upgrade to nexus 3.81.1-01

drop support for virtualbox
upgrade dependencies
2025-06-18 04:45:57 +00:00 · 2025-06-18 04:45:57 +00:00 · 2025-06-18 04:45:57 +00:00 · 2025-06-18 04:45:57 +00:00
13 changed files with 294 additions and 39 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,6 +3,7 @@
 provision/provision-nexus/sources/
 shared/
 binaries/
+tmp/
 /hello-world-debian-package/hello-world/debian/.debhelper/
 /hello-world-debian-package/hello-world_*
 /hello-world-debian-package/hello-world-*
--- a/README.md
+++ b/README.md
@ -39,9 +39,13 @@ Add the following entry to your `/etc/hosts` file:
 192.168.56.3 nexus.example.com
 ```

-Install Vagrant 2.1+.
+Install Vagrant 2.4.6+.

-Run `vagrant up --provider=virtualbox # or --provider=libvirt` to launch the environment.
+Launch the environment:
+
+```bash
+time vagrant up --provider=libvirt --no-destroy-on-error --no-tty
+```

 Access the [Nexus home page](https://nexus.example.com) and login as the `admin` user and password `admin`.

@ -50,6 +54,12 @@ You can also login with one of the example accounts, e.g. `alice.doe` and passwo
 **NB** nginx is setup with a self-signed certificate that you have to trust before being
 able to access the local Nexus home page.

+List this repository dependencies (and which have newer versions):
+
+```bash
+GITHUB_COM_TOKEN='YOUR_GITHUB_PERSONAL_TOKEN' ./renovate.sh
+```
+
 ## Network Packet Capture

 You can easily capture and see traffic from the host with the `wireshark.sh`
@ -145,7 +155,7 @@ You can also access the database cli shell as:
 sudo su -l                            # switch to the root user.
 systemctl stop nexus                  # make sure nexus is not running while you use the database.
 su -s /bin/bash nexus                 # switch to the nexus user.
-nexus_home=/opt/nexus/nexus-3.79.1-04 # make sure you have the correct version here.
+nexus_home=/opt/nexus/nexus-3.81.1-01 # make sure you have the correct version here.
 nexus_data="$(realpath $nexus_home/../sonatype-work/nexus3)"
 function h2-shell {
  java \
--- a/13
+++ b/13
@ -14,12 +14,6 @@ Vagrant.configure(2) do |config|
    lv.random :model => 'random'
  end

-  config.vm.provider :virtualbox do |vb|
-    vb.linked_clone = true
-    vb.cpus = 4
-    vb.memory = 2048
-  end
-
  config.vm.define :nexus do |config|
    config.vm.box = 'ubuntu-22.04-uefi-amd64'
    config.vm.hostname = nexus_domain
@ -29,9 +23,6 @@ Vagrant.configure(2) do |config|
      lv.machine_virtual_size = 32 # [GiB]
      config.vm.synced_folder '.', '/vagrant', type: 'nfs', nfs_version: '4.2', nfs_udp: false
    end
-    config.vm.provider :virtualbox do |vb, config|
-      vb.memory = 3*1024
-    end
    config.vm.provision :shell, path: 'provision/provision-resize-disk.sh'
    config.vm.provision :shell, path: 'provision/provision-base.sh'
    config.vm.provision :shell, path: 'provision/provision-docker.sh'
@ -53,10 +44,6 @@ Vagrant.configure(2) do |config|
    config.vm.provider :libvirt do |lv, config|
      config.vm.synced_folder '.', '/vagrant', type: 'smb', smb_username: ENV['USER'], smb_password: ENV['VAGRANT_SMB_PASSWORD']
    end
-    config.vm.provider :virtualbox do |vb, config|
-      vb.customize ['modifyvm', :id, '--vram', 64]
-      vb.customize ['modifyvm', :id, '--clipboard', 'bidirectional']
-    end
    config.vm.provision :shell, inline: "echo '#{nexus_ip} #{nexus_domain}' | Out-File -Encoding Ascii -Append c:/Windows/System32/drivers/etc/hosts"
    config.vm.provision :shell, path: 'provision/windows/ps.ps1', args: ['provision-base.ps1', nexus_domain]
