Update Repository Manager to 3.26.0-04.

The default timeout for docker stop is too low, added note that more time is needed to ensure a clean shutdown.

CONTRIBUTORS.md

@@ -28,6 +28,7 @@ Sonatype internal people:
 * [@jeviolle](https://github.com/jeviolle/) (Rick Briganti/The Money)
 * [@jswank](https://github.com/jswank/) (Jason Swank)
 * [@DarthHater](https://github.com/darthhater/) (Jeffry Hesse)
+* [@dawidsawa](https://github.com/dawidsawa/) (Dawid Sawa)
 
 External contributors:
 

Dockerfile

@@ -12,26 +12,33 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM centos:centos7
+FROM registry.access.redhat.com/ubi8/ubi
 
-MAINTAINER Sonatype <cloud-ops@sonatype.com>
-
-LABEL vendor=Sonatype \
+LABEL name="Nexus Repository Manager" \
+      maintainer="Sonatype <support@sonatype.com>" \
+      vendor=Sonatype \
+      version="3.26.0-04" \
+      release="3.26.0" \
+      url="https://sonatype.com" \
+      summary="The Nexus Repository Manager server \
+          with universal support for popular component formats." \
+      description="The Nexus Repository Manager server \
+          with universal support for popular component formats." \
+      run="docker run -d --name NAME \
+          -p 8081:8081 \
+          IMAGE" \
+      stop="docker stop NAME" \
       com.sonatype.license="Apache License, Version 2.0" \
-      com.sonatype.name="Nexus Repository Manager base image"
+      com.sonatype.name="Nexus Repository Manager base image" \
+      io.k8s.description="The Nexus Repository Manager server \
+          with universal support for popular component formats." \
+      io.k8s.display-name="Nexus Repository Manager" \
+      io.openshift.expose-services="8081:8081" \
+      io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.8.0-02
+ARG NEXUS_VERSION=3.26.0-04
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=949e2e5e99a685ebce6a63ba1ca0d56bc794068922a5279bca59d15bd3ae677c
-
-ENV JAVA_HOME=/opt/java \
-    JAVA_VERSION_MAJOR=8 \
-    JAVA_VERSION_MINOR=162 \
-    JAVA_VERSION_BUILD=12 \
-    JAVA_DOWNLOAD_HASH=0da788060d494f5095bf8624735fa2f1
-
-ENV JAVA_URL=http://download.oracle.com/otn-pub/java/jdk/${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-b${JAVA_VERSION_BUILD}/${JAVA_DOWNLOAD_HASH}/server-jre-${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-linux-x64.tar.gz \
-    JAVA_DOWNLOAD_SHA256_HASH=6942684acb6001748a01fc090a18f52ebd8cbfcf7be27ec6131981906bfa8b53
+ARG NEXUS_DOWNLOAD_SHA256_HASH=f2beae514d17dfdafc45419279c5e073bbae6b20957404fa8ae1b11e8ae31de1
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
@@ -39,31 +46,33 @@ ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \
     NEXUS_DATA=/nexus-data \
     NEXUS_CONTEXT='' \
     SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \
-    DOCKER_TYPE='docker'
+    DOCKER_TYPE='rh-docker'
 
-ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20180205-125532.9212679"
+ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20190212-155606.d1afdfe"
 ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz"
 
 ADD solo.json.erb /var/chef/solo.json.erb
 
 # Install using chef-solo
-RUN curl -L https://www.getchef.com/chef/install.sh | bash \
+# Chef version locked to avoid needing to accept the EULA on behalf of whomever builds the image
+RUN yum install -y --disableplugin=subscription-manager hostname procps \
+    && curl -L https://www.getchef.com/chef/install.sh | bash -s -- -v 14.12.9 \
     && /opt/chef/embedded/bin/erb /var/chef/solo.json.erb > /var/chef/solo.json \
     && chef-solo \
        --recipe-url ${NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL} \
        --json-attributes /var/chef/solo.json \
     && rpm -qa *chef* | xargs rpm -e \
-    && rpm --rebuilddb \
     && rm -rf /etc/chef \
     && rm -rf /opt/chefdk \
     && rm -rf /var/cache/yum \
-    && rm -rf /var/chef
+    && rm -rf /var/chef \
+    && yum clean all
 
