Here is a video tutorial
Introduction
In the Nexus OSS version, there is no native option to generate API tokens for users. However, we can work around this issue by creating a user specifically for npm and using their credentials in the .npmrc file. Here’s how to do it:
1. Nexus Server Configuration
Add repositories
1. Create an npm Hosted Repository
- Click on “Repositories” under the “Repository” menu.
- Click on the “Create repository” button.
- Choose “npm (hosted)” from the list.
- Configure the repository:
- Name:
npm-hosted - Deployment policy: Choose your preferred policy (e.g.,
Disable redeploy)
- Name:
- Click “Create repository”.
2. Create an npm Proxy Repository
- Click on “Repositories” under the “Repository” menu.
- Click on the “Create repository” button.
- Choose “npm (proxy)” from the list.
- Configure the repository:
- Name:
npm-proxy - Remote Storage:
https://registry.npmjs.org
- Name:
- Click “Create repository”.
3. Create an npm Group Repository
- Click on “Repositories” under the “Repository” menu.
- Click on the “Create repository” button.
- Choose “npm (group)” from the list.
- Configure the repository:
- Name:
npm-group - Member repositories: Add
npm-hostedandnpm-proxyto the group
- Name:
- Click “Create repository”.
Create a New Role with Read-Only Permissions
- Navigate to “Security” -> “Roles”.
- Click “Create role”.
- Role ID:
npm-read-only - Role Name:
NPM Read Only - Description:
Read-only access to npm repositories
- Role ID:
- In the “Privileges” tab, add the following privileges:
nx-repository-view-npm-*-addnx-repository-view-npm-*-browsenx-repository-view-npm-*-readnx-repository-view-npm-npm-group-browsenx-repository-view-npm-npm-group-readnx-repository-view-npm-npm-hosted-browsenx-repository-view-npm-npm-hosted-readnx-repository-view-npm-npm-proxy-browsenx-repository-view-npm-npm-proxy-read
Create a user specifically for npm
- Log in to Nexus Repository Manager.
- Navigate to “Security” -> “Users”.
- Click “Create user”.
- Username:
npm-user - Password:
securepassword - First Name:
NPM - Last Name:
User - Email:
npm-user@example.com
- Username:
- Click “Create” to save the user.
Assign the Role to the New User
- Navigate to “Security” -> “Users”.
- Click on the newly created user (
npm-user). - In the “Roles” tab, add the
npm-read-onlyrole. - Click “Save”.
2. Jenkinsfile Configuration
Ensure that you store the npm credentials as Secret Text or Username with password in Jenkins and use them during the build process.
For this example, let’s assume you store the username and password as Secret Text.
Add npm Credentials in Jenkins
- Navigate to Jenkins Dashboard > Manage Jenkins > Manage Credentials.
- Add new credentials:
- Kind: Secret Text
- Secret:
npm-user(ID:nexus-npm-user) - Description: Nexus npm username
- Add another Secret Text:
- Kind: Secret Text
- Secret:
securepassword(ID:nexus-npm-pass) - Description: Nexus npm password
Use Credentials in Jenkinsfile
|
|
Jenkinsfile - explanation:
This Jenkinsfile defines a pipeline for building and testing a project using Jenkins. Here is a detailed explanation of each section:
-
Pipeline Definition:
1 2pipeline { agent anyThe pipeline can run on any available agent.
-
Options:
1 2 3 4options { buildDiscarder(logRotator(numToKeepStr: '5')) disableConcurrentBuilds() }buildDiscarder(logRotator(numToKeepStr: '5')): Keeps only the last 5 builds to save space.disableConcurrentBuilds(): Ensures that only one build runs at a time.
-
Parameters:
1 2 3 4parameters { choice(name: 'choose_server', choices: [...], description: 'Select server') choice(name: 'SPEC_FILE', choices: [...], description: 'Choose spec file to test a module') }choose_server: Allows the user to select a server from a list.SPEC_FILE: Allows the user to choose a specification file for testing.
-
Environment Variables:
1 2 3 4 5 6 7environment { REPO_URL = 'git@gitlab.sysadmin.homes:developers/awx-taiko.git' BRANCH = 'main' REPORT_PATH = '/workspace' REPORT_NAME = 'TAIKO_AUTOMATED_TESTS' DOCKER_IMAGE = "awx-taiko" }Sets various environment variables used throughout the pipeline.
