Jenkins Pipeline Checklist for Docker Private Registry

Introduction

This guide uses test/dummy values to demonstrate a Jenkins pipeline for Docker deployments to a Sonatype Nexus registry. We’ll explain prerequisites, credential setup, and pipeline configuration for a secure CI/CD workflow.

---

Prerequisites

Before configuring the Jenkinsfile:

1. Nexus Repository Setup

   • A running Sonatype Nexus instance (e.g., https://your-nexus-registry.local).
   • Create a Docker-hosted repository in Nexus for storing images.

2. Jenkins Preparation

   • Install Jenkins plugins:
     • Docker Pipeline
     • Credentials Binding
   • Ensure Docker is installed on the Jenkins agent/worker node.

3. Credential Setup

   • Create a Jenkins credential of type Username with Password for Nexus registry access.
   • Name the credential ID nexus-docker-credentials (used later in the pipeline).

---

Step 1: Configure Nexus Credentials in Jenkins

What is nexus-credentials?

• A Jenkins-stored secret to authenticate with your Nexus Docker registry.
• Contains a username/password (e.g., a Nexus user with docker:push permissions).

How to Create It:

1. In Jenkins, go to Dashboard > Manage Jenkins > Credentials > System > Global Credentials.
2. Click Add Credentials:
   • Kind: Username and Password
   • Username: nexus-service-account (example)
   • Password: Your Nexus user’s password
   • ID: nexus-docker-credentials (reference this ID in the pipeline)

---

Step 2: Jenkinsfile Configuration (Test/Dummy Values)

Below is a pipeline with generic placeholders for testing:

pipeline {  
    agent any  
    environment {  
        // Example Nexus registry URL (replace with your test URL)  
        DOCKER_REGISTRY = 'https://your-nexus-registry.local'  
        // Example image name (use a test repository path)  
        DOCKER_IMAGE = 'your-nexus-registry.local/test-app:latest'  
        // Example container name  
        DOCKER_CONTAINER = 'test-container'  
        // Example port  
        PORT = 8080  
    }  
    stages {  
        stage('Clone Repo') {  
            steps { checkout scm }  
        }  
        stage('Build Image') {  
            steps { sh 'docker build -t $DOCKER_IMAGE .' }  
        }  
        stage('Push to Nexus') {  
            steps {  
                // Use the credential ID created earlier  
                withDockerRegistry([  
                    credentialsId: 'nexus-docker-credentials',  
                    url: DOCKER_REGISTRY  
                ]) {  
                    sh 'docker push $DOCKER_IMAGE'  
                }  
            }  
        }  
        stage('Deploy') {  
            steps {  
                sh '''  
                docker stop $DOCKER_CONTAINER || true  
                docker rm $DOCKER_CONTAINER || true  
                docker run -d --name $DOCKER_CONTAINER -p $PORT:$PORT $DOCKER_IMAGE  
                '''  
            }  
        }  
    }  
}  

---

Key Explanations

1. Environment Variables

• DOCKER_REGISTRY: Replace your-nexus-registry.local with your Nexus Docker registry URL.
• DOCKER_IMAGE: Follow the format: <nexus-registry>/<repository>/<image-name>:<tag>.

2. Credential Binding

• credentialsId: 'nexus-docker-credentials' references the credential you created in Jenkins.
• Jenkins injects the username/password during runtime to authenticate with Nexus.

3. Pipeline Stages

• Push Stage: The withDockerRegistry block handles login/logout to Nexus automatically.
• Deploy Stage: Uses || true to avoid pipeline failures if the container doesn’t exist.

---

Final Notes

1. Test Your Setup:

   • Run the pipeline and verify the image appears in your Nexus repository.
   • Check container logs with docker logs test-container.

2. Security Tips:

   • Restrict Nexus user permissions to docker:push only.
   • Use HTTPS for registry communication.

3. Troubleshooting:

   • Ensure Jenkins has Docker socket access (or Docker client installed).
   • Validate credentials with a manual docker login test.

This configuration ensures a secure, repeatable deployment process to Nexus. 🛠️