 VOLUME ${NEXUS_DATA}
 
 EXPOSE 8081
 USER nexus
 
-ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
+ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
 
 CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]

Dockerfile.rh.centos

@@ -14,12 +14,11 @@
 
 FROM centos:centos7
 
-MAINTAINER Sonatype <cloud-ops@sonatype.com>
-
 LABEL name="Nexus Repository Manager" \
+      maintainer="Sonatype <support@sonatype.com>" \
       vendor=Sonatype \
-      version="3.8.0-02" \
-      release="3.8.0" \
+      version="3.26.0-04" \
+      release="3.26.0" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -37,18 +36,9 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.8.0-02
+ARG NEXUS_VERSION=3.26.0-04
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=949e2e5e99a685ebce6a63ba1ca0d56bc794068922a5279bca59d15bd3ae677c
-
-ENV JAVA_HOME=/opt/java \
-    JAVA_VERSION_MAJOR=8 \
-    JAVA_VERSION_MINOR=162 \
-    JAVA_VERSION_BUILD=12 \
-    JAVA_DOWNLOAD_HASH=0da788060d494f5095bf8624735fa2f1
-
-ENV JAVA_URL=http://download.oracle.com/otn-pub/java/jdk/${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-b${JAVA_VERSION_BUILD}/${JAVA_DOWNLOAD_HASH}/server-jre-${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-linux-x64.tar.gz \
-    JAVA_DOWNLOAD_SHA256_HASH=6942684acb6001748a01fc090a18f52ebd8cbfcf7be27ec6131981906bfa8b53
+ARG NEXUS_DOWNLOAD_SHA256_HASH=f2beae514d17dfdafc45419279c5e073bbae6b20957404fa8ae1b11e8ae31de1
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
@@ -58,7 +48,7 @@ ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \
     SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \
     DOCKER_TYPE='rh-docker'
 
-ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20180205-125532.9212679"
+ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20190212-155606.d1afdfe"
 ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz"
 
 ADD solo.json.erb /var/chef/solo.json.erb
@@ -82,7 +72,7 @@ VOLUME ${NEXUS_DATA}
 EXPOSE 8081
 USER nexus
 
-ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
+ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
 
 ENTRYPOINT ["/uid_entrypoint.sh"]
 CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]

Dockerfile.rh.el

@@ -14,12 +14,11 @@
 
 FROM registry.access.redhat.com/rhel7/rhel
 
-MAINTAINER Sonatype <cloud-ops@sonatype.com>
-
 LABEL name="Nexus Repository Manager" \
+      maintainer="Sonatype <support@sonatype.com>" \
       vendor=Sonatype \
-      version="3.8.0-02" \
-      release="3.8.0" \
+      version="3.26.0-04" \
+      release="3.26.0" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -37,18 +36,9 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.8.0-02
+ARG NEXUS_VERSION=3.26.0-04
 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=949e2e5e99a685ebce6a63ba1ca0d56bc794068922a5279bca59d15bd3ae677c
-
-ENV JAVA_HOME=/opt/java \
-    JAVA_VERSION_MAJOR=8 \
-    JAVA_VERSION_MINOR=162 \
-    JAVA_VERSION_BUILD=12 \
-    JAVA_DOWNLOAD_HASH=0da788060d494f5095bf8624735fa2f1
-
-ENV JAVA_URL=http://download.oracle.com/otn-pub/java/jdk/${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-b${JAVA_VERSION_BUILD}/${JAVA_DOWNLOAD_HASH}/server-jre-${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-linux-x64.tar.gz \
-    JAVA_DOWNLOAD_SHA256_HASH=6942684acb6001748a01fc090a18f52ebd8cbfcf7be27ec6131981906bfa8b53
+ARG NEXUS_DOWNLOAD_SHA256_HASH=f2beae514d17dfdafc45419279c5e073bbae6b20957404fa8ae1b11e8ae31de1
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
@@ -58,7 +48,7 @@ ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \
     SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \
     DOCKER_TYPE='rh-docker'
 
-ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20180205-125532.9212679"
+ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20190212-155606.d1afdfe"
 ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz"
 
 ADD solo.json.erb /var/chef/solo.json.erb
@@ -82,7 +72,7 @@ VOLUME ${NEXUS_DATA}
 EXPOSE 8081
 USER nexus
 
-ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
+ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
 
 ENTRYPOINT ["/uid_entrypoint.sh"]
 CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]

Dockerfile.rh.ubi

@@ -0,0 +1,79 @@
+# Copyright (c) 2016-present Sonatype, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM registry.access.redhat.com/ubi8/ubi
+
+LABEL name="Nexus Repository Manager" \
+      vendor=Sonatype \
+      maintainer="Sonatype <support@sonatype.com>" \
+      version="3.26.0-04" \
+      release="3.26.0" \
+      url="https://sonatype.com" \
+      summary="The Nexus Repository Manager server \
+          with universal support for popular component formats." \
+      description="The Nexus Repository Manager server \
+          with universal support for popular component formats." \
+      run="docker run -d --name NAME \
+          -p 8081:8081 \
+          IMAGE" \
+      stop="docker stop NAME" \
+      com.sonatype.license="Apache License, Version 2.0" \
+      com.sonatype.name="Nexus Repository Manager base image" \
+      io.k8s.description="The Nexus Repository Manager server \
+          with universal support for popular component formats." \
+      io.k8s.display-name="Nexus Repository Manager" \
+      io.openshift.expose-services="8081:8081" \
+      io.openshift.tags="Sonatype,Nexus,Repository Manager"
+
+ARG NEXUS_VERSION=3.26.0-04
+ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
+ARG NEXUS_DOWNLOAD_SHA256_HASH=f2beae514d17dfdafc45419279c5e073bbae6b20957404fa8ae1b11e8ae31de1
+
+# configure nexus runtime
+ENV SONATYPE_DIR=/opt/sonatype
+ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \
+    NEXUS_DATA=/nexus-data \
+    NEXUS_CONTEXT='' \
+    SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \
+    DOCKER_TYPE='rh-docker'
+
+ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20190212-155606.d1afdfe"
+ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz"
+
+ADD solo.json.erb /var/chef/solo.json.erb
+
+# Install using chef-solo
+# Chef version locked to avoid needing to accept the EULA on behalf of whomever builds the image
+RUN curl -L https://www.getchef.com/chef/install.sh | bash -s -- -v 14.12.9 \
+    && /opt/chef/embedded/bin/erb /var/chef/solo.json.erb > /var/chef/solo.json \
+    && chef-solo \
+       --node_name nexus_repository_red_hat_docker_build \
+       --recipe-url ${NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL} \
+       --json-attributes /var/chef/solo.json \
+    && rpm -qa *chef* | xargs rpm -e \
+    && rm -rf /etc/chef \
+    && rm -rf /opt/chefdk \
+    && rm -rf /var/cache/yum \
+    && rm -rf /var/chef \
+    && yum clean all
+
+VOLUME ${NEXUS_DATA}
+
+EXPOSE 8081
+USER nexus
+
+ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
+
+ENTRYPOINT ["/uid_entrypoint.sh"]
+CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]

Jenkinsfile

@@ -3,7 +3,7 @@
  * Includes the third-party code listed at http://links.sonatype.com/products/nexus/attributions.
  * "Sonatype" is a trademark of Sonatype, Inc.
  */
-@Library('zion-pipeline-library')
+@Library('ci-pipeline-library') _
 import com.sonatype.jenkins.pipeline.GitHub
 import com.sonatype.jenkins.pipeline.OsTools
 
