-
Notifications
You must be signed in to change notification settings - Fork 373
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2065 from JPRuskin/ENGTASKS-1599/nexus-repository
- Loading branch information
Showing
8 changed files
with
366 additions
and
0 deletions.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# <img src="https://cdn.jsdelivr.net/gh/chocolatey-community/chocolatey-packages@icons/nexus-repository.png" width="48" height="48"/> [Nexus Repository OSS](https://chocolatey.org/packages/nexus-repository) | ||
|
||
Free open source version of popular Nexus Repository for binary artifacts including first class Nuget support. | ||
|
||
## Features | ||
|
||
Free OSS version supports advanced access control (groups, roles), LDAP and per-user api keys. | ||
Nexus product does not have a built-in web gallery for components. | ||
|
||
* Build quickly and reliably: | ||
Publish and cache components in a central repository that connects natively to all popular package managers. | ||
* Manage storage space efficiently: | ||
Automatically clean up old or unused artifacts from your repositories | ||
* Assess open source risk: | ||
Centralize your consumption of open source to gain insight into the risk in your software supply chain. | ||
* Block malicious components: | ||
Add Nexus Firewall to stop OSS risk from entering your SDLC using next-generation behavioral analysis and automated policy enforcement. | ||
* Flexible security: | ||
Control access to your components with role-based access controls and full auditability. | ||
|
||
## Package Parameters | ||
|
||
This package supports the following parameters: | ||
|
||
* `/Fqdn` - The fqdn that matches the subject you are using for your Nexus instance SSL certificate. | ||
* `/Port` - Specify what port Nexus should listen on. Defaults to `8081`. | ||
* `/BackupSslConfig` - Ensures that the ssl configuration survives an upgrade. | ||
* `/BackupLocation` - Species the path to backup ssl configuration to during upgrade. Defaults to `~/NexusSSLBackup`. | ||
|
||
You can pass parameters as follows: | ||
|
||
`choco install nexus-repository --parameters="/Fqdn='nexus.example.com' /Port=4443 /BackupSslConfig /BackupLocation='X:\Backup\NexusSSL'"` | ||
|
||
## Notes | ||
|
||
- **ATTENTION BREAKING CHANGE FOR UPGRADES FROM VERSIONS BEFORE 3.3.2.02** | ||
Nexus no longer provided a setup.exe for installing Nexus Repository 3.x on Windows. | ||
If you previously installed this with a package that used a setup.exe, you must manually uninstall it first (use choco uninstall nexus-repository if you used Chocolatey to install it). Once you are on 3.3.2.02 or later, upgrades will work smoothly. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
<?xml version="1.0" encoding="utf-8"?> | ||
<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
<metadata> | ||
<id>nexus-repository</id> | ||
<title>Nexus Repository OSS</title> | ||
<version>3.49.0.02</version> | ||
<authors>Sonatype</authors> | ||
<owners>chocolatey-community,DarwinJS</owners> | ||
<summary>Free open source version of popular Nexus Repository for binary artifacts including first class Nuget support.</summary> | ||
<description></description> | ||
<projectUrl>http://www.sonatype.com/nexus-repository-oss</projectUrl> | ||
<projectSourceUrl>https://github.com/sonatype/nexus-public</projectSourceUrl> | ||
<docsUrl>http://books.sonatype.com/nexus-book/3.0/reference/index.html</docsUrl> | ||
<tags>nexus-repository server freeware cross-platform maven nuget npm java rubygems docker eclipse p2 osgi obr apt yum rpm artifact bower ssl respository sonatype nexus admin</tags> | ||
<copyright>Sonatype</copyright> | ||
<licenseUrl>http://www.eclipse.org/legal/epl-v10.html</licenseUrl> | ||
<requireLicenseAcceptance>false</requireLicenseAcceptance> | ||
