Repository Management with Nexus
10.5. Enforcing Standards for Deployment and Promotion with Rulesets
Nexus has the ability to define staging rules that must be satisfied to allow successful deployment or before a staging repository can be promoted.
Staging rulesets are customizable groups of rules that are validated against the components in a staging repository, when the repository is closed or promoted. If any rules can not be validated closing or promoting the repository will fail.
A staging repository associated with a staging ruleset configured in the staging profile can not be closed or promoted until all of the rules associated with the rulesets have been satisfied. This allows you to set standards for your own hosted repositories, and it is the mechanism that is used to guarantee the consistency of components stored in the Central Repository.
To create a Staging Ruleset, click on the Staging Ruleset item in
the Build Promotion menu. This will load the interface shown in
Figure 10.22, “Creating a Staging Ruleset”. The Staging Ruleset panel is used to define
sets of rules that can be applied to staging profiles.
Nexus contains the following rules:
- Artifact Uniqueness Validation
- This rule checks to see that the component being released, promoted, or staged is unique in a particular Nexus instance.
- Checksum Validation
- This rule validates that file checksum files are present and correct for the published components.
- Javadoc Validation
- The Javadoc Validation rule will verify that every project has a component with the javadoc classifier. If you attempt to promote a staging repository which contains components not accompanied by "-javadoc.jar" artifacts, this validation rule will fail.
- POM Validation
- The Staging POM Validation rule will verify Project URL - project/url, Project Licenses - project/licenses and Project SCM Information - project/scm. Any of these POM elements can not be missing or empty.
- POM must not contain system scoped dependencies
- ensures that no dependency is using the scope system, that allows for a path definition ultimately making the component rely on a specific relative path.
- POM must not contain release repository
- This rule can ensure that no repository element is defined in the POM. This is important since it potentially would circumvent the usage of the repository manager and could point to other repositories that are not actually available to a user of the component
- Signature Validation
- The Signature Validation rule verifies that every item in the repository has a valid PGP signature. If you attempt to promote a staging repository which contains artifacts not accompanied by valid PGP signature, this validation will fail.
- Sources Validation
- The Sources Validation rule will verify that every project has an artifact with the sources classifier. If you attempt to promote a staging repository which contains artifacts not accompanied by "-sources.jar" artifacts, this validation rule will fail.
To define a ruleset to be used for closing or promotion, edit the
staging profile by selecting it in the staging profile list. Scroll
down to the sections Close Repository Staging Rulesets and Promote
Repository Staging Rulesets as shown in
Figure 10.23, “Associating a Staging Ruleset with a Staging Profile” and add the desired available
rulesets to the left hand list of activated rulesets for the current
staging profile.
The next time you attempt to close or promote a staging repository that was created with this profile, Nexus Professional will check that all of the rules in the associated rulesets are being adhered to.