(#230) Adds ChocolateyCore Repository and Jenkins Job

- Adds ChocolateyCore repo as main repo for core packages
- Adds callout to new ChocolateyCore repository
- Remove See It In Action README section as video is outdated
- Fixup spelling/grammar in README
- Adds new Update ChocolateyCore Repository Jenkins Job
- Add test to check for new Jenkins job

README.md

@@ -2,7 +2,7 @@
 
 This repository contains a set of supporting scripts used for the Chocolatey for Business (C4B) Quick-Start Guide (QSG).
 
-These scripts can be used to assist in setup of a brand new Windows Server as a C4B Server.
+These scripts can be used to assist in the setup of a brand-new Windows Server as a C4B Server.
 
 Below is the Quick Start Guide as it exists currently on the [Chocolatey Docs](https://docs.chocolatey.org/en-us/guides/organizations/quick-start-guide/chocolatey-for-business-quick-start-guide).
 
@@ -34,14 +34,16 @@ As illustrated in the diagram above, there are four main components to a Chocola
 
 1. **C4B Licensed components**: A licensed version of Chocolatey includes:
     - Installation of the Chocolatey OSS client package itself (`chocolatey`)
-    - Chocolatey license file (`chocolatey.license.xml`) installed in the correct directory (`ProgramData\chocolatey\license`)
+    - The Chocolatey license file (`chocolatey.license.xml`) installed in the correct directory (`ProgramData\chocolatey\license`)
     - Installation of the Chocolatey Licensed extension (`chocolatey.extension`), giving you access to features like Package Builder, Package Internalizer, etc. (full list [here](https://docs.chocolatey.org/en-us/features/)).
 
-1. **NuGet V3 Repository Server App (Nexus)**: Chocolatey works best with a NuGet V3 repository. This application hosts and manages versioning of your Chocolatey package artifacts, in their enhanced NuGet package (.nupkg) file format. The quick start guide helps you setup [Sonatype Nexus Repository Manager (OSS)](https://www.sonatype.com/products/nexus-repository).
+1. **Repository Server (Sonatype Nexus)**: Chocolatey works best with a NuGet repository. This repository hosts and manages the versioning of your Chocolatey package artifacts, in their enhanced NuGet package (.nupkg) file format. The quick start guide helps you set up [Sonatype Nexus Repository Manager (OSS)](https://www.sonatype.com/products/nexus-repository).
 
-1. **Chocolatey Central Management (CCM)**: CCM is the Web UI portal for your entire Chocolatey environment. Your endpoints check-in to CCM to report their package status. This includes the Chocolatey packages they have installed, and whether any of these packages are outdated. And now, with CCM Deployments, you can also deploy packages or package updates to groups of endpoints, as well as ad-hoc PowerShell commands. CCM is backed by an MS SQL Database. This guide will set up MS SQL Express for you.
+1. **Chocolatey Central Management (CCM)**: CCM is a web-based application for managing the state of Chocolatey packages in your environment. Your endpoints check in via the Chocolatey agent and report basic computer information (host name, IP address), and what Chocolatey packages are installed, as well as if any of those packages are outdated. A deployment capability allows you to install, upgrade, or uninstall packages, and for more advanced scenarios run ad-hoc PowerShell code on your endpoints.
 
-1. **Automation Pipeline (Jenkins)**: A pipeline tool will help you automate repetitive tasks, such checking for updates to a set of Chocolatey Packages from the Chocolatey Community Repository (CCR). If updates exist, the pipeline task will auto-internalize your list of packages, and push them into your NuGet repository for you. This guide will help you set up Jenkins as your automation pipeline.
+CCM is backed by an MS SQL Database, which this guide will set up and configure for you based on Microsoft SQL Server Express.
+
+1. **Automation Pipeline (Jenkins)**: A pipeline tool will help you automate repetitive tasks, such as checking for updates to a set of Chocolatey Packages from the Chocolatey Community Repository (CCR). If updates exist, the pipeline task will auto-internalize your list of packages, and push them into your NuGet repository for you. This guide will help you set up Jenkins as your automation pipeline.
 
 ## Requirements
 
@@ -62,7 +64,7 @@ Below are the minimum requirements for setting up your C4B server via this guide
 
 1. Install all Windows Updates.
 
-1. If you plan on joining this server to your Active Directory domain, do so now before beginning setup below.
+1. If you plan on joining this server to your Active Directory domain, do so now before beginning the setup below.
 