@@ -11,8 +11,10 @@ properties([
   parameters([
     string(defaultValue: '', description: 'New Nexus Repository Manager Version', name: 'nexus_repository_manager_version'),
     string(defaultValue: '', description: 'New Nexus Repository Manager Version Sha256', name: 'nexus_repository_manager_version_sha'),
-
-    string(defaultValue: '', description: 'New Nexus Repository Manager Cookbook Version', name: 'nexus_repository_manager_cookbook_version')
+    string(defaultValue: '', description: 'New Nexus Repository Manager Cookbook Version', name: 'nexus_repository_manager_cookbook_version'),
+    booleanParam(defaultValue: false, description: 'Skip Pushing of Docker Image and Tags', name: 'skip_push'),
+    booleanParam(defaultValue: false, description: 'Force Red Hat Certified Build for a non-master branch', name: 'force_red_hat_build'),
+    booleanParam(defaultValue: false, description: 'Skip Red Hat Certified Build', name: 'skip_red_hat_build'),
   ])
 ])
 
@@ -36,7 +38,8 @@ node('ubuntu-zion') {
       dockerFileLocations = [
         "${pwd()}/Dockerfile",
         "${pwd()}/Dockerfile.rh.centos",
-        "${pwd()}/Dockerfile.rh.el"
+        "${pwd()}/Dockerfile.rh.el",
+        "${pwd()}/Dockerfile.rh.ubi"
       ]
 
       branch = checkoutDetails.GIT_BRANCH == 'origin/master' ? 'master' : checkoutDetails.GIT_BRANCH
@@ -59,6 +62,7 @@ node('ubuntu-zion') {
         stage('Update Repository Manager Version') {
           OsTools.runSafe(this, "git checkout ${branch}")
           dockerFileLocations.each { updateRepositoryManagerVersion(it) }
+          version = getShortVersion(params.nexus_repository_manager_version)
         }
       }
       if (params.nexus_repository_manager_cookbook_version) {
@@ -102,16 +106,16 @@ node('ubuntu-zion') {
     if (currentBuild.result == 'FAILURE') {
       return
     }
-    if (params.nexus_repository_manager_version
-        && params.nexus_repository_manager_version_sha || params.nexus_repository_manager_cookbook_version) {
-      stage('Commit Repository Manager Version Update') {
+    if (params.nexus_repository_manager_version && params.nexus_repository_manager_version_sha
+          || params.nexus_repository_manager_cookbook_version) {
+      stage('Commit Automated Code Update') {
         withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'integrations-github-api',
                         usernameVariable: 'GITHUB_API_USERNAME', passwordVariable: 'GITHUB_API_PASSWORD']]) {
           def commitMessage = [
             params.nexus_repository_manager_version && params.nexus_repository_manager_version_sha ?
                 "Update Repository Manager to ${params.nexus_repository_manager_version}." : "",
             params.nexus_repository_manager_cookbook_version ?
-                "Update Repository Manager Cookbook to ${params.nexus_repository_manager_cookbook_version}." : "",
+                "Update Repository Manager Cookbook to ${params.nexus_repository_manager_cookbook_version}." : ""
           ].findAll({ it }).join(' ')
           OsTools.runSafe(this, """
             git add .
@@ -127,50 +131,59 @@ node('ubuntu-zion') {
         archiveArtifacts artifacts: "${archiveName}.tar.gz", onlyIfSuccessful: true
       }
     }
-    if (branch != 'master') {
-      return
-    }
-    input 'Push image and tags?'
-    stage('Push image') {
-      def dockerhubApiToken
-      withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'docker-hub-credentials',
-          usernameVariable: 'DOCKERHUB_API_USERNAME', passwordVariable: 'DOCKERHUB_API_PASSWORD']]) {
-        OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:${version}")
-        OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:latest")
-        OsTools.runSafe(this, """
-          docker login --username ${env.DOCKERHUB_API_USERNAME} --password ${env.DOCKERHUB_API_PASSWORD}
-        """)
-        OsTools.runSafe(this, "docker push ${organization}/${dockerHubRepository}")
+    if (branch == 'master' && ! params.skip_push) {
+      input 'Push image and tags?'
+      stage('Push image') {
+        def dockerhubApiToken
+        withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'docker-hub-credentials',
+            usernameVariable: 'DOCKERHUB_API_USERNAME', passwordVariable: 'DOCKERHUB_API_PASSWORD']]) {
+          OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:${version}")
+          OsTools.runSafe(this, "docker tag ${imageId} ${organization}/${dockerHubRepository}:latest")
+          OsTools.runSafe(this, """
+            docker login --username ${env.DOCKERHUB_API_USERNAME} --password ${env.DOCKERHUB_API_PASSWORD}
+          """)
+          OsTools.runSafe(this, "docker push ${organization}/${dockerHubRepository}")
 
