#!/bin/sh # Setup script for test Nexus instance. # Creates a PyPI proxy repo and a webhook pointing to guarddog-nexus. NEXUS_URL="${NEXUS_URL:-http://nexus:8081}" ADMIN_PASSWORD="${ADMIN_PASSWORD:-admin123}" WEBHOOK_URL="${WEBHOOK_URL:-http://guarddog-nexus:8080/webhooks/nexus}" echo "Waiting for Nexus to start..." # Wait until Nexus REST API is available (up to 5 minutes) MAX_WAIT=300 ELAPSED=0 while [ $ELAPSED -lt $MAX_WAIT ]; do if curl -sf -o /dev/null "${NEXUS_URL}/service/rest/v1/status" 2>/dev/null; then echo "Nexus is up!" break fi sleep 5 ELAPSED=$((ELAPSED + 5)) done if [ $ELAPSED -ge $MAX_WAIT ]; then echo "Timed out waiting for Nexus" exit 1 fi # Check if password needs changing (first run) ADMIN_PASSWORD_FILE="/nexus-data/admin.password" if [ -f "$ADMIN_PASSWORD_FILE" ]; then RANDOM_PASS=$(cat "$ADMIN_PASSWORD_FILE") echo "Using random admin password: $RANDOM_PASS" AUTH_PASS="$RANDOM_PASS" else AUTH_PASS="$ADMIN_PASSWORD" fi echo "Creating PyPI proxy repository..." curl -sf -u "admin:${AUTH_PASS}" \ -H "Content-Type: application/json" \ -d '{ "name": "pypi-proxy", "online": true, "storage": {"blobStoreName": "default", "strictContentTypeValidation": true}, "proxy": {"remoteUrl": "https://pypi.org", "contentMaxAge": 1440}, "format": "pypi" }' \ "${NEXUS_URL}/service/rest/v1/repositories/pypi/proxy" || echo "Repo may already exist" echo "Creating webhook..." curl -sf -u "admin:${AUTH_PASS}" \ -H "Content-Type: application/json" \ -d "{ \"name\": \"guarddog-scan\", \"eventTypes\": [\"repository.component\", \"repository.asset\"], \"format\": \"pypi\", \"url\": \"${WEBHOOK_URL}\", \"secret\": \"\", \"enabled\": true }" \ "${NEXUS_URL}/service/rest/v1/webhooks" || echo "Webhook may already exist" # Change admin password if this was first run if [ -f "$ADMIN_PASSWORD_FILE" ]; then echo "Changing admin password..." curl -sf -u "admin:${RANDOM_PASS}" \ -H "Content-Type: text/plain" \ -X PUT \ -d "${ADMIN_PASSWORD}" \ "${NEXUS_URL}/service/rest/v1/security/users/admin/change-password" fi echo "Nexus setup complete."