Hierdie artikel is bedoel vir Java-ontwikkelaars wat hul produkte vinnig moet publiseer na sonatype en/of sentrale bewaarplekke met GitLab. In hierdie artikel sal ek praat oor die opstel van gitlab-runner, gitlab-ci en maven-plugin om hierdie probleem op te los.
Voorvereistes:
- Veilige berging van mvn- en GPG-sleutels.
- Veilige uitvoering van openbare GI-take.
- Laai artefakte (vrystelling/snapshot) op na publieke bewaarplekke.
- Outomatiese kontrolering van vrystelling weergawes vir publikasie in Maven Central.
- 'n Algemene oplossing vir die oplaai van artefakte na 'n bewaarplek vir veelvuldige projekte.
- Eenvoud en gemak van gebruik.
inhoud
Algemene inligting
- 'n Gedetailleerde beskrywing van die meganisme vir die publisering van artefakte na Maven Central via die Sonatype OSS Repository Hosting Service word reeds beskryf in gebruiker , so ek sal op die regte plekke na hierdie artikel verwys.
- Registreer vooraf by en begin 'n kaartjie om die bewaarplek oop te maak (vir meer besonderhede, lees die afdeling ). Nadat die bewaarplek oopgemaak is, sal die JIRA-aanmelding/wagwoordpaar (hierna verwys as die Sonatype-rekening) gebruik word om artefakte na die Sonatype-nexus op te laai.
- Verder word die proses om 'n GPG-sleutel te genereer baie droog beskryf. Sien die afdeling vir meer besonderhede.
- As jy die Linux-konsole gebruik om 'n GPG-sleutel (gnupg/gnupg2) te genereer, dan moet jy installeer om entropie te genereer. Andersins kan sleutelgenerering baie lank neem.
- Bergingsdienste publiek GPG sleutels
Stel 'n ontplooiingsprojek in GitLab op
- Eerstens moet u 'n projek skep en opstel waarin die pyplyn gestoor sal word vir die ontplooiing van artefakte. Ek het my projek eenvoudig en ongekompliseerd genoem -
- Nadat u die bewaarplek geskep het, moet u toegang beperk om die bewaarplek te verander.
Gaan na die projek -> Instellings -> Bewaarplek -> Beskermde takke. Ons vee alle reëls uit en voeg 'n enkele reël by met Wildcard * met die reg om slegs te druk en saam te voeg vir gebruikers met die Onderhouer-rol. Hierdie reël sal werk vir alle gebruikers van beide hierdie projek en die groep waaraan hierdie projek behoort.
- As daar verskeie instandhouers is, sal die beste oplossing wees om toegang tot die projek in beginsel te beperk.
Gaan na die projek -> Instellings -> Algemeen -> Sigbaarheid, projekkenmerke, toestemmings en stel Projeksigbaarheid na Privaat.
Ek het 'n projek in publieke toegang, aangesien ek my eie GitLab Runner gebruik en net ek toegang het om die bewaarplek te wysig. Wel, eintlik is dit nie in my belang om private inligting in openbare pyplynlogboeke te wys nie. - Verskerping van die reëls vir die verandering van die bewaarplek
Gaan na die projek -> Instellings -> Bewaarplek -> Druk reëls en stel die vlae Committer beperking, Kontroleer of outeur 'n GitLab gebruiker is. Ek beveel ook instelling aan , en stel die Reject unsigned commits-vlag. - Vervolgens moet u 'n sneller instel om take uit te voer
Gaan na projek -> Instellings -> CI / CD -> Pyplyn snellers en skep 'n nuwe sneller-token
Hierdie teken kan onmiddellik by die algemene konfigurasie van veranderlikes vir 'n groep projekte gevoeg word.
Gaan na die groep -> Instellings -> CI / CD -> Veranderlikes en voeg 'n veranderlike byDEPLOY_TOKENmet sneller-token in die waarde.
GitLab Runner
Hierdie afdeling beskryf die opstelling vir die uitvoer van take tydens ontplooiing deur die oorspronklike (Spesifieke) en publieke (Gedeelde) hardloper te gebruik.
Spesifieke hardloper
Ek gebruik my eie hardlopers, want eerstens is dit gerieflik, vinnig, goedkoop.