    config.vm.provision :shell, path: 'provision/windows/ps.ps1', args: ['use-chocolatey-repository.ps1', nexus_domain]
--- a/hello-world-pypi-package/requirements.txt
+++ b/hello-world-pypi-package/requirements.txt
@ -1,9 +1,9 @@
 backports.tarfile==1.2.0
 build==1.2.2.post1
-certifi==2025.4.26
+certifi==2025.6.15
 cffi==1.17.1
 charset-normalizer==3.4.2
-cryptography==45.0.3
+cryptography==45.0.4
 docutils==0.21.2
 id==1.5.0
 idna==3.10
@ -22,7 +22,7 @@ pycparser==2.22
 Pygments==2.19.1
 pyproject_hooks==1.2.0
 readme_renderer==44.0
-requests==2.32.3
+requests==2.32.4
 requests-toolbelt==1.0.0
 rfc3986==2.0.0
 rich==14.0.0
@ -31,4 +31,4 @@ tomli==2.2.1
 twine==6.1.0
 typing_extensions==4.14.0
 urllib3==2.4.0
-zipp==3.22.0
+zipp==3.23.0
--- a/provision/provision-docker.sh
+++ b/provision/provision-docker.sh
@ -2,7 +2,11 @@
 set -euxo pipefail

 # see https://github.com/moby/moby/releases
-docker_version="${1:-28.2.2}"; shift || true
+# renovate: datasource=github-releases depName=moby/moby
+default_docker_version='28.2.2'
+
+# see https://github.com/moby/moby/releases
+docker_version="${1:-$default_docker_version}"; shift || true
 registry_proxy_domain="${1:-$(hostname --fqdn)}"; shift || true
 # NB as-of docker 19.03.8, there is still no way to specify a registry mirror credentials,
 #    as such, we cannot use our docker-group registry, instead we must use the docker-proxy
--- a/provision/provision-nexus.sh
+++ b/provision/provision-nexus.sh
@ -35,17 +35,12 @@ pushd /opt/nexus
 # see https://help.sonatype.com/repomanager3/product-information/download/download-archives---repository-manager-3
 # see https://help.sonatype.com/repomanager3/product-information/release-notes
 # see https://help.sonatype.com/repomanager3
-nexus_version=3.79.1-04
+nexus_version=3.81.1-01
 nexus_home=/opt/nexus/nexus-$nexus_version
 nexus_tarball=nexus-$nexus_version-linux-x86_64.tar.gz
 nexus_download_url=https://download.sonatype.com/nexus/3/$nexus_tarball
-nexus_download_sha256='048b5b588fcb337576f47e1cf8e89fb59273406b6b0789e90eb8f58726754115'
 wget -q $nexus_download_url
-if [ "$(sha256sum $nexus_tarball | awk '{print $1}')" != "$nexus_download_sha256" ]; then
-    echo "downloaded $nexus_download_url failed the checksum verification"
-    exit 1
-fi
-tar xf $nexus_tarball # NB this creates the $nexus_home (e.g. nexus-3.79.1-04) and sonatype-work directories.
+tar xf $nexus_tarball # NB this creates the $nexus_home (e.g. nexus-3.81.1-01) and sonatype-work directories.
 rm $nexus_tarball
 install -d -o nexus -g nexus -m 700 .java # java preferences are saved here (the default java.util.prefs.userRoot preference).
 install -d -o nexus -g nexus -m 700 sonatype-work/nexus3/etc
--- a/provision/provision-nexus/Makefile
+++ b/provision/provision-nexus/Makefile
@ -17,7 +17,7 @@ binaries: binaries-download

 binaries-download:
 	mkdir -p binaries
-	wget -qO- https://download.sonatype.com/nexus/3/nexus-3.79.1-04-unix.tar.gz \
+	wget -qO- https://download.sonatype.com/nexus/3/nexus-3.81.1-01-unix.tar.gz \
 		| tar xzf - --strip-components 1 -C binaries

 clean:
--- a/provision/provision-nexus/pom.xml
+++ b/provision/provision-nexus/pom.xml
@ -8,7 +8,7 @@
  <version>1.0-SNAPSHOT</version>

  <properties>
-    <nx-version>3.79.1-04</nx-version>
+    <nx-version>3.81.1-01</nx-version>
  </properties>
  <dependencies>
    <dependency>
--- a/provision/use-docker-repository.sh
+++ b/provision/use-docker-repository.sh
@ -22,6 +22,10 @@ mkdir -p tmp/use-docker-repository && cd tmp/use-docker-repository
