Merge pull request 'Update Repository Manager to 3.70.3-01' (#9) from 3.70.3-01 into master

Reviewed-on: #9

Dockerfile

@@ -21,8 +21,8 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal
 LABEL name="Nexus Repository Manager" \
       maintainer="Sonatype <support@sonatype.com>" \
       vendor=Sonatype \
-      version="3.70.1-02" \
-      release="3.70.1" \
+      version="3.70.3-01" \
+      release="3.70.3" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -40,10 +40,10 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.70.1-02
+ARG NEXUS_VERSION=3.70.3-01
 ARG JAVA_VERSION=java8
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=29952f663982bd9781d5bc352471727826943452cfe8e9aa0e9b60ad01531d1b
+ARG NEXUS_DOWNLOAD_SHA256_HASH=3b68afab87f83a91312c74856e2cd04c220782e99f2642d974e8c37d34af61e9
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype

Dockerfile.alpine.java11

@@ -17,8 +17,8 @@ FROM alpine
 LABEL name="Nexus Repository Manager" \
       maintainer="Sonatype <support@sonatype.com>" \
       vendor=Sonatype \
-      version="3.70.0-03" \
-      release="3.70.0" \
+      version="3.70.1-02" \
+      release="3.70.1" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,10 +36,10 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.70.0-03
+ARG NEXUS_VERSION=3.70.1-02
 ARG JAVA_VERSION=java11
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=3461129eceb65876dc61992d2e6bc4ea28f0baf28b721f4e1ee39874788e6dee
+ARG NEXUS_DOWNLOAD_SHA256_HASH=38c6f81d78c2f6ae461f491d9321d36e98ff2e19eee365270d9bc92377d36588
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
@@ -55,6 +55,9 @@ RUN apk add openjdk11 tar procps gzip curl shadow \
     && groupadd --gid 200 -r nexus \
     && useradd --uid 200 -r nexus -g nexus -s /bin/false -d /opt/sonatype/nexus -c 'Nexus Repository Manager user'
 
+RUN apk del --no-cache openssl || true
+RUN apk update && apk add --no-cache openssl
+
 WORKDIR ${SONATYPE_DIR}
 
 # Download nexus & setup directories

Dockerfile.alpine.java17

@@ -17,8 +17,8 @@ FROM alpine
 LABEL name="Nexus Repository Manager" \
       maintainer="Sonatype <support@sonatype.com>" \
       vendor=Sonatype \
-      version="3.70.0-03" \
-      release="3.70.0" \
+      version="3.71.0-06" \
+      release="3.71.0" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,10 +36,10 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.70.0-03
+ARG NEXUS_VERSION=3.71.0-06
 ARG JAVA_VERSION=java17
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=1624bd55df501dc866b58c65f29e6a22087d2a07950fe4ee991d921468857ebc
+ARG NEXUS_DOWNLOAD_SHA256_HASH=b025287558184677fc231035c9f5e5e6cc4bc1cafd76d13a06233a4ed09d08f6
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
@@ -55,6 +55,9 @@ RUN apk add openjdk17 tar procps gzip curl shadow \
     && groupadd --gid 200 -r nexus \
     && useradd --uid 200 -r nexus -g nexus -s /bin/false -d /opt/sonatype/nexus -c 'Nexus Repository Manager user'
 
+RUN apk del --no-cache openssl || true
+RUN apk update && apk add --no-cache openssl
+
 WORKDIR ${SONATYPE_DIR}
 
 # Download nexus & setup directories

Dockerfile.java11

@@ -17,8 +17,8 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal
 LABEL name="Nexus Repository Manager" \
       maintainer="Sonatype <support@sonatype.com>" \
       vendor=Sonatype \
-      version="3.70.0-03" \
-      release="3.70.0" \
+      version="3.70.1-02" \
+      release="3.70.1" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,10 +36,10 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.70.0-03
+ARG NEXUS_VERSION=3.70.1-02
 ARG JAVA_VERSION=java11
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=3461129eceb65876dc61992d2e6bc4ea28f0baf28b721f4e1ee39874788e6dee
+ARG NEXUS_DOWNLOAD_SHA256_HASH=38c6f81d78c2f6ae461f491d9321d36e98ff2e19eee365270d9bc92377d36588
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype

Dockerfile.java17

@@ -17,8 +17,8 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal
 LABEL name="Nexus Repository Manager" \
       maintainer="Sonatype <support@sonatype.com>" \
       vendor=Sonatype \
-      version="3.70.0-03" \
-      release="3.70.0" \
+      version="3.71.0-06" \
+      release="3.71.0" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,10 +36,10 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.70.0-03
+ARG NEXUS_VERSION=3.71.0-06
 ARG JAVA_VERSION=java17
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=1624bd55df501dc866b58c65f29e6a22087d2a07950fe4ee991d921468857ebc 
+ARG NEXUS_DOWNLOAD_SHA256_HASH=b025287558184677fc231035c9f5e5e6cc4bc1cafd76d13a06233a4ed09d08f6 
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype

Dockerfile.rh.centos

@@ -17,8 +17,8 @@ FROM centos:centos7
 LABEL name="Nexus Repository Manager" \
       maintainer="Sonatype <support@sonatype.com>" \
       vendor=Sonatype \
-      version="3.70.1-02" \
-      release="3.70.1" \
+      version="3.70.3-01" \
+      release="3.70.3" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,10 +36,10 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.70.1-02
+ARG NEXUS_VERSION=3.70.3-01
 ARG JAVA_VERSION=java8
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=29952f663982bd9781d5bc352471727826943452cfe8e9aa0e9b60ad01531d1b
+ARG NEXUS_DOWNLOAD_SHA256_HASH=3b68afab87f83a91312c74856e2cd04c220782e99f2642d974e8c37d34af61e9
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype

Dockerfile.rh.el

@@ -17,8 +17,8 @@ FROM registry.access.redhat.com/rhel7/rhel
 LABEL name="Nexus Repository Manager" \
       maintainer="Sonatype <support@sonatype.com>" \
       vendor=Sonatype \
-      version="3.70.1-02" \
-      release="3.70.1" \
+      version="3.70.3-01" \
+      release="3.70.3" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,10 +36,10 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.70.1-02
+ARG NEXUS_VERSION=3.70.3-01
 ARG JAVA_VERSION=java8
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=29952f663982bd9781d5bc352471727826943452cfe8e9aa0e9b60ad01531d1b
+ARG NEXUS_DOWNLOAD_SHA256_HASH=3b68afab87f83a91312c74856e2cd04c220782e99f2642d974e8c37d34af61e9
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype

Dockerfile.rh.ubi

@@ -17,8 +17,8 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal
 LABEL name="Nexus Repository Manager" \
       vendor=Sonatype \
       maintainer="Sonatype <support@sonatype.com>" \
-      version="3.70.1-02" \
-      release="3.70.1" \
+      version="3.70.3-01" \
+      release="3.70.3" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,10 +36,10 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.70.1-02
+ARG NEXUS_VERSION=3.70.3-01
 ARG JAVA_VERSION=java8
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=29952f663982bd9781d5bc352471727826943452cfe8e9aa0e9b60ad01531d1b
+ARG NEXUS_DOWNLOAD_SHA256_HASH=3b68afab87f83a91312c74856e2cd04c220782e99f2642d974e8c37d34af61e9
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype

Dockerfile.rh.ubi.java11

@@ -17,8 +17,8 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal
 LABEL name="Nexus Repository Manager" \
       vendor=Sonatype \
       maintainer="Sonatype <support@sonatype.com>" \
-      version="3.70.0-03" \
-      release="3.70.0" \
+      version="3.70.1-02" \
+      release="3.70.1" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,10 +36,10 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.70.0-03
+ARG NEXUS_VERSION=3.70.1-02
 ARG JAVA_VERSION=java11
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=3461129eceb65876dc61992d2e6bc4ea28f0baf28b721f4e1ee39874788e6dee
+ARG NEXUS_DOWNLOAD_SHA256_HASH=38c6f81d78c2f6ae461f491d9321d36e98ff2e19eee365270d9bc92377d36588
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype

Dockerfile.rh.ubi.java17

@@ -17,8 +17,8 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal
 LABEL name="Nexus Repository Manager" \
       vendor=Sonatype \
       maintainer="Sonatype <support@sonatype.com>" \
-      version="3.70.0-03" \
-      release="3.70.0" \
+      version="3.71.0-06" \
+      release="3.71.0" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,10 +36,9 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.70.0-03
-ARG JAVA_VERSION=java17
-ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=1624bd55df501dc866b58c65f29e6a22087d2a07950fe4ee991d921468857ebc 
+ARG NEXUS_VERSION=3.71.0-06
+ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
+ARG NEXUS_DOWNLOAD_SHA256_HASH=b025287558184677fc231035c9f5e5e6cc4bc1cafd76d13a06233a4ed09d08f6 
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
@@ -70,11 +69,11 @@ RUN usermod -a -G root nexus \
 WORKDIR ${SONATYPE_DIR}
 
 # Download nexus & setup directories
-RUN curl -L ${NEXUS_DOWNLOAD_URL} --output nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz \
-    && echo "${NEXUS_DOWNLOAD_SHA256_HASH} nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz" > nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz.sha256 \
-    && sha256sum -c nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz.sha256 \
-    && tar -xvf nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz \
-    && rm -f nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz.sha256 \
+RUN curl -L ${NEXUS_DOWNLOAD_URL} --output nexus-${NEXUS_VERSION}-unix.tar.gz \
+    && echo "${NEXUS_DOWNLOAD_SHA256_HASH} nexus-${NEXUS_VERSION}-unix.tar.gz" > nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
+    && sha256sum -c nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
+    && tar -xvf nexus-${NEXUS_VERSION}-unix.tar.gz \
+    && rm -f nexus-${NEXUS_VERSION}-unix.tar.gz nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
     && mv nexus-${NEXUS_VERSION} $NEXUS_HOME \
     && chown -R nexus:nexus ${SONATYPE_WORK} \
     && mv ${SONATYPE_WORK}/nexus3 ${NEXUS_DATA} \

Jenkinsfile-Internal-Release

@@ -6,10 +6,8 @@
 @Library(['private-pipeline-library', 'jenkins-shared']) _
 import com.sonatype.jenkins.pipeline.OsTools
 
-String OPENJDK8 = 'OpenJDK 8'
-String OPENJDK11 = 'OpenJDK 11'
 String OPENJDK17 = 'OpenJDK 17'
-List<String> javaVersions = [OPENJDK8, OPENJDK11, OPENJDK17]
+List<String> javaVersions = [OPENJDK17]
 
 properties([
     parameters([
@@ -25,22 +23,13 @@ node('ubuntu-zion') {
   def imageName = 'sonatype/nexus3',
       archiveName = 'docker-nexus3'
 
-  def JAVA_8 = 'java8'
-  def JAVA_11 = 'java11'
   def JAVA_17 = 'java17'
-
-  def DOCKERFILE_JAVA_8 = 'Dockerfile'
-  def DOCKERFILE_JAVA_11 = 'Dockerfile.java11'
   def DOCKERFILE_JAVA_17 = 'Dockerfile.java17'
-  def DOCKERFILE_ALPINE_JAVA_11 = 'Dockerfile.alpine.java11'
   def DOCKERFILE_ALPINE_JAVA_17 = 'Dockerfile.alpine.java17'
 
   def dockerfileMap = [
-    (OPENJDK8) : [DOCKERFILE_JAVA_8],
-    (OPENJDK11): [DOCKERFILE_JAVA_11, DOCKERFILE_ALPINE_JAVA_11],
     (OPENJDK17): [DOCKERFILE_JAVA_17, DOCKERFILE_ALPINE_JAVA_17]
   ]
-
   try {
     stage('Preparation') {
       deleteDir()
@@ -60,17 +49,15 @@ node('ubuntu-zion') {
       if (params.nexus_repository_manager_version) {
         stage('Update Repository Manager Version') {
           OsTools.runSafe(this, "git checkout ${branch}")
-          dockerfileMap.each { javaVersion, dockerfiles ->
-            dockerfiles.each { dockerfile ->
-              updateRepositoryManagerVersion("${pwd()}/${dockerfile}", javaVersion)
+          dockerfileMap[OPENJDK17].each { dockerfile ->
+            updateRepositoryManagerVersion("${pwd()}/${dockerfile}", JAVA_17)
             }
-          }
           version = getShortVersion(params.nexus_repository_manager_version)
         }
       }
     }
-    def dockerfilePath = dockerfileMap[params.java_version][0]
-    def alpineDockerfilePath = params.java_version == OPENJDK8 ? null : dockerfileMap[params.java_version][1]
+    def dockerfilePath = dockerfileMap[OPENJDK17][0]
+    def alpineDockerfilePath = dockerfileMap[OPENJDK17][1]
 
     stage('Build UBI Image') {
       def baseImage = extractBaseImage(dockerfilePath)
@@ -80,26 +67,31 @@ node('ubuntu-zion') {
       def hash = OsTools.runSafe(this, "docker build --quiet --label base-image-ref='${baseImageReferenceStr}' --no-cache --tag ${imageName} . -f ${dockerfilePath}")
       imageId = hash.split(':')[1]
     }
-    if (params.java_version != OPENJDK8) {
-      stage('Build Alpine Image') {
-        def hash = OsTools.runSafe(this, "docker build --quiet --no-cache --tag ${imageName}-alpine . -f ${alpineDockerfilePath}")
-        alpineImageId = hash.split(':')[1]
-      }
+    stage('Build Alpine Image') {
+      def hash = OsTools.runSafe(this, "docker build --quiet --no-cache --tag ${imageName}-alpine . -f ${alpineDockerfilePath}")
+      alpineImageId = hash.split(':')[1]
     }
+
     if (params.scan_for_policy_violations) {
       stage('Evaluate Policies') {
+        def imagesToScan = [
+          [name: 'docker-nexus3', image: imageName],
+          [name: 'docker-nexus3-alpine', image: "${imageName}-alpine"]
+        ]
+
+        imagesToScan.each { imageConfig ->
         runEvaluation({ stage ->
-          def isAlpine = alpineDockerfilePath != null && alpineDockerfilePath.contains('alpine')
-          def iqApplicationName = isAlpine ? 'docker-nexus3-alpine' : 'docker-nexus3'
-          def imageToScan = isAlpine ? "${imageName}-alpine" : imageName
+          def iqApplicationName = imageConfig.name
+          def imageToScan = imageConfig.image
 
           nexusPolicyEvaluation(
             iqStage: stage,
             iqApplication: iqApplicationName,
             iqScanPatterns: [[scanPattern: "container:${imageToScan}"]],
-            failBuildOnNetworkError: true,
-          )
-        }, 'release')
+            failBuildOnNetworkError: false,
+            )
+          }, 'release')
+        }
       }
     }
     if (currentBuild.result == 'FAILURE') {
@@ -114,30 +106,19 @@ node('ubuntu-zion') {
     if (branch == 'main') {
       stage('Push image to RSC') {
         withSonatypeDockerRegistry() {
-          def javaVersionSuffixesMap = [
-              (OPENJDK8): JAVA_8,
-              (OPENJDK11): JAVA_11,
-              (OPENJDK17): JAVA_17
-          ]
-          def javaVersionSuffix = javaVersionSuffixesMap.get(params.java_version)
+          // Tag Images
+          sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}"
+          sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-ubi"
+          sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-java17-ubi"
+          sh "docker tag ${alpineImageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-alpine"
+          sh "docker tag ${alpineImageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-java17-alpine"
 