<iconUrl>https://cdn.jsdelivr.net/gh/git@github.com:chocolatey-community/chocolatey-packages/icons/nexus-repository.png</iconUrl> | ||
<releaseNotes>https://help.sonatype.com/repomanager3/release-notes</releaseNotes> | ||
<dependencies> | ||
<dependency id="temurinjre" version="11.0.12.7" /> | ||
</dependencies> | ||
</metadata> | ||
<files> | ||
<file src="tools\**" target="tools" /> | ||
</files> | ||
</package> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,144 @@ | ||
$ErrorActionPreference = 'Stop' | ||
$toolsDir = Split-Path $MyInvocation.MyCommand.Definition | ||
. $toolsDir\helpers.ps1 | ||
|
||
if (Get-OSArchitectureWidth 32) { | ||
throw "Sonatype Nexus Repository 3.0 and greater only supports 64-bit Windows." | ||
} | ||
|
||
$Version = '[[VERSION]]' | ||
$NexusVersionedFolder = "nexus-$Version" | ||
$TargetFolder = "$env:ProgramData\nexus" | ||
$ExtractFolder = "$env:TEMP\NexusExtract" | ||
$TargetDataFolder = "$env:ProgramData\sonatype-work" | ||
$NexusConfigFile = "$TargetDataFolder\nexus3\etc\nexus.properties" | ||
$ServiceName = 'nexus' | ||
|
||
# Handle Package Parameters | ||
$pp = Get-PackageParameters | ||
|
||
$Hostname = if ($pp.ContainsKey("Fqdn")) { | ||
$pp["Fqdn"] | ||
} else { | ||
"localhost" | ||
} | ||
|
||
$NexusPort = if ($pp.ContainsKey("Port")) { | ||
$pp["Port"] | ||
Write-Host "/Port was used, Nexus will listen on port $($NexusPort)." | ||
} else { | ||
"8081" | ||
} | ||
|
||
if (Test-Path "$env:ProgramFiles\nexus\bin") { | ||
throw "Previous version of Nexus 3 installed by setup.exe is present, please uninstall before running this package." | ||
} | ||
|
||
if ((Get-Service $ServiceName -ErrorAction SilentlyContinue)) { | ||
Write-Warning "Nexus web app is already present, shutting it down so that we can upgrade it." | ||
Get-Service $ServiceName | Stop-Service -Force | ||
} | ||
|
||
if ($pp.ContainsKey("BackupSslConfig")) { | ||
if ($pp.ContainsKey("BackupLocation")) { | ||
Backup-NexusSSL -BackupLocation $pp["BackupLocation"] | ||
} else { | ||
Backup-NexusSSL | ||
} | ||
} | ||
|
||
# Extract the Nexus program files, and overwrite any previous program files | ||
if (Test-Path "$ExtractFolder") { | ||
Remove-Item "$ExtractFolder" -Recurse -Force | ||
} | ||
|
||
$PackageArgs = @{ | ||
packageName = $env:ChocolateyPackageName | ||
unzipLocation = $ExtractFolder | ||
url64 = '[[URL]]' | ||
checksum64 = '[[CHECKSUM]]' | ||
checksumType64 = 'SHA256' | ||
} | ||
|
||
Install-ChocolateyZipPackage @PackageArgs | ||
|
||
Write-Host "Copying files to '$TargetFolder' with overwrite" | ||
if (Test-Path "$TargetFolder") { | ||
Copy-Item "$ExtractFolder\$nexusversionedfolder\*" "$TargetFolder" -Force -Recurse | ||
} else { | ||
Copy-Item "$ExtractFolder\$nexusversionedfolder" "$TargetFolder" -Force -Recurse | ||
} | ||
|
||
# Create the Nexus data directory, if it doesn't exist | ||
if (!(Test-Path "$TargetDataFolder")) { | ||
Move-Item "$extractfolder\sonatype-work" "$TargetDataFolder" | ||
} else { | ||
Write-Warning "`"$TargetDataFolder`" already exists, not overwriting, residual data from previous installs will not be reset." | ||
} | ||
|
||
Remove-Item "$ExtractFolder" -Force -Recurse | ||
|
||
# Install the Nexus service | ||
$processArgs = @{ | ||
ExeToRun = "$TargetFolder\bin\nexus.exe" | ||
Statements = "/install $servicename" | ||
ValidExitCodes = @(0) | ||
} | ||
|
||
$null = Start-ChocolateyProcessAsAdmin @processArgs | ||
|
||
if ($pp.ContainsKey("BackupSslConfig")) { | ||
if ($pp.ContainsKey("BackupLocation")) { | ||
Restore-NexusSSL -BackupLocation $pp['BackupLocation'] | ||
} else { | ||
Restore-NexusSSL | ||
} | ||
} | ||
|
||
# Update Port in Configuration before starting the service | ||
if ($NexusPort -ne '8081') { | ||
if (Test-Path "$NexusConfigFile") { | ||
Write-Host "Configuring Nexus to listen on port $NexusPort." | ||
