[ríomhphost faoi chosaint] Lógáil Isteach

ProHoster > Blag > Riarachán > GitLab CI a bhunú chun tionscadal java a uaslódáil chuig maven lárnach

GitLab CI a bhunú chun tionscadal java a uaslódáil chuig maven lárnach

Tá an t-alt seo dírithe ar fhorbróirí java a bhfuil gá acu a gcuid táirgí a fhoilsiú go tapa i stórtha lárnacha sonatype agus/nó maven ag baint úsáide as GitLab. San Airteagal seo labhróidh mé faoi gitlab-runner, gitlab-ci agus maven-plugin a bhunú chun an fhadhb seo a réiteach.

Réamhriachtanais:

Stóráil slán eochracha mvn agus GPG.
Feidhmiú slán cúraimí CI poiblí.
Déantáin a uaslódáil (scaoileadh / pictiúr) chuig stórtha poiblí.
Seiceáil uathoibríoch ar leaganacha eisithe le foilsiú i maven central.
Réiteach ginearálta le haghaidh déantáin a uaslódáil chuig stór le haghaidh tionscadail iolracha.
Simplíocht agus éascaíocht úsáide.

Ábhar

Eolas ginearálta
Imscaradh tionscadail a chur ar bun i GitLab
Rith GitLab
- Runaire Sonrach
- Runaire Roinnte
GitLab CI
- Tionscadal a imscaradh
- Tionscadal java
Cumraíocht Pom.xml
Toradh
- Foilsiú leagan seat
- Leagan scaoilte a fhoilsiú
Conclúid

Eolas ginearálta

Tá cur síos mionsonraithe ar an meicníocht chun déantúsáin a fhoilsiú i Maven Central trí Sheirbhís Óstála Stór Sonatype OSS cheana féin curtha síos i An t-alt seo úsáideoir Googolplex, mar sin déanfaidh mé tagairt don alt seo sna háiteanna cearta.
Réamhchlárú le haghaidh Sonatype JIRA agus ticéad a oscailt chun an stór a oscailt (léigh an chuid le haghaidh tuilleadh sonraí Cruthaigh ticéad ar Sonatype JIRA). Tar éis an stór a oscailt, úsáidfear an logáil isteach/péire pasfhocal ó JIRA (dá ngairtear an cuntas Sonatype anseo feasta) chun déantáin a uaslódáil chuig Sonatype nexus.
Ansin, déantar cur síos an-tirim ar an bpróiseas chun eochair GPG a ghiniúint. Féach an rannán le haghaidh tuilleadh sonraí GnuPG á chumrú chun déantáin a shíniú
Má úsáideann tú an consól Linux chun eochair GPG a ghiniúint (gnupg/gnupg2), ní mór duit a shuiteáil rng-uirlisí eantrópachta a ghiniúint. Seachas sin, d'fhéadfadh go dtógfaidh sé tréimhse an-fhada chun eochair-ghiniúint.
Seirbhísí stórála poiblí Eochracha GPG
- http://keys.gnupg.net
- http://pool.sks-keyservers.net
- http://keyserver.ubuntu.com

Chun an t-ábhar

Tionscadal imlonnaithe a bhunú i GitLab

Ar an gcéad dul síos, ní mór duit tionscadal a chruthú agus a chumrú ina stórálfar an phíblíne chun artifacts a imscaradh. D'ainmnigh mé mo thionscadal go simplí agus go neamhchasta - imscaradh
Tar éis duit an stór a chruthú, ní mór duit rochtain a shrianadh chun an stór a athrú.
Téigh go dtí an tionscadal -> Socruithe -> Stór -> Brainsí Cosanta. Scriosaimid na rialacha go léir agus cuirimid riail amháin le Wildcard * leis an gceart chun brú agus cumasc a dhéanamh ach amháin d’úsáideoirí a bhfuil ról an Chothabhálaigh acu. Oibreoidh an riail seo d’úsáideoirí uile an tionscadail seo agus don ghrúpa lena mbaineann an tionscadal seo.
Má tá roinnt cothaitheoirí ann, is é an réiteach is fearr a bheadh ann ná rochtain ar an tionscadal a theorannú i bprionsabal.
Téigh go dtí an tionscadal -> Socruithe -> Ginearálta -> Infheictheacht, gnéithe tionscadail, ceadanna agus socraigh infheictheacht an tionscadail go dtí Príobháideacha.
Tá tionscadal atá inrochtana go poiblí agam, toisc go n-úsáideann mé mo GitLab Runner féin agus níl rochtain agam ach chun an stór a athrú. Bhuel, i ndáiríre, níl sé chun mo leasa faisnéis phríobháideach a thaispeáint i logaí píblíne poiblí.
Géarú ar na rialacha chun an stór a athrú
Téigh go dtí an tionscadal -> Socruithe -> Stór -> Brúigh Rialacha agus socraigh an srian Committer, Seiceáil an bhfuil údar bratach úsáideora GitLab. Molaim freisin bunú síniú gealltanas, agus socraigh an bhratach Diúltaigh gealltanais gan síniú.
Ansin ní mór duit truicear a chumrú chun tascanna a sheoladh
Téigh go dtí an tionscadal -> Socruithe -> CI / CD -> Spreagann an phíblíne agus cruthaigh truicearchomhartha nua
Is féidir an comhartha seo a chur láithreach le cumraíocht ghinearálta na n-athróg do ghrúpa tionscadal.
Téigh go dtí an grúpa -> Socruithe -> CI / CD -> Athróga agus cuir athróg leis DEPLOY_TOKEN le truicearchomhartha i luach.