-          // Push UBI images
-          sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-${javaVersionSuffix}-ubi"
-          sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-${javaVersionSuffix}-ubi"
-          if (params.java_version == OPENJDK8) {
-            sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-ubi"
-            sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-ubi"
-          }
-
-          // Push Alpine images
-          if (params.java_version != OPENJDK8) {
-            sh "docker tag ${alpineImageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-${javaVersionSuffix}-alpine"
-            sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-${javaVersionSuffix}-alpine"
-            if (params.java_version == OPENJDK11) {
-              sh "docker tag ${alpineImageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-alpine"
-              sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-alpine"
-            }
-          }
+          // Push Images
+          sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}"
+          sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-ubi"
+          sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-java17-ubi"
+          sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-alpine"
+          sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-java17-alpine"
         }
       }
     }
@@ -149,7 +130,7 @@ node('ubuntu-zion') {
 }
 
 def readVersion() {
-  def content = readFile 'Dockerfile'
+  def content = readFile 'Dockerfile.java17'
   for (line in content.split('\n')) {
     if (line.startsWith('ARG NEXUS_VERSION=')) {
       return getShortVersion(line.substring(18))

Jenkinsfile-Internal-Release-OrientDB

@@ -0,0 +1,215 @@
+/*
+ * Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
+ * Includes the third-party code listed at http://links.sonatype.com/products/nexus/attributions.
+ * "Sonatype" is a trademark of Sonatype, Inc.
+ */
+@Library(['private-pipeline-library', 'jenkins-shared']) _
+import com.sonatype.jenkins.pipeline.OsTools
+
+String OPENJDK8 = 'OpenJDK 8'
+String OPENJDK11 = 'OpenJDK 11'
+String OPENJDK17 = 'OpenJDK 17'
+List<String> javaVersions = [OPENJDK8, OPENJDK11, OPENJDK17]
+
+properties([
+    parameters([
+        string(defaultValue: '', description: 'New Nexus Repository Manager Version', name: 'nexus_repository_manager_version'),
+        string(defaultValue: '', description: 'New Nexus Repository Manager URL (Optional)', name: 'nexus_repository_manager_url'),
+        choice(name: 'java_version', choices: javaVersions, description: 'Java version to run Nexus Repository Manager'),
+        booleanParam(defaultValue: false, description: 'Optional scan for policy violations', name: 'scan_for_policy_violations')
+    ])
+])
+
+node('ubuntu-zion') {
+  def commitId, commitDate, version, imageId, alpineImageId, branch
+  def imageName = 'sonatype/nexus3',
+      archiveName = 'docker-nexus3'
+
+  def JAVA_8 = 'java8'
+  def JAVA_11 = 'java11'
+  def JAVA_17 = 'java17'
+
+  def DOCKERFILE_JAVA_8 = 'Dockerfile'
+  def DOCKERFILE_JAVA_11 = 'Dockerfile.java11'
+  def DOCKERFILE_JAVA_17 = 'Dockerfile.java17'
+  def DOCKERFILE_ALPINE_JAVA_11 = 'Dockerfile.alpine.java11'
+  def DOCKERFILE_ALPINE_JAVA_17 = 'Dockerfile.alpine.java17'
+
+  def dockerfileMap = [
+    (OPENJDK8) : [DOCKERFILE_JAVA_8],
+    (OPENJDK11): [DOCKERFILE_JAVA_11, DOCKERFILE_ALPINE_JAVA_11],
+    (OPENJDK17): [DOCKERFILE_JAVA_17, DOCKERFILE_ALPINE_JAVA_17]
+  ]
+
+  try {
+    stage('Preparation') {
+      deleteDir()
+      OsTools.runSafe(this, "docker system prune -a -f")
+
+      def checkoutDetails = checkout scm
+
+      branch = checkoutDetails.GIT_BRANCH == 'origin/main' ? 'main' : checkoutDetails.GIT_BRANCH
+      commitId = checkoutDetails.GIT_COMMIT
+      commitDate = OsTools.runSafe(this, "git show -s --format=%cd --date=format:%Y%m%d-%H%M%S ${commitId}")
+
+      OsTools.runSafe(this, 'git config --global user.email sonatype-ci@sonatype.com')
+      OsTools.runSafe(this, 'git config --global user.name Sonatype CI')
+
+      version = readVersion()
+
+      if (params.nexus_repository_manager_version) {
+        stage('Update Repository Manager Version') {
+          OsTools.runSafe(this, "git checkout ${branch}")
+          dockerfileMap.each { javaVersion, dockerfiles ->
+            dockerfiles.each { dockerfile ->
+              updateRepositoryManagerVersion("${pwd()}/${dockerfile}", javaVersion)
+            }
+          }
+          version = getShortVersion(params.nexus_repository_manager_version)
+        }
+      }
+    }
+    def dockerfilePath = dockerfileMap[params.java_version][0]
+    def alpineDockerfilePath = params.java_version == OPENJDK8 ? null : dockerfileMap[params.java_version][1]
+
+    stage('Build UBI Image') {
+      def baseImage = extractBaseImage(dockerfilePath)
+      def baseImageRefFactory = load 'scripts/BaseImageReference.groovy'
+      def baseImageReference = baseImageRefFactory.build(this, baseImage as String)
+      def baseImageReferenceStr = baseImageReference.getReference()
+      def hash = OsTools.runSafe(this, "docker build --quiet --label base-image-ref='${baseImageReferenceStr}' --no-cache --tag ${imageName} . -f ${dockerfilePath}")
+      imageId = hash.split(':')[1]
+    }
+    if (params.java_version != OPENJDK8) {
+      stage('Build Alpine Image') {
+        def hash = OsTools.runSafe(this, "docker build --quiet --no-cache --tag ${imageName}-alpine . -f ${alpineDockerfilePath}")
+        alpineImageId = hash.split(':')[1]
+      }
+    }
+    if (params.scan_for_policy_violations) {
+      stage('Evaluate Policies') {
+        runEvaluation({ stage ->
+          def isAlpine = alpineDockerfilePath != null && alpineDockerfilePath.contains('alpine')
+          def iqApplicationName = isAlpine ? 'docker-nexus3-orientdb-alpine' : 'docker-nexus3-orientdb'
+          def imageToScan = isAlpine ? "${imageName}-alpine" : imageName
+
+          nexusPolicyEvaluation(
+            iqStage: stage,
+            iqApplication: iqApplicationName,
+            iqScanPatterns: [[scanPattern: "container:${imageToScan}"]],
+            failBuildOnNetworkError: true,
+          )
+        }, 'release')
+      }
+    }
+    if (currentBuild.result == 'FAILURE') {
+      return
+    }
+    stage('Archive') {
+      dir('build/target') {
+        OsTools.runSafe(this, "docker save ${imageName} | gzip > ${archiveName}.tar.gz")
+        archiveArtifacts artifacts: "${archiveName}.tar.gz", onlyIfSuccessful: true
+      }
+    }
+    stage('Push image to RSC') {
+      withSonatypeDockerRegistry() {
+        def javaVersionSuffixesMap = [
+            (OPENJDK8): JAVA_8,
+            (OPENJDK11): JAVA_11,
+            (OPENJDK17): JAVA_17
+        ]
+        def javaVersionSuffix = javaVersionSuffixesMap.get(params.java_version)
+
+        // Push UBI images
+        sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-${javaVersionSuffix}-ubi"
+        sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-${javaVersionSuffix}-ubi"
+        if (params.java_version == OPENJDK8) {
+          sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-ubi"
+          sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-ubi"
+          // Create alias for the UBI image without the suffix
+          sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}"
+          sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}"
+        }
+
+        // Push Alpine images
+        if (params.java_version != OPENJDK8) {
+          sh "docker tag ${alpineImageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-${javaVersionSuffix}-alpine"
+          sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-${javaVersionSuffix}-alpine"
+          if (params.java_version == OPENJDK11) {
+            sh "docker tag ${alpineImageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-alpine"
+            sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-alpine"
+          }
+        }
+      }
+    }
+  } finally {
+    OsTools.runSafe(this, "docker logout")
+    OsTools.runSafe(this, "docker system prune -a -f")
+    OsTools.runSafe(this, 'git clean -f && git reset --hard origin/main')
+  }
+}
+
+def readVersion() {
+  def content = readFile 'Dockerfile'
+  for (line in content.split('\n')) {
+    if (line.startsWith('ARG NEXUS_VERSION=')) {
+      return getShortVersion(line.substring(18))
+    }
+  }
+  error 'Could not determine version.'
+}
+
+def getShortVersion(version) {
+  return version.split('-')[0]
+}
+
+def updateRepositoryManagerVersion(dockerFileLocation, javaVersion) {
+  def dockerFile = readFile(file: dockerFileLocation)
+
+  def metaVersionRegex = /(version=")(\d\.\d{1,3}\.\d\-\d{2})(" \\)/
+  def metaShortVersionRegex = /(release=")(\d\.\d{1,3}\.\d)(" \\)/
+
+  def versionRegex = /(ARG NEXUS_VERSION=)(\d\.\d{1,3}\.\d\-\d{2})/
+  def shaRegex = /(ARG NEXUS_DOWNLOAD_SHA256_HASH=)([A-Fa-f0-9]{64})/
+
+  dockerFile = dockerFile.replaceAll(metaVersionRegex, "\$1${params.nexus_repository_manager_version}\$3")
+  dockerFile = dockerFile.replaceAll(metaShortVersionRegex,
+      "\$1${params.nexus_repository_manager_version.substring(0, params.nexus_repository_manager_version.indexOf('-'))}\$3")
+  dockerFile = dockerFile.replaceAll(versionRegex, "\$1${params.nexus_repository_manager_version}")
+
+  def nexusUrlRegex = /(ARG NEXUS_DOWNLOAD_URL=)(.*)/
+  def nexusUrl = params.nexus_repository_manager_url
+  if (params.nexus_repository_manager_url) {
+    dockerFile = dockerFile.replaceAll(nexusUrlRegex, "\$1${params.nexus_repository_manager_url}")
+  }
+  else {
+    // default URL
+    def defaultUrl = /https:\/\/download-staging.sonatype.com\/nexus\/3\/nexus-\$\{NEXUS_VERSION\}-unix\.tar\.gz/
+    dockerFile = dockerFile.replaceAll(nexusUrlRegex, "\$1${defaultUrl}")
+
+    def normalizedUrl = "a".replaceAll(/./, "${defaultUrl}")
+    nexusUrl = normalizedUrl.replace("\${NEXUS_VERSION}", params.nexus_repository_manager_version)
+    nexusUrl = nexusUrl.replace("\${JAVA_VERSION}", javaVersion)
+  }
+  def sha = getSha(nexusUrl)
+
+  dockerFile = dockerFile.replaceAll(shaRegex, "\$1${sha}")
+
+  writeFile(file: dockerFileLocation, text: dockerFile)
+}
+
+def getSha(url) {
+  def sha = sh (
+      script: "curl -s -L ${url} | shasum -a 256 | cut -d' ' -f1",
+      returnStdout: true
+  ).trim()
+  return sha
+}
+
+def extractBaseImage(dockerFileLocation) {
+  def dockerFile = readFile(file: dockerFileLocation)
+  def baseImageRegex = "FROM\\s+([^\\s]+)"
+  def usedImages = dockerFile =~ baseImageRegex
+
+  return usedImages[0][1]
+}