(Get-Content "$NexusConfigFile") -replace "^#\s*application-port=.*$", "application-port=$NexusPort" | | ||
Set-Content "$NexusConfigFile" | ||
} else { | ||
Write-Warning "Cannot find `"$NexusConfigFile`", skipping configuring Nexus to listen on port $NexusPort." | ||
} | ||
} | ||
|
||
# Start the service, and wait for the site to become available | ||
if ((Start-Service $ServiceName -PassThru).Status -eq 'Running') { | ||
Wait-NexusAvailability -Hostname $Hostname -Port $NexusPort -Config $NexusConfigFile -SSL:$pp.ContainsKey("BackupSslConfig") | ||
} else { | ||
Write-Warning "The Nexus Repository service ($ServiceName) did not start." | ||
} | ||
|
||
$generatedAdminPasswordFile = Join-Path $TargetDataFolder '\nexus3\admin.password' | ||
Write-Host -ForegroundColor Yellow @" | ||
******************************************************************************************* | ||
* | ||
* You MAY receive the error 'localhost refused to connect.' until Nexus is fully started. | ||
* | ||
* For new installs, you must login as admin to complete some setup steps | ||
* You can manage the repository by typing 'start http://$($Hostname):$($NexusPort)' | ||
* | ||
* The default user is 'admin' | ||
* ADMIN PASSWORD: | ||
$(if (Test-Path $generatedAdminPasswordFile) { | ||
"* NEW INSTALLS: The password generated for your instance is recorded | ||
* in '$($generatedAdminPasswordFile)'" | ||
} else { | ||
"* UPGRADES/REINSTALLS: As you upgraded (or uninstalled and reinstalled) without cleaning | ||
* up $TargetDataFolder - the password will be the same as it was before and the password file | ||
* will not exist. | ||
* RESET PASSWORD WITH INSTALL: Uninstall Nexus and remove the directory '$TargetDataFolder' | ||
* and then reinstall. This time a password file will be generated." | ||
}) | ||
* | ||
* Nexus availability is controlled via the service `"$Servicename`" | ||
* Use the following command to open port $NexusPort for access from off this machine (one line): | ||
* netsh advfirewall firewall add rule name=`"Nexus Repository`" dir=in action=allow | ||
* protocol=TCP localport=$NexusPort | ||
* | ||
******************************************************************************************* | ||
"@ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
$ErrorActionPreference = 'Stop' | ||
$ServiceName = 'nexus' | ||
$InstallFolder = "$env:ProgramData\Nexus" | ||
|
||
if (Test-Path "$Installfolder\bin\nexus.exe") { | ||
if (Get-Process $ServiceName -ErrorAction SilentlyContinue) { | ||
Get-Process $ServiceName | Stop-Process -Force | ||
} | ||
|
||
if (Get-Service $ServiceName -ErrorAction SilentlyContinue) { | ||
Stop-Service $ServiceName | ||
} | ||
|
||
Start-Sleep -Seconds 5 | ||
|
||
$ProcessArgs = @{ | ||
ExeToRun = "$InstallFolder\bin\nexus.exe" | ||
Statements = "/uninstall $ServiceName" | ||
ValidExitCodes = @(0) | ||
} | ||
Start-ChocolateyProcessAsAdmin @ProcessArgs | ||
Remove-Item $InstallFolder -Recurse -Force | ||
} else { | ||
Write-Warning "It appears that the uninstall may have been run outside of chocolatey, skipping..." | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,107 @@ | ||
function Backup-NexusSSL { | ||
[CmdletBinding()] | ||
param( | ||
[Parameter()] | ||
[String]$BackupLocation = $(Join-Path $env:UserProfile "NexusSSLBackup") | ||
) | ||
begin { | ||
if (-not (Test-Path $BackupLocation)) { | ||
Write-Host "Creating SSL Backup location" | ||
$null = New-Item $BackupLocation -ItemType Directory | ||
} | ||
} | ||
process { | ||
if (Test-Path "$env:ProgramData\nexus\etc\ssl\keystore.jks") { | ||
Copy-Item "$env:ProgramData\nexus\etc\ssl\keystore.jks" $BackupLocation | ||
} | ||
|
||
if (Test-Path "$env:ProgramData\nexus\etc\jetty\jetty-https.xml") { | ||
Copy-Item "$env:ProgramData\nexus\etc\jetty\jetty-https.xml" $BackupLocation | ||
} | ||
} | ||
} | ||
|
||
function Restore-NexusSSL { | ||
[CmdletBinding()] | ||
param( | ||
[Parameter()] | ||
[String]$BackupLocation = $(Join-Path $env:UserProfile "NexusSSLBackup") | ||
) | ||
process { | ||
Write-Host "Shutting down nexus Service to re-apply ssl configuration" | ||
$null = Stop-Service nexus | ||
|
||
Write-Host "Reapplying SSL Configuration" | ||
if (Test-Path "$BackupLocation\keystore.jks") { | ||
Copy-Item "$BackupLocation\keystore.jks" "$env:ProgramData\nexus\etc\ssl" | ||
} | ||
|
||
if (Test-Path "$BackupLocation\jetty-https.xml") { | ||
Copy-Item "$BackupLocation\jetty-https.xml" "$env:ProgramData\nexus\etc\jetty" | ||
} | ||
|
||
Write-Host "Nexus is now available with the restored SSL configuration" | ||
} | ||
} | ||
|
||
function Wait-NexusAvailability { | ||
param( | ||
[Parameter(Mandatory = $true)] | ||
[string]$Hostname, | ||
|
||
[Parameter(Mandatory = $true)] | ||
[uint16]$Port, | ||
|
||
[Parameter(Mandatory = $true)] | ||
[Alias("Config")] | ||
[string]$NexusConfigFile, | ||
|
||
[switch]$SSL | ||
) | ||
# Even though windows reports service is ready - web url will not respond until Nexus is actually ready to serve content | ||
# We need to use this method to collect the port number so we can properly test the website has returned OK. | ||
$nexusScheme, $portConfigLine = if ($SSL) { | ||
# This is to combat Package Internalizer's over-enthusiastic URL matching | ||
('http' + 's'), 'application-port-ssl' | ||
} else { | ||
'http', 'application-port' | ||
} | ||
|
||
# As the service is started, this should be present momentarily | ||
$Timer = [System.Diagnostics.Stopwatch]::StartNew() | ||
while (-not ($ConfigPresent = Test-Path $NexusConfigFile) -and $Timer.Elapsed.TotalSeconds -le 60) { | ||
Write-Verbose "Waiting for '$($NexusConfigFile)' to become available ($($Timer.Elapsed.TotalSeconds) seconds waited)..." | ||
Start-Sleep -Seconds 5 | ||
} | ||
|
||
if ($ConfigPresent) { | ||
$nexusPort = (Get-Content $NexusConfigFile | Where-Object { | ||
$_ -match $portConfigLine | ||
}).Split('=')[-1] | ||
|
||
$nexusPath = (Get-Content $NexusConfigFile | Where-Object { | ||
$_ -match "nexus-context-path" | ||
}).Split("=")[-1] | ||
} else { | ||
Write-Warning "Expected Nexus Config file '$($NexusConfigFile)' is not present." | ||
$nexusPath, $nexusPort = '/', $Port | ||
} | ||
|
||
$NexusUri = "$($nexusScheme)://$($hostname):$($nexusPort)$($nexusPath)" | ||
|
||
Write-Host "Waiting on Nexus Web UI to be available at '$($NexusUri)'" | ||
while ($Response.StatusCode -ne '200' -and $Timer.Elapsed.TotalMinutes -lt 3) { | ||
try { | ||
$Response = Invoke-WebRequest -Uri $NexusUri -UseBasicParsing | ||
} catch { | ||
Write-Verbose "Waiting on Nexus Web UI to be available at '$($NexusUri)'" | ||
Start-Sleep -Seconds 1 | ||
} | ||
} | ||
|
||
if ($Response.StatusCode -eq '200') { | ||
Write-Host "Nexus is ready!" | ||
} else { | ||
Write-Error "Nexus did not respond to requests at '$($NexusUri)' within 3 minutes of the service being started." | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
Import-Module AU | ||
|
||
function global:au_GetLatest { | ||
$LatestRelease = Get-GitHubRelease sonatype nexus-public | ||
$ReleaseVersion = $LatestRelease.tag_name -replace 'release-', '' | ||
|
||
@{ | ||
NexusVersion = $ReleaseVersion | ||
Version = $ReleaseVersion -replace '-', '.' | ||
URL64 = "https://sonatype-download.global.ssl.fastly.net/repository/downloads-prod-group/3/nexus-$($ReleaseVersion)-win64.zip" | ||
} | ||
} | ||
|
||
function global:au_SearchReplace { | ||
@{ | ||
".\tools\chocolateyInstall.ps1" = @{ | ||
"(^[$]Version\s*=\s*)('.*')" = "`$1'$($Latest.NexusVersion)'" | ||
"(^\s*url64\s*=\s*)('.*')" = "`$1'$($Latest.URL64)'" | ||
"(^\s*checksum64\s*=\s*)('.*')" = "`$1'$($Latest.Checksum64)'" | ||
} | ||
} | ||
} | ||
|
||
update -ChecksumFor 64 |
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.