repository-manager)
and qualified accounts can pull it from registry.connect.redhat.com.
## Other Red Hat Images
In addition to the Universal Base Image, we can build images based on:
* Red Hat Enterprise Linux: [Dockerfile.rh.el](https://github.com/sonatype/docker-nexus3/blob/main/Dockerfile.rh.el)
* CentOS: [Dockerfile.rh.centos](https://github.com/sonatype/docker-nexus3/blob/main/Dockerfile.rh.centos)
## Notes
* Our [system requirements](https://help.sonatype.com/display/NXRM3/System+Requirements) should be taken into account when provisioning the Docker container.
* Default user is `admin` and the uniquely generated password can be found in the `admin.password` file inside the volume. See [Persistent Data](#user-content-persistent-data) for information about the volume.
* Default credentials are: `admin` / `admin123`
* It can take some time (2-3 minutes) for the service to launch in a
new container. You can tail the log to determine once Nexus is ready:
@@ -123,18 +110,16 @@ process, which runs as UID 200.
* There is an environment variable that is being used to pass JVM arguments to the startup script
* `INSTALL4J_ADD_VM_PARAMS`, passed to the Install4J startup script. Defaults to `-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs`.
* `INSTALL4J_ADD_VM_PARAMS`, passed to the Install4J startup script. Defaults to `-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs`.
This can be adjusted at runtime:
```
$ docker run -d -p 8081:8081 --name nexus -e INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=/some-other-dir" sonatype/nexus3
$ docker run -d -p 8081:8081 --name nexus -e INSTALL4J_ADD_VM_PARAMS="-Xms2g -Xmx2g -XX:MaxDirectMemorySize=3g -Djava.util.prefs.userRoot=/some-other-dir" sonatype/nexus3
```
Of particular note, `-Djava.util.prefs.userRoot=/some-other-dir` can be set to a persistent path, which will maintain
the installed Nexus Repository License if the container is restarted.
Be sure to check the [memory requirements](https://help.sonatype.com/display/NXRM3/System+Requirements#SystemRequirements-MemoryRequirements) when deciding how much heap and direct memory to allocate.
* Another environment variable can be used to control the Nexus Context Path
@@ -178,7 +163,3 @@ Looking to contribute to our Docker image but need some help? There's a few ways
* File an issue [on our public JIRA](https://issues.sonatype.org/projects/NEXUS/)
* Check out the [Nexus3](http://stackoverflow.com/questions/tagged/nexus3) tag on Stack Overflow
* Check out the [Nexus Repository User List](https://groups.google.com/a/glists.sonatype.com/forum/?hl=en#!forum/nexus-users)
## License Disclaimer
_Nexus Repository OSS is distributed with Sencha Ext JS pursuant to a FLOSS Exception agreed upon between Sonatype, Inc. and Sencha Inc. Sencha Ext JS is licensed under GPL v3 and cannot be redistributed as part of a closed source work._
SECURITY.md
-79
View File
@@ -1,79 +0,0 @@
<!--
Copyright (c) 2011-present Sonatype, Inc. All rights reserved.
Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
"Sonatype" is a trademark of Sonatype, Inc.
-->
# Reporting Security Vulnerabilities
## When to report
First check
[Important advisories of known security vulnerabilities in Sonatype products](https://support.sonatype.com/hc/en-us/sections/203012668-Security-Advisories)
to see if this has been previously reported.
## How to report
Please email reports regarding security related issues you find to [mailto:security@sonatype.com](security@sonatype.com).
Use our public key below to keep your message safe.
## What to include
Please use a descriptive subject line in your email report.
Your name and/or affiliation.
A detailed technical description of the vulnerability, attack scenario and where
possible, how we can reproduce your findings.
Provide us with a secure way to respond.
## What to expect
Your email will be acknowledged within 1 - 2 business days, and you'll receive a
more detailed response to your email within 7 business days.
We ask that everyone please follow responsible disclosure practices and allow
time for us to release a fix prior to public release.
Once an issue is reported, Sonatype uses the following disclosure process:
When a report is received, we confirm the issue and determine its severity.
If third-party services or software require mitigation before publication, those
projects will be notified.
