Bumped release to 3.6.2. (#90)

* Allow the docker repository name to be different than the repository name

.github/CONTRIBUTING.md

@@ -23,7 +23,7 @@
 much shaming throughout the land. If you use an editor besides Eclipse or IntelliJ, adapt the codestyle and submit a PR
 there :)
 * Fill out a CLA for us, so we can sort out all the legal parts of contributing. You can get all the information for
-this [here](https://books.sonatype.com/nexus-book/reference/contrib.html). You may go, this is for your book, is it
+this [here](https://help.sonatype.com/display/NXRM3/Bundle+Development#BundleDevelopment-ContributingBundles). You may go, this is for your book, is it
 applicable for this repo? Yes, absolutely. Follow the CLA process and email in your form. We are working on a way to
 make this simpler, as well.
 * Make sure to fill out an issue for your PR, so that we have traceability as to what you are trying to fix,

Dockerfile

@@ -12,72 +12,57 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM       centos:centos7
+FROM centos:centos7
 
 MAINTAINER Sonatype <cloud-ops@sonatype.com>
 
 LABEL vendor=Sonatype \
-  com.sonatype.license="Apache License, Version 2.0" \
-  com.sonatype.name="Nexus Repository Manager base image"
+      com.sonatype.license="Apache License, Version 2.0" \
+      com.sonatype.name="Nexus Repository Manager base image"
 
-ARG NEXUS_VERSION=3.5.0-02
+ARG NEXUS_VERSION=3.6.2-01
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
+ARG NEXUS_DOWNLOAD_SHA256_HASH=d055006ce90778ca7441efcccb2c979429fe296d1871642b99da2e97c04724a5
 
-RUN yum install -y \
-  curl tar \
-  && yum clean all
-
-# configure java runtime
 ENV JAVA_HOME=/opt/java \
-  JAVA_VERSION_MAJOR=8 \
-  JAVA_VERSION_MINOR=141 \
-  JAVA_VERSION_BUILD=15 \
-  JAVA_DOWNLOAD_HASH=336fa29ff2bb4ef291e347e091f7f4a7
+    JAVA_VERSION_MAJOR=8 \
+    JAVA_VERSION_MINOR=152 \
+    JAVA_VERSION_BUILD=16 \
+    JAVA_DOWNLOAD_HASH=aa0333dd3019491ca4f6ddbe78cdb6d0
+
+ENV JAVA_URL=http://download.oracle.com/otn-pub/java/jdk/${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-b${JAVA_VERSION_BUILD}/${JAVA_DOWNLOAD_HASH}/server-jre-${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-linux-x64.tar.gz \
+    JAVA_DOWNLOAD_SHA256_HASH=e8a341ce566f32c3d06f6d0f0eeea9a0f434f538d22af949ae58bc86f2eeaae4
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
 ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \
-  NEXUS_DATA=/nexus-data \
-  NEXUS_CONTEXT='' \
-  SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work
+    NEXUS_DATA=/nexus-data \
+    NEXUS_CONTEXT='' \
+    SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work
 
-# install Oracle JRE
-RUN mkdir -p /opt \
-  && curl --fail --silent --location --retry 3 \
-  --header "Cookie: oraclelicense=accept-securebackup-cookie; " \
-  http://download.oracle.com/otn-pub/java/jdk/${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-b${JAVA_VERSION_BUILD}/${JAVA_DOWNLOAD_HASH}/server-jre-${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-linux-x64.tar.gz \
-  | gunzip \
-  | tar -x -C /opt \
-  && ln -s /opt/jdk1.${JAVA_VERSION_MAJOR}.0_${JAVA_VERSION_MINOR} ${JAVA_HOME}
+ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20171127-222629.c2a02ed"
+ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz"
 
-# install nexus
-RUN mkdir -p ${NEXUS_HOME} \
-  && curl --fail --silent --location --retry 3 \
-    ${NEXUS_DOWNLOAD_URL} \
-  | gunzip \
-  | tar x -C ${NEXUS_HOME} --strip-components=1 nexus-${NEXUS_VERSION} \
-  && chown -R root:root ${NEXUS_HOME}
+ADD solo.json.erb /var/chef/solo.json.erb
 
