NEXUS-42442: Switched to declarative pipeline syntax

 - Added Dockerfile.sbom-deployer to include missing tools
 - Include missing headers to files required by licence-check step
 - Using dockerizedRunPipeline function to dockerize the script.

Author: jlhuerfanor

CONTRIBUTORS.md

@@ -1,6 +1,11 @@
 <!--
 
-	Copyright (c) 2016-present Sonatype, Inc.
+    Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
+    Includes the third-party code listed at http://links.sonatype.com/products/nxrm/attributions.
+    "Sonatype" is a trademark of Sonatype, Inc.
+
+-->
+<!--
 
 	Licensed under the Apache License, Version 2.0 (the "License");
 	you may not use this file except in compliance with the License.
@@ -14,6 +19,8 @@
 	See the License for the specific language governing permissions and
 	limitations under the License.
 
+-->
+
 -->
 A lot of awesome people have contributed to this project! Here they are:
 

Dockerfile

@@ -1,5 +1,9 @@
-# Copyright (c) 2016-present Sonatype, Inc.
 #
+# Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
+# Includes the third-party code listed at http://links.sonatype.com/products/nxrm/attributions.
+# "Sonatype" is a trademark of Sonatype, Inc.
+#
+
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

Jenkinsfile

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
- * Includes the third-party code listed at http://links.sonatype.com/products/nexus/attributions.
+ * Includes the third-party code listed at http://links.sonatype.com/products/nxrm/attributions.
  * "Sonatype" is a trademark of Sonatype, Inc.
  */
 @Library(['private-pipeline-library', 'jenkins-shared']) _

Jenkinsfile-sbom-release

@@ -1,6 +1,10 @@
-@Library(['private-pipeline-library', 'jenkins-shared']) _
+/*
+ * Copyright (c) 2011-present Sonatype, Inc. All rights reserved.
+ * Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
+ * "Sonatype" is a trademark of Sonatype, Inc.
+ */
 
-import com.sonatype.jenkins.pipeline.OsTools
+@Library(['private-pipeline-library', 'jenkins-shared']) _
 
 import groovy.json.JsonSlurper
 
@@ -18,103 +22,6 @@ properties([
     ])
 ])
 