## Our public key
```console
-----BEGIN PUBLIC KEY BLOCK-----
mQENBFF+a9ABCADQWSAAU7w9i71Zn3TQ6k7lT9x57cRdtX7V709oeN/c/1it+gCw
onmmCyf4ypor6XcPSOasp/x0s3hVuf6YfMbI0tSwJUWWihrmoPGIXtmiSOotQE0Q
Sav41xs3YyI9LzQB4ngZR/nhp4YhioD1dVorD6LGXk08rvl2ikoqHwTagbEXZJY7
3VYhW6JHbZTLwCsfyg6uaSYF1qXfUxHPOiHYKNbhK/tM3giX+9ld/7xi+9f4zEFQ
eX9wcRTdgdDOAqDOK7MV30KXagSqvW0MgEYtKX6q4KjjRzBYjkiTdFW/yMXub/Bs
5UckxHTCuAmvpr5J0HIUeLtXi1QCkijyn8HJABEBAAG0KVNvbmF0eXBlIFNlY3Vy
aXR5IDxzZWN1cml0eUBzb25hdHlwZS5jb20+iQE4BBMBAgAiBQJRfmvQAhsDBgsJ
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAgkmxsNtgwfUzbCACLtCgieq1kJOqo
2i136ND5ZOj31zIzNENLn8dhSg5zQwTHOcntWAtS8uCNq4fSlslwvlbPYWTLD7fE
iJn1z7BCU8gBk+pkAJJFWEPweMVt+9bYQ4HfKceGbJeuwBBhS34SK9ZIp9gfxxfA
oTm0aGYwKR5wH3sqL/mrhwKhPt9wXR4qwlE635STEX8wzJ5SBqf3ArJUtCp1rzgR
Dx+DiZed5HE1pOI2Kyb6O80bm485WThPXxpvp3bfzTNYoGzeLi/F7WkmgggkXxsT
Pyd0sSx0B/MO4lJtQvEBlIHDFno9mXa30fKl+rzp2geG5UxNHJUjaC5JhfWLEXEX
wV0ErBsmuQENBFF+a9ABCADXj04+GLIz8VCaZH554nUHEhaKoiIXH3Tj7UiMZDqy
o4WIw2RFaCQNA8T0R5Q0yxINU146JQMbA2SN59AGcGYZcajyEvTR7tLG0meMO6S0
JWpkX7s3xaC0s+5SJ/ba00oHGzW0aotgzG9BWA5OniNHK7zZKMVu7M80M/wB1RvK
x775hAeJ+8F9MDJ+ijydBtaOfDdkbg+0kU1xR6Io+vVLPk38ghlWU8QFP4/B0oWi
jK4xiDqK6cG7kyH9kC9nau+ckH8MrJ/RzEpsc4GRwqS4IEnvHWe7XbgydWS1bCp6
8uP5ma3d02elQmSEa+PABIPKnZcAf1YKLr9O/+IzEdOhABEBAAGJAR8EGAECAAkF
AlF+a9ACGwwACgkQIJJsbDbYMH3WzAf/XOm4YQZFOgG2h9d03m8me8d1vrYico+0
pBYU9iCozLgamM4er9Efb+XzfLvNVKuqyR0cgvGszukIPQYeX58DMrZ07C+E0wDZ
bG+ZAYXT5GqsHkSVnMCVIfyJNLjR4sbVzykyVtnccBL6bP3jxbCP1jJdT7bwiKre
1jQjvyoL0yIegdiN/oEdmx52Fqjt4NkQsp4sk625UBFTVISr22bnf60ZIGgrRbAP
DU1XMdIrmqmhEEQcXMp4CeflDMksOmaIeAUkZY7eddnXMwQDJTnz5ziCal+1r0R3
dh0XISRG0NkiLEXeGkrs7Sn7BAAsTsaH/1zU6YbvoWlMlHYT6EarFQ== =sFGt
-----END PUBLIC KEY BLOCK-----
```
build_red_hat_image.sh
-57
View File
@@ -1,57 +0,0 @@
#!/usr/bin/env bash
#
# Copyright (c) 2017-present Sonatype, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# prerequisites:
# * software:
# * https://github.com/redhat-openshift-ecosystem/openshift-preflight
# * https://podman.io/
# * environment variables:
# * VERSION of the docker image to build for the red hat registry
# * REGISTRY_LOGIN from Red Hat config page for image
# * REGISTRY_PASSWORD from Red Hat config page for image
# * API_TOKEN from red hat token/account page for API access
set -x # log commands as they execute
set -e # stop execution on the first failed command
DOCKERFILE=Dockerfile.rh.ubi
# from config/scanning page at red hat
CERT_PROJECT_ID=5e61d90a38776799eb517bd2
REPOSITORY="quay.io"
IMAGE_TAG="${REPOSITORY}/redhat-isv-containers/${CERT_PROJECT_ID}:${VERSION}"
IMAGE_LATEST="${REPOSITORY}/redhat-isv-containers/${CERT_PROJECT_ID}:latest"
AUTHFILE="${HOME}/.docker/config.json"
docker build -f "${DOCKERFILE}" -t "${IMAGE_TAG}" .
docker tag "${IMAGE_TAG}" "${IMAGE_LATEST}"
docker login "${REPOSITORY}" \
-u "${REGISTRY_LOGIN}" \
--password "${REGISTRY_PASSWORD}"
docker push "${IMAGE_TAG}"
docker push "${IMAGE_LATEST}"
preflight check container \
"${IMAGE_TAG}" \
--docker-config="${AUTHFILE}" \
--submit \
--certification-project-id="${CERT_PROJECT_ID}" \
--pyxis-api-token="${API_TOKEN}"
ci/TriggerRedHatBuild.groovy
-192
View File
@@ -1,192 +0,0 @@
/*
* Copyright (c) 2020-present Sonatype, Inc. All rights reserved.
* Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
* "Sonatype" is a trademark of Sonatype, Inc.
*/
/**
* This script triggers the build service for a certified docker image at Red Hat.
* It's meant to be used by Jenkins via the Jenkinsfile.
*/
@Grab('io.github.http-builder-ng:http-builder-ng-core:1.0.4')
import groovyx.net.http.HttpBuilder
import groovyx.net.http.HttpException
if (args.size() < 3) {
System.err.println('Usage: groovy TriggerRedhatBuild.groovy <version> <projectId> <apiKey>')
System.exit(1)
}
new BuildClient(*args).run()
class BuildClient {
private static final Integer TIMEOUT_MINUTES = 20
private final String version
private final String projectId
private final HttpBuilder builder
BuildClient(String version, String projectId, String apiKey) {
this.version = version
this.projectId = projectId
builder = HttpBuilder.configure {
request.uri = 'https://connect.redhat.com'
request.headers['Authorization'] = "Bearer ${apiKey}"
request.contentType = 'application/json'
request.body = [:]
}
}
/**
* fire off a series of requests to build and publish
* a container.
*/
void run() {
final nextTag = getNextTag(version)
println "Triggering build as ${nextTag}"
final buildStatus = build(nextTag)
if (buildStatus.status != 'Created') {
fail(buildStatus)
}
final completedBuild = getCompletedBuild(nextTag)
if (completedBuild.failure) {
fail(completedBuild.failure)
}
final published = publish(completedBuild.digest, completedBuild.name)
if (published.failure) {
fail(published.failure)
}
println published
}
/**
* calculate the cutoff time in the future in miliseconds
* for comparison to System.currentTimeMillis()
* @param start start time in millis
* @param minutes minutes into the future
* @return future time in millis
*/
private Long calcCutoffTime(Long start, Integer minutes) {
return minutes * 60 * 1000 + start
}
/**
* fail with message and exit with an error code for jenkins to see
* @param message message to print
*/
private void fail(String message) {
System.err.println(message)
System.exit(1)
}
/**
* Request current version tags available at Red Hat.
* @return the list of all tags
*/
private List getTags() {
return builder.post {
request.uri.path = "/api/v2/projects/${projectId}/tags"
}.tags
}
/**
* Request current version tags available at Red Hat,
* and calculate the next tag to use in this build.
* @param version the base version we're currently building
* @return the full new version string to submit for the next build
*/
private String getNextTag(String version) {
final tags = getTags()*.name.collectMany {
it.split(', ').collect()
}
final currentIndex = tags.findAll {
it.startsWith(version)
}.collect {
it.replaceAll(/${version}-(\d+)-?.*/, '$1') as Integer
}.sort().reverse()[0]
final nextIndex =((currentIndex ?: 0) as Integer) + 1
return "${version}-${nextIndex}"
}
/**
* Trigger build of the certified image at Red Hat,
* @param nextTag the full version tag to be assigned to the new build
* @return the map from json with the status of the submitted build
*/
private Map build(String nextTag) {
return builder.post {
request.uri.path = "/api/v2/projects/${projectId}/build"
request.body = [tag: nextTag]
}
}
/**
* Poll for the completed (built and scanned) build at Red Hat build service.
* @param nextTag the full version tag assigned to the new build
* @return the map from json with info about the completed build
*/
private Map getCompletedBuild(String nextTag) {
final endTime = calcCutoffTime(System.currentTimeMillis(), TIMEOUT_MINUTES)
while (System.currentTimeMillis() < endTime) {
println 'Waiting for build to finish.'
sleep 60000
try {
final completedBuild = getTags().find {
it.name == nextTag && it.scan_status == 'passed'
}
if (completedBuild) {
return completedBuild
}
} catch (HttpException ex) {
ex.printStackTrace()
System.err.println "Failed retrieving completed builds, but still trying: ${ex.statusCode} [${ex.body}]"
}
}
return [failure: "TIMEOUT waiting for complete build: ${TIMEOUT_MINUTES} minutes"]
}
/**
* Trigger publishing of the new image at Red Hat build service.
* @param digest hash string that identifies the container to publish
* @param name tag name (version) of the container image to publish
* @return the map from json with status of the published container image
*/
private Map publish(String digest, String name) {
final publishPath = [
'/api/v2/projects',
projectId,
'containers',
digest,
'tags',
name,
'publish'
].join('/')
try {
return builder.post {
request.uri.path = publishPath
}
} catch (HttpException ex) {
ex.printStackTrace()
return [failure: "Failed to publish: ${ex.statusCode} [${ex.body}]"]
}
}
}
rh-docker/help.1
-74
View File
@@ -1,74 +0,0 @@
.PP
%
.BR NEXUS (1)
Container Image Pages
% Sonatype
% December 15, 2017
.TH NAME
.PP
nexus \- Nexus Repository Manager container image
.SH DESCRIPTION
.PP
The nexus image provides a containerized packaging of the Nexus Repository Manager.
Nexus Repository Manager is a repository manager with universal support for popular component formats including Maven, Docker, NuGet, npm, PyPi, Bower and more.
.PP
The nexus image is designed to be run by the atomic command with one of these options:
.PP
\fB\fCrun\fR
.PP
Starts the installed container with selected privileges to the host.
.PP
\fB\fCstop\fR
.PP
Stops the installed container
.PP
The container itself consists of:
\- Linux base image
\- Java OpenJDK
\- Nexus Repository Manager
\- Atomic help file
.PP
Files added to the container during docker build include: /help.1.
.SH USAGE
.PP
To use the nexus container, you can run the atomic command with run, stop, or uninstall options:
.PP
To run the nexus container:
.IP
atomic run nexus
.PP
To stop the nexus container (after it is installed), run:
.IP
atomic stop nexus
.SH LABELS
.PP
The nexus container includes the following LABEL settings:
.PP
That atomic command runs the docker command set in this label:
.PP
\fB\fCRUN=\fR
.IP
LABEL RUN='docker run \-d \-p 8081:8081 \-\-name ${NAME} ${IMAGE}'
.IP
The contents of the RUN label tells an \fB\fCatomic run nexus\fR command to open port 8081 & set the name of the container.
.PP
\fB\fCSTOP=\fR
.IP
LABEL STOP='docker stop ${NAME}'
.PP
\fB\fCName=\fR
.PP
The registry location and name of the image. For example, Name="Nexus Repository Manager".
.PP
\fB\fCVersion=\fR
.PP
The Nexus Repository Manager version from which the container was built. For example, Version="3.6.2\-01".
.PP
When the atomic command runs the nexus container, it reads the command line associated with the selected option
from a LABEL set within the Docker container itself. It then runs that command. The following sections detail
each option and associated LABEL:
.SH SECURITY IMPLICATIONS
.PP
\fB\fC\-d\fR
.PP
Runs continuously as a daemon process in the background
rh-docker/help.md
-72
View File
@@ -1,72 +0,0 @@
% NEXUS(1) Container Image Pages
% Sonatype
% December 15, 2017
# NAME
nexus \- Nexus Repository Manager container image
# DESCRIPTION
The nexus image provides a containerized packaging of the Nexus Repository Manager.
Nexus Repository Manager is a repository manager with universal support for popular component formats including Maven, Docker, NuGet, npm, PyPi, Bower and more.
The nexus image is designed to be run by the atomic command with one of these options:
`run`
Starts the installed container with selected privileges to the host.
`stop`
Stops the installed container
The container itself consists of:
- Linux base image
- Java OpenJDK
- Nexus Repository Manager
- Atomic help file
Files added to the container during docker build include: /help.1.
# USAGE
To use the nexus container, you can run the atomic command with run, stop, or uninstall options:
To run the nexus container:
atomic run nexus
To stop the nexus container (after it is installed), run:
atomic stop nexus
# LABELS
The nexus container includes the following LABEL settings:
That atomic command runs the docker command set in this label:
`RUN=`
LABEL RUN='docker run -d -p 8081:8081 --name ${NAME} ${IMAGE}'
The contents of the RUN label tells an `atomic run nexus` command to open port 8081 & set the name of the container.
`STOP=`
LABEL STOP='docker stop ${NAME}'
`Name=`
The registry location and name of the image. For example, Name="Nexus Repository Manager".
`Version=`
The Nexus Repository Manager version from which the container was built. For example, Version="3.6.2-01".
When the atomic command runs the nexus container, it reads the command line associated with the selected option
from a LABEL set within the Docker container itself. It then runs that command. The following sections detail
each option and associated LABEL:
# SECURITY IMPLICATIONS
`-d`
Runs continuously as a daemon process in the background
rh-docker/licenses/LICENSE
-10
View File
@@ -1,10 +0,0 @@
Sonatype Nexus (TM) Open Source Version
Copyright (c) 2008-present Sonatype, Inc.
All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
Eclipse Foundation. All other trademarks are the property of their respective owners.
rh-docker/uid_entrypoint.sh
-11
View File
@@ -1,11 +0,0 @@
#!/bin/sh
#
# Copyright:: Copyright (c) 2017-present Sonatype, Inc. Apache License, Version 2.0.
#
# arbitrary uid recognition at runtime - for OpenShift deployments
USER_ID=$(id -u)
if [[ ${USER_UID} != ${USER_ID} ]]; then
sed "s@${USER_NAME}:x:\${USER_ID}:@${USER_NAME}:x:${USER_ID}:@g" /etc/passwd.template > /etc/passwd
fi
exec "$@"
rh-docker/uid_template.sh
-6
View File
@@ -1,6 +0,0 @@
#!/bin/sh
#
# Copyright:: Copyright (c) 2017-present Sonatype, Inc. Apache License, Version 2.0.
#
# arbitrary uid recognition at runtime - for OpenShift deployments
sed "s@${USER_NAME}:x:${USER_UID}:@${USER_NAME}:x:\${USER_ID}:@g" /etc/passwd > /etc/passwd.template
spec/Dockerfile_spec.rb
+3 -17
View File
@@ -37,22 +37,8 @@ describe 'Dockerfile' do
expect(user('nexus')).to exist
end
describe 'Dockerfile#running' do
before(:all) do
@container = Docker::Container.create(
'Image' => @image.id
)
@container.start
end
it 'should have a nexus process running' do
expect(process('java')).to be_running
expect(process('java')).to have_attributes(user: 'nexus')
end
after(:all) do
@container.kill
@container.delete(force: true)
end
it 'should have a nexus process running' do
expect(process('java')).to be_running
expect(process('java')).to have_attributes(:user => 'nexus')
end
end