Jenkinsfile-Release

@@ -8,24 +8,20 @@ import com.sonatype.jenkins.pipeline.GitHub
 import com.sonatype.jenkins.pipeline.OsTools
 import com.sonatype.jenkins.shared.Expectation
 
-String OPENJDK8 = 'OpenJDK 8'
-String OPENJDK11 = 'OpenJDK 11'
 String OPENJDK17 = 'OpenJDK 17'
-List<String> javaVersions = [OPENJDK8, OPENJDK11, OPENJDK17]
-
+List<String> javaVersions = [OPENJDK17]
 properties([
   parameters([
     string(defaultValue: '', description: 'New Nexus Repository Manager Version', name: 'nexus_repository_manager_version'),
     string(defaultValue: '', description: 'New Nexus Repository Manager Version Sha256', name: 'nexus_repository_manager_version_sha'),
     string(defaultValue: '', description: 'New Nexus Repository Manager Cookbook Version', name: 'nexus_repository_manager_cookbook_version'),
-    choice(name: 'java_version', choices: javaVersions, description: 'Java version to run Nexus Repository Manager'),
     booleanParam(defaultValue: false, description: 'Skip Pushing of Docker Image and Tags', name: 'skip_push'),
     booleanParam(defaultValue: false, description: 'Only update the latest tag', name: 'update_latest_only')
   ])
 ])
 
 node('ubuntu-zion') {
-  def commitId, commitDate, version, imageId, alpineImageId, branch, dockerFileLocations, dockerJava11FileLocations, dockerJava17FileLocations
+  def commitId, commitDate, version, imageId, alpineImageId, branch
   def organization = 'sonatype',
       gitHubRepository = 'docker-nexus3',
       credentialsId = 'jenkins-github',
@@ -34,37 +30,18 @@ node('ubuntu-zion') {
       dockerHubRepository = 'nexus3'
   GitHub gitHub
 
-  def JAVA_8 = 'java8'
-  def JAVA_11 = 'java11'
   def JAVA_17 = 'java17'
-  def alpineDockerfilePath
-
+  dockerFileLocations = [
+    "${pwd()}/Dockerfile.java17",
+    "${pwd()}/Dockerfile.rh.ubi.java17",
+    "${pwd()}/Dockerfile.alpine.java17"
+  ]
   try {
     stage('Preparation') {
       deleteDir()
       OsTools.runSafe(this, "docker system prune -a -f")
-
       def checkoutDetails = checkout scm
 
-      dockerFileLocations = [
-        "${pwd()}/Dockerfile",
-        "${pwd()}/Dockerfile.rh.centos",
-        "${pwd()}/Dockerfile.rh.el",
-        "${pwd()}/Dockerfile.rh.ubi"
-      ]
-
-      dockerJava11FileLocations = [
-          "${pwd()}/Dockerfile.java11",
-          "${pwd()}/Dockerfile.rh.ubi.java11",
-          "${pwd()}/Dockerfile.alpine.java11"
-      ]
-
-      dockerJava17FileLocations = [
-          "${pwd()}/Dockerfile.java17",
-          "${pwd()}/Dockerfile.rh.ubi.java17",
-          "${pwd()}/Dockerfile.alpine.java17"
-      ]
-
       branch = checkoutDetails.GIT_BRANCH == 'origin/main' ? 'main' : checkoutDetails.GIT_BRANCH
       commitId = checkoutDetails.GIT_COMMIT
       commitDate = OsTools.runSafe(this, "git show -s --format=%cd --date=format:%Y%m%d-%H%M%S ${commitId}")
@@ -83,35 +60,24 @@ node('ubuntu-zion') {
       }
       gitHub = new GitHub(this, "${organization}/${gitHubRepository}", apiToken)
 
