Custom-Dockers/docker-nexus3
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
226895aabda2512eccb359200ef92fd90e0800a8
docker-nexus3/Jenkinsfile-Internal-Release
Mpho raf beac8cf839
Some checks failed
continuous-integration/drone Build is failing
Details
Update Repository Manager to 3.70.3-01
2024-12-30 22:50:20 +02:00

196 lines
7.8 KiB
Plaintext
Raw Blame History

/*
* Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
* Includes the third-party code listed at http://links.sonatype.com/products/nexus/attributions.
* "Sonatype" is a trademark of Sonatype, Inc.
*/
@Library(['private-pipeline-library', 'jenkins-shared']) _
import com.sonatype.jenkins.pipeline.OsTools
String OPENJDK17 = 'OpenJDK 17'
List<String> javaVersions = [OPENJDK17]
properties([
parameters([
string(defaultValue: '', description: 'New Nexus Repository Manager Version', name: 'nexus_repository_manager_version'),
string(defaultValue: '', description: 'New Nexus Repository Manager URL (Optional)', name: 'nexus_repository_manager_url'),
choice(name: 'java_version', choices: javaVersions, description: 'Java version to run Nexus Repository Manager'),
booleanParam(defaultValue: false, description: 'Optional scan for policy violations', name: 'scan_for_policy_violations')
])
])
node('ubuntu-zion') {
def commitId, commitDate, version, imageId, alpineImageId, branch
def imageName = 'sonatype/nexus3',
archiveName = 'docker-nexus3'
def JAVA_17 = 'java17'
def DOCKERFILE_JAVA_17 = 'Dockerfile.java17'
def DOCKERFILE_ALPINE_JAVA_17 = 'Dockerfile.alpine.java17'
def dockerfileMap = [
(OPENJDK17): [DOCKERFILE_JAVA_17, DOCKERFILE_ALPINE_JAVA_17]
]
try {
stage('Preparation') {
deleteDir()
OsTools.runSafe(this, "docker system prune -a -f")
def checkoutDetails = checkout scm
branch = checkoutDetails.GIT_BRANCH == 'origin/main' ? 'main' : checkoutDetails.GIT_BRANCH
commitId = checkoutDetails.GIT_COMMIT
commitDate = OsTools.runSafe(this, "git show -s --format=%cd --date=format:%Y%m%d-%H%M%S ${commitId}")
OsTools.runSafe(this, 'git config --global user.email sonatype-ci@sonatype.com')
OsTools.runSafe(this, 'git config --global user.name Sonatype CI')
version = readVersion()
if (params.nexus_repository_manager_version) {
stage('Update Repository Manager Version') {
OsTools.runSafe(this, "git checkout ${branch}")
dockerfileMap[OPENJDK17].each { dockerfile ->
updateRepositoryManagerVersion("${pwd()}/${dockerfile}", JAVA_17)
}
version = getShortVersion(params.nexus_repository_manager_version)
}
}
}
def dockerfilePath = dockerfileMap[OPENJDK17][0]
def alpineDockerfilePath = dockerfileMap[OPENJDK17][1]
stage('Build UBI Image') {
def baseImage = extractBaseImage(dockerfilePath)
def baseImageRefFactory = load 'scripts/BaseImageReference.groovy'
def baseImageReference = baseImageRefFactory.build(this, baseImage as String)
def baseImageReferenceStr = baseImageReference.getReference()
def hash = OsTools.runSafe(this, "docker build --quiet --label base-image-ref='${baseImageReferenceStr}' --no-cache --tag ${imageName} . -f ${dockerfilePath}")
imageId = hash.split(':')[1]
}
stage('Build Alpine Image') {
def hash = OsTools.runSafe(this, "docker build --quiet --no-cache --tag ${imageName}-alpine . -f ${alpineDockerfilePath}")
alpineImageId = hash.split(':')[1]
}
if (params.scan_for_policy_violations) {
stage('Evaluate Policies') {
def imagesToScan = [
[name: 'docker-nexus3', image: imageName],
[name: 'docker-nexus3-alpine', image: "${imageName}-alpine"]
]
imagesToScan.each { imageConfig ->
runEvaluation({ stage ->
def iqApplicationName = imageConfig.name
def imageToScan = imageConfig.image
nexusPolicyEvaluation(
iqStage: stage,
