Nexus 3 is a widely used artifact repository manager developed by Sonatype. It helps teams store, manage, and retrieve binary artifacts such as JAR files, Docker images, npm packages, and more. Below, we break down its key features, installation process, and pipeline setup to manage artifacts efficiently. π
Key Features of Nexus 3 β¨
Artifact Repository Manager ποΈ:
- Stores and manages binary artifacts, including libraries, dependencies, and build outputs.
Support for Multiple Repository Formats π¦:
- Formats include Maven, Docker, npm, NuGet, PyPI, Yum, and more.
Proxy and Caching π:
- Improves build performance by caching external repositories like Maven Central.
Hosting Private Repositories π:
- Allows secure storage of proprietary or custom artifacts.
Search and Indexing π:
- Easily find artifacts using robust search capabilities.
Security and Access Control π:
- Define roles and permissions for fine-grained access control.
Integration with CI/CD Tools π€:
- Works seamlessly with Jenkins, Travis CI, and more for automated publishing and retrieval.
Lifecycle Management π:
- Define retention policies and track artifact lifecycles.
Monitoring and Reporting π:
- Monitor repository health and optimize usage.
RESTful API π§:
- Automate tasks like uploading artifacts, managing repositories, and permissions.
High Availability and Scalability π‘:
- Scale horizontally and configure for high availability.
User-Friendly Web Interface π:
- Manage repositories and settings via an intuitive web UI.
Plugin Ecosystem π§©:
- Extend functionality with plugins to meet specific needs.
Installation Guide π οΈ
Linux Installation Commands π»:
sudo apt install openjdk-8-jdk -y
cd /opt
wget https://download.sonatype.com/nexus/3/nexus-3.59.0-01-unix.tar.gz
tar -xvf nexus-3.59.0-01-unix.tar.gz
adduser nexus
chown -R nexus:nexus nexus-3.59.0-01/
chown -R nexus:nexus sonatype-work/
vi nexus-3.59.0-01/bin/nexus.rc
# Add "nexus" in the file
/opt/nexus-3.59.0-01/bin/nexus start
Docker Installation Commands π³:
Run Nexus 3 Container:
docker run -d -p 8081:8081 --name nexus sonatype/nexus3
Retrieve Initial Admin Password:
docker ps docker exec -it <container_ID> /bin/bash cat sonatype-work/nexus3/admin.password
Access Nexus Web Interface:
- Visit
http://localhost:8081
and log in with usernameadmin
and the retrieved password.
- Visit
Cleanup (Optional):
docker stop nexus docker rm nexus
Setting Up Jenkins and SonarQube π οΈ
1. Set Up Virtual Machines (VMs) for Jenkins and SonarQube π
Jenkins (Direct Install):
sudo apt update sudo apt install openjdk-11-jdk -y sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \ https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" \ https://pkg.jenkins.io/debian-stable binary/ | sudo tee \ /etc/apt/sources.list.d/jenkins.list > /dev/null sudo apt-get update sudo apt-get install jenkins -y
SonarQube (Docker):
docker run -d --name sonarqube -p 9000:9000 sonarqube:lts-community
2. Download Plugins in Jenkins π
Navigate to Manage Jenkins > Plugins and install:
Pipeline
Maven Integration
Config File Provider
SonarQube Scanner
OWASP Dependency-Check
3. Configure Tools in Jenkins βοΈ
Go to Manage Jenkins > Global Tool Configuration:
JDK: Add a JDK installation (e.g., JDK 17).
Maven: Add Maven (e.g., Maven 3.8).
SonarQube Scanner: Specify the installation directory.
OWASP Dependency-Check: Configure the tool.
4. Create and Copy Token in SonarQube π
Log in to SonarQube at
http://<server_ip>:9000
.Navigate to My Account > Security > Generate Token and copy the token.
5. Configure SonarQube Server in Jenkins π
Go to Manage Jenkins > Configure System > SonarQube Servers:
Add a new server with:
Name:
SonarQube
Server URL:
http://<server_ip>:9000
Authentication Token: Paste the generated token.
6. Create Config File in Jenkins for Authentication π
Use Jenkins Credentials to securely store usernames, passwords, and tokens.
Configuring Maven for Nexus π οΈ
Add the following to your pom.xml
file:
<distributionManagement>
<repository>
<id>maven-releases</id>
<url>NEXUS-URL/repository/maven-releases/</url>
</repository>
<snapshotRepository>
<id>maven-snapshots</id>
<url>NEXUS-URL/repository/maven-snapshots/</url>
</snapshotRepository>
</distributionManagement>
CI/CD Pipeline for Nexus Integration π
Hereβs a detailed pipeline configuration to demonstrate how to integrate Nexus and SonarQube:
Pipeline Overview π
pipeline {
agent any
tools {
jdk 'jdk17'
maven 'maven3'
}
environment {
SCANNER_HOME = tool 'sonar-scanner'
}
stages {
stage('Git Checkout') {
steps {
git 'https://github.com/Ank911007/Boardgame-java.git'
}
}
stage('Code Compilation') {
steps {
sh 'mvn clean compile'
}
}
stage('Unit Testing') {
steps {
sh 'mvn clean test'
}
}
stage('Security Scan: Trivy') {
steps {
sh 'trivy fs .'
}
}
stage('Dependency Check') {
steps {
dependencyCheck additionalArguments: ' --scan ./ ', odcInstallation: 'DC'
dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
}
}
stage('Code Quality Analysis: SonarQube') {
steps {
withSonarQubeEnv('Sonar-server') {
sh ''' $SCANNER_HOME/bin/sonar-scanner \
-Dsonar.projectName=BoardGame \
-Dsonar.java.binaries=. \
-Dsonar.projectKey=BoardGame '''
}
}
}
stage('Download JAR with Credentials') {
steps {
script {
withCredentials([usernamePassword(credentialsId: 'your-credentials-id',
usernameVariable: 'user', passwordVariable: 'pass')]) {
def jarUrl = 'https://example.com/path/to/your.jar'
sh "curl -u $user:$pass -O $jarUrl"
}
}
}
}
stage('Build & Deploy to Nexus') {
steps {
withMaven(globalMavenSettingsConfig: 'e7838703-298a-44a7-b080-a9ac14fa0a5e') {
sh 'mvn deploy'
}
}
}
}
}
Summary of Pipeline Stages π
Git Checkout ποΈ:
- Clones the project repository.
Code Compilation π οΈ:
- Compiles the code using Maven.
Unit Testing β :
- Runs tests to validate code functionality.
Security Scan: Trivy π‘οΈ:
- Scans the codebase for vulnerabilities.
Dependency Check π:
- Identifies vulnerable dependencies in the project.
Code Quality Analysis: SonarQube π:
- Analyzes the code for quality and maintainability issues.
Download JAR with Credentialsπ¦:
- download the artifact from Nexus to Jenkins Workspace using artifact link address.
Build & Deploy to Nexus π¦:
- Builds the project and deploys the artifact to Nexus.
Verification Steps π΅οΈ
Verify Code Analysis in SonarQube π§:
Visit
http://<server_ip>:9000
and check the project dashboard for detailed code quality metrics.
Verify JAR File Uploaded in Nexus π:
Log in to Nexus at
http://<server_ip>:8081
.Navigate to the repository (e.g.,
maven-releases
) to confirm the artifact is uploaded.
Verify JAR File Uploaded in Jenkins Workspaceπ:
Verify JAR File Downloaded in Localπ:
Nexus 3, combined with Jenkins and SonarQube, simplifies artifact management and code analysis, making your CI/CD pipelines more robust and efficient. Try it today and take your DevOps workflow to the next level! π