-
Notifications
You must be signed in to change notification settings - Fork 2
/
entrypoint.sh
executable file
·69 lines (60 loc) · 3.06 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#!/usr/bin/env sh
export NEXUS_DATA_DIR=/nexus-data
export ALLOWLIST_DIR=/allowlists
export PYPI_ALLOWLIST="$ALLOWLIST_DIR"/pypi.allowlist
export CRAN_ALLOWLIST="$ALLOWLIST_DIR"/cran.allowlist
timestamp() {
date -Is
}
hashes() {
md5sum $PYPI_ALLOWLIST $CRAN_ALLOWLIST
}
# Ensure allowlist files exist
if ! [ -f "$PYPI_ALLOWLIST" ]; then
echo "$(timestamp) PyPI allowlist not found"
exit 1
fi
if ! [ -f "$CRAN_ALLOWLIST" ]; then
echo "$(timestamp) CRAN allowlist not found"
exit 1
fi
# Wait for Nexus
until curl -s "$NEXUS_HOST":"$NEXUS_PORT" > /dev/null; do
echo "$(timestamp) Waiting for Nexus"
sleep 10
done
echo "$(timestamp) Nexus is running"
# Print version
nexus-allowlist --version
# Initial configuration
if [ -f "$NEXUS_DATA_DIR/admin.password" ]; then
echo "$(timestamp) Initial password file present, running initial configuration"
nexus-allowlist --admin-password "$NEXUS_ADMIN_PASSWORD" --nexus-host "$NEXUS_HOST" --nexus-path "$NEXUS_PATH" --nexus-port "$NEXUS_PORT" change-initial-password --path "$NEXUS_DATA_DIR"
nexus-allowlist --admin-password "$NEXUS_ADMIN_PASSWORD" --nexus-host "$NEXUS_HOST" --nexus-path "$NEXUS_PATH" --nexus-port "$NEXUS_PORT" initial-configuration --packages "$NEXUS_PACKAGES" --pypi-package-file "$ALLOWLIST_DIR/pypi.allowlist" --cran-package-file "$ALLOWLIST_DIR/cran.allowlist"
else
echo "$(timestamp) No initial password file found, skipping initial configuration"
fi
# Test authentication
if ! nexus-allowlist --admin-password "$NEXUS_ADMIN_PASSWORD" --nexus-host "$NEXUS_HOST" --nexus-path "$NEXUS_PATH" --nexus-port "$NEXUS_PORT" test-authentication; then
echo "$(timestamp) API authentication test failed, exiting"
exit 1
fi
if [ -n "$ENTR_FALLBACK" ]; then
echo "$(timestamp) Using fallback file monitoring"
# Run allowlist configuration now
nexus-allowlist --admin-password "$NEXUS_ADMIN_PASSWORD" --nexus-host "$NEXUS_HOST" --nexus-path "$NEXUS_PATH" --nexus-port "$NEXUS_PORT" update-allowlists --packages "$NEXUS_PACKAGES" --pypi-package-file "$PYPI_ALLOWLIST" --cran-package-file "$CRAN_ALLOWLIST"
# Periodically check for modification of allowlist files and run configuration again when they are
hash=$(hashes)
while true; do
new_hash=$(hashes)
if [ "$hash" != "$new_hash" ]; then
nexus-allowlist --admin-password "$NEXUS_ADMIN_PASSWORD" --nexus-host "$NEXUS_HOST" --nexus-path "$NEXUS_PATH" --nexus-port "$NEXUS_PORT" update-allowlists --packages "$NEXUS_PACKAGES" --pypi-package-file "$PYPI_ALLOWLIST" --cran-package-file "$CRAN_ALLOWLIST"
hash=$new_hash
fi
sleep 5
done
else
echo "$(timestamp) Using entr for file monitoring"
# Run allowlist configuration now, and again whenever allowlist files are modified
find "$ALLOWLIST_DIR"/*.allowlist | entr -n nexus-allowlist --admin-password "$NEXUS_ADMIN_PASSWORD" --nexus-host "$NEXUS_HOST" --nexus-path "$NEXUS_PATH" --nexus-port "$NEXUS_PORT" update-allowlists --packages "$NEXUS_PACKAGES" --pypi-package-file "$PYPI_ALLOWLIST" --cran-package-file "$CRAN_ALLOWLIST"
fi