Vir hardlopers beveel ek Linux VDS aan met 1 SVE, 2 GB RAM, 20 GB HDD. Uitreikingsprys ~ 3000₽ per jaar.
My hardloper
Vir die hardloper het ek VDS 4 CPU, 4 GB RAM, 50 GB SSD geneem. Dit het ~11000₽ gekos en was nooit spyt daaroor nie.
Ek het altesaam 7 masjiene. 5 op aruba en 2 op ihor.
So, ons het 'n hardloper. Nou sal ons dit opstel.
Ons gaan na die masjien via SSH en installeer java, git, maven, gnupg2.
Installeer gitlab runner
- Skep 'n nuwe groep
runnersudo groupadd runner - Skep 'n gids vir die maven-kas en ken groepregte toe
runner
Jy kan hierdie stap oorslaan as jy nie van plan is om verskeie hardlopers op dieselfde masjien te hardloop nie.mkdir -p /usr/cache/.m2/repository chown -R :runner /usr/cache chmod -R 770 /usr/cache - Skep 'n gebruiker
gitlab-deployeren voeg by die groeprunneruseradd -m -d /home/gitlab-deployer gitlab-deployer usermod -a -G runner gitlab-deployer - Voeg by lêer
/etc/ssh/sshd_configvolgende reëlAllowUsers root@* [email protected] - Herlaai
sshdsystemctl restart sshd - Stel 'n wagwoord vir die gebruiker
gitlab-deployer(dit kan eenvoudig wees, aangesien daar 'n beperking vir localhost is)passwd gitlab-deployer - Installeer GitLab Runner (Linux x86-64)
sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner - Gaan na gitlab.com -> ontplooi-projek -> Instellings -> CI/CD -> Hardlopers -> Spesifieke hardlopers en kopieer die registrasietoken
Skerm
- Registreer die hardloper
gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml
proses
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!- Maak seker dat die hardloper geregistreer is. Gaan na gitlab.com -> ontplooi-projek -> Instellings -> CI/CD -> Hardlopers -> Spesifieke hardlopers -> Hardlopers geaktiveer vir hierdie projek
Skerm
- en bygevoeg afsonderlike diens
/etc/systemd/system/gitlab-deployer.service[Unit] Description=GitLab Deploy Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/local/bin/gitlab-runner [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target - Ons begin die diens.
systemctl enable gitlab-deployer.service systemctl start gitlab-deployer.service systemctl status gitlab-deployer.service - Kontroleer dat die hardloper hardloop.
Voorbeeld
GPG-sleutelgenerering
-
Vanaf dieselfde masjien gaan ons via ssh onder die gebruiker
gitlab-deployer(dit is belangrik vir GPG-sleutelgenerering)ssh [email protected] -
Ons genereer 'n sleutel deur vrae te beantwoord. Ek het my eie naam en e-posadres gebruik.
Maak seker dat jy die wagwoord vir die sleutel spesifiseer. Artefakte sal met hierdie sleutel onderteken word.gpg --gen-key -
Nagaan
gpg --list-keys -a /home/gitlab-deployer/.gnupg/pubring.gpg ---------------------------------------- pub 4096R/00000000 2019-04-19 uid Petruha Petrov <[email protected]> sub 4096R/11111111 2019-04-19 -
Laai tans ons publieke sleutel op na die sleutelbediener
gpg --keyserver keys.gnupg.net --send-key 00000000 gpg: sending key 00000000 to hkp server keys.gnupg.net
Maven-opstelling
- Ons gaan onder die gebruiker
gitlab-deployersu gitlab-deployer - Skep 'n maven-gids repository en skakel met die kas (maak geen fout nie)
Hierdie stap kan oorgeslaan word as jy nie van plan is om verskeie hardlopers op dieselfde masjien te hardloop nie.mkdir -p ~/.m2/repository ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository - Skep 'n hoofsleutel
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Skep lêer ~/.m2/settings-security.xml
<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Enkripteer die wagwoord vanaf die Sonatype-rekening
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Skep lêer ~/.m2/settings.xml
<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>SONATYPE_USERNAME</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
waar,
GPG_SECRET_KEY_PASSPHRASE - GPG-sleutelwagwoord
SONATYPE_USERNAME - sonatype-rekeningaanmelding
Dit voltooi die hardloper-opstelling, jy kan voortgaan na die afdeling
Gedeelde hardloper
GPG-sleutelgenerering
-
Eerstens moet u 'n GPG-sleutel skep. Om dit te doen, installeer gnupg.