iqApplication: iqApplicationName,
iqScanPatterns: [[scanPattern: "container:${imageToScan}"]],
failBuildOnNetworkError: false,
)
}, 'release')
}
}
}
if (currentBuild.result == 'FAILURE') {
return
}
stage('Archive') {
dir('build/target') {
OsTools.runSafe(this, "docker save ${imageName} | gzip > ${archiveName}.tar.gz")
archiveArtifacts artifacts: "${archiveName}.tar.gz", onlyIfSuccessful: true
}
}
if (branch == 'main') {
stage('Push image to RSC') {
withSonatypeDockerRegistry() {
// Tag Images
sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}"
sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-ubi"
sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-java17-ubi"
sh "docker tag ${alpineImageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-alpine"
sh "docker tag ${alpineImageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-java17-alpine"
// Push Images
sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}"
sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-ubi"
sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-java17-ubi"
sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-alpine"
sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-java17-alpine"
}
}
}
} finally {
OsTools.runSafe(this, "docker logout")
OsTools.runSafe(this, "docker system prune -a -f")
OsTools.runSafe(this, 'git clean -f && git reset --hard origin/main')
}
}
def readVersion() {
def content = readFile 'Dockerfile.java17'
for (line in content.split('\n')) {
if (line.startsWith('ARG NEXUS_VERSION=')) {
return getShortVersion(line.substring(18))
}
}
error 'Could not determine version.'
}
def getShortVersion(version) {
return version.split('-')[0]
}
def updateRepositoryManagerVersion(dockerFileLocation, javaVersion) {
def dockerFile = readFile(file: dockerFileLocation)
def metaVersionRegex = /(version=")(\d\.\d{1,3}\.\d\-\d{2})(" \\)/
def metaShortVersionRegex = /(release=")(\d\.\d{1,3}\.\d)(" \\)/
def versionRegex = /(ARG NEXUS_VERSION=)(\d\.\d{1,3}\.\d\-\d{2})/
def shaRegex = /(ARG NEXUS_DOWNLOAD_SHA256_HASH=)([A-Fa-f0-9]{64})/
dockerFile = dockerFile.replaceAll(metaVersionRegex, "\$1${params.nexus_repository_manager_version}\$3")
dockerFile = dockerFile.replaceAll(metaShortVersionRegex,
"\$1${params.nexus_repository_manager_version.substring(0, params.nexus_repository_manager_version.indexOf('-'))}\$3")
dockerFile = dockerFile.replaceAll(versionRegex, "\$1${params.nexus_repository_manager_version}")
def nexusUrlRegex = /(ARG NEXUS_DOWNLOAD_URL=)(.*)/
def nexusUrl = params.nexus_repository_manager_url
if (params.nexus_repository_manager_url) {
dockerFile = dockerFile.replaceAll(nexusUrlRegex, "\$1${params.nexus_repository_manager_url}")
}
else {
// default URL
def defaultUrl = /https:\/\/download-staging.sonatype.com\/nexus\/3\/nexus-\$\{NEXUS_VERSION\}-unix\.tar\.gz/
dockerFile = dockerFile.replaceAll(nexusUrlRegex, "\$1${defaultUrl}")
def normalizedUrl = "a".replaceAll(/./, "${defaultUrl}")
nexusUrl = normalizedUrl.replace("\${NEXUS_VERSION}", params.nexus_repository_manager_version)
nexusUrl = nexusUrl.replace("\${JAVA_VERSION}", javaVersion)
}
def sha = getSha(nexusUrl)
dockerFile = dockerFile.replaceAll(shaRegex, "\$1${sha}")
writeFile(file: dockerFileLocation, text: dockerFile)
}
def getSha(url) {
def sha = sh (
script: "curl -s -L ${url} | shasum -a 256 | cut -d' ' -f1",
returnStdout: true
).trim()
return sha
}
def extractBaseImage(dockerFileLocation) {
def dockerFile = readFile(file: dockerFileLocation)
def baseImageRegex = "FROM\\s+([^\\s]+)"
def usedImages = dockerFile =~ baseImageRegex
return usedImages[0][1]
}
Reference in New Issue View Git Blame Copy Permalink