 #
 # test the docker repository.

+# see https://github.com/golang/go/tags
+# renovate: datasource=github-tags depName=golang/go extractVersion=go(?<version>.+)
+go_version='1.24.4'
+
 cat >main.go <<'EOF'
 package main

@ -58,13 +62,13 @@ func main() {
    }
 }
 EOF
-cat >go.mod <<'EOF'
+cat >go.mod <<EOF
 module example.com/go-hello

-go 1.24.3
+go $go_version
 EOF
-cat >Dockerfile <<'EOF'
-FROM golang:1.24.3-bookworm as builder
+cat >Dockerfile <<EOF
+FROM golang:$go_version-bookworm as builder
 WORKDIR /app
 COPY go.* main.go ./
 RUN CGO_ENABLED=0 go build -ldflags="-s"
--- a/provision/use-maven-repository-from-gradle.sh
+++ b/provision/use-maven-repository-from-gradle.sh
@ -12,6 +12,7 @@ cd tmp/use-maven-repository-from-gradle

 # download and install gradle.
 # see https://gradle.org/releases/
+# renovate: datasource=github-releases depName=gradle/gradle
 gradle_version='8.14.2'
 if [ ! -f /opt/gradle/gradle-$gradle_version/bin/gradle ]; then
    apt-get install -y unzip
@ -101,6 +102,9 @@ EOF
 cat >settings.gradle <<'EOF'
 rootProject.name = 'gradle-greeter-application'
 EOF
+# see https://mvnrepository.com/artifact/com.gradleup.shadow/shadow-gradle-plugin
+# renovate: datasource=maven depName=com.gradleup.shadow:shadow-gradle-plugin
+com_gradleup_shadow_version='8.3.6'
 cat >build.gradle <<EOF
 // see https://docs.gradle.org/8.14.2/userguide/java_plugin.html
 // see https://docs.gradle.org/8.14.2/userguide/application_plugin.html
@ -109,7 +113,7 @@ cat >build.gradle <<EOF

 plugins {
    id 'application'
-    id 'com.gradleup.shadow' version '8.3.6'
+    id 'com.gradleup.shadow' version '$com_gradleup_shadow_version'
 }

 group = 'com.example'
--- a/provision/use-nuget-repository.sh
+++ b/provision/use-nuget-repository.sh
@ -64,8 +64,10 @@ dotnet nuget list source
 # create the example project.
 # see https://docs.microsoft.com/en-us/nuget/reference/msbuild-targets#packing-using-a-nuspec
 # see https://docs.microsoft.com/en-us/nuget/reference/msbuild-targets#pack-target
-# see https://www.nuget.org/packages/serilog/
-cat >example-hello-world.csproj <<'EOF'
+# see https://www.nuget.org/packages/Serilog/
+# renovate: datasource=nuget depName=Serilog
+serilog_version='4.3.0'
+cat >example-hello-world.csproj <<EOF
 <Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
@ -82,7 +84,7 @@ cat >example-hello-world.csproj <<'EOF'
    </NuspecProperties>
  </PropertyGroup>
  <ItemGroup>
-    <PackageReference Include="Serilog" Version="4.3.0" />
+    <PackageReference Include="Serilog" Version="$serilog_version" />
  </ItemGroup>
 </Project>
 EOF
@ -159,7 +161,9 @@ EOF
 dotnet nuget list source
 dotnet add package example-hello-world
 # see https://www.nuget.org/packages/Serilog.Sinks.Console/
-dotnet add package Serilog.Sinks.Console --version 6.0.0
+# renovate: datasource=nuget depName=Serilog.Sinks.Console
+serilog_sinks_console_version='6.0.0'
+dotnet add package Serilog.Sinks.Console --version "$serilog_sinks_console_version"
 dotnet build -v=n -c=Release
 dotnet publish -v=n -c=Release --no-build --output dist
 ./dist/test
--- a/renovate.json5
+++ b/renovate.json5
@ -0,0 +1,21 @@
+// see https://docs.renovatebot.com/templates/
+// see https://docs.renovatebot.com/modules/manager/
+// see https://docs.renovatebot.com/modules/manager/regex/
+// see https://docs.renovatebot.com/configuration-options/
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "regexManagers": [
+    // default datasources.