 1. If you plan to use a Purchased/Acquired or Domain SSL certificate, please ensure the CN/Subject value matches the DNS-resolvable Fully Qualified Domain Name (FQDN) of your C4B Server. Place this certificate in the `Local Machine > Personal` certificate store, and ensure that the private key is exportable.
 
@@ -120,9 +122,11 @@ Below are the minimum requirements for setting up your C4B server via this guide
     > <ul class="list-style-type-disc">
     > <li>Installs Sonatype Nexus Repository Manager OSS instance</li>
     > <li>Cleans up all demo repositories on Nexus</li>
+    > <li>Creates a "ChocolateyCore" NuGet repository</li>
     > <li>Creates a "ChocolateyInternal" NuGet repository</li>
     > <li>Creates a "ChocolateyTest" NuGet repository</li>
     > <li>Creates a "choco-install" raw repository</li>
+    > <li>Sets up "ChocolateyCore" on C4B Server as source, with API key</li>
     > <li>Sets up "ChocolateyInternal" on C4B Server as source, with API key</li>
     > <li>Adds firewall rule for repository access</li>
     > <li>Installs MS Edge, and disables first-run experience</li>
@@ -177,7 +181,7 @@ Below are the minimum requirements for setting up your C4B server via this guide
     .\Set-SslSecurity.ps1
     ```
 
-    **ALTERNATIVE 1 : Custom SSL Certificate** - If you have your own custom SSL certificate (purchased/acquired, or from your Domain CA), you can paste and run the following script with the `Thumbprint` value of your SSL certificate specified:
+    **ALTERNATIVE 1: Custom SSL Certificate** - If you have your own custom SSL certificate (purchased/acquired, or from your Domain CA), you can paste and run the following script with the `Thumbprint` value of your SSL certificate specified:
 
     ```powershell
     Set-Location "$env:SystemDrive\choco-setup\files"
@@ -189,7 +193,7 @@ Below are the minimum requirements for setting up your C4B server via this guide
     > :memo: **NOTE**
     > You may have noticed the `-Hardened` parameter we've added above. When using a custom SSL certificate, this parameter will further secure access to your C4B Server. A Role and User credential will be configured to limit access to your Nexus repositories. As well, CCM Client and Service Salts are configured to further encrypt your connection between CCM and your endpoint clients. These additional settings are also incorporated into your `Register-C4bEndpoint.ps1` script for onboarding endpoints. We do require you to enable this option if your C4B Server will be Internet-facing, with a FQDN that resolves to a public IP.
 
-    **ALTERNATIVE 2 : Wildcard SSL Certificate** - If you have a wildcard certificate, you will also need to provide a DNS name you wish to use for that certificate:
+    **ALTERNATIVE 2: Wildcard SSL Certificate** - If you have a wildcard certificate, you will also need to provide a DNS name you wish to use for that certificate:
 
     ```powershell
     Set-Location "$env:SystemDrive\choco-setup\files"
@@ -272,9 +276,3 @@ Below are the minimum requirements for setting up your C4B server via this guide
 Congratulations! If you followed all the steps detailed above, you should now have a fully functioning Chocolatey for Business implementation deployed in your environment.
 
 It is worth mentioning that some customers may have a more bespoke environment, with the presence of proxies and additional configuration management applications. Chocolatey is engineered to be quite flexible, specifically to account for these scenarios. Please refer to the many options for installation referenced on the [Installation page](https://docs.chocolatey.org/en-us/licensed-extension/setup#more-install-options). Again, If you have any questions or would like to discuss more involved implementations, please feel free to reach out to your Chocolatey representative.
-
-### See it in Action
-
-If you'd prefer to watch and follow along, here is a recording of our Chocolatey Team going through this guide live on our Twitch stream:
-
-[YouTube Video](https://www.youtube.com/embed/qbIclPMEgig)

Set-SslSecurity.ps1

@@ -139,7 +139,10 @@ process {
     Write-Host "Nexus is ready!"
 