-
-node('ubuntu-zion') {
-  def buildDir = "./.sbom-build/job-${env.BUILD_NUMBER}"
-  def ubiImageName = ''
-  def ubiImageVersion = ''
-  def nexusVersion = ''
-  def dockerImageVersion = ''
-  def ubiSbomAvailable = true
-
-  try {
-    stage('Inspect Release Image') {
-      // Get RedHat UBI version
-      sh "docker pull sonatype/nexus3:${params.docker_nexus3_tag}"
-
-      nexusVersion = sh(script: "docker inspect sonatype/nexus3:${params.docker_nexus3_tag} \
-          | jq -r '.[0].Config.Labels.version' ",
-          returnStdout: true).trim()
-      dockerImageVersion = sh(script: "docker inspect sonatype/nexus3:${params.docker_nexus3_tag} \
-          | jq -r '.[0].Config.Labels.release' ",
-          returnStdout: true).trim()
-
-      def ubiImageId = sh(script: "docker inspect sonatype/nexus3:${params.docker_nexus3_tag} \
-          | jq -r '.[0].Config.Labels.\"base-image-ref\"' \
-          | sed -En 's/^.+image=(.+)\$/\\1/p'",
-        returnStdout: true).trim()
-
-      ubiImageName = sh(script: "curl -s -X 'GET' '${REDHAT_CONTAINER_API_URL_BASE}/images/id/${ubiImageId}' -H 'accept: application/json' \
-          | jq -r '.brew.build' \
-          | sed -En 's/(ubi[0-9]+-minimal)-container-([0-9]+\\.[0-9]+-[0-9]+\\.?[0-9]*)/\\1-\\2/p'",
-        returnStdout: true).trim()
-
-      ubiImageVersion = sh(script: "curl -s -X 'GET' '${REDHAT_CONTAINER_API_URL_BASE}/images/id/${ubiImageId}' -H 'accept: application/json' \
-          | jq -r '.brew.build' \
-          | sed -En 's/ubi[0-9]+-minimal-container-([0-9]+\\.[0-9]+-[0-9]+\\.?[0-9]*)/\\1/p'",
-        returnStdout: true).trim()
-    }
-    stage('Download SBOMs') {
-      sh "mkdir -p ${buildDir}/spdx && mkdir -p ${buildDir}/cyclonedx"
-
-      // Get nexus-internal SBOM
-      getComponentSbom(buildDir, "nexus-internal", nexusVersion)
-      // Get nxrm-db-migrator SBOM
-      getComponentSbom(buildDir, "nxrm-db-migrator", nexusVersion)
-      // Get docker-nexus3 SBOM
-      getComponentSbom(buildDir, "docker-nexus3", dockerImageVersion)
-      // Get UBI Minimal SBOM
-      ubiSbomAvailable = getUbiImageSbom(buildDir, ubiImageName, ubiImageVersion)
-
-      sh "echo 'Available SPDX SBOMS' && ls ${buildDir}/spdx"
-      sh "echo 'Available CycloneDx SBOMS' && ls ${buildDir}/cyclonedx"
-    }
-
-    stage('Merge supported sboms') {
-      def pythonEnvDir = "${buildDir}/.spdxmerge"
-
-      sh """#!/bin/bash
-        if ! [ -d "${buildDir}/SPDXMerge" ]; then
-          git clone https://github.com/philips-software/SPDXMerge.git '${buildDir}/SPDXMerge'
-        fi
-      """
-
-      sh """#!/bin/bash
-      if mkdir -p '${pythonEnvDir}' && python3 -m venv '${pythonEnvDir}' && ls '${pythonEnvDir}' && . '${pythonEnvDir}/bin/activate'; then
-        if python3 -m pip install -r '${buildDir}/SPDXMerge/requirements.txt' \
-            && python3 -m pip install setuptools \
-            && python3 '${buildDir}/SPDXMerge/spdxmerge/SPDXMerge.py' --docpath '${buildDir}/spdx' --outpath '${buildDir}/' \
-                --name "docker-nexus3-aggregate" --mergetype "1" --author "Sonatype Inc." --email "[email protected]" \
-                --docnamespace "https://sonatype.sonatype.app/platform/ui/links/application/docker-nexus3/report/b0c5f7f12ac84b439ded3ff255bd5eef" \
-                --filetype J \
-            && mv '${buildDir}/merged-SBoM-deep.json' '${buildDir}/spdx/docker-nexus3-aggregate-${dockerImageVersion}-spdx.json'; then
-          echo 'Merge completed!'
-        else
-        echo 'Merge failed!'
-          FAILED=1
-        fi
-
-        deactivate
-      fi
-
-      exit \${FAILED:-0}
-      """
-    }
-
-    stage('Publish SBOMs') {
-      if (ubiSbomAvailable) {
-        publishComponent(buildDir, "ubi-minimal", ubiImageVersion, false)
-      }
-      publishComponent(buildDir, "nexus-internal", nexusVersion)
-      publishComponent(buildDir, "nxrm-db-migrator", nexusVersion)
-      publishComponent(buildDir, "docker-nexus3", dockerImageVersion)
-      publishComponent(buildDir, "docker-nexus3-aggregate", dockerImageVersion, false)
-    }
-  } finally {
-    OsTools.runSafe(this, "rm -rf '${buildDir}'")
-  }
-}
-
 def getComponentSbom(String buildDir, String componentName, String componentVersion) {
   def componentInfo = getComponentInfo(componentName)
   def componentId = componentInfo.applications[0].id
@@ -192,4 +99,96 @@ def publishComponent(String buildDir, String componentName, String componentVers
