Documentation Nexus IQ Server 1.20

Our documentation site has moved. For the most current version, please see http://help.sonatype.com

12.4. IQ Server for Repository Manager Staging

[Tip]

The features discussed in this section require IQ Server and Nexus Repository Manager with the Repository license plus either the Firewall or Lifecycle license.

IQ Server for Repository Manager staging combines the powerful controls for your release process from Repository Manager with the rich information and validation available in IQ Server. Using them together you can ensure that any releases you produce are actively and automatically validated against up to date information in terms of security vulnerabilities and license characteristics of all the components you use and any whitelists or blacklists you maintain as well as other policies you have defined are enforced.

You will need to have completed the following items before using IQ Server with Repository Manager. This includes:

In IQ Server
  • Created an Organization
  • Created an Application
  • Created a Policy
In Repository Manager
  • Created a Staging Profile
[Note]

Before using IQ Server for staging you should be familiar with the general setup and usage patterns of the Repository Manager Staging Suite documented in the chapter on staging, located in the Nexus Repository Manager book. There, you will be guided through the process to get Repository Manager prepared to handle your staging needs.

12.4.1. Staging Profile Configuration

As mentioned in the note above, you should already have your staging profile configured. To utilize IQ Server evaluation and policy features as part of your build promotion you will need to select an IQ Server Application as part of the staging profile configuration. This is done via Repository Manager. An example is provided below.

The figure below shows an example staging profile with an IQ Server application configured.

figs/web/clm-staging-profile.png

Figure 12.23. Staging Profile with an IQ Server Application Configured


12.4.2. Policy Actions for Staging

While not a requirement for using IQ Server with Repository Manager staging, IQ Server does have the ability to Fail or Warn on staging closure. This is managed by setting the Stage Release and Release actions for each policy. These policy actions can be configured to warn, fail, or do nothing (default). The figure below provides an example policy that would warn for a staging deployment and fail a release.

figs/web/server-policy-staging.png

Figure 12.24. Staging and Release Configuration for a Policy in IQ Server


Configuration of policy actions is managed via IQ Server. While we’ll cover the basic settings below, for instruction on setting these actions, please review the Policy Management chapter, specifically the section on managing policy actions.

The configuration of the Stage Release action is used for closing the staging repository. Based on the action chosen, the staging repository will respond as follows:

  • If the policy action is set to Fail, when a policy is violated, the staging repository closing fails.
  • If the policy action is set to Warn, when a policy is violated, the staging repository closes successfully, but a warning will be produced.
  • If the policy action is set to Do Nothing, the staging repository closes successfully regardless of any policy violations.

12.4.3. Policy Actions for Release Repositories

Repository Manager also has actions specific to the Release feature, and these can be configured to fail, warn or do nothing and are used for releasing or promoting the staging repository.

Once the staging profile is configured with the IQ Server application identifier, any deployment triggers an evaluation with IQ Server, which will be visible as Activity for the staging repository. Any rule failures are provided with further information in the detail panel. Figure 12.25, “Staging Repository Activity with IQ Server Evaluation Failure and Details” displays a staging repository with IQ Server rule validations and a failure. The View Full Report button links back to the detailed Application Composition Report.

figs/web/clm-staging-repository-failure.png

Figure 12.25. Staging Repository Activity with IQ Server Evaluation Failure and Details