Nexus has the ability to define staging rules that must be satisfied to allow successful deployment or before a staging repository can be promoted.
Staging rulesets are customizable groups of rules that are validated against the components in a staging repository when the repository is closed or promoted. If any rules cannot be validated, closing or promoting the repository will fail.
A staging repository associated with a staging ruleset configured in the staging profile cannot be closed or promoted until all of the rules associated with the rulesets have been satisfied. This allows you to set standards for your own hosted repositories, and it is the mechanism that is used to guarantee the consistency of components stored in the Central Repository.
To create a Staging Ruleset, click on the Staging Ruleset item in the Build Promotion menu. This will load the interface shown in Figure 11.22, “Creating a Staging Ruleset”. The Staging Ruleset panel is used to define sets of rules that can be applied to staging profiles.
Nexus contains the following rules:
- Artifact Uniqueness Validation
- This rule checks to see that the component being released, promoted, or staged is unique in a particular Nexus instance.
- Checksum Validation
- This rule validates that file checksum files are present and correct for the published components.
- Javadoc Validation
- The Javadoc Validation rule will verify that every project has a component with the javadoc classifier. If you attempt to promote a staging repository that contains components not accompanied by "-javadoc.jar" components, this validation rule will fail.
- No promote action allowed
- This rule can be used to prevent the promotion of a staging repository to a build promotion profile. It can be used enforce a choice between releasing and dropping a staging repository only.
- No release action allowed
- This rule can be used to prevent the direct release of a staging repository. It can be used enforce a choice between promoting and dropping a staging repository only.
- POM Validation
- The Staging POM Validation rule will verify Project URL - project/url, Project Licenses - project/licenses and Project SCM Information - project/scm. Any of these POM elements cannot be missing or empty.
- POM must not contain system scoped dependencies
- Ensures that no dependency is using the scope system. This allows for a path definition ultimately making the component rely on a specific relative path and using it is considered bad practice and violates the idea of having all necessary components available in repositories.
- POM must not contain release repository
This rule can ensure that
no release repository is defined in the
repositorieselement in the POM. This is important since it potentially would circumvent the usage of the repository manager and could point to other repositories that are not actually available to a user of the component.
- Profile target matcher
- This rule verifies the staging repository content against the repository target configured in the staging profile for this staging repository. This enforces that only components using the correct repository path as a result of the groupId.
- Signature Validation
- The Signature Validation rule verifies that every item in the repository has a valid PGP signature. If you attempt to promote a staging repository that contains components not accompanied by valid PGP signature, this validation will fail.
- Sources Validation
- The Sources Validation rule will verify that every project has a component with the sources classifier. If you attempt to promote a staging repository that contains components not accompanied by "-sources.jar" components, this validation rule will fail.
To define a ruleset to be used for closing or promotion, edit the staging profile by selecting it in the staging profile list. Scroll down to the sections Close Repository Staging Rulesets and Promote Repository Staging Rulesets as shown in Figure 11.23, “Associating a Staging Ruleset with a Staging Profile” and add the desired available rulesets to the left-hand list of activated rulesets for the current staging profile.
The next time you attempt to close or promote a staging repository that was created with this profile, Nexus Pro will check that all of the rules in the associated rulesets are being followed.