Merge pull request #20 from sonatype/main

[pull] main from sonatype:main
sonatype-nexus-community · Aug 12, 2024 · ce66ead · ce66ead
2 parents 3765574 + 5e9876a
commit ce66ead
Show file tree

Hide file tree

Showing 9 changed files with 122 additions and 224 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -41,8 +41,7 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
 ARG NEXUS_VERSION=3.70.1-02
-ARG JAVA_VERSION=java8
-ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz
+ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
 ARG NEXUS_DOWNLOAD_SHA256_HASH=29952f663982bd9781d5bc352471727826943452cfe8e9aa0e9b60ad01531d1b
 
 # configure nexus runtime

diff --git a/Dockerfile.alpine.java11 b/Dockerfile.alpine.java11
@@ -55,6 +55,9 @@ RUN apk add openjdk11 tar procps gzip curl shadow \
     && groupadd --gid 200 -r nexus \
     && useradd --uid 200 -r nexus -g nexus -s /bin/false -d /opt/sonatype/nexus -c 'Nexus Repository Manager user'
 
+RUN apk del --no-cache openssl || true
+RUN apk update && apk add --no-cache openssl
+
 WORKDIR ${SONATYPE_DIR}
 
 # Download nexus & setup directories

diff --git a/Dockerfile.alpine.java17 b/Dockerfile.alpine.java17
@@ -17,8 +17,8 @@ FROM alpine
 LABEL name="Nexus Repository Manager" \
       maintainer="Sonatype <[email protected]>" \
       vendor=Sonatype \
-      version="3.70.1-02" \
-      release="3.70.1" \
+      version="3.71.0-06" \
+      release="3.71.0" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,10 +36,9 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.70.1-02
-ARG JAVA_VERSION=java17
-ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=6878fab6416b86fe73b799d34afce2b0a91446d602edc892ed71efbb205be01b
+ARG NEXUS_VERSION=3.71.0-06
+ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
+ARG NEXUS_DOWNLOAD_SHA256_HASH=b025287558184677fc231035c9f5e5e6cc4bc1cafd76d13a06233a4ed09d08f6
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
@@ -55,6 +54,9 @@ RUN apk add openjdk17 tar procps gzip curl shadow \
     && groupadd --gid 200 -r nexus \
     && useradd --uid 200 -r nexus -g nexus -s /bin/false -d /opt/sonatype/nexus -c 'Nexus Repository Manager user'
 
+RUN apk del --no-cache openssl || true
+RUN apk update && apk add --no-cache openssl
+
 WORKDIR ${SONATYPE_DIR}
 
 # Download nexus & setup directories

diff --git a/Dockerfile.java17 b/Dockerfile.java17
@@ -17,8 +17,8 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal
 LABEL name="Nexus Repository Manager" \
       maintainer="Sonatype <[email protected]>" \
       vendor=Sonatype \
-      version="3.70.1-02" \
-      release="3.70.1" \
+      version="3.71.0-06" \
+      release="3.71.0" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,10 +36,9 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.70.1-02
-ARG JAVA_VERSION=java17
-ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=6878fab6416b86fe73b799d34afce2b0a91446d602edc892ed71efbb205be01b 
+ARG NEXUS_VERSION=3.71.0-06
+ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
+ARG NEXUS_DOWNLOAD_SHA256_HASH=b025287558184677fc231035c9f5e5e6cc4bc1cafd76d13a06233a4ed09d08f6 
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype

diff --git a/Dockerfile.rh.ubi.java17 b/Dockerfile.rh.ubi.java17
@@ -17,8 +17,8 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal
 LABEL name="Nexus Repository Manager" \
       vendor=Sonatype \
       maintainer="Sonatype <[email protected]>" \
-      version="3.70.1-02" \
-      release="3.70.1" \
+      version="3.71.0-06" \
+      release="3.71.0" \
       url="https://sonatype.com" \
       summary="The Nexus Repository Manager server \
           with universal support for popular component formats." \
@@ -36,10 +36,9 @@ LABEL name="Nexus Repository Manager" \
       io.openshift.expose-services="8081:8081" \
       io.openshift.tags="Sonatype,Nexus,Repository Manager"
 