yum install -y gnupg -
Ons genereer 'n sleutel deur vrae te beantwoord. Ek het my eie naam en e-posadres gebruik. Maak seker dat jy die wagwoord vir die sleutel spesifiseer.
gpg --gen-key -
Kry sleutelinligting
gpg --list-keys -a pub rsa3072 2019-04-24 [SC] [expires: 2021-04-23] 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 uid [ultimate] tttemp <[email protected]> sub rsa3072 2019-04-24 [E] [expires: none] -
Laai tans ons publieke sleutel op na die sleutelbediener
gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net -
Kry 'n private sleutel
gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 -----BEGIN PGP PRIVATE KEY BLOCK----- lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5 ... =2Wd2 -----END PGP PRIVATE KEY BLOCK----- -
Gaan na projekinstellings -> Instellings -> CI / CD -> Veranderlikes en stoor die private sleutel in 'n veranderlike
GPG_SECRET_KEY
Maven-opstelling
- Skep 'n hoofsleutel
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Gaan na projekinstellings -> Instellings -> CI / CD -> Veranderlikes en stoor in 'n veranderlike
SETTINGS_SECURITY_XMLdie volgende reëls:<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Enkripteer die wagwoord vanaf die Sonatype-rekening
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Gaan na projekinstellings -> Instellings -> CI / CD -> Veranderlikes en stoor in 'n veranderlike
SETTINGS_XMLdie volgende reëls:<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>sonatype_username</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
waar,
GPG_SECRET_KEY_PASSPHRASE - GPG-sleutelwagwoord
SONATYPE_USERNAME - sonatype-rekeningaanmelding
Ontplooi docker-beeld
-
Ons skep 'n redelik eenvoudige Dockerfile om take uit te voer tydens implementering met die verlangde weergawe van Java. Hieronder is 'n voorbeeld vir alpiene.
FROM java:8u111-jdk-alpine RUN apk add gnupg maven git --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && mkdir ~/.m2/ -
Bou 'n houer vir jou projek
docker build -t registry.gitlab.com/group/deploy . -
Ons verifieer en laai die houer in die register.
docker login -u USER -p PASSWORD registry.gitlab.com docker push registry.gitlab.com/group/deploy
GitLab CI
Ontplooi projek
Voeg die lêer .gitlab-ci.yml by die wortel van die ontplooiingsprojek
Die draaiboek bied twee onderling uitsluitende ontplooiingstake aan. Spesifieke hardloper of gedeelde hardloper onderskeidelik.
.gitlab-ci.yml
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# Задача будет выполняться на вашем shell-раннере
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# Задача будет выполняться на публичном docker-раннере
tags:
- docker
# Образ из раздела GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# Импортируем GPG ключ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# Сохраняем maven конфигурацию
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# Задача сработает по триггеру, если передана переменная DEPLOY со значением java
only:
variables:
- $DEPLOY == "java"
variables:
# отключаем клонирование текущего проекта
GIT_STRATEGY: none
script:
# Предоставляем возможность хранения пароля в незашифрованном виде
- git config --global credential.helper store
# Сохраняем временные креды пользователя gitlab-ci-token
# Токен работает для всех публичных проектов gitlab.com и для проектов группы
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# Полностью чистим текущую директорию
- rm -rf .* *
# Клонируем проект который, будем деплоить в Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# Переключаемся на нужный коммит
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
# В противном случае есть риск залить сырые артефакты в maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# Запускаем задачу на сборку и деплой артефактов
- mvn clean deploy -DskipTests=true
Java projek
In java-projekte wat veronderstel is om na publieke bewaarplekke opgelaai te word, moet jy 2 stappe byvoeg om die Vrystelling- en Snapshot-weergawes af te laai.
.gitlab-ci.yml
stages:
- build
- test
- verify
- deploy
<...>
Release:
extends: .trigger_deploy
# Запускать задачу только пo тегу.
only:
- tags
Snapshot:
extends: .trigger_deploy
# Запускаем задачу на публикацию SNAPSHOT версии вручную
when: manual
# Не запускать задачу, если проставлен тег.
except:
- tags
.trigger_deploy:
stage: deploy
variables:
# Отключаем клонирование текущего проекта
GIT_STRATEGY: none
# Ссылка на триггер deploy-задачи
URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
# Переменные deploy-задачи
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
# Не использую cURL, так как с флагами --fail --show-error
# он не выводит тело ответа, если HTTP код 400 и более
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}In hierdie oplossing het ek 'n bietjie verder gegaan en besluit om een CI-sjabloon vir java-projekte te gebruik.
Meer besonderhede
Ek het 'n aparte projek geskep waarin hy die CI-sjabloon vir java-projekte geplaas het .
algemeen.yml
stages:
- build
- test
- verify
- deploy
variables:
SONAR_ARGS: "
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
"
.build_java_project:
stage: build
tags:
- touchbit-shell
variables:
SKIP_TEST: "false"
script:
- mvn clean
- mvn package -DskipTests=${SKIP_TEST}
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.build_sphinx_doc:
stage: build
tags:
- touchbit-shell
variables:
DOCKERFILE: .indirect/docs/Dockerfile
script:
- docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .
.junit_module_test_run:
stage: test
tags:
- touchbit-shell
variables:
MODULE: ""
script:
- cd ${MODULE}
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.junit_test_run:
stage: test
tags:
- touchbit-shell
script:
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.sonar_review:
stage: verify
tags:
- touchbit-shell
dependencies: []
script:
- >
if [ "$CI_BUILD_REF_NAME" == "master" ]; then
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
else
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
fi
.trigger_deploy:
stage: deploy
tags:
- touchbit-shell
variables:
URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
.trigger_release_deploy:
extends: .trigger_deploy
only:
- tags
.trigger_snapshot_deploy:
extends: .trigger_deploy
when: manual
except:
- tags
As gevolg hiervan, in die java-projekte self, lyk .gitlab-ci.yml baie kompak en nie verbose nie
.gitlab-ci.yml
include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml
Shields4J:
extends: .build_java_project
Sphinx doc:
extends: .build_sphinx_doc
variables:
DOCKERFILE: .docs/Dockerfile
Sonar review:
extends: .sonar_review
dependencies:
- Shields4J
Release:
extends: .trigger_release_deploy
Snapshot:
extends: .trigger_snapshot_deploy
pom.xml konfigurasie
Hierdie onderwerp word in groot detail beskryf. в , so ek sal sommige van die nuanses van die gebruik van plugins beskryf. Ek sal ook beskryf hoe maklik en natuurlik jy kan gebruik nexus-staging-maven-pluginas jy nie org.sonatype.oss:oss-parent wil of kan gebruik as die ouer vir jou projek nie.
maven-install-plugin
Installeer modules in die plaaslike bewaarplek.
Baie nuttig vir plaaslike verifikasie van oplossings in ander projekte, sowel as 'n kontrolesom.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- Если у вас многомодульный проект с деплоем родительского помика -->
<phase>install</phase>
<!-- Явно указываем файлы для локальной установки -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- Принудительное обновление метаданных проекта -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- Контрольные суммы для проверки целостности -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
maven-javadoc-inprop
Genereer javadoc vir die projek.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
<phase>prepare-package</phase>
<configuration>
<!-- Очень помогает в публичных проектах -->
<failOnError>true</failOnError>
<failOnWarnings>true</failOnWarnings>
<!-- Убирает ошибку поиска документации в target директории -->
<detectOfflineLinks>false</detectOfflineLinks>
</configuration>
</execution>
</executions>
</plugin>As jy 'n module het wat nie Java bevat nie (byvoorbeeld net hulpbronne)
Of jy wil nie in beginsel javadoc genereer nie, dan om te help maven-jar-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>empty-javadoc-jar</id>
<phase>generate-resources</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>javadoc</classifier>
<classesDirectory>${basedir}/javadoc</classesDirectory>
</configuration>
</execution>
</executions>
</plugin>
maven-gpg-inprop
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<!-- Сборка будет падать, если отсутствует GPG ключ -->
