bump nexus version

Package Merge Request

Package Changes

Updates Nexus to 3.38.0

Package MR

https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus/-/merge_requests/47

For Issue

Closes https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus/-/issues/31

Closes https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus/-/issues/33

changed milestone to %1.31.0

added nexus statusdoing labels

assigned to @michaelmartin

added 27 commits

• 553f9df3...bd7b1a4f - 26 commits from branch master
• d8c66e54 - Merge remote-tracking branch 'origin/master' into Update_Nexus_to_3.38.0

Compare with previous version

added 9 commits

• d8c66e54...30974b99 - 8 commits from branch master
• 09eb7bdb - Merge remote-tracking branch 'origin/master' into Update_Nexus_to_3.38.0

Compare with previous version

added 11 commits

• 09eb7bdb...34fa81b1 - 10 commits from branch master
• c63e8148 - Merge remote-tracking branch 'origin/master' into Update_Nexus_to_3.38.0

Compare with previous version

added statusreview label and removed statusdoing label

requested review from @ryan.j.garcia

changed milestone to %1.32.0

requested review from @micah.nagel

Not a big deal, but maybe something to keep an eye on in the future...looks like some of the changes to upstream did not get pulled in?

• https://github.com/sonatype/helm3-charts/commit/4bfa0ead245ef967959e32d2a483822d875207a2
• This commit changed a number of indentations on some of the things in the deployment
• https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus/-/merge_requests/47/diffs#819de3cd39f30df05741e9fef190d103a009b7eb_67_67
• For the Nexus MR on our end only the security context change came in

I dug into this because I was trying to understand the removal of the securityContext on the container. Again not a big deal since in this case looks like just indentation changes missing - but I'd keep an eye on future changes and make sure we don't miss anything important.

Just noticed the values changes were missing too:

  securityContext:
    runAsUser: 200
    runAsGroup: 200
    fsGroup: 200

Our nexus values default to just having the fsGroup set...and set to 2000.

Since it deployed fine the values here are probably not a big deal, they would need to change as part of https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus/-/issues/30 anyways.

I think most of those indentation changes came in from BB changes back in 04-2021 . These changes in this MR for nexus were brought in as the upstream diff since the last version, to avoid stomping BB-specific changes, and these BB-changes were left in.

I think an issue should be created to re-sync the indentation changes with upstream.

I create an issue for the indentation diffs. https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus/-/issues/34

My guess is this happened because at one point we switched upstream sources for the chart. Indentation isn't a big deal but kpt with the merge/git patch strategy will miss stuff like this because it is trying to preserve "our changes" like you mentioned.

Easiest way is probably to do a fresh kpt update with force delete and then overlay the BB changes that we actually want on top to make sure we're not missing anything else.

yeah, not sure of the history there--upstream switch/personal preference?

I generally do git diffs/patches instead of using kpt (using a temp. git repo to create a clean, upstream-only patch), since kpt likes to stomp changes. Then a manual meld to verify the applied changed. I haven't played with the different kpt strategies, but I think a force-delete-replace would be good for the cleanup. Luckily, I think the BB changes for nexus are pretty minimal.

at some point it would be cool if we could always keep a clean upstream code on packages, then just apply patches--abstract out the BB changes entirely. maybe more trouble than it's worth or maybe there's already a tool that does that?

With that new issue, it can get cleaned up and tested well.

I think one of the upstream charts we used stopped being maintained and/or we decided to switch because Sonatype/Nexus started releasing their own.

Yeah this topic came up recently in some meeting I was in...using a kpt force delete + yaml patches and potentially having Renovate do it all. I think it's easy for some charts but harder for things like Gitlab where we have a lot of changes and a lot that could go wrong. The biggest concern I think was upstream refactors - they happen more often than we'd like with certain packages and it would introduce more complexity as we then have to maintain the patching to target the correct files, etc. I'm not sure where those discussions went, but might be good to bring it up again soon...

approved this merge request

merged

mentioned in commit 8df14f87

resolved all threads