-ARG NEXUS_VERSION=3.70.1-02
-ARG JAVA_VERSION=java17
-ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz
-ARG NEXUS_DOWNLOAD_SHA256_HASH=6878fab6416b86fe73b799d34afce2b0a91446d602edc892ed71efbb205be01b 
+ARG NEXUS_VERSION=3.71.0-06
+ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
+ARG NEXUS_DOWNLOAD_SHA256_HASH=b025287558184677fc231035c9f5e5e6cc4bc1cafd76d13a06233a4ed09d08f6 
 
 # configure nexus runtime
 ENV SONATYPE_DIR=/opt/sonatype
@@ -70,11 +69,11 @@ RUN usermod -a -G root nexus \
 WORKDIR ${SONATYPE_DIR}
 
 # Download nexus & setup directories
-RUN curl -L ${NEXUS_DOWNLOAD_URL} --output nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz \
-    && echo "${NEXUS_DOWNLOAD_SHA256_HASH} nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz" > nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz.sha256 \
-    && sha256sum -c nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz.sha256 \
-    && tar -xvf nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz \
-    && rm -f nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz nexus-${NEXUS_VERSION}-${JAVA_VERSION}-unix.tar.gz.sha256 \
+RUN curl -L ${NEXUS_DOWNLOAD_URL} --output nexus-${NEXUS_VERSION}-unix.tar.gz \
+    && echo "${NEXUS_DOWNLOAD_SHA256_HASH} nexus-${NEXUS_VERSION}-unix.tar.gz" > nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
+    && sha256sum -c nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
+    && tar -xvf nexus-${NEXUS_VERSION}-unix.tar.gz \
+    && rm -f nexus-${NEXUS_VERSION}-unix.tar.gz nexus-${NEXUS_VERSION}-unix.tar.gz.sha256 \
     && mv nexus-${NEXUS_VERSION} $NEXUS_HOME \
     && chown -R nexus:nexus ${SONATYPE_WORK} \
     && mv ${SONATYPE_WORK}/nexus3 ${NEXUS_DATA} \

diff --git a/Jenkinsfile-Internal-Release b/Jenkinsfile-Internal-Release
@@ -6,10 +6,8 @@
 @Library(['private-pipeline-library', 'jenkins-shared']) _
 import com.sonatype.jenkins.pipeline.OsTools
 
-String OPENJDK8 = 'OpenJDK 8'
-String OPENJDK11 = 'OpenJDK 11'
 String OPENJDK17 = 'OpenJDK 17'
-List<String> javaVersions = [OPENJDK8, OPENJDK11, OPENJDK17]
+List<String> javaVersions = [OPENJDK17]
 
 properties([
     parameters([
@@ -25,22 +23,13 @@ node('ubuntu-zion') {
   def imageName = 'sonatype/nexus3',
       archiveName = 'docker-nexus3'
 
-  def JAVA_8 = 'java8'
-  def JAVA_11 = 'java11'
   def JAVA_17 = 'java17'
-
-  def DOCKERFILE_JAVA_8 = 'Dockerfile'
-  def DOCKERFILE_JAVA_11 = 'Dockerfile.java11'
   def DOCKERFILE_JAVA_17 = 'Dockerfile.java17'
-  def DOCKERFILE_ALPINE_JAVA_11 = 'Dockerfile.alpine.java11'
   def DOCKERFILE_ALPINE_JAVA_17 = 'Dockerfile.alpine.java17'
 
   def dockerfileMap = [
-    (OPENJDK8) : [DOCKERFILE_JAVA_8],
-    (OPENJDK11): [DOCKERFILE_JAVA_11, DOCKERFILE_ALPINE_JAVA_11],
     (OPENJDK17): [DOCKERFILE_JAVA_17, DOCKERFILE_ALPINE_JAVA_17]
   ]
-
   try {
     stage('Preparation') {
       deleteDir()
@@ -60,17 +49,15 @@ node('ubuntu-zion') {
       if (params.nexus_repository_manager_version) {
         stage('Update Repository Manager Version') {
           OsTools.runSafe(this, "git checkout ${branch}")
-          dockerfileMap.each { javaVersion, dockerfiles ->
-            dockerfiles.each { dockerfile ->
-              updateRepositoryManagerVersion("${pwd()}/${dockerfile}", javaVersion)
+          dockerfileMap[OPENJDK17].each { dockerfile ->
+            updateRepositoryManagerVersion("${pwd()}/${dockerfile}", JAVA_17)
             }
-          }
           version = getShortVersion(params.nexus_repository_manager_version)
         }
       }
     }
-    def dockerfilePath = dockerfileMap[params.java_version][0]
-    def alpineDockerfilePath = params.java_version == OPENJDK8 ? null : dockerfileMap[params.java_version][1]
+    def dockerfilePath = dockerfileMap[OPENJDK17][0]
+    def alpineDockerfilePath = dockerfileMap[OPENJDK17][1]
 