+    {
+      "fileMatch": [
+        "\\.ya?ml$",
+        "\\.sh$",
+      ],
+      "matchStrings": [
+        "# renovate: datasource=(?<datasource>[^:]+?) depName=(?<depName>.+?)( versioning=(?<versioning>.+?))?( extractVersion=(?<extractVersion>.+?))?( registryUrl=(?<registryUrl>.+?))?\\s.+?[:=]\\s*[\"']?(?<currentValue>.+?)[\"']?\\s"
+      ],
+      "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}",
+      "extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^v?(?<version>.+)${{/if}}"
+    },
+  ]
+}
--- a/renovate.sh
+++ b/renovate.sh
@ -0,0 +1,225 @@
+#!/bin/bash
+set -euo pipefail
+
+# this executes renovate against the local repository.
+# NB this uses a temporary gitea instance because running renovate against a
+#    local directory not (yet?) supported.
+#    see https://github.com/renovatebot/renovate/issues/3609
+
+export RENOVATE_USERNAME='renovate'
+export RENOVATE_NAME='Renovate Bot'
+export RENOVATE_PASSWORD='password'
+gitea_container_name="$(basename "$(dirname "$(realpath "${BASH_SOURCE[0]}")")")-renovate-gitea"
+
+# see https://hub.docker.com/r/gitea/gitea/tags
+# renovate: datasource=docker depName=gitea/gitea
+gitea_version='1.24.0'
+
+# see https://hub.docker.com/r/renovate/renovate/tags
+# renovate: datasource=docker depName=renovate/renovate
+renovate_version='40.49.8'
+
+# clean.
+echo 'Deleting existing Gitea...'
+docker rm --force "$gitea_container_name" >/dev/null 2>&1
+echo 'Deleting existing temporary files...'
+rm -f tmp/renovate-*
+install -d tmp
+
+# start gitea in background.
+# see https://docs.gitea.io/en-us/config-cheat-sheet/
+# see https://github.com/go-gitea/gitea/releases
+# see https://github.com/go-gitea/gitea/blob/v1.24.0/docker/root/etc/s6/gitea/setup
+echo 'Starting Gitea...'
+docker run \
+    --detach \
+    --name "$gitea_container_name" \
+    -v /etc/timezone:/etc/timezone:ro \
+    -v /etc/localtime:/etc/localtime:ro \
+    -e SECRET_KEY=opensesame \
+    -p 3000 \
+    "gitea/gitea:$gitea_version" \
+    >/dev/null
+gitea_addr="$(docker port "$gitea_container_name" 3000 | head -1)"
+gitea_url="http://$gitea_addr"
+export RENOVATE_ENDPOINT="$gitea_url"
+export GIT_PUSH_REPOSITORY="http://$RENOVATE_USERNAME:$RENOVATE_PASSWORD@$gitea_addr/$RENOVATE_USERNAME/test.git"
+
+# wait for gitea to be ready.
+echo "Waiting for Gitea to be ready at $gitea_url..."
+GITEA_URL="$gitea_url" bash -euc 'while [ -z "$(wget -qO- "$GITEA_URL/api/v1/version" | jq -r ".version | select(.!=null)")" ]; do sleep 5; done'
+
+# create user in gitea.
+echo "Creating Gitea $RENOVATE_USERNAME user..."
+docker exec --user git "$gitea_container_name" gitea admin user create \
+    --admin \
+    --email "$RENOVATE_USERNAME@example.com" \
+    --username "$RENOVATE_USERNAME" \
+    --password "$RENOVATE_PASSWORD"
+curl \
+    --silent \
+    --show-error \
+    --fail-with-body \
+    -u "$RENOVATE_USERNAME:$RENOVATE_PASSWORD" \
+    -X 'PATCH' \
+    -H 'Accept: application/json' \
+    -H 'Content-Type: application/json' \
+    -d "{\"full_name\":\"$RENOVATE_NAME\"}" \
+    "$gitea_url/api/v1/user/settings" \
+    | jq \
+    > /dev/null
+
+# create the user personal access token.
+# see https://docs.gitea.io/en-us/api-usage/
+# see https://docs.gitea.io/en-us/oauth2-provider/#scopes
+# see https://try.gitea.io/api/swagger#/user/userCreateToken
+echo "Creating Gitea $RENOVATE_USERNAME user personal access token..."
+curl \
+    --silent \
+    --show-error \
+    --fail-with-body \
+    -u "$RENOVATE_USERNAME:$RENOVATE_PASSWORD" \
+    -X POST \
+    -H "Content-Type: application/json" \
+    -d '{"name": "renovate", "scopes": ["read:user", "write:issue", "write:repository"]}' \
+    "$gitea_url/api/v1/users/$RENOVATE_USERNAME/tokens" \
+    | jq -r .sha1 \
+    >tmp/renovate-gitea-token.txt
+
+# try the token.
+echo "Trying the Gitea $RENOVATE_USERNAME user personal access token..."
+RENOVATE_TOKEN="$(cat tmp/renovate-gitea-token.txt)"
+export RENOVATE_TOKEN
+curl \
+    --silent \
+    --show-error \
+    --fail-with-body \
+    -H "Authorization: token $RENOVATE_TOKEN" \
+    -H 'Accept: application/json' \
+    "$gitea_url/api/v1/version" \
+    | jq \
+    > /dev/null
+
+# create remote repository in gitea.
+echo "Creating Gitea $RENOVATE_USERNAME test repository..."
+curl \
+    --silent \
+    --show-error \
+    --fail-with-body \
+    -u "$RENOVATE_USERNAME:$RENOVATE_PASSWORD" \
+    -X POST \
+    -H 'Accept: application/json' \
+    -H 'Content-Type: application/json' \
+    -d '{"name": "test"}' \
+    "$gitea_url/api/v1/user/repos" \
+    | jq \
+    > /dev/null
+
+# push the code to local gitea repository.
+# NB running renovate locally is not yet supported.
+#    see https://github.com/renovatebot/renovate/issues/3609
+echo "Pushing local repository to Gitea $RENOVATE_USERNAME test repository..."
+git push --force "$GIT_PUSH_REPOSITORY"
+
+# see https://docs.renovatebot.com/modules/platform/gitea/
+# see https://docs.renovatebot.com/self-hosted-configuration/#dryrun
+# see https://github.com/renovatebot/renovate/blob/main/docs/usage/examples/self-hosting.md
+# see https://github.com/renovatebot/renovate/tree/main/lib/modules/datasource
+# see https://github.com/renovatebot/renovate/tree/main/lib/modules/versioning
+RENOVATE_TOKEN="$(cat tmp/renovate-gitea-token.txt)"
+export RENOVATE_TOKEN
+# NB these can also be passed as raw positional arguments to docker run.
+export RENOVATE_REPOSITORIES="$RENOVATE_USERNAME/test"
+# see https://docs.github.com/en/rest/rate-limit#get-rate-limit-status-for-the-authenticated-user
+# see https://github.com/settings/tokens
+# NB this is only used for authentication. the token should not have any scope enabled.
+#export GITHUB_COM_TOKEN='TODO-YOUR-TOKEN'
+# let renovate create all the required pull requests.
+# see https://docs.renovatebot.com/configuration-options/#prhourlylimit
+# see https://docs.renovatebot.com/configuration-options/#prconcurrentlimit
+export RENOVATE_PR_HOURLY_LIMIT='0'
+export RENOVATE_PR_CONCURRENT_LIMIT='0'
+echo 'Running renovate...'
+# NB to capture the traffic using mitmproxy, start mitmweb in a different
+#    shell, then enable the following if (i.e. true).
+docker_extra_args=()
+if false; then
+    docker_extra_args+=(
+        --env http_proxy=http://127.0.0.1:8080
+        --env https_proxy=http://127.0.0.1:8080
+        --env no_proxy=
+        --env SSL_CERT_FILE=/usr/local/shared/ca-certificates/mitmproxy-ca.crt
+        --volume "$HOME/.mitmproxy/mitmproxy-ca-cert.pem:/usr/local/shared/ca-certificates/mitmproxy-ca.crt:ro"
+    )
+fi
+# NB use --dry-run=lookup for not modifying the repository (e.g. for not
+#    creating pull requests).
+docker run \
+  --rm \
+  --tty \
+  --interactive \
+  --net host \
+  --env GITHUB_COM_TOKEN \
+  --env RENOVATE_ENDPOINT \
+  --env RENOVATE_TOKEN \
+  --env RENOVATE_REPOSITORIES \
+  --env RENOVATE_PR_HOURLY_LIMIT \
+  --env RENOVATE_PR_CONCURRENT_LIMIT \
+  --env LOG_LEVEL=debug \
+  --env LOG_FORMAT=json \
+  "${docker_extra_args[@]}" \
+  "renovate/renovate:$renovate_version" \
+  --platform=gitea \
+  --git-url=endpoint \
+  >tmp/renovate-log.json
+
+echo 'Getting results...'
+# extract the errors.
+jq 'select(.err)' tmp/renovate-log.json >tmp/renovate-errors.json
+# extract the result from the renovate log.
+jq 'select(.msg == "packageFiles with updates") | .config' tmp/renovate-log.json >tmp/renovate-result.json
+# extract all the dependencies.
+jq 'to_entries[].value[] | {packageFile,dep:.deps[]}' tmp/renovate-result.json >tmp/renovate-dependencies.json
+# extract the dependencies that have updates.
+jq 'select((.dep.updates | length) > 0)' tmp/renovate-dependencies.json >tmp/renovate-dependencies-updates.json
+
+# helpers.
+function show-title {
+    echo
+    echo '#'
+    echo "# $1"
+    echo '#'
+    echo
+}
+
+# show errors.
+if [ "$(jq --slurp length tmp/renovate-errors.json)" -ne '0' ]; then
+    show-title errors
+    jq . tmp/renovate-errors.json
+fi
+
+# show dependencies.
+function show-dependencies {
+    show-title "$1"
+    (
+        printf 'packageFile\tdatasource\tdepName\tcurrentValue\tnewVersions\tskipReason\twarnings\n'
+        jq \
+            -r \
+            '[
+                .packageFile,
+                .dep.datasource,
+                .dep.depName,
+                .dep.currentValue,
+                (.dep | select(.updates) | .updates | map(.newVersion) | join(" | ")),
+                .dep.skipReason,
+                (.dep | select(.warnings) | .warnings | map(.message) | join(" | "))
+            ] | @tsv' \
+            "$2" \
+            | sort
+    ) | column -t -s "$(printf \\t)"
+}
+show-dependencies 'Dependencies' tmp/renovate-dependencies.json
+show-dependencies 'Dependencies Updates' tmp/renovate-dependencies-updates.json
+
+# show the gitea project.
+show-title "See PRs at $gitea_url/$RENOVATE_USERNAME/test/pulls (you can login as $RENOVATE_USERNAME:$RENOVATE_PASSWORD)"
Author	SHA1	Message	Date
Rui Lopes	6846e19dcb	upgrade to nexus 3.81.1-01	2025-06-18 04:45:57 +00:00
Rui Lopes	d156eca1ea	drop support for virtualbox	2025-06-18 04:45:57 +00:00
Rui Lopes	56ebb23d7a	upgrade dependencies	2025-06-18 04:45:57 +00:00
Rui Lopes	b735d58998	add renovate 40.49.8	2025-06-18 04:45:57 +00:00