forked from sonatype/docker-nexus3
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #9 from sonatype/main
[pull] main from sonatype:main
- Loading branch information
Showing
7 changed files
with
162 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,8 +17,8 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal | |
LABEL name="Nexus Repository Manager" \ | ||
maintainer="Sonatype <[email protected]>" \ | ||
vendor=Sonatype \ | ||
version="3.63.0-01" \ | ||
release="3.63.0" \ | ||
version="3.64.0-03" \ | ||
release="3.64.0" \ | ||
url="https://sonatype.com" \ | ||
summary="The Nexus Repository Manager server \ | ||
with universal support for popular component formats." \ | ||
|
@@ -36,9 +36,9 @@ LABEL name="Nexus Repository Manager" \ | |
io.openshift.expose-services="8081:8081" \ | ||
io.openshift.tags="Sonatype,Nexus,Repository Manager" | ||
|
||
ARG NEXUS_VERSION=3.63.0-01 | ||
ARG NEXUS_VERSION=3.64.0-03 | ||
ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz | ||
ARG NEXUS_DOWNLOAD_SHA256_HASH=e804d57656494a769473bb2b8cb241b1acdda22992a0cef15ef2f4066d8c12d3 | ||
ARG NEXUS_DOWNLOAD_SHA256_HASH=63fe4ca500ee6dfd8ea65734d37bca1220660cf25d559781d67f1e29df5d1145 | ||
|
||
# configure nexus runtime | ||
ENV SONATYPE_DIR=/opt/sonatype | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,8 +17,8 @@ FROM centos:centos7 | |
LABEL name="Nexus Repository Manager" \ | ||
maintainer="Sonatype <[email protected]>" \ | ||
vendor=Sonatype \ | ||
version="3.63.0-01" \ | ||
release="3.63.0" \ | ||
version="3.64.0-03" \ | ||
release="3.64.0" \ | ||
url="https://sonatype.com" \ | ||
summary="The Nexus Repository Manager server \ | ||
with universal support for popular component formats." \ | ||
|
@@ -36,9 +36,9 @@ LABEL name="Nexus Repository Manager" \ | |
io.openshift.expose-services="8081:8081" \ | ||
io.openshift.tags="Sonatype,Nexus,Repository Manager" | ||
|
||
ARG NEXUS_VERSION=3.63.0-01 | ||
ARG NEXUS_VERSION=3.64.0-03 | ||
ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz | ||
ARG NEXUS_DOWNLOAD_SHA256_HASH=e804d57656494a769473bb2b8cb241b1acdda22992a0cef15ef2f4066d8c12d3 | ||
ARG NEXUS_DOWNLOAD_SHA256_HASH=63fe4ca500ee6dfd8ea65734d37bca1220660cf25d559781d67f1e29df5d1145 | ||
|
||
# configure nexus runtime | ||
ENV SONATYPE_DIR=/opt/sonatype | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,8 +17,8 @@ FROM registry.access.redhat.com/rhel7/rhel | |
LABEL name="Nexus Repository Manager" \ | ||
maintainer="Sonatype <[email protected]>" \ | ||
vendor=Sonatype \ | ||
version="3.63.0-01" \ | ||
release="3.63.0" \ | ||
version="3.64.0-03" \ | ||
release="3.64.0" \ | ||
url="https://sonatype.com" \ | ||
summary="The Nexus Repository Manager server \ | ||
with universal support for popular component formats." \ | ||
|
@@ -36,9 +36,9 @@ LABEL name="Nexus Repository Manager" \ | |
io.openshift.expose-services="8081:8081" \ | ||
io.openshift.tags="Sonatype,Nexus,Repository Manager" | ||
|
||
ARG NEXUS_VERSION=3.63.0-01 | ||
ARG NEXUS_VERSION=3.64.0-03 | ||
ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz | ||
ARG NEXUS_DOWNLOAD_SHA256_HASH=e804d57656494a769473bb2b8cb241b1acdda22992a0cef15ef2f4066d8c12d3 | ||
ARG NEXUS_DOWNLOAD_SHA256_HASH=63fe4ca500ee6dfd8ea65734d37bca1220660cf25d559781d67f1e29df5d1145 | ||
