Problem Statement
Explain artifact repository management using Nexus or Artifactory. Include repository types, proxy caching, artifact publishing, promotion workflows, and CI/CD integration.
Explanation
Artifact repositories manage binary artifacts (JARs, npm packages, Docker images, etc.) providing centralized storage, versioning, and distribution. Major solutions: JFrog Artifactory, Sonatype Nexus, AWS CodeArtifact, Azure Artifacts.
Repository types:
1. Hosted repositories store artifacts built internally:
- maven-releases (release versions)
- maven-snapshots (development snapshots)
- npm-private (private npm packages)
- docker-private (private Docker images)
2. Proxy repositories cache artifacts from remote sources:
- maven-central (proxies Maven Central)
- npm-registry (proxies npmjs.com)
- docker-hub (proxies Docker Hub)
Provides faster downloads, reliability when external sources unavailable, control over external dependencies.
3. Group repositories combine multiple repositories:
- maven-public (groups maven-releases, maven-snapshots, maven-central)
- npm-group (groups npm-private, npm-registry)
Simplifies client configuration (one URL for all sources).
Nexus configuration example:
Maven client configuration (pom.xml):
```xml
<repositories>
<repository>
<id>nexus</id>
<url>https://nexus.company.com/repository/maven-public/</url>
</repository>
</repositories>
<distributionManagement>
<repository>
<id>nexus-releases</id>
<url>https://nexus.company.com/repository/maven-releases/</url>
</repository>
<snapshotRepository>
<id>nexus-snapshots</id>
<url>https://nexus.company.com/repository/maven-snapshots/</url>
</snapshotRepository>
</distributionManagement>
```
Credentials in settings.xml (~/.m2/settings.xml):
```xml
<settings>
<servers>
<server>
<id>nexus-releases</id>
<username>${env.NEXUS_USER}</username>
<password>${env.NEXUS_PASSWORD}</password>
</server>
<server>
<id>nexus-snapshots</id>
<username>${env.NEXUS_USER}</username>
<password>${env.NEXUS_PASSWORD}</password>
</server>
</servers>
</settings>
```
npm configuration (.npmrc):
```
registry=https://nexus.company.com/repository/npm-group/
//nexus.company.com/repository/npm-group/:_authToken=${NPM_TOKEN}
```
Docker registry configuration:
```bash
docker login nexus.company.com:5000
docker tag myapp:latest nexus.company.com:5000/myapp:1.0.0
docker push nexus.company.com:5000/myapp:1.0.0
```
Artifact publishing in CI/CD:
Maven:
```yaml
deploy:
stage: deploy
script:
- mvn deploy -DskipTests
only:
- main
```
npm:
```yaml
publish:
stage: publish
script:
- echo "//nexus.company.com/repository/npm-private/:_authToken=${NPM_TOKEN}" > .npmrc
- npm publish
```
Docker:
```yaml
push_image:
stage: publish
script:
- docker build -t nexus.company.com:5000/myapp:${CI_COMMIT_SHA} .
- docker push nexus.company.com:5000/myapp:${CI_COMMIT_SHA}
```
Promotion workflows move artifacts between repositories (e.g., staging to production):
1. Build pushes to staging repository
2. Run tests against staging artifacts
3. Manual approval
4. Promote to production repository
Nexus promotion (using REST API):
```bash
curl -u admin:password -X POST \
"https://nexus.company.com/service/rest/v1/staging/promote" \
-H "Content-Type: application/json" \
-d '{
"data": {
"stagedRepositoryId": "staging-repo",
"targetRepositoryId": "releases"
}
}'
```
Artifactory promotion:
```bash
jfrog rt build-promote myapp 1.0.0 production-repo --status="Released"
```
Cleanup policies prevent disk space exhaustion:
- Remove snapshots older than 30 days
- Keep only last 10 versions of each artifact
- Delete unused artifacts after 90 days
Access control:
- Role-based permissions (developer, QA, ops)
- Repository-level permissions
- Read/write/deploy permissions
- Anonymous access for public artifacts
Best practices: use group repositories for clients, separate hosted repositories by maturity (snapshot/release), implement cleanup policies, use promotion workflows for production, enable security scanning, monitor storage usage, backup regularly, use HTTPS, implement access control, integrate with SSO. Understanding artifact repository management enables efficient, secure artifact lifecycle management in enterprise CI/CD.