Repository Management with Nexus

11.5. Enforcing Standards for Deployment and Promotion with Rulesets

Nexus has the ability to define staging rules that must be satisfied to allow successful deployment or before a staging repository can be promoted.

11.5.1. Managing Staging Rulesets

Staging rulesets are customizable groups of rules that are validated against the components in a staging repository when the repository is closed or promoted. If any rules cannot be validated, closing or promoting the repository will fail.

A staging repository associated with a staging ruleset configured in the staging profile cannot be closed or promoted until all of the rules associated with the rulesets have been satisfied. This allows you to set standards for your own hosted repositories, and it is the mechanism that is used to guarantee the consistency of components stored in the Central Repository.

To create a Staging Ruleset, click on the Staging Ruleset item in the Build Promotion menu. This will load the interface shown in Figure 11.22, “Creating a Staging Ruleset”. The Staging Ruleset panel is used to define sets of rules that can be applied to staging profiles.

figs/web/staging-rulesets.png

Figure 11.22. Creating a Staging Ruleset


Nexus contains the following rules:

Artifact Uniqueness Validation
This rule checks to see that the component being released, promoted, or staged is unique in a particular Nexus instance.
Checksum Validation
This rule validates that file checksum files are present and correct for the published components.
Javadoc Validation
The Javadoc Validation rule will verify that every project has a component with the javadoc classifier. If you attempt to promote a staging repository that contains components not accompanied by "-javadoc.jar" artifacts, this validation rule will fail.
POM Validation
The Staging POM Validation rule will verify Project URL - project/url, Project Licenses - project/licenses and Project SCM Information - project/scm. Any of these POM elements cannot be missing or empty.
POM must not contain system scoped dependencies
Ensures that no dependency is using the scope system. This allows for a path definition ultimately making the component rely on a specific relative path and using it is considered bad practice and violates the idea of having all necessary components available in repositories.
POM must not contain release repository
This rule can ensure that no repository element is defined in the POM. This is important since it potentially would circumvent the usage of the repository manager and could point to other repositories that are not actually available to a user of the component
Signature Validation
The Signature Validation rule verifies that every item in the repository has a valid PGP signature. If you attempt to promote a staging repository that contains artifacts not accompanied by valid PGP signature, this validation will fail.
Sources Validation
The Sources Validation rule will verify that every project has an artifact with the sources classifier. If you attempt to promote a staging repository that contains artifacts not accompanied by "-sources.jar" artifacts, this validation rule will fail.

11.5.2. Defining Rulesets for Promotion

To define a ruleset to be used for closing or promotion, edit the staging profile by selecting it in the staging profile list. Scroll down to the sections Close Repository Staging Rulesets and Promote Repository Staging Rulesets as shown in Figure 11.23, “Associating a Staging Ruleset with a Staging Profile” and add the desired available rulesets to the left-hand list of activated rulesets for the current staging profile.

figs/web/staging-rulesets-associate.png

Figure 11.23. Associating a Staging Ruleset with a Staging Profile


The next time you attempt to close or promote a staging repository that was created with this profile, Nexus Professional will check that all of the rules in the associated rulesets are being followed.