     choco source remove --name="'ChocolateyInternal'"
-    $RepositoryUrl = "https://${SubjectWithoutCn}:8443/repository/ChocolateyInternal/index.json"
+    $InternalRepositoryUrl = "https://${SubjectWithoutCn}:8443/repository/ChocolateyInternal/index.json"
+
+    choco source remove --name="'ChocolateyCore'"
+    $CoreRepositoryUrl = "https://${SubjectWithoutCn}:8443/repository/ChocolateyCore/index.json"
 
     # Build Credential Object, Connect to Nexus
     $securePw = (Get-Content 'C:\programdata\sonatype-work\nexus3\admin.password') | ConvertTo-SecureString -AsPlainText -Force
@@ -187,12 +190,23 @@ process {
             'source',
             'add',
             "--name='ChocolateyInternal'",
-            "--source='$RepositoryUrl'",
+            "--source='$InternalRepositoryUrl'",
             '--priority=1',
             "--user='chocouser'",
             "--password='$NexusPw'"
         )
         & choco @ChocoArgs
+
+        $ChocoArgs = @(
+            'source',
+            'add',
+            "--name='ChocolateyCore'",
+            "--source='$CoreRepositoryUrl'",
+            '--priority=0',
+            "--user='chocouser'",
+            "--password='$NexusPw'"
+        )
+        & choco @ChocoArgs
 
     }
 
@@ -201,22 +215,34 @@ process {
             'source',
             'add',
             "--name='ChocolateyInternal'",
-            "--source='$RepositoryUrl'",
+            "--source='$InternalRepositoryUrl'",
             '--priority=1'
         )
         & choco @ChocoArgs
+
+        $ChocoArgs = @(
+            'source',
+            'add',
+            "--name='ChocolateyCore'",
+            "--source='$CoreRepositoryUrl'",
+            '--priority=0'
+        )
+        & choco @ChocoArgs
     }
 
     # Update Repository API key
-    $chocoArgs = @('apikey', "--source='$RepositoryUrl'", "--api-key='$NuGetApiKey'")
+    $chocoArgs = @('apikey', "--source='$InternalRepositoryUrl'", "--api-key='$NuGetApiKey'")
+    & choco @chocoArgs
+
+    $chocoArgs = @('apikey', "--source='$CoreRepositoryUrl'", "--api-key='$NuGetApiKey'")
     & choco @chocoArgs
 
     # Reset the NuGet v3 cache, such that it doesn't capture localhost as the FQDN
     Remove-NexusRepositoryFolder -RepositoryName ChocolateyInternal -Name v3
 
     Update-JsonFile -Path "$env:SystemDrive\choco-setup\logs\nexus.json" -Properties @{
         NexusUri = "https://$($SubjectWithoutCn):8443"
-        NexusRepo = $RepositoryUrl
+        NexusRepo = $CoreRepositoryUrl
         ChocoUserPassword = $NexusPw
     }
 
@@ -271,7 +297,7 @@ process {
 # Touch NOTHING below this line
 `$User = 'chocouser'
 `$SecurePassword = `$NexusUserPW | ConvertTo-SecureString -AsPlainText -Force
-`$RepositoryUrl = "https://`$(`$fqdn):8443/repository/ChocolateyInternal/index.json"
+`$RepositoryUrl = "https://`$(`$fqdn):8443/repository/ChocolateyCore/index.json"
 
 `$credential = [pscredential]::new(`$user, `$securePassword)
 

Start-C4bNexusSetup.ps1

@@ -59,6 +59,7 @@ process {
     Enable-NexusRealm -Realm 'NuGet API-Key Realm'
 
     #Create Chocolatey repositories
+    New-NexusNugetHostedRepository -Name ChocolateyCore -DeploymentPolicy Allow
     New-NexusNugetHostedRepository -Name ChocolateyInternal -DeploymentPolicy Allow
     New-NexusNugetHostedRepository -Name ChocolateyTest -DeploymentPolicy Allow
     New-NexusRawHostedRepository -Name choco-install -DeploymentPolicy Allow -ContentDisposition Attachment
@@ -68,11 +69,11 @@ process {
 
     # Push all packages from previous steps to NuGet repo
     Get-ChildItem -Path "$env:SystemDrive\choco-setup\files\packages" -Filter *.nupkg | ForEach-Object {
-        choco push $_.FullName --source "$((Get-NexusRepository -Name 'ChocolateyInternal').url)/index.json" --apikey $NugetApiKey --force
+        choco push $_.FullName --source "$((Get-NexusRepository -Name 'ChocolateyCore').url)/index.json" --apikey $NugetApiKey --force
     }
 