-        response = OsTools.runSafe(this, """
-          curl -X POST https://hub.docker.com/v2/users/login/ \
-            -H 'cache-control: no-cache' -H 'content-type: application/json' \
-            -d '{ "username": "${env.DOCKERHUB_API_USERNAME}", "password": "${env.DOCKERHUB_API_PASSWORD}" }'
-        """)
-        token = readJSON text: response
-        dockerhubApiToken = token.token
+          response = OsTools.runSafe(this, """
+            curl -X POST https://hub.docker.com/v2/users/login/ \
+              -H 'cache-control: no-cache' -H 'content-type: application/json' \
+              -d '{ "username": "${env.DOCKERHUB_API_USERNAME}", "password": "${env.DOCKERHUB_API_PASSWORD}" }'
+          """)
+          token = readJSON text: response
+          dockerhubApiToken = token.token
 
-        def readme = readFile file: 'README.md', encoding: 'UTF-8'
-        readme = readme.replaceAll("(?s)<!--.*?-->", "")
-        readme = readme.replace("\"", "\\\"")
-        readme = readme.replace("\n", "\\n")
-        response = httpRequest customHeaders: [[name: 'authorization', value: "JWT ${dockerhubApiToken}"]],
-            acceptType: 'APPLICATION_JSON', contentType: 'APPLICATION_JSON', httpMode: 'PATCH',
-            requestBody: "{ \"full_description\": \"${readme}\" }",
-            url: "https://hub.docker.com/v2/repositories/${organization}/${dockerHubRepository}/"
+          def readme = readFile file: 'README.md', encoding: 'UTF-8'
+          readme = readme.replaceAll("(?s)<!--.*?-->", "")
+          readme = readme.replace("\"", "\\\"")
+          readme = readme.replace("\n", "\\n")
+          response = httpRequest customHeaders: [[name: 'authorization', value: "JWT ${dockerhubApiToken}"]],
+              acceptType: 'APPLICATION_JSON', contentType: 'APPLICATION_JSON', httpMode: 'PATCH',
+              requestBody: "{ \"full_description\": \"${readme}\" }",
+              url: "https://hub.docker.com/v2/repositories/${organization}/${dockerHubRepository}/"
+        }
+      }
+      stage('Push tags') {
+        withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: credentialsId,
+                          usernameVariable: 'GITHUB_API_USERNAME', passwordVariable: 'GITHUB_API_PASSWORD']]) {
+          OsTools.runSafe(this, "git tag ${version}")
+          OsTools.runSafe(this, """
+            git push \
+            https://${env.GITHUB_API_USERNAME}:${env.GITHUB_API_PASSWORD}@github.com/${organization}/${gitHubRepository}.git \
+              ${version}
+          """)
+        }
+        OsTools.runSafe(this, "git tag -d ${version}")
       }
     }
-    stage('Push tags') {
-      withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: credentialsId,
-                        usernameVariable: 'GITHUB_API_USERNAME', passwordVariable: 'GITHUB_API_PASSWORD']]) {
-        OsTools.runSafe(this, "git tag ${version}")
-        OsTools.runSafe(this, """
-          git push \
-          https://${env.GITHUB_API_USERNAME}:${env.GITHUB_API_PASSWORD}@github.com/${organization}/${gitHubRepository}.git \
-            ${version}
-        """)
+    if ((! params.skip_red_hat_build) && (branch == 'master' || params.force_red_hat_build)) {
+      stage('Trigger Red Hat Certified Image Build') {
+        withCredentials([
+            string(credentialsId: 'docker-nexus3-rh-build-project-id', variable: 'PROJECT_ID'),
+            string(credentialsId: 'rh-build-service-api-key', variable: 'API_KEY')]) {
+          final redHatVersion = "${version}-ubi"
+          runGroovy('ci/TriggerRedHatBuild.groovy', [redHatVersion, PROJECT_ID, API_KEY].join(' '))
+        }
       }
-      OsTools.runSafe(this, "git tag -d ${version}")
     }
   } finally {
     OsTools.runSafe(this, "docker logout")
@@ -183,11 +196,16 @@ def readVersion() {
   def content = readFile 'Dockerfile'
   for (line in content.split('\n')) {
     if (line.startsWith('ARG NEXUS_VERSION=')) {
-      return line.substring(18).split('-')[0]
+      return getShortVersion(line.substring(18))
     }
   }
   error 'Could not determine version.'
 }
+
+def getShortVersion(version) {
+  return version.split('-')[0]
+}
+
 def getGemInstallDirectory() {
   def content = OsTools.runSafe(this, "gem env")
   for (line in content.split('\n')) {

