re:

There currently does not appear to be a way to specify the target repository when executing a staging move.

Per https://help.sonatype.com/repomanager3/staging#Staging-Promotion the URL needs to specify the target repo as the last element (before the query params to find matching components)

This library only returns sha-1 and md5 for SearchAssets request:

type repositoryItemAssetsChecksum struct {
	Sha1 string `json:"sha1"`
	Md5  string `json:"md5"`
}

Nexus API supports sha-256 and sha-512.

Getting a stack crash on a timeout in the gonexus api which is located here

	if _ , resp, err := rm.Do(req); err != nil /* && resp.StatusCode != http.StatusNoContent*/ {
		return doError(err)
	}

will sigsegv with this type of error

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x620f0f]

goroutine 1 [running]:
gonexus/rm.UploadComponent({0x70b868, 0xc000078230}, {0x7fff259a4f07, 0xd}, {0x702f20, 0xc00002a2c0})
        ~/nexus_api/gonexus/rm/components.go:394 +0x6cf
main.upload_components({0x70b868, 0xc000078230}, {0x7fff259a4f07, 0xd}, {0x7fff259a4f15, 0x4}, {0x7fff259a4f1a, 0x7}, {0xc000151e60, 0x1b})
        ~nexus_api/nexus_api.go:76 +0x2c6
main.main()
        ~/nexus_api/nexus_api.go:126 +0x5f8

The problem is the rm.Do(req) in ~ Components.go:394
if the Do function returns a timeout error then accessing resp again will cause a stack crash. My solution was to change the line to this

	if _ , _, err := rm.Do(req); err != nil {
		return doError(err)
	}

will correctly print the timeout error I am not sure what that code was there for but it may need to be fixed differently.

To reproduce do a nexusrm.UploadComponent with a file larger then can be uploaded then the timeout in nexus.go file and it will sigsegv. Since its returning

	if err != nil {
		return nil, nil, err
	}

If you need more details let me know.

Thanks for creating an issue! Please fill out this form so we can be
sure to have all the information we need, and to minimize back and forth.

• What are you trying to do?
  I am uploading a pip package (stored as a .whl/wheel locally) to an existing PyPi Nexus repository. The upload succeeds, but attempting to install pip packages from this repository fails because the uploaded wheel is zipped (into a .zip) somewhere in the upload process. I've been looking through this SDK's source and I don't see where it's zipping any component, so it must be the Nexus 3 backend zipping the file. Any advice on how to avoid this while uploading Python wheels?

• What feature or behavior is this required for?
  Component upload

• How could we solve this issue? (Not knowing is okay!)
  Help me figure out how to avoid the Nexus backend zipping the uploaded wheel file.

• Anything else?

Thanks for creating an issue! Please fill out this form so we can be
sure to have all the information we need, and to minimize back and forth.

• What are you trying to do?
  call nexusrm.CreateProxyRepository
• What feature or behavior is this required for?
  Creating a proxy repo automatically
• How could we solve this issue? (Not knowing is okay!)
  Make the parameter structure (currently private proxyRepository) public, by using a capital letter.
• Anything else?
  Make the CreateProxyRepository function private if it isn't meant to be exposed.

Thanks for creating an issue! Please fill out this form so we can be
sure to have all the information we need, and to minimize back and forth.

• What are you trying to do?
  Obtain the policyviolationid of a violation for a component

• What feature or behavior is this required for?
  using the id to post waivers

• How could we solve this issue? (Not knowing is okay!)
  #15

Hi!

• What are you trying to do?
  Is there any chance that I can send a PR to support the beta API for the endpoint security/users and repositories/maven? Since now the Groovy API must be enabled to work, most of the use cases that people used to use (like creating repositories), won't work unless this setting is enabled.

• What feature or behavior is this required for?
  To interact with the users and Maven repositories use cases.

• How could we solve this issue? (Not knowing is okay!)
  I'll send a PR

• Anything else?
  No :)

The following fields are missing, when quering v1/assets or v1/assets/ID for RepositoryItemAsset

ContentType    string                           `json:"contentType"`
LastModified   *time.Time                       `json:"lastModified"`
BlobCreated    *time.Time                       `json:"blobCreated"`
LastDownloaded *time.Time                       `json:"lastDownloaded"`

It seems like RepositoryItemAsset was mapped for v1/search or v1/search/assets where those fields are not returned, so it is a smaller projection then under v1/assets .

Still those 2 of that for are also returned in the search but not yet mapped

ContentType    string                           `json:"contentType"`
LastModified   *time.Time                       `json:"lastModified"`

Is there any interest for PR fixing this? We would need to split the structs though, thus

• RepositoryItemAsset for the full set of fields v1/assets
• SearchRepositoryItemAsset for the limitted set of fields for v1/search

This would be a breaking change for all users here.

Alternatively, we can fill up the fields in RepositoryItemAsset, neglecting the fact that those fields are always empty for v1/search - hackish way but without a breaking change for the lib

What do you guys suggest?

near the bottom of the README.md, the link below is broken, and I wasn't sure where it should actually point to:

See the documentation for a full example showing other event types.