-      def dockerfileLocationsMap = [
-          (OPENJDK8): dockerFileLocations,
-          (OPENJDK11): dockerJava11FileLocations,
-          (OPENJDK17): dockerJava17FileLocations
-      ]
-      def chosenDockerfileLocations = dockerfileLocationsMap.get(params.java_version)
-
       if (params.nexus_repository_manager_version && params.nexus_repository_manager_version_sha) {
         stage('Update Repository Manager Version') {
           OsTools.runSafe(this, "git checkout ${branch}")
-          chosenDockerfileLocations.each { updateRepositoryManagerVersion(it) }
+          dockerFileLocations.each { updateRepositoryManagerVersion(it) }
           version = getShortVersion(params.nexus_repository_manager_version)
         }
       }
       if (params.nexus_repository_manager_cookbook_version) {
         stage('Update Repository Manager Cookbook Version') {
           OsTools.runSafe(this, "git checkout ${branch}")
-          chosenDockerfileLocations.each { updateRepositoryCookbookVersion(it) }
+          dockerFileLocations.each { updateRepositoryCookbookVersion(it) }
         }
       }
     }
-    stage('Build') {
+
+    stage('Build Images') {
       gitHub.statusUpdate commitId, 'pending', 'build', 'Build is running'
-      def dockerfilesMap = [
-          (OPENJDK8): 'Dockerfile',
-          (OPENJDK11): 'Dockerfile.java11',
-          (OPENJDK17): 'Dockerfile.java17'
-      ]
-      def dockerfilePath = dockerfilesMap.get(params.java_version)
+      def dockerfilePath = 'Dockerfile.java17'
       def baseImage = extractBaseImage(dockerfilePath)
       def baseImageRefFactory = load 'scripts/BaseImageReference.groovy'
       def baseImageReference = baseImageRefFactory.build(this, baseImage as String)
@@ -119,12 +85,10 @@ node('ubuntu-zion') {
       def hash = OsTools.runSafe(this, "docker build --quiet --label base-image-ref='${baseImageReferenceStr}' --no-cache --tag ${imageName} . -f ${dockerfilePath}")
       imageId = hash.split(':')[1]
 
-      // Build Alpine Image if not Java 8
-      if (params.java_version != OPENJDK8) {
-        alpineDockerfilePath = dockerfilePath.replace("Dockerfile", "Dockerfile.alpine")
-        def alpineHash = OsTools.runSafe(this, "docker build --quiet --no-cache --tag ${imageName}-alpine . -f ${alpineDockerfilePath}")
-        alpineImageId = alpineHash.split(':')[1]
-      }
+      // Build Alpine Image
+      def alpineDockerfilePath = 'Dockerfile.alpine.java17'
+      def alpineHash = OsTools.runSafe(this, "docker build --quiet --no-cache --tag ${imageName}-alpine . -f ${alpineDockerfilePath}")
+      alpineImageId = alpineHash.split(':')[1]
 
       if (currentBuild.result == 'FAILURE') {
         gitHub.statusUpdate commitId, 'failure', 'build', 'Build failed'
@@ -133,16 +97,15 @@ node('ubuntu-zion') {
         gitHub.statusUpdate commitId, 'success', 'build', 'Build succeeded'
       }
     }
+
     stage('Test') {
       gitHub.statusUpdate commitId, 'pending', 'test', 'Tests are running'
-
       validateExpectations([
         new Expectation('Has user nexus in group nexus present',
             'id', '-ng nexus', 'nexus'),
         new Expectation('Has nexus user java process present',
             'ps', '-e -o command,user | grep -q ^/usr/lib/jvm/java.*nexus$ | echo $?', '0')
       ])
-
       if (currentBuild.result == 'FAILURE') {
         gitHub.statusUpdate commitId, 'failure', 'test', 'Tests failed'
         return
@@ -152,23 +115,29 @@ node('ubuntu-zion') {
     }
 
     stage('Evaluate Policies') {
-      runEvaluation({ stage ->
-        def isAlpine = alpineDockerfilePath != null && alpineDockerfilePath.contains('alpine')
-        def iqApplicationName = isAlpine ? 'docker-nexus3-alpine' : 'docker-nexus3'
-        def imageToScan = isAlpine ? "${imageName}-alpine" : imageName
+      def imagesToScan = [
+          [name: 'docker-nexus3', image: imageName],
+          [name: 'docker-nexus3-alpine', image: "${imageName}-alpine"]
+      ]
 
-        nexusPolicyEvaluation(
-          iqStage: stage,
-          iqApplication: iqApplicationName,
-          iqScanPatterns: [[scanPattern: "container:${imageToScan}"]],
-          failBuildOnNetworkError: true,
-        )
-      }, 'release')
+      imagesToScan.each { imageConfig ->
+        runEvaluation({ stage ->
+          def iqApplicationName = imageConfig.name
+          def imageToScan = imageConfig.image
+
+          nexusPolicyEvaluation(
+            iqStage: stage,
+            iqApplication: iqApplicationName,
+            iqScanPatterns: [[scanPattern: "container:${imageToScan}"]],
+            failBuildOnNetworkError: true,
+          )
+        }, 'release')
+      }
     }
-
     if (currentBuild.result == 'FAILURE') {
-      return
+          return
     }
+
     if (params.nexus_repository_manager_version && params.nexus_repository_manager_version_sha
           || params.nexus_repository_manager_cookbook_version) {
       stage('Commit Automated Code Update') {
@@ -206,49 +175,22 @@ node('ubuntu-zion') {
                           credentialsId: 'docker-hub-credentials',
                           usernameVariable: 'DOCKERHUB_API_USERNAME',
                           passwordVariable: 'DOCKERHUB_API_PASSWORD']]) {
-          def javaVersionSuffixesMap = [
-              (OPENJDK8): JAVA_8,
-              (OPENJDK11): JAVA_11,
-              (OPENJDK17): JAVA_17
-          ]
-          def javaVersionSuffix = javaVersionSuffixesMap.get(params.java_version)
 
           // Push UBI image
-          OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:${version}-${javaVersionSuffix}-ubi")
-          if (params.java_version == OPENJDK8) {
-            OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:${version}-ubi")
-            OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:${version}")
-            OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:latest")
-          }
+          OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:${version}")
+          OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:${version}-ubi")
+          OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:${version}-java17-ubi")
+          OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:latest")
+
+          // Push Alpine Image
+          OsTools.runSafe(this, "docker tag ${alpineImageId} ${organization}/${dockerHubRepository}:${version}-alpine")
+          OsTools.runSafe(this, "docker tag ${alpineImageId} ${organization}/${dockerHubRepository}:${version}-java17-alpine")
 
           OsTools.runSafe(this, """
             docker login --username ${env.DOCKERHUB_API_USERNAME} --password ${env.DOCKERHUB_API_PASSWORD}
           """)
 
-          def dockerPushCmdsMap = [
-              (OPENJDK8): "docker push --all-tags ${organization}/${dockerHubRepository}",
-              (OPENJDK11): "docker push ${organization}/${dockerHubRepository}:${version}-${JAVA_11}-ubi",
-              (OPENJDK17): "docker push ${organization}/${dockerHubRepository}:${version}-${JAVA_17}-ubi"
-          ]
-          def dockerPushCmd = dockerPushCmdsMap.get(params.java_version)
-
-          OsTools.runSafe(this, dockerPushCmd)
-
-          // Push Alpine image if not Java 8
-          if (params.java_version != OPENJDK8) {
-            OsTools.runSafe(this, "docker tag ${alpineImageId} ${organization}/${dockerHubRepository}:${version}-${javaVersionSuffix}-alpine")
-            if (params.java_version == OPENJDK11) {
-              OsTools.runSafe(this, "docker tag ${alpineImageId} ${organization}/${dockerHubRepository}:${version}-alpine")
-            }
-
-            def alpineDockerPushCmdsMap = [
-                (OPENJDK11): "docker push ${organization}/${dockerHubRepository}:${version}-${JAVA_11}-alpine",
-                (OPENJDK17): "docker push ${organization}/${dockerHubRepository}:${version}-${JAVA_17}-alpine"
-            ]
-            def alpineDockerPushCmd = alpineDockerPushCmdsMap.get(params.java_version)
-
-            OsTools.runSafe(this, alpineDockerPushCmd)
-          }
+          OsTools.runSafe(this, "docker push --all-tags ${organization}/${dockerHubRepository}")
 
           response = OsTools.runSafe(this, """
             curl -X POST https://hub.docker.com/v2/users/login/ \
@@ -269,13 +211,17 @@ node('ubuntu-zion') {
 
           // push to internal repos
           withSonatypeDockerRegistry() {
-            sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}-${javaVersionSuffix}"
-            sh "docker push docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}-${javaVersionSuffix}"
+            sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}"
+            sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}-ubi"
+            sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}-java17-ubi"
+            sh "docker tag ${alpineImageId} docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}-alpine"
+            sh "docker tag ${alpineImageId} docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}-java17-alpine"
 
-            if (params.java_version == OPENJDK8) {
-              sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}"
-              sh "docker push docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}"
-            }
+            sh "docker push docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}"
+            sh "docker push docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}-ubi"
+            sh "docker push docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}-java17-ubi"
+            sh "docker push docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}-alpine"
+            sh "docker push docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}-java17-alpine"
           }
         }
       }
@@ -316,7 +262,7 @@ node('ubuntu-zion') {
 }
 
 def readVersion() {
-  def content = readFile 'Dockerfile'
+  def content = readFile 'Dockerfile.java17'
   for (line in content.split('\n')) {
     if (line.startsWith('ARG NEXUS_VERSION=')) {
       return getShortVersion(line.substring(18))