Chun an t-ábhar

Rith GitLab

Déanann an chuid seo cur síos ar an chumraíocht do thascanna reatha ar imscaradh ag baint úsáide as do reathaí (Sainiúil) agus poiblí (Comhroinnte).

Runaire Sonrach

Úsáidim mo reathaithe féin mar, ar an gcéad dul síos, tá sé áisiúil, tapa agus saor.
Le haghaidh rádala, molaim Linux VDS le 1 CPU, 2 GB RAM, 20 GB HDD. Is é an praghas eisiúna ná ~3000₽ in aghaidh na bliana.

Mo rádala

Maidir leis an rádala ghlac mé VDS 4 CPU, 4 GB RAM, 50 GB SSD. Costas ~11000₽ agus níor aiféala riamh é.
Tá 7 meaisín san iomlán agam. 5 ar aruba agus 2 ar ihor.

Mar sin tá rádala againn. Anois déanfaimid é a chumrú.
Téann muid chuig an meaisín trí SSH agus suiteáil java, git, maven, gnupg2.

Chun an t-ábhar

Suiteáil gitlab runner

Cruthaigh grúpa nua runner
```
sudo groupadd runner
```
Cruthaigh eolaire don taisce maven agus sann ceadanna grúpa runner
Is féidir leat an pointe seo a scipeáil mura bhfuil sé ar intinn agat roinnt reathaithe a rith ar mheaisín amháin.
```
mkdir -p /usr/cache/.m2/repository
chown -R :runner /usr/cache
chmod -R 770 /usr/cache
```

Cruthaigh úsáideoir gitlab-deployer agus cuir leis an ngrúpa runner

useradd -m -d /home/gitlab-deployer gitlab-deployer
usermod -a -G runner gitlab-deployer

Cuir leis an gcomhad /etc/ssh/sshd_config chéad líne eile
```
AllowUsers root@* [email protected]
```
Atosaigh sshd
```
systemctl restart sshd
```
Socrú pasfhocal don úsáideoir gitlab-deployer (is féidir a bheith simplí, ós rud é go bhfuil srian le localhost)
```
passwd gitlab-deployer
```

Suiteáil GitLab Runner (Linux x86-64)

sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64
sudo chmod +x /usr/local/bin/gitlab-runner
ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner
ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner

Téigh go dtí an suíomh Gréasáin gitlab.com -> deploy-project -> Socruithe -> CI/CD -> Runners -> Runners Sonracha agus cóipeáil an comhartha clárúcháin

Scáileán

Tiománaí a chlárú

gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml

Процесс

Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded                     runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

Déanaimid seiceáil go bhfuil an rádala cláraithe. Téigh go dtí an suíomh Gréasáin gitlab.com -> deploy-project -> Socruithe -> CI/CD -> Runners -> Runners Sonracha -> Ritheoirí gníomhachtaithe don tionscadal seo

Scáileán

Cuir leis ar leithligh seirbhís /etc/systemd/system/gitlab-deployer.service

[Unit]
Description=GitLab Deploy Runner
After=syslog.target network.target
ConditionFileIsExecutable=/usr/local/bin/gitlab-runner
[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer"
Restart=always
RestartSec=120
[Install]
WantedBy=multi-user.target

Cuirimis tús leis an tseirbhís.

systemctl enable gitlab-deployer.service
systemctl start gitlab-deployer.service
systemctl status gitlab-deployer.service

Déanaimid seiceáil go bhfuil an rádala ag rith.