README.md

@@ -20,7 +20,7 @@
 
 [![Join the chat at https://gitter.im/sonatype/nexus-developers](https://badges.gitter.im/sonatype/nexus-developers.svg)](https://gitter.im/sonatype/nexus-developers?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 
-A Dockerfile for Sonatype Nexus Repository Manager 3, based on CentOS.
+A Dockerfile for Sonatype Nexus Repository Manager 3, starting with 3.18 the image is based on the [Red Hat Universal Base Image](https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image) while earlier versions used CentOS.
 
 * [Contribution Guidlines](#contribution-guidelines)
 * [Running](#running)
@@ -34,21 +34,28 @@ A Dockerfile for Sonatype Nexus Repository Manager 3, based on CentOS.
 
 ## Contribution Guidelines
 
-Go read [our contribution guidelines](/.github/CONTRIBUTING.md) to get a bit more familiar with how
+Go read [our contribution guidelines](https://github.com/sonatype/docker-nexus3/blob/master/.github/CONTRIBUTING.md) to get a bit more familiar with how
 we would like things to flow.
 
 ## Running
 
-To run, binding the exposed port 8081 to the host.
+To run, binding the exposed port 8081 to the host, use:
 
 ```
 $ docker run -d -p 8081:8081 --name nexus sonatype/nexus3
 ```
 
+When stopping, be sure to allow sufficient time for the databases to fully shut down.  
+
+```
+docker stop --time=120 <CONTAINER_NAME>
+```
+
+
 To test:
 
 ```
-$ curl -u admin:admin123 http://localhost:8081/service/metrics/ping
+$ curl http://localhost:8081/
 ```
 
 ## Building the Nexus Repository Manager image
@@ -81,15 +88,25 @@ We are using `rspec` as the test framework. `serverspec` provides a docker backe
 
 ## Red Hat Certified Image
 
-A Red Hat certified container image can be created using `Dockerfile.rh.el` which is built to be compliant with Red Had certification.
+A Red Hat certified container image can be created using `Dockerfile.rh.ubi` which is built to be compliant with Red Hat certification.
 The image includes additional meta data to comform with Kubernetes and OpenShift standards, a directory with the
 licenses applicable to the software and a man file for help on how to use the software. It also uses an ENTRYPOINT
-script the ensure the running user has access to the appropriate permissions for OpenShift 'restricted' SCC. In addition to the
-Red Hat Enterprise Linux image, `Dockerfile.rh.centos` provides the same additions but with a CentOS base.
+script the ensure the running user has access to the appropriate permissions for OpenShift 'restricted' SCC. 
+
+The Red Hat certified container image is available from the 
+[Red Hat Container Catalog](https://access.redhat.com/containers/#/registry.connect.redhat.com/sonatype/nexus-repository-manager)
+and qualified accounts can pull it from registry.connect.redhat.com.
+
+## Other Red Hat Images
+
+In addition to the Universal Base Image, we can build images based on:
+* Red Hat Enterprise Linux: `Dockerfile.rh.el`
+* CentOS: `Dockerfile.rh.centos`
 
 ## Notes
 
-* Default credentials are: `admin` / `admin123`
+* Our [system requirements](https://help.sonatype.com/display/NXRM3/System+Requirements) should be taken into account when provisioning the Docker container.
+* Default user is `admin` and the uniquely generated password can be found in the `admin.password` file inside the volume. See [Persistent Data](#user-content-persistent-data) for information about the volume.
 