-
Stages:
-
Clean Workspace Before Start:
1 2 3 4 5stage('Clean Workspace Before Start') { steps { cleanWs() } }Cleans the workspace before starting the build.
-
Resolve IP:
1 2 3 4 5 6 7 8stage('Resolve IP') { steps { script { def serverAddressMapping = [...] env.server_address = serverAddressMapping[params.choose_server] } } }Maps the selected server to its IP address.
-
Checkout Code:
1 2 3 4 5 6 7 8stage('Checkout Code') { steps { script { sh 'mkdir -p ~/.ssh && ssh-keyscan gitlab.sysadmin.homes >> ~/.ssh/known_hosts' } checkout([...]) } }Sets up SSH keys and checks out the code from GitLab.
-
Set Environment Variables:
1 2 3 4 5 6 7 8 9 10 11 12 13stage('Set Environment Variables') { steps { script { switch (params.choose_server) { case 'AWX': env.USERNAME_ID = 'awx-username' env.PASSWORD_ID = 'awx-password' break ... } } } }Sets environment variables based on the selected server.
-
Build Docker Image:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17stage('Build Docker Image') { steps { withCredentials([ string(credentialsId: 'nexus-npm-user', variable: 'NPM_USER'), string(credentialsId: 'nexus-npm-pass', variable: 'NPM_PASS') ]) { script { echo "Building Docker image with Nexus credentials:" sh ''' docker build -t ${DOCKER_IMAGE} \ --build-arg NPM_USER=${NPM_USER} \ --build-arg NPM_PASS=${NPM_PASS} -f Dockerfile . ''' } } } }Builds a Docker image using credentials from a Nexus repository.
-
Run Taiko and Gauge Reports:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31stage('Run Taiko and Gauge reports') { agent { docker { image "${env.DOCKER_IMAGE}" args '-v /workspace:/workspace' } } steps { withCredentials([ string(credentialsId: env.USERNAME_ID, variable: 'username'), string(credentialsId: env.PASSWORD_ID, variable: 'password') ]) { script { sh ''' export server_address=${server_address} export username=${username} export password=${password} ''' sh "ln -s /usr/local/lib/node_modules/ ${WORKSPACE}/node_modules" sh 'ln -s /usr/local/lib/node_modules/ /lib/node_modules' sh 'rm -f *.tar downloaded//*' sh 'rm -rf reports .gauge logs' catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') { sh """ gauge run ${WORKSPACE}/specs/${params.SPEC_FILE} """ } } } } }Runs tests using Taiko and Gauge within the Docker container.
-
Archive Artifacts:
1 2 3 4 5 6 7 8 9 10 11 12 13 14stage('Archive artifacts') { steps { script { if (sh(script: "[ -d \"${WORKSPACE}/reports/\" ]", returnStatus: true) == 0) { def formattedDate = new Date().format("dd_MM_yyyy_HH_mm") def filename = "PASS_${REPORT_NAME}_${formattedDate}.tar" sh """ tar -cf ${filename} ${WORKSPACE}/reports/ ${WORKSPACE}/logs/ """ archiveArtifacts artifacts: "${filename}" } } } }Archives the test reports and logs if they exist.
-
Clean Taiko Leftovers on a Docker Node:
1 2 3 4 5 6 7 8 9 10 11 12stage('Clean Taiko leftovers on a Docker node') { steps { script { cleanWs() node('docker') { cleanWs() def workspaceDir = pwd() sh "rm -rf ${workspaceDir}/Taiko* ${workspaceDir}/Taiko@* ${workspaceDir}/Taiko@2*" } } } }Cleans up any leftover files from the Taiko tests.
-
-
Post Actions:
1 2 3 4 5post { always { cleanWs() } }Ensures the workspace is cleaned up after the pipeline completes, regardless of the result.
In summary, this Jenkinsfile sets up a multi-stage pipeline that checks out code from a GitLab repository, builds a Docker image, runs tests using Taiko and Gauge, archives the test reports, and cleans up the workspace. It uses several parameters and environment variables to customize the behavior based on the selected server and specification file.