Sampla

Chun an t-ábhar

Eochracha GPG a ghiniúint

Ón meaisín céanna logáilimid isteach trí ssh faoin úsáideoir gitlab-deployer (tá sé seo tábhachtach chun an eochair GPG a ghiniúint)
```
ssh [email protected]
```
Gineann muid eochair trí cheisteanna a fhreagairt. D'úsáid mé m'ainm féin agus mo ríomhphost.
Bí cinnte an focal faire don eochair a shonrú. Déanfar déantáin a shíniú leis an eochair seo.
```
gpg --gen-key 
```

Seiceáil

gpg --list-keys -a
/home/gitlab-deployer/.gnupg/pubring.gpg
----------------------------------------
pub   4096R/00000000 2019-04-19
uid                  Petruha Petrov <[email protected]>
sub   4096R/11111111 2019-04-19

Ár n-eochair phoiblí a uaslódáil chuig an bhfreastalaí eochair

gpg --keyserver keys.gnupg.net --send-key 00000000
gpg: sending key 00000000 to hkp server keys.gnupg.net

Chun an t-ábhar

Maven a bhunú

Logáil isteach mar úsáideoir gitlab-deployer
```
su gitlab-deployer 
```
Cruthaigh eolaire maven stór agus nasc leis an taisce (ná déan dearmad)
Is féidir leat an pointe seo a scipeáil mura bhfuil sé ar intinn agat roinnt reathaithe a rith ar mheaisín amháin.
```
mkdir -p ~/.m2/repository
ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository
```

Cruthaigh máistir eochair

mvn --encrypt-master-password password
{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}

Cruthaigh comhad ~/.m2/settings-security.xml

<settingsSecurity>
<master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master>
</settingsSecurity>

An focal faire don chuntas Sonatype a chriptiú

mvn --encrypt-password SONATYPE_PASSWORD
{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}

Cruthaigh comhad ~/.m2/settings.xml

<settings>  
<profiles>
    <profile>
        <id>env</id>
        <activation>
            <activeByDefault>true</activeByDefault>
        </activation>
        <properties>
            <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase>
        </properties>
    </profile>
</profiles>
<servers>
    <server>
        <id>sonatype</id>
        <username>SONATYPE_USERNAME</username>
        <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password>
    </server>
</servers>
</settings>

áit,
GPG_SECRET_KEY_PASSPHRASE - pasfhocal don eochair GPG
SONATYPE_USERNAME — logáil isteach chuntais sontype

Críochnaíonn sé seo socrú an rádala, is féidir leat dul ar aghaidh chuig an rannóg GitLab CI

Chun an t-ábhar

Runaire Roinnte

Eochracha GPG a ghiniúint

Ar an gcéad dul síos, ní mór duit eochair GPG a chruthú. Chun seo a dhéanamh, suiteáil gnupg.
```
yum install -y gnupg
```
Gineann muid eochair trí cheisteanna a fhreagairt. D'úsáid mé m'ainm féin agus mo ríomhphost. Bí cinnte an focal faire don eochair a shonrú.
```
gpg --gen-key 
```

Eolas a thaispeáint ar an eochair

gpg --list-keys -a
pub   rsa3072 2019-04-24 [SC] [expires: 2021-04-23]
  2D0D1706366FC4AEF79669E24D09C55BBA3FD728
uid           [ultimate] tttemp <[email protected]>
sub   rsa3072 2019-04-24 [E] [expires: none]

Ár n-eochair phoiblí a uaslódáil chuig an bhfreastalaí eochair

gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728
gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net

Faighimid an eochair phríobháideach

gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728
-----BEGIN PGP PRIVATE KEY BLOCK-----
lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5
...
=2Wd2
-----END PGP PRIVATE KEY BLOCK-----

Téigh go socruithe tionscadail -> Socruithe -> CI / CD -> Athróga agus sábháil an eochair phríobháideach in athróg GPG_SECRET_KEY

Chun an t-ábhar

Maven a bhunú

Cruthaigh máistir eochair

mvn --encrypt-master-password password
{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}

Téigh go dtí socruithe tionscadail -> Socruithe -> CI / CD -> Athróga agus sábháil in athróg SETTINGS_SECURITY_XML na línte seo a leanas:
```
<settingsSecurity>
<master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master>
</settingsSecurity>
```

An focal faire don chuntas Sonatype a chriptiú

mvn --encrypt-password SONATYPE_PASSWORD
{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}

Téigh go dtí socruithe tionscadail -> Socruithe -> CI / CD -> Athróga agus sábháil in athróg SETTINGS_XML na línte seo a leanas:

<settings>  
<profiles>
    <profile>
        <id>env</id>
        <activation>
            <activeByDefault>true</activeByDefault>
        </activation>
        <properties>
            <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase>
        </properties>
    </profile>
</profiles>
<servers>
    <server>
        <id>sonatype</id>
        <username>sonatype_username</username>
        <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password>
    </server>
</servers>
</settings>

áit,
GPG_SECRET_KEY_PASSPHRASE - pasfhocal don eochair GPG
SONATYPE_USERNAME — logáil isteach chuntais sontype

Chun an t-ábhar

Imscaradh íomhá docker

Cruthaímid Dockerfile measartha simplí chun tascanna imscaradh a rith leis an leagan riachtanach de Java. Anseo thíos tá sampla le haghaidh alpach.

FROM java:8u111-jdk-alpine
RUN apk add gnupg maven git --update-cache 
--repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && 
mkdir ~/.m2/

Coimeádán a chur le chéile le haghaidh do thionscadal
```
docker build -t registry.gitlab.com/group/deploy .
```

Déanaimid an coimeádán a fhíordheimhniú agus a luchtú isteach sa chlár.

docker login -u USER -p PASSWORD registry.gitlab.com
docker push registry.gitlab.com/group/deploy

Chun an t-ábhar

GitLab CI

Tionscadal a imscaradh

Cuir an comhad .gitlab-ci.yml le fréamh an tionscadail imlonnaithe
Cuireann an script dhá thasc imscartha chomheisiatach i láthair. Runaire Sonrach nó Rith Comhroinnte faoi seach.

.gitlab-ci.yml

stages:
  - deploy

Specific Runner:
  extends: .java_deploy_template
  # Задача будет выполняться на вашем shell-раннере
  tags:
    - deploy

Shared Runner:
  extends: .java_deploy_template
  # Задача будет выполняться на публичном docker-раннере
  tags:
    - docker
  # Образ из раздела GitLab Runner -> Shared Runner -> Docker
  image: registry.gitlab.com/group/deploy-project:latest
  before_script:
    # Импортируем GPG ключ
    - printf "${GPG_SECRET_KEY}" | gpg --batch --import
    # Сохраняем maven конфигурацию
    - printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
    - printf "${SETTINGS_XML}" > ~/.m2/settings.xml

.java_deploy_template:
  stage: deploy
  # Задача сработает по триггеру, если передана переменная DEPLOY со значением java
  only:
    variables:
    - $DEPLOY == "java"
  variables:
    # отключаем клонирование текущего проекта
    GIT_STRATEGY: none
  script:
    # Предоставляем возможность хранения пароля в незашифрованном виде
    - git config --global credential.helper store
    # Сохраняем временные креды пользователя gitlab-ci-token
    # Токен работает для всех публичных проектов gitlab.com и для проектов группы
    - echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
    # Полностью чистим текущую директорию
    - rm -rf .* *
    # Клонируем проект который, будем деплоить в Sonatype Nexus
    - git clone ${DEPLOY_CI_REPOSITORY_URL} .
    # Переключаемся на нужный коммит
    - git checkout ${DEPLOY_CI_COMMIT_SHA} -f
    # Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
    # В противном случае есть риск залить сырые артефакты в maven central
    - >
      for pom in $(find . -name pom.xml); do
        if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
          echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
          exit 1;
        fi;
      done
    # Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
    - >
      if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
        mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
      else
        VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
        if [[ "${VERSION}" == *-SNAPSHOT ]]; then
          mvn versions:set -DnewVersion=${VERSION}
        else
          mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
        fi
      fi
    # Запускаем задачу на сборку и деплой артефактов
    - mvn clean deploy -DskipTests=true

Chun an t-ábhar

Tionscadal java

I dtionscadail java atá ceaptha a uaslódáil chuig stórtha poiblí, ní mór duit 2 chéim a chur leis chun na leaganacha Eisiúint agus Snapshot a íoslódáil.

.gitlab-ci.yml

stages:
  - build
  - test
  - verify
  - deploy

<...>

Release:
  extends: .trigger_deploy
  # Запускать задачу только пo тегу.
  only:
    - tags

Snapshot:
  extends: .trigger_deploy
  # Запускаем задачу на публикацию SNAPSHOT версии вручную
  when: manual
  # Не запускать задачу, если проставлен тег.
  except:
    - tags

.trigger_deploy:
  stage: deploy
  variables:
    # Отключаем клонирование текущего проекта
    GIT_STRATEGY: none
    # Ссылка на триггер deploy-задачи
    URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
    # Переменные deploy-задачи
    POST_DATA: "
      token=${DEPLOY_TOKEN}&
      ref=master&
      variables[DEPLOY]=${DEPLOY}&
      variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
      variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
      variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
      variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
      "
  script:
    # Не использую cURL, так как с флагами --fail --show-error
    # он не выводит тело ответа, если HTTP код 400 и более 
    - wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}

Sa réiteach seo, chuaigh mé beagán eile agus chinn mé teimpléad CI amháin a úsáid le haghaidh tionscadail java.

