Jenkins Pipeline Checklist for Docker Private Registry

Introduction

This guide uses test/dummy values to demonstrate a Jenkins pipeline for Docker deployments to a Sonatype Nexus registry. We’ll explain prerequisites, credential setup, and pipeline configuration for a secure CI/CD workflow.

Prerequisites

Before configuring the Jenkinsfile:

Nexus Repository Setup
- A running Sonatype Nexus instance (e.g., https://your-nexus-registry.local).
- Create a Docker-hosted repository in Nexus for storing images.
Jenkins Preparation
- Install Jenkins plugins:
  - Docker Pipeline
  - Credentials Binding
- Ensure Docker is installed on the Jenkins agent/worker node.
Credential Setup
- Create a Jenkins credential of type Username with Password for Nexus registry access.
- Name the credential ID nexus-docker-credentials (used later in the pipeline).

Step 1: Configure Nexus Credentials in Jenkins

What is nexus-credentials?

A Jenkins-stored secret to authenticate with your Nexus Docker registry.
Contains a username/password (e.g., a Nexus user with docker:push permissions).

How to Create It:

In Jenkins, go to Dashboard > Manage Jenkins > Credentials > System > Global Credentials.
Click Add Credentials:
- Kind: Username and Password
- Username: nexus-service-account (example)
- Password: Your Nexus user’s password
- ID: nexus-docker-credentials (reference this ID in the pipeline)

Step 2: Jenkinsfile Configuration (Test/Dummy Values)

Below is a pipeline with generic placeholders for testing:

pipeline {  
    agent any  
    environment {  
        // Example Nexus registry URL (replace with your test URL)  
        DOCKER_REGISTRY = 'https://your-nexus-registry.local'  
        // Example image name (use a test repository path)  
        DOCKER_IMAGE = 'your-nexus-registry.local/test-app:latest'  
        // Example container name  
        DOCKER_CONTAINER = 'test-container'  
        // Example port  
        PORT = 8080  
    }  
    stages {  
        stage('Clone Repo') {  
            steps { checkout scm }  
        }  
        stage('Build Image') {  
            steps { sh 'docker build -t $DOCKER_IMAGE .' }  
        }  
        stage('Push to Nexus') {  
            steps {  
                // Use the credential ID created earlier  
                withDockerRegistry([  
                    credentialsId: 'nexus-docker-credentials',  
                    url: DOCKER_REGISTRY  
                ]) {  
                    sh 'docker push $DOCKER_IMAGE'  
                }  
            }  
        }  
        stage('Deploy') {  
            steps {  
                sh '''  
                docker stop $DOCKER_CONTAINER || true  
                docker rm $DOCKER_CONTAINER || true  
                docker run -d --name $DOCKER_CONTAINER -p $PORT:$PORT $DOCKER_IMAGE  
                '''  
            }  
        }  
    }  
}

Key Explanations

1. Environment Variables

DOCKER_REGISTRY: Replace your-nexus-registry.local with your Nexus Docker registry URL.
DOCKER_IMAGE: Follow the format: <nexus-registry>/<repository>/<image-name>:<tag>.

2. Credential Binding

credentialsId: 'nexus-docker-credentials' references the credential you created in Jenkins.
Jenkins injects the username/password during runtime to authenticate with Nexus.

3. Pipeline Stages

Push Stage: The withDockerRegistry block handles login/logout to Nexus automatically.
Deploy Stage: Uses || true to avoid pipeline failures if the container doesn’t exist.

Final Notes

Test Your Setup:
- Run the pipeline and verify the image appears in your Nexus repository.
- Check container logs with docker logs test-container.
Security Tips:
- Restrict Nexus user permissions to docker:push only.
- Use HTTPS for registry communication.
Troubleshooting:
- Ensure Jenkins has Docker socket access (or Docker client installed).
- Validate credentials with a manual docker login test.

This configuration ensures a secure, repeatable deployment process to Nexus. 🛠️