3. Dockerfile Configuration
You need to pass the username and password as arguments when building the Docker image.
Example Dockerfile
|
|
Dockerfile - explanation:
This Dockerfile is designed to create a Docker image containing an environment for running a Node.js application and tools for testing using Gauge and Taiko. Here is a detailed description of each line and section of this Dockerfile:
-
Base Image:
1FROM node:18-alpine3.17The base image is
node:18-alpine3.17, meaning we are using a lightweight version of Alpine Linux with Node.js version 18 installed. -
Define ARG Variables:
1 2ARG NPM_USER ARG NPM_PASSDefines argument variables
NPM_USERandNPM_PASS, which will be used for authentication when fetching npm packages. -
Configure .npmrc:
1 2 3RUN echo "registry=https://nexus.sysadmin.homes/repository/npm-group/" > /root/.npmrc RUN echo "//nexus.sysadmin.homes/repository/npm-group/:_auth=$(echo -n ${NPM_USER}:${NPM_PASS} | base64)" >> /root/.npmrc RUN echo "always-auth=true" >> /root/.npmrcThese commands create the
.npmrcfile in the root directory (/root), configuring the npm registry and adding base64-encoded credentials for authentication. -
Update Packages and Install Additional Tools:
1 2RUN apk update > /dev/null RUN apk add --no-cache curl unzip git openssh bash nano wget ca-certificates openssl > /dev/nullUpdates the
apkpackage index and installs various tools such ascurl,unzip,git,openssh,bash,nano,wget,ca-certificates, andopenssl. Redirecting to/dev/nullhides the operation details. -
Clean apk Cache:
1RUN rm -rf /var/cache/apk/*Removes the
apkcache to reduce the image size. -
SSH Configuration for GitLab:
1RUN mkdir -p /root/.ssh && ssh-keyscan gitlab.sysadmin.homes >> /root/.ssh/known_hostsCreates the
.sshdirectory and adds the GitLab SSH key to theknown_hostsfile, preventing authentication prompts during SSH connections. -
Install Gauge:
1RUN curl -Ssl https://downloads.gauge.org/stable | shDownloads and installs Gauge using
curl. -
Install Gauge Plugins:
1 2 3RUN gauge install js && \ gauge install screenshot && \ gauge install html-reportInstalls three Gauge plugins:
js,screenshot, andhtml-report. -
npm Configuration:
1 2RUN npm config set strict-ssl false RUN npm config set registry "https://nexus.sysadmin.homes/repository/npm-group/"Configures npm by disabling strict SSL checking and setting a custom npm registry.
-
Install npm Packages:
1RUN npm install --no-fund --save -g npm@9.5.1 log4js@6.9.1 xml2js@0.6.2 isomorphic-fetch@3.0.0 node-ssh@13.1.0 taikoInstalls various npm packages globally, such as
npm,log4js,xml2js,isomorphic-fetch,node-ssh, andtaiko. -
Disable Proxy:
1 2ENV http_proxy= ENV https_proxy=Removes proxy environment variables.
-
Set Environment Variables:
1 2 3 4ENV NPM_CONFIG_PREFIX=/usr/local/lib/node_modules ENV PATH="${NPM_CONFIG_PREFIX}/bin:${PATH}" ENV TAIKO_BROWSER_ARGS=--no-sandbox,--start-maximized,--disable-dev-shm-usage,--headless,--disable-gpu ENV TAIKO_BROWSER_PATH=/usr/bin/chromium-browserSets several environment variables, including the npm installation path, Taiko browser arguments, and the path to the Chromium browser.
-
Install Chromium Browser:
1RUN apk add chromiumInstalls the Chromium browser from the Alpine repositories.
In summary, this Dockerfile sets up a Node.js environment based on Alpine Linux, installs various tools needed for testing applications using Gauge and Taiko, and configures npm and SSH authentication.
Summary
- Create a user specifically for npm in Nexus and asign a role to the user to read npm repository.
- Store the username and password as credentials (Secret text) in Jenkins and pass them as arguments when building the Docker image.
- Configure the
.npmrcfile in the Dockerfile, using the username and password in base64 format.
By following these modifications, you should be able to build your Docker images with the npm credentials securely passed from Jenkins, ensuring that your npm packages are fetched from Nexus with the appropriate authentication.