 * It can take some time (2-3 minutes) for the service to launch in a
 new container.  You can tail the log to determine once Nexus is ready:
@@ -106,7 +123,7 @@ process, which runs as UID 200.
 
 * There is an environment variable that is being used to pass JVM arguments to the startup script
 
-  * `INSTALL4J_ADD_VM_PARAMS`, passed to the Install4J startup script. Defaults to `-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs`.
+  * `INSTALL4J_ADD_VM_PARAMS`, passed to the Install4J startup script. Defaults to `-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs`.
 
   This can be adjusted at runtime:
 
@@ -133,8 +150,7 @@ There are two general approaches to handling persistent storage requirements
 with Docker. See [Managing Data in Containers](https://docs.docker.com/engine/tutorials/dockervolumes/)
 for additional information.
 
-  1. *Use a data volume*.  Since data volumes are persistent
-  until no containers use them, a volume can be created specifically for
+  1. *Use a docker volume*.  Since docker volumes are persistent, a volume can be created specifically for
   this purpose.  This is the recommended approach.  
 
   ```

ci/TriggerRedHatBuild.groovy

@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 2020-present Sonatype, Inc. All rights reserved.
+ * Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
+ * "Sonatype" is a trademark of Sonatype, Inc.
+ */
+
+/**
+ * This script triggers the build service for a certified docker image at Red Hat.
+ * It's meant to be used by Jenkins via the Jenkinsfile.
+ */
+@Grab('io.github.http-builder-ng:http-builder-ng-core:1.0.4')
+
+import groovyx.net.http.HttpBuilder
+import groovyx.net.http.HttpException
+
+if (args.size() < 3) {
+  System.err.println('Usage: groovy TriggerRedhatBuild.groovy <version> <projectId> <apiKey>')
+  System.exit(1)
+}
+
+new BuildClient(*args).run()
+
+class BuildClient {
+  private static final Integer TIMEOUT_MINUTES = 20
+
+  private final String version
+  private final String projectId
+
+  private final HttpBuilder builder
+
+  BuildClient(String version, String projectId, String apiKey) {
+    this.version = version
+    this.projectId = projectId
+
+    builder = HttpBuilder.configure {
+      request.uri = 'https://connect.redhat.com'
+      request.headers['Authorization'] = "Bearer ${apiKey}"
+      request.contentType = 'application/json'
+      request.body = [:]
+    }
+  }
+
+  /**
+   * fire off a series of requests to build and publish
+   * a container.
+   */
+  void run() {
+    final nextTag = getNextTag(version)
+    println "Triggering build as ${nextTag}"
+
+    final buildStatus = build(nextTag)
+
+    if (buildStatus.status != 'Created') {
+      fail(buildStatus)
+    }
+
+    final completedBuild = getCompletedBuild(nextTag)
+
+    if (completedBuild.failure) {
+      fail(completedBuild.failure)
+    }
+
+    final published = publish(completedBuild.digest, completedBuild.name)
+
+    if (published.failure) {
+      fail(published.failure)
+    }
+
+    println published
+  }
+
+  /**
+   * calculate the cutoff time in the future in miliseconds
+   * for comparison to System.currentTimeMillis()
+   * @param start start time in millis
+   * @param minutes minutes into the future
+   * @return future time in millis
+   */
+  private Long calcCutoffTime(Long start, Integer minutes) {
+    return minutes * 60 * 1000 + start
+  }
+
+  /**
+  * fail with message and exit with an error code for jenkins to see
+  * @param message message to print
+  */
+  private void fail(String message) {
+    System.err.println(message)
+    System.exit(1)
+  }
+
+
+  /**
+  * Request current version tags available at Red Hat.