     # Temporary workaround to reset the NuGet v3 cache, such that it doesn't capture localhost as the FQDN
-    Remove-NexusRepositoryFolder -RepositoryName ChocolateyInternal -Name v3
+    Remove-NexusRepositoryFolder -RepositoryName ChocolateyCore -Name v3
 
     # Push latest ChocolateyInstall.ps1 to raw repo
     $ScriptDir = "$env:SystemDrive\choco-setup\files\scripts"
@@ -93,6 +94,9 @@ process {
     # Add ChocolateyInternal as a source repository
     choco source add -n 'ChocolateyInternal' -s "$((Get-NexusRepository -Name 'ChocolateyInternal').url)/index.json" --priority 1
 
+    # Add ChocolateyCore as a source repository
+    choco source add -n 'ChocolateyCore' -s "$((Get-NexusRepository -Name 'ChocolateyCore').url)/index.json" --priority 0 --admin-only
+
     # Install a non-IE browser for browsing the Nexus web portal.
     if (-not (Test-Path 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe')) {
         Write-Host "Installing Microsoft Edge, to allow viewing the Nexus site"

jenkins/Update ChocolateyCore Repository/builds/permalinks

@@ -0,0 +1,2 @@
+lastFailedBuild -1
+lastSuccessfulBuild -1

jenkins/Update ChocolateyCore Repository/config.xml

@@ -0,0 +1,43 @@
+<?xml version="1.1" encoding="UTF-8"?><flow-definition plugin="[email protected]">
+  <actions/>
+  <description>Automatically update any out of date packages in the ChocolateyCore repository from the Licensed and Community Repositories</description>
+  <keepDependencies>false</keepDependencies>
+  <properties>
+    <org.jenkinsci.plugins.workflow.job.properties.DisableConcurrentBuildsJobProperty/>
+    <hudson.model.ParametersDefinitionProperty>
+      <parameterDefinitions>
+        <hudson.model.StringParameterDefinition>
+          <name>P_LOCAL_REPO_URL</name>
+          <description>Internal core repository.</description>
+          <defaultValue>https://{{hostname}}:8443/repository/ChocolateyCore/index.json</defaultValue>
+          <trim>true</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>P_REMOTE_REPO_URL</name>
+          <description>Remote repositories containing updated package versions.</description>
+          <defaultValue>https://licensedpackages.chocolatey.org/api/v2/;https://community.chocolatey.org/api/v2/</defaultValue>
+          <trim>true</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.PasswordParameterDefinition>
+          <name>P_LOCAL_REPO_API_KEY</name>
+          <description>API key for the internal core repository where updated packages will be pushed.</description>
+          <defaultValue>{{NugetApiKey}}</defaultValue>
+        </hudson.model.PasswordParameterDefinition>
+      </parameterDefinitions>
+    </hudson.model.ParametersDefinitionProperty>
+  </properties>
+  <definition class="org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition" plugin="[email protected]">
+    <script>node {
+    powershell '''
+        Set-Location (Join-Path "$env:SystemDrive" -ChildPath 'scripts')
+        .\\Get-UpdatedPackage.ps1  -LocalRepo $env:P_LOCAL_REPO_URL `
+        -LocalRepoApiKey $env:P_LOCAL_REPO_API_KEY `
+        -RemoteRepo $env:P_REMOTE_REPO_URL `
+        -Verbose
+    '''
+}</script>
+    <sandbox>true</sandbox>
+  </definition>
+  <triggers/>
+  <disabled>false</disabled>
+</flow-definition>

jenkins/Update ChocolateyCore Repository/nextBuildNumber

@@ -0,0 +1 @@
+1

scripts/ClientSetup.ps1

@@ -9,7 +9,7 @@ param(
     [Parameter()]
     [Alias('Url')]
     [string]
-    $RepositoryUrl = 'https://{{hostname}}:8443/repository/ChocolateyInternal/index.json',
+    $RepositoryUrl = 'https://{{hostname}}:8443/repository/ChocolateyCore/index.json',
 