   ]) {
     sh(publishCommand)
   }
-}
+}
+
+def mergeSpdxComponents(String buildDir, String finalComponentName, String finalComponentVersion, String finalNamespace) {
+  def pythonEnvDir = "${buildDir}/.spdxmerge"
+
+  sh """#!/bin/bash
+        if ! [ -d "${buildDir}/SPDXMerge" ]; then
+          git clone https://github.com/philips-software/SPDXMerge.git '${buildDir}/SPDXMerge'
+        fi
+      """
+
+  sh """#!/bin/bash
+    if mkdir -p '${pythonEnvDir}' && python3 -m venv '${pythonEnvDir}' && ls '${pythonEnvDir}' && . '${pythonEnvDir}/bin/activate'; then
+      if python3 -m pip install -r '${buildDir}/SPDXMerge/requirements.txt' \
+          && python3 -m pip install setuptools \
+          && python3 '${buildDir}/SPDXMerge/spdxmerge/SPDXMerge.py' --docpath '${buildDir}/spdx' --outpath '${buildDir}/' \
+              --name "docker-nexus3-aggregate" --mergetype "1" --author "Sonatype Inc." --email "[email protected]" \
+              --docnamespace "${finalNamespace}" \
+              --filetype J \
+          && mv '${buildDir}/merged-SBoM-deep.json' '${buildDir}/spdx/${finalComponentName}-${finalComponentVersion}-spdx.json'; then
+        echo 'Merge completed!'
+      else
+      echo 'Merge failed!'
+        FAILED=1
+      fi
+
+      deactivate
+    fi
+
+    exit \${FAILED:-0}
+    """
+}
+
+dockerizedRunPipeline(
+    skipVulnerabilityScan: true,
+    pathToDockerfile: "./build-images/Dockerfile.sbom-deployer",
+    prepare: {
+      withSonatypeDockerRegistry() {
+        sh "docker pull sonatype/nexus3:${params.docker_nexus3_tag}"
+        env['nexusVersion'] = sh(script: "docker inspect sonatype/nexus3:${params.docker_nexus3_tag} \
+            | jq -r '.[0].Config.Labels.version' ",
+          returnStdout: true).trim()
+        env['dockerImageVersion'] = sh(script: "docker inspect sonatype/nexus3:${params.docker_nexus3_tag} \
+            | jq -r '.[0].Config.Labels.release' ",
+          returnStdout: true).trim()
+        env['ubiImageId'] = sh(script: "docker inspect sonatype/nexus3:${params.docker_nexus3_tag} \
+            | jq -r '.[0].Config.Labels.\"base-image-ref\"' \
+            | sed -En 's/^.+image=(.+)\$/\\1/p'",
+          returnStdout: true).trim()
+      }
+    },
+    run: {
+      def buildDir = "./.sbom-build/job-${env.BUILD_NUMBER}"
+      def ubiImageName = sh(script: "curl -s -X 'GET' '${REDHAT_CONTAINER_API_URL_BASE}/images/id/${env.ubiImageId}' -H 'accept: application/json' \
+          | jq -r '.brew.build' \
+          | sed -En 's/(ubi[0-9]+-minimal)-container-([0-9]+\\.[0-9]+-[0-9]+\\.?[0-9]*)/\\1-\\2/p'",
+          returnStdout: true).trim()
+      def ubiImageVersion = sh(script: "curl -s -X 'GET' '${REDHAT_CONTAINER_API_URL_BASE}/images/id/${env.ubiImageId}' -H 'accept: application/json' \
+          | jq -r '.brew.build' \
+          | sed -En 's/ubi[0-9]+-minimal-container-([0-9]+\\.[0-9]+-[0-9]+\\.?[0-9]*)/\\1/p'",
+          returnStdout: true).trim()
+
+      // Download SBOMs
+      sh "mkdir -p ${buildDir}/spdx && mkdir -p ${buildDir}/cyclonedx"
+
+      // Get nexus-internal SBOM
+      getComponentSbom(buildDir, "nexus-internal", env.nexusVersion)
+      // Get nxrm-db-migrator SBOM
+      getComponentSbom(buildDir, "nxrm-db-migrator", env.nexusVersion)
+      // Get docker-nexus3 SBOM
+      getComponentSbom(buildDir, "docker-nexus3", env.dockerImageVersion)
+      // Get UBI Minimal SBOM
+      def ubiSbomAvailable = getUbiImageSbom(buildDir, ubiImageName, ubiImageVersion)
+
+      sh "echo 'Available SPDX SBOMS' && ls ${buildDir}/spdx"
+      sh "echo 'Available CycloneDx SBOMS' && ls ${buildDir}/cyclonedx"
+
+      // Merge supported sboms
+      def dockerImageNamespace = sh(script: "cat ${buildDir}/spdx/docker-nexus3-${env.dockerImageVersion}-spdx.json | jq -r '.documentNamespace'", returnStdout: true).trim()
+      mergeSpdxComponents(buildDir, "docker-nexus3-aggregate", env.dockerImageVersion, dockerImageNamespace)
+
+      // Publish SBOMs
+      if (ubiSbomAvailable) {
+        publishComponent(buildDir, "ubi-minimal", ubiImageVersion, false)
+      }
+      publishComponent(buildDir, "nexus-internal", env.nexusVersion)
+      publishComponent(buildDir, "nxrm-db-migrator", env.nexusVersion)
+      publishComponent(buildDir, "docker-nexus3", env.dockerImageVersion)
+      publishComponent(buildDir, "docker-nexus3-aggregate", env.dockerImageVersion, false)
+
+      sh "rm -rf '${buildDir}'"
+    }
+)