     stage('Build UBI Image') {
       def baseImage = extractBaseImage(dockerfilePath)
@@ -80,26 +67,31 @@ node('ubuntu-zion') {
       def hash = OsTools.runSafe(this, "docker build --quiet --label base-image-ref='${baseImageReferenceStr}' --no-cache --tag ${imageName} . -f ${dockerfilePath}")
       imageId = hash.split(':')[1]
     }
-    if (params.java_version != OPENJDK8) {
-      stage('Build Alpine Image') {
-        def hash = OsTools.runSafe(this, "docker build --quiet --no-cache --tag ${imageName}-alpine . -f ${alpineDockerfilePath}")
-        alpineImageId = hash.split(':')[1]
-      }
+    stage('Build Alpine Image') {
+      def hash = OsTools.runSafe(this, "docker build --quiet --no-cache --tag ${imageName}-alpine . -f ${alpineDockerfilePath}")
+      alpineImageId = hash.split(':')[1]
     }
+
     if (params.scan_for_policy_violations) {
       stage('Evaluate Policies') {
+        def imagesToScan = [
+          [name: 'docker-nexus3', image: imageName],
+          [name: 'docker-nexus3-alpine', image: "${imageName}-alpine"]
+        ]
+
+        imagesToScan.each { imageConfig ->
         runEvaluation({ stage ->
-          def isAlpine = alpineDockerfilePath != null && alpineDockerfilePath.contains('alpine')
-          def iqApplicationName = isAlpine ? 'docker-nexus3-alpine' : 'docker-nexus3'
-          def imageToScan = isAlpine ? "${imageName}-alpine" : imageName
+          def iqApplicationName = imageConfig.name
+          def imageToScan = imageConfig.image
 
           nexusPolicyEvaluation(
             iqStage: stage,
             iqApplication: iqApplicationName,
             iqScanPatterns: [[scanPattern: "container:${imageToScan}"]],
-            failBuildOnNetworkError: true,
-          )
-        }, 'release')
+            failBuildOnNetworkError: false,
+            )
+          }, 'release')
+        }
       }
     }
     if (currentBuild.result == 'FAILURE') {
@@ -114,30 +106,19 @@ node('ubuntu-zion') {
     if (branch == 'main') {
       stage('Push image to RSC') {
         withSonatypeDockerRegistry() {
-          def javaVersionSuffixesMap = [
-              (OPENJDK8): JAVA_8,
-              (OPENJDK11): JAVA_11,
-              (OPENJDK17): JAVA_17
-          ]
-          def javaVersionSuffix = javaVersionSuffixesMap.get(params.java_version)
-
-          // Push UBI images
-          sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-${javaVersionSuffix}-ubi"
-          sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-${javaVersionSuffix}-ubi"
-          if (params.java_version == OPENJDK8) {
-            sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-ubi"
-            sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-ubi"
-          }
-
-          // Push Alpine images
-          if (params.java_version != OPENJDK8) {
-            sh "docker tag ${alpineImageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-${javaVersionSuffix}-alpine"
-            sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-${javaVersionSuffix}-alpine"
-            if (params.java_version == OPENJDK11) {
-              sh "docker tag ${alpineImageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-alpine"
-              sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-alpine"
-            }
-          }
+          // Tag Images
+          sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}"
+          sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-ubi"
+          sh "docker tag ${imageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-java17-ubi"
+          sh "docker tag ${alpineImageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-alpine"
+          sh "docker tag ${alpineImageId} docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-java17-alpine"
+
+          // Push Images
+          sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}"
+          sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-ubi"
+          sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-java17-ubi"
+          sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-alpine"
+          sh "docker push docker-all.repo.sonatype.com/sonatype-internal/nexus3:${version}-java17-alpine"
         }
       }
     }
@@ -149,7 +130,7 @@ node('ubuntu-zion') {
 }
 
 def readVersion() {
-  def content = readFile 'Dockerfile'
+  def content = readFile 'Dockerfile.java17'
   for (line in content.split('\n')) {
     if (line.startsWith('ARG NEXUS_VERSION=')) {
       return getShortVersion(line.substring(18))