-# configure nexus
-RUN sed \
-    -e '/^nexus-context/ s:$:${NEXUS_CONTEXT}:' \
-    -i ${NEXUS_HOME}/etc/nexus-default.properties \
-  && sed \
-    -e '/^-Xms/d' \
-    -e '/^-Xmx/d' \
-    -i ${NEXUS_HOME}/bin/nexus.vmoptions
-
-RUN useradd -r -u 200 -m -c "nexus role account" -d ${NEXUS_DATA} -s /bin/false nexus \
-  && mkdir -p ${NEXUS_DATA}/etc ${NEXUS_DATA}/log ${NEXUS_DATA}/tmp ${SONATYPE_WORK} \
-  && ln -s ${NEXUS_DATA} ${SONATYPE_WORK}/nexus3 \
-  && chown -R nexus:nexus ${NEXUS_DATA}
+# Install using chef-solo
+RUN curl -L https://www.getchef.com/chef/install.sh | bash \
+    && /opt/chef/embedded/bin/erb /var/chef/solo.json.erb > /var/chef/solo.json \
+    && chef-solo \
+       --recipe-url ${NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL} \
+       --json-attributes /var/chef/solo.json \
+    && rpm -qa *chef* | xargs rpm -e \
+    && rpm --rebuilddb \
+    && rm -rf /etc/chef \
+    && rm -rf /opt/chefdk \
+    && rm -rf /var/cache/yum \
+    && rm -rf /var/chef
 
 VOLUME ${NEXUS_DATA}
 
 EXPOSE 8081
 USER nexus
-WORKDIR ${NEXUS_HOME}
 
-ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m"
+ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
 
-CMD ["bin/nexus", "run"]
+CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]