Jenkinsfile-Release-OrientDB

@@ -0,0 +1,330 @@
+/*
+ * Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
+ * Includes the third-party code listed at http://links.sonatype.com/products/nexus/attributions.
+ * "Sonatype" is a trademark of Sonatype, Inc.
+ */
+@Library(['private-pipeline-library', 'jenkins-shared']) _
+import com.sonatype.jenkins.pipeline.GitHub
+import com.sonatype.jenkins.pipeline.OsTools
+import com.sonatype.jenkins.shared.Expectation
+
+String OPENJDK8 = 'OpenJDK 8'
+String OPENJDK11 = 'OpenJDK 11'
+String OPENJDK17 = 'OpenJDK 17'
+List<String> javaVersions = [OPENJDK8, OPENJDK11, OPENJDK17]
+
+properties([
+  parameters([
+    string(defaultValue: '', description: 'New Nexus Repository Manager Version', name: 'nexus_repository_manager_version'),
+    string(defaultValue: '', description: 'New Nexus Repository Manager Version Sha256', name: 'nexus_repository_manager_version_sha'),
+    string(defaultValue: '', description: 'New Nexus Repository Manager Cookbook Version', name: 'nexus_repository_manager_cookbook_version'),
+    choice(name: 'java_version', choices: javaVersions, description: 'Java version to run Nexus Repository Manager'),
+    booleanParam(defaultValue: false, description: 'Skip Pushing of Docker Image and Tags', name: 'skip_push'),
+  ])
+])
+
+node('ubuntu-zion') {
+  def commitId, commitDate, version, branch, dockerFileLocations, dockerJava11FileLocations, dockerJava17FileLocations
+  def organization = 'sonatype',
+      gitHubRepository = 'docker-nexus3',
+      credentialsId = 'jenkins-github',
+      imageName = 'sonatype/nexus3',
+      archiveName = 'docker-nexus3',
+      dockerHubRepository = 'nexus3'
+  GitHub gitHub
+
+  def JAVA_8 = 'java8'
+  def JAVA_11 = 'java11'
+  def JAVA_17 = 'java17'
+  def alpineDockerfilePath
+
+  try {
+    stage('Preparation') {
+      deleteDir()
+      OsTools.runSafe(this, "docker system prune -a -f")
+
+      def checkoutDetails = checkout scm
+
+      dockerFileLocations = [
+        "${pwd()}/Dockerfile",
+        "${pwd()}/Dockerfile.rh.centos",
+        "${pwd()}/Dockerfile.rh.el",
+        "${pwd()}/Dockerfile.rh.ubi"
+      ]
+
+      dockerJava11FileLocations = [
+          "${pwd()}/Dockerfile.java11",
+          "${pwd()}/Dockerfile.rh.ubi.java11",
+          "${pwd()}/Dockerfile.alpine.java11"
+      ]
+
+      dockerJava17FileLocations = [
+          "${pwd()}/Dockerfile.java17",
+          "${pwd()}/Dockerfile.rh.ubi.java17",
+          "${pwd()}/Dockerfile.alpine.java17"
+      ]
+
+      branch = checkoutDetails.GIT_BRANCH == 'origin/main' ? 'main' : checkoutDetails.GIT_BRANCH
+      commitId = checkoutDetails.GIT_COMMIT
+      commitDate = OsTools.runSafe(this, "git show -s --format=%cd --date=format:%Y%m%d-%H%M%S ${commitId}")
+
+      OsTools.runSafe(this, 'git config --global user.email sonatype-ci@sonatype.com')
+      OsTools.runSafe(this, 'git config --global user.name Sonatype CI')
+
+      version = readVersion()
+
+      def apiToken
+      withCredentials([[$class: 'UsernamePasswordMultiBinding',
+                        credentialsId: credentialsId,
+                        usernameVariable: 'GITHUB_API_USERNAME',
+                        passwordVariable: 'GITHUB_API_PASSWORD']]) {
+        apiToken = env.GITHUB_API_PASSWORD
+      }
+      gitHub = new GitHub(this, "${organization}/${gitHubRepository}", apiToken)
+
+      def dockerfileLocationsMap = [
+          (OPENJDK8): dockerFileLocations,
+          (OPENJDK11): dockerJava11FileLocations,
+          (OPENJDK17): dockerJava17FileLocations
+      ]
+      def chosenDockerfileLocations = dockerfileLocationsMap.get(params.java_version)
+
+      if (params.nexus_repository_manager_version && params.nexus_repository_manager_version_sha) {
+        stage('Update Repository Manager Version') {
+          OsTools.runSafe(this, "git checkout ${branch}")
+          chosenDockerfileLocations.each { updateRepositoryManagerVersion(it) }
+          version = getShortVersion(params.nexus_repository_manager_version)
+        }
+      }
+      if (params.nexus_repository_manager_cookbook_version) {
+        stage('Update Repository Manager Cookbook Version') {
+          OsTools.runSafe(this, "git checkout ${branch}")
+          chosenDockerfileLocations.each { updateRepositoryCookbookVersion(it) }
+        }
+      }
+    }
+    stage('Build') {
+      gitHub.statusUpdate commitId, 'pending', 'build', 'Build is running'
+      def dockerfilesMap = [
+          (OPENJDK8): 'Dockerfile',
+          (OPENJDK11): 'Dockerfile.java11',
+          (OPENJDK17): 'Dockerfile.java17'
+      ]
+      def dockerfilePath = dockerfilesMap.get(params.java_version)
+      def baseImage = extractBaseImage(dockerfilePath)
+      def baseImageRefFactory = load 'scripts/BaseImageReference.groovy'
+      def baseImageReference = baseImageRefFactory.build(this, baseImage as String)
+      def baseImageReferenceStr = baseImageReference.getReference()
+      OsTools.runSafe(this, "docker build --label base-image-ref='${baseImageReferenceStr}' --no-cache --tag ${imageName} . -f ${dockerfilePath}")
+
+
+      // Build Alpine Image if not Java 8
+      if (params.java_version != OPENJDK8) {
+        alpineDockerfilePath = dockerfilePath.replace("Dockerfile", "Dockerfile.alpine")
+        OsTools.runSafe(this, "docker build --no-cache --tag ${imageName}-alpine . -f ${alpineDockerfilePath}")
+      }
+
+      if (currentBuild.result == 'FAILURE') {
+        gitHub.statusUpdate commitId, 'failure', 'build', 'Build failed'
+        return
+      } else {
+        gitHub.statusUpdate commitId, 'success', 'build', 'Build succeeded'
+      }
+    }
+    stage('Evaluate Policies') {
+      runEvaluation({ stage ->
+        def isAlpine = alpineDockerfilePath != null && alpineDockerfilePath.contains('alpine')
+        def iqApplicationName = isAlpine ? 'docker-nexus3-alpine' : 'docker-nexus3'
+        def imageToScan = isAlpine ? "${imageName}-alpine" : imageName
+
+        nexusPolicyEvaluation(
+          iqStage: stage,
+          iqApplication: iqApplicationName,
+          iqScanPatterns: [[scanPattern: "container:${imageToScan}"]],
+          failBuildOnNetworkError: true,
+        )
+      }, 'release')
+    }
+
+    if (currentBuild.result == 'FAILURE') {
+      return
+    }
+    if (params.nexus_repository_manager_version && params.nexus_repository_manager_version_sha
+          || params.nexus_repository_manager_cookbook_version) {
+      stage('Commit Automated Code Update') {
+        withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'jenkins-github',
+                        usernameVariable: 'GITHUB_API_USERNAME', passwordVariable: 'GITHUB_API_PASSWORD']]) {
+          def commitMessage = [
+            params.nexus_repository_manager_version && params.nexus_repository_manager_version_sha ?
+                "Update Repository Manager to ${params.nexus_repository_manager_version}." : "",
+            params.nexus_repository_manager_cookbook_version ?
+                "Update Repository Manager Cookbook to ${params.nexus_repository_manager_cookbook_version}." : ""
+          ].findAll({ it }).join(' ')
+
+
+            OsTools.runSafe(this, """
+              git add .
+              git commit -m '${commitMessage}'
+              git push https://${env.GITHUB_API_USERNAME}:${env.GITHUB_API_PASSWORD}@github.com/${organization}/${gitHubRepository}.git ${branch}
+            """)
+
+        }
+      }
+    }
+    stage('Archive') {
+      dir('build/target') {
+        OsTools.runSafe(this, "docker save ${imageName} | gzip > ${archiveName}.tar.gz")
+        archiveArtifacts artifacts: "${archiveName}.tar.gz", onlyIfSuccessful: true
+      }
+    }
+    if (!params.skip_push) {
+      input 'Push image and tags?'
+      stage('Push image') {
+        def dockerhubApiToken
+
+        withCredentials([[$class: 'UsernamePasswordMultiBinding',
+                          credentialsId: 'docker-hub-credentials',
+                          usernameVariable: 'DOCKERHUB_API_USERNAME',
+                          passwordVariable: 'DOCKERHUB_API_PASSWORD']]) {
+          def javaVersionSuffixesMap = [
+              (OPENJDK8): JAVA_8,
+              (OPENJDK11): JAVA_11,
+              (OPENJDK17): JAVA_17
+          ]
+          def javaVersionSuffix = javaVersionSuffixesMap.get(params.java_version)
+
+          // Push UBI image
+          OsTools.runSafe(this, "docker tag ${imageName} ${organization}/${dockerHubRepository}:${version}-${javaVersionSuffix}-ubi")
+          if (params.java_version == OPENJDK8) {
+            OsTools.runSafe(this, "docker tag ${imageName} ${organization}/${dockerHubRepository}:${version}-ubi")
+            OsTools.runSafe(this, "docker tag ${imageName} ${organization}/${dockerHubRepository}:${version}")
+          }
+
+          OsTools.runSafe(this, """
+            docker login --username ${env.DOCKERHUB_API_USERNAME} --password ${env.DOCKERHUB_API_PASSWORD}
+          """)
+
+          def dockerPushCmdsMap = [
+              (OPENJDK8): "docker push ${organization}/${dockerHubRepository}",
+              (OPENJDK11): "docker push ${organization}/${dockerHubRepository}:${version}-${JAVA_11}-ubi",
+              (OPENJDK17): "docker push ${organization}/${dockerHubRepository}:${version}-${JAVA_17}-ubi"
+          ]
+          def dockerPushCmd = dockerPushCmdsMap.get(params.java_version)
+
+          OsTools.runSafe(this, dockerPushCmd)
+
+          // Push Alpine image if not Java 8
+          if (params.java_version != OPENJDK8) {
+            OsTools.runSafe(this, "docker tag ${imageName}-alpine ${organization}/${dockerHubRepository}:${version}-${javaVersionSuffix}-alpine")
+            if (params.java_version == OPENJDK11) {
+              OsTools.runSafe(this, "docker tag ${imageName}-alpine ${organization}/${dockerHubRepository}:${version}-alpine")
+            }
+
+            def alpineDockerPushCmdsMap = [
+                (OPENJDK11): "docker push ${organization}/${dockerHubRepository}:${version}-${JAVA_11}-alpine",
+                (OPENJDK17): "docker push ${organization}/${dockerHubRepository}:${version}-${JAVA_17}-alpine"
+            ]
+            def alpineDockerPushCmd = alpineDockerPushCmdsMap.get(params.java_version)
+
+            OsTools.runSafe(this, alpineDockerPushCmd)
+          }
+
+          response = OsTools.runSafe(this, """
+            curl -X POST https://hub.docker.com/v2/users/login/ \
+              -H 'cache-control: no-cache' -H 'content-type: application/json' \
+              -d '{ "username": "${env.DOCKERHUB_API_USERNAME}", "password": "${env.DOCKERHUB_API_PASSWORD}" }'
+          """)
+          token = readJSON text: response
+          dockerhubApiToken = token.token
+
+          def readme = readFile file: 'README.md', encoding: 'UTF-8'
+          readme = readme.replaceAll("(?s)<!--.*?-->", "")
+          readme = readme.replace("\"", "\\\"")
+          readme = readme.replace("\n", "\\n")
+          response = httpRequest customHeaders: [[name: 'authorization', value: "JWT ${dockerhubApiToken}"]],
+              acceptType: 'APPLICATION_JSON', contentType: 'APPLICATION_JSON', httpMode: 'PATCH',
+              requestBody: "{ \"full_description\": \"${readme}\" }",
+              url: "https://hub.docker.com/v2/repositories/${organization}/${dockerHubRepository}/"
+
+          // push to internal repos
+          withSonatypeDockerRegistry() {
+            sh "docker tag ${imageName} docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}-${javaVersionSuffix}"
+            sh "docker push docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}-${javaVersionSuffix}"
+
+            if (params.java_version == OPENJDK8) {
+              sh "docker tag ${imageName} docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}"
+              sh "docker push docker-all.repo.sonatype.com/sonatype-internal/${dockerHubRepository}:${version}"
+            }
+          }
+        }
+      }
+      stage('Push tags') {
+        withCredentials([[$class: 'UsernamePasswordMultiBinding',
+                          credentialsId: credentialsId,
+                          usernameVariable: 'GITHUB_API_USERNAME',
+                          passwordVariable: 'GITHUB_API_PASSWORD']]) {
+          OsTools.runSafe(this, "git tag ${version}")
+          OsTools.runSafe(this, """
+            git push \
+            https://${env.GITHUB_API_USERNAME}:${env.GITHUB_API_PASSWORD}@github.com/${organization}/${gitHubRepository}.git \
+              ${version}
+          """)
+        }
+        OsTools.runSafe(this, "git tag -d ${version}")
+      }
+    }
+  } finally {
+    OsTools.runSafe(this, "docker logout")
+    OsTools.runSafe(this, "docker system prune -a -f")
+  }
+}
+
+def readVersion() {
+  def content = readFile 'Dockerfile'
+  for (line in content.split('\n')) {
+    if (line.startsWith('ARG NEXUS_VERSION=')) {
+      return getShortVersion(line.substring(18))
+    }
+  }
+  error 'Could not determine version.'
+}
+
+def getShortVersion(version) {
+  return version.split('-')[0]
+}
+
+def updateRepositoryManagerVersion(dockerFileLocation) {
+  def dockerFile = readFile(file: dockerFileLocation)
+
+  def metaVersionRegex = /(version=")(\d\.\d{1,3}\.\d\-\d{2})(" \\)/
+  def metaShortVersionRegex = /(release=")(\d\.\d{1,3}\.\d)(" \\)/
+
+  def versionRegex = /(ARG NEXUS_VERSION=)(\d\.\d{1,3}\.\d\-\d{2})/
+  def shaRegex = /(ARG NEXUS_DOWNLOAD_SHA256_HASH=)([A-Fa-f0-9]{64})/
+
+  dockerFile = dockerFile.replaceAll(metaVersionRegex, "\$1${params.nexus_repository_manager_version}\$3")
+  dockerFile = dockerFile.replaceAll(metaShortVersionRegex,
+    "\$1${params.nexus_repository_manager_version.substring(0, params.nexus_repository_manager_version.indexOf('-'))}\$3")
+  dockerFile = dockerFile.replaceAll(versionRegex, "\$1${params.nexus_repository_manager_version}")
+  dockerFile = dockerFile.replaceAll(shaRegex, "\$1${params.nexus_repository_manager_version_sha}")
+
+  writeFile(file: dockerFileLocation, text: dockerFile)
+}
+
+def updateRepositoryCookbookVersion(dockerFileLocation) {
+  def dockerFile = readFile(file: dockerFileLocation)
+
+  def cookbookVersionRegex = /(ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION=")(release-\d\.\d\.\d{8}\-\d{6}\.[a-z0-9]{7})(")/
+
+  dockerFile = dockerFile.replaceAll(cookbookVersionRegex, "\$1${params.nexus_repository_manager_cookbook_version}\$3")
+
+  writeFile(file: dockerFileLocation, text: dockerFile)
+}
+
+def extractBaseImage (dockerFileLocation) {
+  def dockerFile = readFile(file: dockerFileLocation)
+  def baseImageRegex = "FROM\\s+([^\\s]+)"
+  def usedImages = dockerFile =~ baseImageRegex
+
+  return usedImages[0][1]
+}

