18.6.4 制品与依赖管理插件
制品与依赖管理插件用于统一构建产物的存储、版本、追溯与分发,并与依赖下载仓库协同,确保流水线可重复、可回滚、可审计。核心目标是打通“构建—制品库—部署”链路,建立可控的制品生命周期。
原理草图(构建—制品库—部署链路)
核心插件与适用场景
- Nexus Artifact Uploader / Nexus Platform:对接 Nexus Repository 上传 jar/war/zip 等制品。
- JFrog Artifactory:回传 Build Info,支持 Promote、依赖追踪与清理策略。
- Maven Integration / Gradle:增强依赖解析与构建元数据上报。
- Docker / Docker Pipeline:构建镜像并推送 Harbor/Artifactory/Nexus。
- Generic Webhook Trigger + HTTP Request:自定义制品库 API 调用与回调触发。
安装与基础配置示例#
1)安装插件(Jenkins CLI 示例)
# Jenkins CLI 下载
curl -O http://jenkins.example.com/jnlpJars/jenkins-cli.jar
# 安装插件(示例:Nexus Artifact Uploader、Artifactory)
java -jar jenkins-cli.jar -s http://jenkins.example.com/ -auth admin:AdminPass \
install-plugin nexus-artifact-uploader artifactory
# 安装后重启 Jenkins
java -jar jenkins-cli.jar -s http://jenkins.example.com/ -auth admin:AdminPass safe-restart
2)配置凭据(示例:Nexus/Artifactory Token)
- Jenkins → Manage Jenkins → Credentials → (global) → Add Credentials
- Kind: Username with password 或 Secret text
- ID: nexus-token / artifactory-token
Pipeline 示例:Maven 构建并上传 Nexus#
目录结构
/opt/jenkins/workspace/demo-app
├── Jenkinsfile
├── pom.xml
└── target/demo-app-1.0.0.jar
Jenkinsfile(完整可执行示例)
pipeline {
agent any
environment {
NEXUS_URL = 'http://nexus.example.com:8081'
NEXUS_REPO = 'maven-releases'
GROUP_ID = 'com.example'
ARTIFACT_ID = 'demo-app'
VERSION = "1.0.${env.BUILD_NUMBER}"
}
stages {
stage('Build') {
steps {
sh 'mvn -B clean package -DskipTests'
}
}
stage('Upload to Nexus') {
steps {
nexusArtifactUploader(
nexusVersion: 'nexus3',
protocol: 'http',
nexusUrl: 'nexus.example.com:8081',
groupId: "${env.GROUP_ID}",
version: "${env.VERSION}",
repository: "${env.NEXUS_REPO}",
credentialsId: 'nexus-token',
artifacts: [[
artifactId: "${env.ARTIFACT_ID}",
classifier: '',
file: "target/${env.ARTIFACT_ID}-1.0.0.jar",
type: 'jar'
]]
)
}
}
}
post {
success {
echo "制品已上传: ${env.ARTIFACT_ID}-${env.VERSION}.jar"
}
}
}
命令解释
- mvn -B clean package:批处理构建,生成 target/*.jar
- nexusArtifactUploader:上传制品,credentialsId 绑定凭据,repository 选择仓库
Pipeline 示例:Docker 镜像推送 Harbor#
Jenkinsfile
pipeline {
agent any
environment {
REGISTRY = 'harbor.example.com'
IMAGE = 'devops/demo-app'
TAG = "1.0.${env.BUILD_NUMBER}"
}
stages {
stage('Build Image') {
steps {
sh "docker build -t ${env.REGISTRY}/${env.IMAGE}:${env.TAG} ."
}
}
stage('Push Image') {
steps {
withCredentials([usernamePassword(credentialsId: 'harbor-cred', usernameVariable: 'USER', passwordVariable: 'PASS')]) {
sh """
echo $PASS | docker login ${env.REGISTRY} -u $USER --password-stdin
docker push ${env.REGISTRY}/${env.IMAGE}:${env.TAG}
"""
}
}
}
}
}
关键配置要点(含命令落地)#
- 凭据管理:禁止明文,将 Token 放入 Jenkins Credentials
- Release/Snapshot 仓库分离:
bash # 示例:上传快照版本到 snapshot 仓库 mvn deploy -DaltDeploymentRepository=snapshot::default::http://nexus.example.com/repository/maven-snapshots/ - 构建信息回传(Artifactory 示例)
groovy rtServer = Artifactory.server('artifactory-token') rtMaven = Artifactory.newMavenBuild() rtMaven.tool = 'M3' rtMaven.resolver releaseRepo:'libs-release', snapshotRepo:'libs-snapshot', server:rtServer rtMaven.deployer releaseRepo:'libs-release-local', snapshotRepo:'libs-snapshot-local', server:rtServer rtMaven.run pom: 'pom.xml', goals: 'clean package' rtServer.publishBuildInfo rtMaven.buildInfo
常见问题与排错#
1)上传失败(401/403)
# 检查凭据是否可用
curl -u user:pass http://nexus.example.com/service/rest/v1/status
# 预期:返回 Nexus 运行状态
排查点:凭据错误、仓库权限不足、Token 过期。
2)证书问题(x509)
# 临时跳过证书校验(测试环境)
export MAVEN_OPTS="-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true"
排查点:仓库 HTTPS 证书链不完整或客户端未导入证书。
3)依赖拉取慢
- 启用代理仓库缓存
- Maven 配置镜像:
<!-- ~/.m2/settings.xml -->
<mirrors>
<mirror>
<id>nexus</id>
<mirrorOf>*</mirrorOf>
<url>http://nexus.example.com/repository/maven-public/</url>
</mirror>
</mirrors>
练习#
- 使用 Nexus Artifact Uploader 将
demo-app-1.0.0.jar上传到maven-releases,并在 Nexus UI 中验证版本号与元数据。 - 修改 Jenkinsfile,加入
BUILD_NUMBER版本并验证可回滚部署。 - 使用 Docker Pipeline 推送镜像至 Harbor,拉取指定版本进行部署。
- 通过 Artifactory 插件回传 Build Info,并在 Artifactory 中查看依赖树。