Jenkinsfile

@@ -0,0 +1,147 @@
+/*
+ * Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
+ * Includes the third-party code listed at http://links.sonatype.com/products/nexus/attributions.
+ * "Sonatype" is a trademark of Sonatype, Inc.
+ */
+@Library('zion-pipeline-library')
+import com.sonatype.jenkins.pipeline.GitHub
+import com.sonatype.jenkins.pipeline.OsTools
+
+node('ubuntu-zion') {
+  def commitId, commitDate, version, imageId
+  def organization = 'sonatype',
+      repository = 'docker-nexus3',
+      credentialsId = 'integrations-github-api',
+      imageName = 'sonatype/nexus3',
+      archiveName = 'docker-nexus3',
+      dockerHubRepository = 'nexus3'
+  GitHub gitHub
+
+  try {
+    stage('Preparation') {
+      deleteDir()
+      OsTools.runSafe(this, "docker system prune -a -f")
+
+      checkout scm
+
+      commitId = OsTools.runSafe(this, 'git rev-parse HEAD')
+      commitDate = OsTools.runSafe(this, "git show -s --format=%cd --date=format:%Y%m%d-%H%M%S ${commitId}")
+
+      version = readVersion()
+
+      def apiToken
+      withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: credentialsId,
+                        usernameVariable: 'GITHUB_API_USERNAME', passwordVariable: 'GITHUB_API_PASSWORD']]) {
+        apiToken = env.GITHUB_API_PASSWORD
+      }
+      gitHub = new GitHub(this, "${organization}/${repository}", apiToken)
+    }
+    stage('Build') {
+      gitHub.statusUpdate commitId, 'pending', 'build', 'Build is running'
+
+      def hash = OsTools.runSafe(this, "docker build --quiet --no-cache --tag ${imageName} .")
+      imageId = hash.split(':')[1]
+
+      if (currentBuild.result == 'FAILURE') {
+        gitHub.statusUpdate commitId, 'failure', 'build', 'Build failed'
+        return
+      } else {
+        gitHub.statusUpdate commitId, 'success', 'build', 'Build succeeded'
+      }
+    }
+    stage('Test') {
+      gitHub.statusUpdate commitId, 'pending', 'test', 'Tests are running'
+
+      def gemInstallDirectory = getGemInstallDirectory()
+      withEnv(["PATH+GEMS=${gemInstallDirectory}/bin"]) {
+        OsTools.runSafe(this, "gem install --user-install rspec")
+        OsTools.runSafe(this, "gem install --user-install serverspec")
+        OsTools.runSafe(this, "gem install --user-install docker-api")
+        OsTools.runSafe(this, "IMAGE_ID=${imageId} rspec --backtrace spec/Dockerfile_spec.rb")
+      }
+
+      if (currentBuild.result == 'FAILURE') {
+        gitHub.statusUpdate commitId, 'failure', 'test', 'Tests failed'
+        return
+      } else {
+        gitHub.statusUpdate commitId, 'success', 'test', 'Tests succeeded'
+      }
+    }
+    if (currentBuild.result == 'FAILURE') {
+      return
+    }
+    stage('Archive') {
+      dir('build/target') {
+        OsTools.runSafe(this, "docker save ${imageName} | gzip > ${archiveName}.tar.gz")
+        archiveArtifacts artifacts: "${archiveName}.tar.gz", onlyIfSuccessful: true
+      }
+    }
+    if (scm.branches[0].name != '*/master') {
+      return
+    }
+    input 'Push image and tags?'
+    stage('Push image') {
+      def dockerhubApiToken
+      withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'docker-hub-credentials',
+          usernameVariable: 'DOCKERHUB_API_USERNAME', passwordVariable: 'DOCKERHUB_API_PASSWORD']]) {
+        OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:${version}")
+        OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:latest")
+        OsTools.runSafe(this, """
+          docker login --username ${env.DOCKERHUB_API_USERNAME} --password ${env.DOCKERHUB_API_PASSWORD}
+        """)
+        OsTools.runSafe(this, "docker push ${organization}/${dockerHubRepository}")
+
+        response = OsTools.runSafe(this, """
+          curl -X POST https://hub.docker.com/v2/users/login/ \
+            -H 'cache-control: no-cache' -H 'content-type: application/json' \
+            -d '{ "username": "${env.DOCKERHUB_API_USERNAME}", "password": "${env.DOCKERHUB_API_PASSWORD}" }'
+        """)
+        token = readJSON text: response
+        dockerhubApiToken = token.token
+
+        def readme = readFile file: 'README.md', encoding: 'UTF-8'
+        readme = readme.replaceAll("(?s)<!--.*?-->", "")
+        readme = readme.replace("\"", "\\\"")
+        readme = readme.replace("\n", "\\n")
+        response = httpRequest customHeaders: [[name: 'authorization', value: "JWT ${dockerhubApiToken}"]],
+            acceptType: 'APPLICATION_JSON', contentType: 'APPLICATION_JSON', httpMode: 'PATCH',
+            requestBody: "{ \"full_description\": \"${readme}\" }",
+            url: "https://hub.docker.com/v2/repositories/${organization}/${dockerHubRepository}/"
+      }
+    }
+    stage('Push tags') {
+      withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: credentialsId,
+                        usernameVariable: 'GITHUB_API_USERNAME', passwordVariable: 'GITHUB_API_PASSWORD']]) {
+        OsTools.runSafe(this, "git tag ${version}")
+        OsTools.runSafe(this, """
+          git push \
+          https://${env.GITHUB_API_USERNAME}:${env.GITHUB_API_PASSWORD}@github.com/${organization}/${repository}.git \
+            ${version}
+        """)
+      }
+      OsTools.runSafe(this, "git tag -d ${version}")
+    }
+  } finally {
+    OsTools.runSafe(this, "docker logout")
+    OsTools.runSafe(this, "docker system prune -a -f")
+    OsTools.runSafe(this, 'git clean -f && git reset --hard origin/master')
+  }
+}
+def readVersion() {
+  def content = readFile 'Dockerfile'
+  for (line in content.split('\n')) {
+    if (line.startsWith('ARG NEXUS_VERSION=')) {
+      return line.substring(18).split('-')[0]
+    }
+  }
+  error 'Could not determine version.'
+}
+def getGemInstallDirectory() {
+  def content = OsTools.runSafe(this, "gem env")
+  for (line in content.split('\n')) {
+    if (line.startsWith('  - USER INSTALLATION DIRECTORY: ')) {
+      return line.substring(33)
+    }
+  }
+  error 'Could not determine user gem install directory.'
+}

README.md

@@ -23,10 +23,12 @@
 A Dockerfile for Sonatype Nexus Repository Manager 3, based on CentOS.
 