|
||
# configure nexus runtime | ||
ENV SONATYPE_DIR=/opt/sonatype | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,8 +17,8 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal | |
LABEL name="Nexus Repository Manager" \ | ||
vendor=Sonatype \ | ||
maintainer="Sonatype <[email protected]>" \ | ||
version="3.63.0-01" \ | ||
release="3.63.0" \ | ||
version="3.64.0-03" \ | ||
release="3.64.0" \ | ||
url="https://sonatype.com" \ | ||
summary="The Nexus Repository Manager server \ | ||
with universal support for popular component formats." \ | ||
|
@@ -36,9 +36,9 @@ LABEL name="Nexus Repository Manager" \ | |
io.openshift.expose-services="8081:8081" \ | ||
io.openshift.tags="Sonatype,Nexus,Repository Manager" | ||
|
||
ARG NEXUS_VERSION=3.63.0-01 | ||
ARG NEXUS_VERSION=3.64.0-03 | ||
ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz | ||
ARG NEXUS_DOWNLOAD_SHA256_HASH=e804d57656494a769473bb2b8cb241b1acdda22992a0cef15ef2f4066d8c12d3 | ||
ARG NEXUS_DOWNLOAD_SHA256_HASH=63fe4ca500ee6dfd8ea65734d37bca1220660cf25d559781d67f1e29df5d1145 | ||
|
||
# configure nexus runtime | ||
ENV SONATYPE_DIR=/opt/sonatype | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,140 @@ | ||
/* | ||
* Copyright (c) 2016-present Sonatype, Inc. All rights reserved. | ||
* Includes the third-party code listed at http://links.sonatype.com/products/nexus/attributions. | ||
* "Sonatype" is a trademark of Sonatype, Inc. | ||
*/ | ||
@Library(['private-pipeline-library', 'jenkins-shared']) _ | ||
import com.sonatype.jenkins.pipeline.OsTools | ||
|
||
properties([ | ||
parameters([ | ||
string(defaultValue: '', description: 'New Nexus Repository Manager Version', name: 'nexus_repository_manager_version'), | ||
string(defaultValue: '', description: 'New Nexus Repository Manager URL (Optional)', name: 'nexus_repository_manager_url'), | ||
booleanParam(defaultValue: false, description: 'Optional scan for policy violations', name: 'scan_for_policy_violations') | ||
]) | ||
]) | ||
|
||
node('ubuntu-zion') { | ||
def commitId, commitDate, version, imageId, branch | ||
def imageName = 'sonatype/nexus3', | ||
archiveName = 'docker-nexus3' | ||
|
||
try { | ||
stage('Preparation') { | ||
deleteDir() | ||
OsTools.runSafe(this, "docker system prune -a -f") | ||
|
||
def checkoutDetails = checkout scm | ||
|
||
branch = checkoutDetails.GIT_BRANCH == 'origin/main' ? 'main' : checkoutDetails.GIT_BRANCH | ||
commitId = checkoutDetails.GIT_COMMIT | ||
commitDate = OsTools.runSafe(this, "git show -s --format=%cd --date=format:%Y%m%d-%H%M%S ${commitId}") | ||
|
||
OsTools.runSafe(this, 'git config --global user.email [email protected]') | ||
OsTools.runSafe(this, 'git config --global user.name Sonatype CI') | ||
|
||
version = readVersion() | ||
|
||
if (params.nexus_repository_manager_version) { | ||
stage('Update Repository Manager Version') { | ||
OsTools.runSafe(this, "git checkout ${branch}") | ||
updateRepositoryManagerVersion("${pwd()}/Dockerfile") | ||
version = getShortVersion(params.nexus_repository_manager_version) | ||
} | ||
} | ||
} | ||
stage('Build') { | ||
def hash = OsTools.runSafe(this, "docker build --quiet --no-cache --tag ${imageName} .") | ||
imageId = hash.split(':')[1] | ||
} | ||
if (params.scan_for_policy_violations) { | ||