<!-- Подписываем артефакты только на фазе deploy -->
<phase>deploy</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
nexus-staging-maven-plugin
Opstelling:
<project>
<!-- ... -->
<build>
<plugins>
<!-- ... -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- Обновляем метаданные, чтобы пометить артефакт как release -->
<!-- Не влияет на snapshot версии -->
<updateReleaseInfo>true</updateReleaseInfo>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<!-- Отключаем плагин -->
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype</id>
<name>Nexus Snapshot Repository</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>As jy 'n multi-module projek het, en jy hoef nie 'n spesifieke module na die bewaarplek op te laai nie, dan moet jy by die pom.xml van hierdie module voeg nexus-staging-maven-plugin met vlag skipNexusStagingDeployMojo
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
</plugin>
</plugins>
</build>Na die oplaai van momentopname/vrystelling is weergawes beskikbaar in
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- Не надо указывать флаги snapshot/release для репозитория -->
</repository>
</repositories>Meer pluspunte
- 'n Baie ryk lys teikens om met die nexus-bewaarplek te werk (
mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin). - Outomatiese vrystellingkontrole vir aflaaibaarheid in Maven Central
Gevolg
Publiseer 'n SNAPSHOT-weergawe
Wanneer 'n projek gebou word, is dit moontlik om 'n taak met die hand te begin om die SNAPSHOT-weergawe na nexus af te laai
Wanneer hierdie taak van stapel gestuur word, word die ooreenstemmende taak in die ontplooiingsprojek geaktiveer ().
geknipte log
Running with gitlab-runner 11.10.0 (3001a600)
on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0 [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO] Updating project org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:client
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:test-core
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:testng
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:client
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO] * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [ 2.375 s]
[INFO] test-core .......................................... SUCCESS [ 3.929 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------As gevolg hiervan word die Nexus-weergawe gelaai .
Alle kiekieweergawes kan uit die bewaarplek op die webwerf verwyder word onder jou rekening.
Publikasie van die vrystelling weergawe
Wanneer die merker gestel is, word die ooreenstemmende taak in die ontplooiingsprojek outomaties geaktiveer om die vrystellingweergawe na nexus op te laai ().
Die beste deel is dat nouvrystelling outomaties in nexus aktiveer.
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------En as iets verkeerd geloop het, sal die taak misluk
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------Gevolglik het ons net een keuse oor. Of vee hierdie weergawe uit of publiseer.
Na die vrystelling, na 'n geruime tyd, sal die artefakte in wees
offtopic
Dit was vir my 'n openbaring dat Maven ander openbare bewaarplekke indekseer.
Ek moes robots.txt oplaai omdat dit my ou bewaarplek geïndekseer het.
Gevolgtrekking
Wat ons het
- 'n Afsonderlike ontplooiingsprojek waarin jy verskeie CI-take kan implementeer vir die oplaai van artefakte na openbare bewaarplekke vir verskeie ontwikkelingstale.
- Die ontplooiingsprojek is geïsoleer van inmenging van buite en kan slegs deur gebruikers met die Eienaar- en Onderhouer-rolle gewysig word.
- Отдельный Specific Runner с "горячим" кэшем для запуска только deploy задач.
- Publikasie van momentopname/vrystelling weergawes in 'n publieke bewaarplek.
- Outomatiese kontrolering van die vrystelling weergawe vir gereedheid vir publikasie in Maven Central.
- Защита от автоматической публикации "сырых" версий в maven central.
- Сборка и публикация snapshot версий "по клику".
- Enkele bewaarplek vir die kry van momentopname/vrystelling weergawes.
- Algemene pyplyn vir die bou / toets / publisering van 'n java-projek.
Настройка GitLab CI не такая сложная тема как кажется на первый взгляд. Достаточно пару раз настроить CI "под ключ" и вот, ты уже далеко не дилетант в этом деле. Тем более GitLab документация весьма избыточна. Не бойтесь делать первый шаг. Дорога возникает под шагами идущего (не помню кто сказал 🙂 ).
Ek sal met graagte terugvoer gee.
In die volgende artikel sal ek jou wys hoe om GitLab CI op te stel om integrasietoetstake mededingend uit te voer (die uitvoering van toetsdienste met docker-compose) as jy net een doploper het.
Bron: will.com