 * [Contribution Guidlines](#contribution-guidelines)
-* [Running and Building](#running-and-building)
+* [Running](#running)
+* [Building the Nexus Repository Manager image](#building-the-nexus-repository-manager-image)
+* [Chef Solo for Runtime and Application](#chef-solo-for-runtime-and-application)
+* [Testing the Dockerfile](#testing-the-dockerfile)
 * [Notes](#notes)
   * [Persistent Data](#persistent-data)
-  * [Build Args](#build-args)
 * [Getting Help](#getting-help)
 
 ## Contribution Guidelines
@@ -34,7 +36,7 @@ A Dockerfile for Sonatype Nexus Repository Manager 3, based on CentOS.
 Go read [our contribution guidelines](/.github/CONTRIBUTING.md) to get a bit more familiar with how
 we would like things to flow.
 
-## Running And Building
+## Running
 
 To run, binding the exposed port 8081 to the host.
 
@@ -48,14 +50,34 @@ To test:
 $ curl -u admin:admin123 http://localhost:8081/service/metrics/ping
 ```
 
-To (re)build the image:
+## Building the Nexus Repository Manager image
 
-Copy the Dockerfile and do the build-
+To build a docker image from the Docker file you can use this command:
 
 ```
 $ docker build --rm=true --tag=sonatype/nexus3 .
 ```
 
+The following optional variables can be used when building the image:
+
+- NEXUS_VERSION: Version of the Nexus Repository Manager
+- NEXUS_DOWNLOAD_URL: Download URL for Nexus Repository, alternative to using `NEXUS_VERSION` to download from Sonatype
+- NEXUS_DOWNLOAD_SHA256_HASH: Sha256 checksum for the downloaded Nexus Repository Manager archive. Required if `NEXUS_VERSION`
+ or `NEXUS_DOWNLOAD_URL` is provided
+
+## Chef Solo for Runtime and Application
+
+Chef Solo is used to build out the runtime and application layers of the Docker image. The Chef cookbook being used is available
+on GitHub at [sonatype/chef-nexus-repository-manager](https://github.com/sonatype/chef-nexus-repository-manager).
+
+## Testing the Dockerfile
+
+We are using `rspec` as the test framework. `serverspec` provides a docker backend (see the method `set` in the test code)
+ to run the tests inside the docker container, and abstracts away the difference between distributions in the tests
+ (e.g. yum, apt,...).
+
+    rspec [--backtrace] spec/Dockerfile_spec.rb
+
 ## Notes
 
 * Default credentials are: `admin` / `admin123`
@@ -73,16 +95,19 @@ $ docker logs -f nexus
 logs, and storage. This directory needs to be writable by the Nexus
 process, which runs as UID 200.
 
-* There is an environment variable that can used to pass JVM arguments to the startup script
+* There is an environment variable that is being used to pass JVM arguments to the startup script
 
-  * `INSTALL4J_ADD_VM_PARAMS`, passed to the Install4J startup script. Defaults to `-Xms1200m -Xmx1200m`.
+  * `INSTALL4J_ADD_VM_PARAMS`, passed to the Install4J startup script. Defaults to `-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs`.
 
-  This can be supplied at runtime:
+  This can be adjusted at runtime:
 
   ```
-  $ docker run -d -p 8081:8081 --name nexus -e INSTALL4J_ADD_VM_PARAMS="-Xms2g -Xmx2g" sonatype/nexus3
+  $ docker run -d -p 8081:8081 --name nexus -e INSTALL4J_ADD_VM_PARAMS="-Xms2g -Xmx2g -XX:MaxDirectMemorySize=3g  -Djava.util.prefs.userRoot=/some-other-dir" sonatype/nexus3
   ```
 
+  Of particular note, `-Djava.util.prefs.userRoot=/some-other-dir` can be set to a persistent path, which will maintain
+  the installed Nexus Repository License if the container is restarted.
+
 * Another environment variable can be used to control the Nexus Context Path
 
   * `NEXUS_CONTEXT`, defaults to /
@@ -118,16 +143,6 @@ for additional information.
   $ docker run -d -p 8081:8081 --name nexus -v /some/dir/nexus-data:/nexus-data sonatype/nexus3
   ```
 