stage('Evaluate Policies') { | ||
runEvaluation({ stage -> | ||
nexusPolicyEvaluation( | ||
iqStage: stage, | ||
iqApplication: 'docker-nexus3', | ||
iqScanPatterns: [[scanPattern: "container:${imageName}"]], | ||
failBuildOnNetworkError: true, | ||
)}, 'release') | ||
} | ||
} | ||
if (currentBuild.result == 'FAILURE') { | ||
return | ||
} | ||
stage('Archive') { | ||
dir('build/target') { | ||
OsTools.runSafe(this, "docker save ${imageName} | gzip > ${archiveName}.tar.gz") | ||
archiveArtifacts artifacts: "${archiveName}.tar.gz", onlyIfSuccessful: true | ||
} | ||
} | ||
if (branch == 'main') { | ||
stage('Push image to RSC') { | ||
withSonatypeDockerRegistry() { | ||
sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}" | ||
sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}" | ||
} | ||
} | ||
} | ||
} finally { | ||
OsTools.runSafe(this, "docker logout") | ||
OsTools.runSafe(this, "docker system prune -a -f") | ||
OsTools.runSafe(this, 'git clean -f && git reset --hard origin/main') | ||
} | ||
} | ||
|
||
def readVersion() { | ||
def content = readFile 'Dockerfile' | ||
for (line in content.split('\n')) { | ||
if (line.startsWith('ARG NEXUS_VERSION=')) { | ||
return getShortVersion(line.substring(18)) | ||
} | ||
} | ||
error 'Could not determine version.' | ||
} | ||
|
||
def getShortVersion(version) { | ||
return version.split('-')[0] | ||
} | ||
|
||
def updateRepositoryManagerVersion(dockerFileLocation) { | ||
def dockerFile = readFile(file: dockerFileLocation) | ||
|
||
def metaVersionRegex = /(version=")(\d\.\d{1,3}\.\d\-\d{2})(" \\)/ | ||
def metaShortVersionRegex = /(release=")(\d\.\d{1,3}\.\d)(" \\)/ | ||
|
||
def versionRegex = /(ARG NEXUS_VERSION=)(\d\.\d{1,3}\.\d\-\d{2})/ | ||
def shaRegex = /(ARG NEXUS_DOWNLOAD_SHA256_HASH=)([A-Fa-f0-9]{64})/ | ||
|
||
dockerFile = dockerFile.replaceAll(metaVersionRegex, "\$1${params.nexus_repository_manager_version}\$3") | ||
dockerFile = dockerFile.replaceAll(metaShortVersionRegex, | ||
"\$1${params.nexus_repository_manager_version.substring(0, params.nexus_repository_manager_version.indexOf('-'))}\$3") | ||
dockerFile = dockerFile.replaceAll(versionRegex, "\$1${params.nexus_repository_manager_version}") | ||
|
||
def nexusUrlRegex = /(ARG NEXUS_DOWNLOAD_URL=)(.*)/ | ||
def nexusUrl = params.nexus_repository_manager_url | ||
if (params.nexus_repository_manager_url) { | ||
dockerFile = dockerFile.replaceAll(nexusUrlRegex, "\$1${params.nexus_repository_manager_url}") | ||
} | ||
else { | ||
// default URL | ||
def defaultUrl = /https:\/\/download-staging.sonatype.com\/nexus\/3\/nexus-\$\{NEXUS_VERSION\}-unix\.tar\.gz/ | ||
dockerFile = dockerFile.replaceAll(nexusUrlRegex, "\$1${defaultUrl}") | ||
|
||
def normalizedUrl = "a".replaceAll(/./, "${defaultUrl}") | ||
nexusUrl = normalizedUrl.replace("\${NEXUS_VERSION}", params.nexus_repository_manager_version) | ||
} | ||
def sha = getSha(nexusUrl) | ||
|
||
dockerFile = dockerFile.replaceAll(shaRegex, "\$1${sha}") | ||
|
||
writeFile(file: dockerFileLocation, text: dockerFile) | ||
|
||
} | ||
|
||
def getSha(url) { | ||
def sha = sh ( | ||
script: "curl -s -L ${url} | shasum -a 256 | cut -d' ' -f1", | ||
returnStdout: true | ||
).trim() | ||
return sha | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters