Publish 3.68.1 to Github Relases

[steviecoaster]

The Chocolatey package is currently waiting on the release of 3.68.1 to be published to the Release feed of this repository, as the automatic update script relies on this information to update and publish new package versions.

The release has been publically announced and is readily available for download.

While I can appreciate why it has been withheld, we have hundreds of folks who rely on this mechanism to keep their Nexus repository installations patched.

When can we expect to see the release published to this github repository now that any reason not to do so has been removed?

[nblair]

Hi @steviecoaster - thanks for opening an issue. We're crafting some additional communication about the release and are preparing to sync the source and corresponding release tag.

In the interim, is there any other way you can trigger your internal release process?

[steviecoaster]

Hi @nblair ,

The short answer is "I dunno". I'm looking into options, but I may not have a great one.

[steviecoaster]

Hi @nblair,

Based on the amount of work it will take to workaround this issue as a (hopeful) one-off, can you give me a timescale as to when this additional verbiage and code sync will be completed? Github Releases are an official mechanism, traditionally, for users to get the latest version of a given software.

Open-source customers continue to have vulnerable systems that they are unable to update because the critical patches are being withheld from the otherwise regularly updated GitHub repository. While this continues to be missing, those customers continue to expose themselves and their organizations to risk that it is outwith their control to fix"

[nblair]

I expect we'll have the syncs completed today. For my edification, is it just the presence of the "release" here in github that you are looking for? Or is your process dependent on the specific sources available in the git tag that is linked to the github "release" (e.g. https://github.com/sonatype/nexus-public/releases/tag/release-3.68.0-04)? Thanks!

[steviecoaster]

Hey @nblair,

Essentially we're using PowerShell to do an Invoke-RestMethod (irm) against /releases/latest endpoint:

❯ irm https://api.github.com/repos/sonatype/nexus-public/releases/latest                                                                                              
url              : https://api.github.com/repos/sonatype/nexus-public/releases/154711253
assets_url       : https://api.github.com/repos/sonatype/nexus-public/releases/154711253/assets
upload_url       : https://uploads.github.com/repos/sonatype/nexus-public/releases/154711253/assets{?name,la
                   bel}
html_url         : https://github.com/sonatype/nexus-public/releases/tag/release-3.68.0-04
id               : 154711253
author           : @{login=sonatype-jenkins[bot]; id=71730386; node_id=MDM6Qm90NzE3MzAzODY=; 
                   avatar_url=https://avatars.githubusercontent.com/in/81965?v=4; gravatar_id=; 
                   url=https://api.github.com/users/sonatype-jenkins%5Bbot%5D; 
                   html_url=https://github.com/apps/sonatype-jenkins; 
                   followers_url=https://api.github.com/users/sonatype-jenkins%5Bbot%5D/followers; following
                   _url=https://api.github.com/users/sonatype-jenkins%5Bbot%5D/following{/other_user}; 
                   gists_url=https://api.github.com/users/sonatype-jenkins%5Bbot%5D/gists{/gist_id}; starred
                   _url=https://api.github.com/users/sonatype-jenkins%5Bbot%5D/starred{/owner}{/repo}; 
                   subscriptions_url=https://api.github.com/users/sonatype-jenkins%5Bbot%5D/subscriptions; 
                   organizations_url=https://api.github.com/users/sonatype-jenkins%5Bbot%5D/orgs; 
                   repos_url=https://api.github.com/users/sonatype-jenkins%5Bbot%5D/repos; 
                   events_url=https://api.github.com/users/sonatype-jenkins%5Bbot%5D/events{/privacy}; recei
                   ved_events_url=https://api.github.com/users/sonatype-jenkins%5Bbot%5D/received_events; 
                   type=Bot; site_admin=False}
node_id          : RE_kwDOAmLLhs4JOLTV
tag_name         : release-3.68.0-04
target_commitish : main
name             : release-3.68.0-04
draft            : False
prerelease       : False
created_at       : 5/8/2024 6:42:07 AM
published_at     : 5/8/2024 6:42:09 AM
assets           : {}
tarball_url      : https://api.github.com/repos/sonatype/nexus-public/tarball/release-3.68.0-04
zipball_url      : https://api.github.com/repos/sonatype/nexus-public/zipball/release-3.68.0-04
body             : https://help.sonatype.com/en/sonatype-nexus-repository-3-68-0-release-notes.html
reactions        : @{url=https://api.github.com/repos/sonatype/nexus-public/releases/154711253/reactions; 
                   total_count=6; +1=1; -1=0; laugh=1; hooray=1; confused=0; heart=1; rocket=1; eyes=1}

We then pull off the name property, and drop the release- bit, and fixup the version number so it works in nuget's spec, so in the above release-3.68.0-04 becomes 3.68.0.4 inside of the Chocolatey package.

[nblair]

Thanks for clarifying that it's just the github release item you need. I'm happy to say the sync process just completed:

https://github.com/sonatype/nexus-public/releases/tag/release-3.68.1-02