-### Build Args
-
-The Dockerfile contains two build arguments (`NEXUS_VERSION` & `NEXUS_DOWNLOAD_URL`) that can be used to customize what
-version of, and from where, Nexus Repository Manager is downloaded. This is useful mostly for testing purposes as the
-Dockerfile may be dependent on a very specific version of Nexus Repository Manager.
-
-```
-docker build --rm --tag nexus-custom --build-arg NEXUS_VERSION=3.x.y --build-arg NEXUS_DOWNLOAD_URL=http://.../nexus-3.x.y-unix.tar.gz .
-```
-
 ## Getting Help
 
 Looking to contribute to our Docker image but need some help? There's a few ways to get information or our attention:

solo.json.erb

@@ -0,0 +1,63 @@
+// Copyright (c) 2016-present Sonatype, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+<%=
+require 'json'
+
+raise RuntimeError, 'environment variable SONATYPE_DIR is required' if ENV['SONATYPE_DIR'].nil? || ENV['SONATYPE_DIR'].empty?
+raise RuntimeError, 'environment variable NEXUS_HOME is required' if ENV['NEXUS_HOME'].nil? || ENV['NEXUS_HOME'].empty?
+raise RuntimeError, 'environment variable NEXUS_DATA is required' if ENV['NEXUS_DATA'].nil? || ENV['NEXUS_DATA'].empty?
+
+{
+  :run_list => [ 'recipe[nexus_repository_manager::docker]' ],
+  :java => {
+    :jdk_version => ENV['JAVA_VERSION_MAJOR'],
+    :java_home => ENV['JAVA_HOME'],
+    :install_flavor => 'oracle',
+    :oracle => {
+      :accept_oracle_download_terms => true
+    },
+    :jdk => {
+      :'8' => {
+        :x86_64 => {
+          :url => ENV['JAVA_URL'],
+          :checksum => ENV['JAVA_DOWNLOAD_SHA256_HASH']
+        }
+      }
+    }
+  },
+  :nexus_repository_manager => {
+    :version => ENV['NEXUS_VERSION'],
+    :nexus_download_url => ENV['NEXUS_DOWNLOAD_URL'],
+    :nexus_download_sha256 => ENV['NEXUS_DOWNLOAD_SHA256_HASH'],
+    :sonatype => {
+      :path => ENV['SONATYPE_DIR'],
+    },
+    :sonatype_work => {
+      :path => ENV['SONATYPE_DIR'] + '/sonatype-work'
+    },
+    :nexus_home => {
+      :path => ENV['SONATYPE_DIR'] + '/nexus'
+    },
+    :nexus_data => {
+      :path => ENV['NEXUS_DATA']
+    },
+    :properties => {
+      # Set the context_path to the NEXUS_CONTEXT environment variable
+      # that may be passed into the docker run command.
+      :context_path => "/${NEXUS_CONTEXT}"
+    }
+  }
+}.to_json
+%>

spec/Dockerfile_spec.rb

@@ -0,0 +1,44 @@
+# Copyright (c) 2016-present Sonatype, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "serverspec"
+require "docker"
+
+describe 'Dockerfile' do
+  before(:all) do
+    Docker.options[:read_timeout] = 900
+    @image = Docker::Image.get(ENV['IMAGE_ID'])
+
+    set :os, family: :redhat
+    set :backend, :docker
+    set :docker_image, @image.id
+  end
+
+  it 'should remove solo.json during cleanup' do
+    expect(File).not_to exist('/var/chef/solo.json')
+  end
+
+  it 'should not have a chef package installed' do
+    expect(package('chef')).not_to be_installed
+  end
+
+  it 'should have a user named nexus' do
+    expect(user('nexus')).to exist
+  end
+
+  it 'should have a nexus process running' do
+    expect(process('java')).to be_running
+    expect(process('java')).to have_attributes(:user => 'nexus')
+  end
+end