+  * @return the list of all tags
+  */
+  private List getTags() {
+    return builder.post {
+      request.uri.path = "/api/v2/projects/${projectId}/tags"
+    }.tags
+  }
+
+  /**
+  * Request current version tags available at Red Hat,
+  * and calculate the next tag to use in this build.
+  * @param version the base version we're currently building
+  * @return the full new version string to submit for the next build
+  */
+  private String getNextTag(String version) {
+    final tags = getTags()*.name.collectMany {
+      it.split(', ').collect()
+    }
+
+    final currentIndex = tags.findAll {
+      it.startsWith(version)
+    }.collect {
+      it.replaceAll(/${version}-(\d+)-?.*/, '$1') as Integer
+    }.sort().reverse()[0]
+
+    final nextIndex =((currentIndex ?: 0) as Integer) + 1
+
+    return "${version}-${nextIndex}"
+  }
+
+  /**
+  * Trigger build of the certified image at Red Hat,
+  * @param nextTag the full version tag to be assigned to the new build
+  * @return the map from json with the status of the submitted build
+  */
+  private Map build(String nextTag) {
+    return builder.post {
+      request.uri.path = "/api/v2/projects/${projectId}/build"
+      request.body = [tag: nextTag]
+    }
+  }
+
+  /**
+  * Poll for the completed (built and scanned) build at Red Hat build service.
+  * @param nextTag the full version tag assigned to the new build
+  * @return the map from json with info about the completed build
+  */
+  private Map getCompletedBuild(String nextTag) {
+    final endTime = calcCutoffTime(System.currentTimeMillis(), TIMEOUT_MINUTES)
+
+    while (System.currentTimeMillis() < endTime) {
+      println 'Waiting for build to finish.'
+      sleep 60000
+
+      try {
+        final completedBuild = getTags().find {
+          it.name == nextTag && it.scan_status == 'passed'
+        }
+
+        if (completedBuild) {
+          return completedBuild
+        }
+      } catch (HttpException ex) {
+        ex.printStackTrace()
+        System.err.println "Failed retrieving completed builds, but still trying: ${ex.statusCode} [${ex.body}]"
+      }
+    }
+
+    return [failure: "TIMEOUT waiting for complete build: ${TIMEOUT_MINUTES} minutes"]
+  }
+
+  /**
+  * Trigger publishing of the new image at Red Hat build service.
+  * @param digest hash string that identifies the container to publish
+  * @param name tag name (version) of the container image to publish
+  * @return the map from json with status of the published container image
+  */
+  private Map publish(String digest, String name) {
+    final publishPath = [
+      '/api/v2/projects',
+      projectId,
+      'containers',
+      digest,
+      'tags',
+      name,
+      'publish'
+    ].join('/')
+
+    try {
+      return builder.post {
+        request.uri.path = publishPath
+      }
+    } catch (HttpException ex) {
+      ex.printStackTrace()
+      return [failure: "Failed to publish: ${ex.statusCode} [${ex.body}]"]
+    }
+  }
+}

solo.json.erb

@@ -23,20 +23,8 @@ raise RuntimeError, 'environment variable NEXUS_DATA is required' if ENV['NEXUS_
 {
   :run_list => [ "recipe[nexus_repository_manager::#{ENV['DOCKER_TYPE']}]" ],
   :java => {
-    :jdk_version => ENV['JAVA_VERSION_MAJOR'],
-    :java_home => ENV['JAVA_HOME'],
-    :install_flavor => 'oracle',
-    :oracle => {
-      :accept_oracle_download_terms => true
-    },
-    :jdk => {
-      :'8' => {
-        :x86_64 => {
-          :url => ENV['JAVA_URL'],
-          :checksum => ENV['JAVA_DOWNLOAD_SHA256_HASH']
-        }
-      }
-    }
+    :install_flavor => 'openjdk',
+    :accept_license_agreement => true
   },
   :nexus_repository_manager => {
     :version => ENV['NEXUS_VERSION'],