feat: guarddog-nexus — webhook-based PyPI scanner with web UI
This commit is contained in:
Marker689
73
scripts/setup-nexus.sh
Normal file
73
scripts/setup-nexus.sh
Normal file
@@ -0,0 +1,73 @@
|
||||
#!/bin/sh
|
||||
# Setup script for test Nexus instance.
|
||||
# Creates a PyPI proxy repo and a webhook pointing to guarddog-nexus.
|
||||
|
||||
NEXUS_URL="${NEXUS_URL:-http://nexus:8081}"
|
||||
ADMIN_PASSWORD="${ADMIN_PASSWORD:-admin123}"
|
||||
WEBHOOK_URL="${WEBHOOK_URL:-http://guarddog-nexus:8080/webhooks/nexus}"
|
||||
|
||||
echo "Waiting for Nexus to start..."
|
||||
|
||||
# Wait until Nexus REST API is available (up to 5 minutes)
|
||||
MAX_WAIT=300
|
||||
ELAPSED=0
|
||||
while [ $ELAPSED -lt $MAX_WAIT ]; do
|
||||
if curl -sf -o /dev/null "${NEXUS_URL}/service/rest/v1/status" 2>/dev/null; then
|
||||
echo "Nexus is up!"
|
||||
break
|
||||
fi
|
||||
sleep 5
|
||||
ELAPSED=$((ELAPSED + 5))
|
||||
done
|
||||
|
||||
if [ $ELAPSED -ge $MAX_WAIT ]; then
|
||||
echo "Timed out waiting for Nexus"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check if password needs changing (first run)
|
||||
ADMIN_PASSWORD_FILE="/nexus-data/admin.password"
|
||||
if [ -f "$ADMIN_PASSWORD_FILE" ]; then
|
||||
RANDOM_PASS=$(cat "$ADMIN_PASSWORD_FILE")
|
||||
echo "Using random admin password: $RANDOM_PASS"
|
||||
AUTH_PASS="$RANDOM_PASS"
|
||||
else
|
||||
AUTH_PASS="$ADMIN_PASSWORD"
|
||||
fi
|
||||
|
||||
echo "Creating PyPI proxy repository..."
|
||||
curl -sf -u "admin:${AUTH_PASS}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{
|
||||
"name": "pypi-proxy",
|
||||
"online": true,
|
||||
"storage": {"blobStoreName": "default", "strictContentTypeValidation": true},
|
||||
"proxy": {"remoteUrl": "https://pypi.org", "contentMaxAge": 1440},
|
||||
"format": "pypi"
|
||||
}' \
|
||||
"${NEXUS_URL}/service/rest/v1/repositories/pypi/proxy" || echo "Repo may already exist"
|
||||
|
||||
echo "Creating webhook..."
|
||||
curl -sf -u "admin:${AUTH_PASS}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{
|
||||
\"name\": \"guarddog-scan\",
|
||||
\"eventTypes\": [\"repository.component\", \"repository.asset\"],
|
||||
\"format\": \"pypi\",
|
||||
\"url\": \"${WEBHOOK_URL}\",
|
||||
\"secret\": \"\",
|
||||
\"enabled\": true
|
||||
}" \
|
||||
"${NEXUS_URL}/service/rest/v1/webhooks" || echo "Webhook may already exist"
|
||||
|
||||
# Change admin password if this was first run
|
||||
if [ -f "$ADMIN_PASSWORD_FILE" ]; then
|
||||
echo "Changing admin password..."
|
||||
curl -sf -u "admin:${RANDOM_PASS}" \
|
||||
-H "Content-Type: text/plain" \
|
||||
-X PUT \
|
||||
-d "${ADMIN_PASSWORD}" \
|
||||
"${NEXUS_URL}/service/rest/v1/security/users/admin/change-password"
|
||||
fi
|
||||
|
||||
echo "Nexus setup complete."
|
||||
Reference in New Issue
Block a user