     # The credential necessary to access the internal Nexus repository. This can
     # be ignored if Anonymous authentication is enabled.
@@ -86,13 +86,13 @@ if ($Credential) {
 $NupkgUrl = if (-not $ChocolateyVersion) {
     $QueryString = "((Id eq 'chocolatey') and (not IsPrerelease)) and IsLatestVersion"
     $Query = 'Packages()?$filter={0}' -f [uri]::EscapeUriString($queryString)
-    $QueryUrl = ($RepositoryUrl.TrimEnd('/index.json'), $Query) -join '/'
+    $QueryUrl = ($RepositoryUrl.Replace('/index.json',''), $Query) -join '/'
 
     [xml]$result = $webClient.DownloadString($QueryUrl)
     $result.feed.entry.content.src
 } else {
     # Otherwise, assume the URL
-    "$($RepositoryUrl.TrimEnd('/index.json'))/chocolatey/$($ChocolateyVersion)"
+    "$($RepositoryUrl.Replace('/index.json',''))/chocolatey/$($ChocolateyVersion)"
 }
 
 # Download the NUPKG
@@ -112,21 +112,28 @@ choco config set cacheLocation $env:ChocolateyInstall\choco-cache
 choco config set commandExecutionTimeoutSeconds 14400
 
 if ($InternetEnabled) {
-    choco source add --name="'ChocolateyInternal'" --source="'$RepositoryUrl'" --allow-self-service --user="'$($Credential.UserName)'" --password="'$($Credential.GetNetworkCredential().Password)'" --priority=1
+    choco source add --name="'ChocolateyCore'" --source="'$RepositoryUrl'" --allow-self-service --admin-only --user="'$($Credential.UserName)'" --password="'$($Credential.GetNetworkCredential().Password)'" --priority=0
 }
 else {
-    choco source add --name="'ChocolateyInternal'" --source="'$RepositoryUrl'" --allow-self-service --priority=1
+    choco source add --name="'ChocolateyCore'" --source="'$RepositoryUrl'" --allow-self-service --admin-only --priority=0
+}
+
+if ($InternetEnabled) {
+    choco source add --name="'ChocolateyInternal'" --source="'$($RepositoryUrl -replace '(?<=/)ChocolateyCore(/index.json)?', 'ChocolateyInternal$1')'" --allow-self-service --user="'$($Credential.UserName)'" --password="'$($Credential.GetNetworkCredential().Password)'" --priority=1
+}
+else {
+    choco source add --name="'ChocolateyInternal'" --source="'$($RepositoryUrl -replace '(?<=/)ChocolateyCore(/index.json)?', 'ChocolateyInternal$1')'" --allow-self-service --priority=1
 }
 
 choco source disable --name="'Chocolatey'"
 choco source disable --name="'chocolatey.licensed'"
 
-choco upgrade chocolatey-license -y --source="'ChocolateyInternal'"
-choco upgrade chocolatey.extension -y --params="'/NoContextMenu'" --source="'ChocolateyInternal'" --no-progress
-choco upgrade chocolateygui -y --source="'ChocolateyInternal'" --no-progress
-choco upgrade chocolateygui.extension -y --source="'ChocolateyInternal'" --no-progress
+choco upgrade chocolatey-license -y --source="'ChocolateyCore'"
+choco upgrade chocolatey.extension -y --params="'/NoContextMenu'" --source="'ChocolateyCore'" --no-progress
+choco upgrade chocolateygui -y --source="'ChocolateyCore'" --no-progress
+choco upgrade chocolateygui.extension -y --source="'ChocolateyCore'" --no-progress
 
-choco upgrade chocolatey-agent -y --source="'ChocolateyInternal'"
+choco upgrade chocolatey-agent -y --source="'ChocolateyCore'"
 
 # Chocolatey Package Upgrade Resilience
 choco feature enable --name="'excludeChocolateyPackagesDuringUpgradeAll'"

tests/jenkins.test.ps1

@@ -64,6 +64,10 @@ Describe "Jenkins Configuration" {
         It "'Update test repository from Chocolatey Community Repository' is present" {
             'Update test repository from Chocolatey Community Repository' -in $jobs | Should -Be $true
         }
+
+        It "'Update ChocolateyCore Repository' is present" {
+            'Update ChocolateyCore Repository' -in $jobs | Should -Be $true
+        }
     }
 
     Context "Web Interface" {