README.md

@@ -1,7 +1,11 @@
 <!--
 
-  Copyright (c) 2016-present Sonatype, Inc.
+    Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
+    Includes the third-party code listed at http://links.sonatype.com/products/nxrm/attributions.
+    "Sonatype" is a trademark of Sonatype, Inc.
 
+-->
+<!-- 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
@@ -15,7 +19,6 @@
   limitations under the License.
 
 -->
-
 # Sonatype Nexus Repository Docker: sonatype/nexus3
 
 [![Join the chat at https://gitter.im/sonatype/nexus-developers](https://badges.gitter.im/sonatype/nexus-developers.svg)](https://gitter.im/sonatype/nexus-developers?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)

SECURITY.md

@@ -1,11 +1,10 @@
 <!--
 
-    Copyright (c) 2011-present Sonatype, Inc. All rights reserved.
-    Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
+    Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
+    Includes the third-party code listed at http://links.sonatype.com/products/nxrm/attributions.
     "Sonatype" is a trademark of Sonatype, Inc.
 
 -->
-
 # Reporting Security Vulnerabilities
 
 ## When to report

build-images/Dockerfile.sbom-deployer

@@ -0,0 +1,3 @@
+FROM docker-all.repo.sonatype.com/python:3.12
+
+RUN apt-get update && apt-get install -y jq curl

build_red_hat_image.sh

@@ -1,7 +1,10 @@
 #!/usr/bin/env bash
 #
-# Copyright (c) 2017-present Sonatype, Inc.
+# Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
+# Includes the third-party code listed at http://links.sonatype.com/products/nxrm/attributions.
+# "Sonatype" is a trademark of Sonatype, Inc.
 #
+
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

header.txt

@@ -0,0 +1,3 @@
+Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
+Includes the third-party code listed at http://links.sonatype.com/products/nxrm/attributions.
+"Sonatype" is a trademark of Sonatype, Inc.

rh-docker/help.md

@@ -1,3 +1,10 @@
+<!--
+
+    Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
+    Includes the third-party code listed at http://links.sonatype.com/products/nxrm/attributions.
+    "Sonatype" is a trademark of Sonatype, Inc.
+
+-->
 % NEXUS(1) Container Image Pages
 % Sonatype
 % December 15, 2017

rh-docker/uid_entrypoint.sh

@@ -1,7 +1,10 @@
 #!/bin/sh
 #
-# Copyright:: Copyright (c) 2017-present Sonatype, Inc. Apache License, Version 2.0.
+# Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
+# Includes the third-party code listed at http://links.sonatype.com/products/nxrm/attributions.
+# "Sonatype" is a trademark of Sonatype, Inc.
 #
+
 # arbitrary uid recognition at runtime - for OpenShift deployments
 USER_ID=$(id -u)
 if [[ ${USER_UID} != ${USER_ID} ]]; then

rh-docker/uid_template.sh

@@ -1,6 +1,9 @@
 #!/bin/sh
 #
-# Copyright:: Copyright (c) 2017-present Sonatype, Inc. Apache License, Version 2.0.
+# Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
+# Includes the third-party code listed at http://links.sonatype.com/products/nxrm/attributions.
+# "Sonatype" is a trademark of Sonatype, Inc.
 #
+
 # arbitrary uid recognition at runtime - for OpenShift deployments
 sed "s@${USER_NAME}:x:${USER_UID}:@${USER_NAME}:x:\${USER_ID}:@g" /etc/passwd > /etc/passwd.template

scripts/BaseImageReference.groovy

@@ -1,9 +1,8 @@
 /*
  * Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
- * Includes the third-party code listed at http://links.sonatype.com/products/nexus/attributions.
+ * Includes the third-party code listed at http://links.sonatype.com/products/nxrm/attributions.
  * "Sonatype" is a trademark of Sonatype, Inc.
  */
-
 interface BaseImageReference
 {
   String getReference()