Jenkinsfile.rh

@@ -5,29 +5,17 @@
  */
 @Library(['private-pipeline-library', 'jenkins-shared']) _
 
-String OPENJDK8 = 'OpenJDK 8'
-String OPENJDK11 = 'OpenJDK 11'
-String OPENJDK17 = 'OpenJDK 17'
-List<String> javaVersions = [OPENJDK8, OPENJDK11, OPENJDK17]
-
 properties([
   parameters([
     string(name: 'version', description: 'Version tag to apply to the image, like 3.41.0-ubi-1.'),
-    choice(name: 'java_version', choices: javaVersions, description: 'Java version to run Nexus Repository Manager')
   ]),
 ])
 
 node('ubuntu-zion') {
-  def JAVA_8 = 'java8'
-  def JAVA_11 = 'java11'
-  def JAVA_17 = 'java17'
-
   try {
     stage('Preparation') {
       deleteDir()
-
       checkout scm
-
       sh 'docker system prune -a -f'
       sh '''
         wget -q -O preflight \
@@ -45,13 +33,7 @@ node('ubuntu-zion') {
             credentialsId: 'red-hat-api-token',
             variable: 'API_TOKEN')
       ]) {
-        def javaVersionsMap = [
-            (OPENJDK8): JAVA_8,
-            (OPENJDK11): JAVA_11,
-            (OPENJDK17): JAVA_17
-        ]
-        def javaVersion = javaVersionsMap.get(params.java_version)
-        def dockerfilePath = 'Dockerfile.rh.ubi'
+        def dockerfilePath = 'Dockerfile.rh.ubi.java17'
 
         def baseImage = extractBaseImage(dockerfilePath)
         def baseImageRefFactory = load 'scripts/BaseImageReference.groovy'
@@ -59,7 +41,6 @@ node('ubuntu-zion') {
         def baseImageReferenceStr = baseImageReference.getReference()
 
         def buildRedhatImageShCmd = 'PATH="$PATH:." VERSION=$version ' +
-            "JAVA_VERSION=${javaVersion} " +
             "DOCKERFILE='${dockerfilePath}' " +
             "BASE_IMG_REF='${baseImageReferenceStr}' " +
             './build_red_hat_image.sh'
@@ -77,6 +58,5 @@ def extractBaseImage (dockerFileLocation) {
   def dockerFile = readFile(file: dockerFileLocation)
   def baseImageRegex = "FROM\\s+([^\\s]+)"
   def usedImages = dockerFile =~ baseImageRegex
-
   return usedImages[0][1]
 }

build_red_hat_image.sh

@@ -29,13 +29,10 @@
 #   * REGISTRY_LOGIN from Red Hat config page for image
 #   * REGISTRY_PASSWORD from Red Hat config page for image
 #   * API_TOKEN from red hat token/account page for API access
-#   * JAVA_VERSION java version to version docker images (e.g.: "java8", "java11", "java17")
 
 set -x # log commands as they execute
 set -e # stop execution on the first failed command
 
-JAVA_8="java8"
-
 # from config/scanning page at red hat
 CERT_PROJECT_ID=5e61d90a38776799eb517bd2
 
@@ -43,11 +40,6 @@ REPOSITORY="quay.io"
 IMAGE_LATEST="${REPOSITORY}/redhat-isv-containers/${CERT_PROJECT_ID}:latest"
 IMAGE_TAG="${REPOSITORY}/redhat-isv-containers/${CERT_PROJECT_ID}:${VERSION}"
 
-if [[ $JAVA_VERSION != $JAVA_8 ]]; then
-  DOCKERFILE="${DOCKERFILE}.${JAVA_VERSION}"
-  IMAGE_TAG="${REPOSITORY}/redhat-isv-containers/${CERT_PROJECT_ID}:${VERSION}-${JAVA_VERSION}"
-fi
-
 AUTHFILE="${HOME}/.docker/config.json"
 
 docker build -f "${DOCKERFILE}" --label base-image-ref=${BASE_IMG_REF} -t "${IMAGE_TAG}" .
@@ -58,10 +50,7 @@ docker login "${REPOSITORY}" \
        --password "${REGISTRY_PASSWORD}"
 
 docker push "${IMAGE_TAG}"
-
-if [[ $JAVA_VERSION == $JAVA_8 ]]; then
-  docker push "${IMAGE_LATEST}"
-fi
+docker push "${IMAGE_LATEST}"
 
 preflight check container \
           "${IMAGE_TAG}" \