Tuilleadh sonraí

Chruthaigh mé tionscadal ar leith gitlab-ci inar chuir mé teimpléad CI do thionscadail java coitianta.yml.

coitianta.yml

stages:
  - build
  - test
  - verify
  - deploy

variables:
  SONAR_ARGS: "
  -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} 
  -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME} 
  "

.build_java_project:
  stage: build
  tags:
    - touchbit-shell
  variables:
    SKIP_TEST: "false"
  script:
    - mvn clean
    - mvn package -DskipTests=${SKIP_TEST}
  artifacts:
    when: always
    expire_in: 30 day
    paths:
      - "*/target/reports"

.build_sphinx_doc:
  stage: build
  tags:
    - touchbit-shell
  variables:
    DOCKERFILE: .indirect/docs/Dockerfile
  script:
    - docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .

.junit_module_test_run:
  stage: test
  tags:
    - touchbit-shell
  variables:
    MODULE: ""
  script:
    - cd ${MODULE}
    - mvn test
  artifacts:
    when: always
    expire_in: 30 day
    paths:
      - "*/target/reports"

.junit_test_run:
  stage: test
  tags:
    - touchbit-shell
  script:
    - mvn test
  artifacts:
    when: always
    expire_in: 30 day
    paths:
    - "*/target/reports"

.sonar_review:
  stage: verify
  tags:
    - touchbit-shell
  dependencies: []
  script:
    - >
      if [ "$CI_BUILD_REF_NAME" == "master" ]; then
        mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
      else
        mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
      fi

.trigger_deploy:
  stage: deploy
  tags:
    - touchbit-shell
  variables:
    URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
    POST_DATA: "
      token=${DEPLOY_TOKEN}&
      ref=master&
      variables[DEPLOY]=${DEPLOY}&
      variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
      variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
      variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
      variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
      "
  script:
  - wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}

.trigger_release_deploy:
  extends: .trigger_deploy
  only:
    - tags

.trigger_snapshot_deploy:
  extends: .trigger_deploy
  when: manual
  except:
    - tags

Mar thoradh air sin, sna tionscadail java féin, tá cuma an-dhlúth ar .gitlab-ci.yml agus ní briathra

.gitlab-ci.yml

include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml

Shields4J:
  extends: .build_java_project

Sphinx doc:
  extends: .build_sphinx_doc
  variables:
    DOCKERFILE: .docs/Dockerfile

Sonar review:
  extends: .sonar_review
  dependencies:
    - Shields4J

Release:
  extends: .trigger_release_deploy

Snapshot:
  extends: .trigger_snapshot_deploy

Chun an t-ábhar

Cumraíocht Pom.xml

Déantar cur síos go mion ar an ábhar seo. Googolplex в Maven a chur ar bun chun déantáin a shíniú agus a uaslódáil go huathoibríoch chuig stórtha pictiúir agus stáitsithe, mar sin déanfaidh mé cur síos ar roinnt de na nuances a bhaineann le húsáid breiseán. Déanfaidh mé cur síos freisin ar cé chomh héasca agus chomh suaimhneach is féidir leat é a úsáid nexus-staging-maven-pluginmura dteastaíonn uait nó mura bhfuil tú in ann org.sonatype.oss:oss-parent a úsáid mar thuismitheoir do do thionscadal.

maven-install- breiseán

Suiteáil modúil isteach sa stór áitiúil.
An-úsáideach le haghaidh fíorú áitiúil ar réitigh i dtionscadail eile, chomh maith le seiceam.

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-install-plugin</artifactId>
  <executions>
    <execution>
      <id>install-project</id>
      <!-- Если у вас многомодульный проект с деплоем родительского помика -->
      <phase>install</phase>
      <!-- Явно указываем файлы для локальной установки -->
      <configuration>
        <file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
        <pomFile>dependency-reduced-pom.xml</pomFile>
        <!-- Принудительное обновление метаданных проекта -->
        <updateReleaseInfo>true</updateReleaseInfo>
        <!-- Контрольные суммы для проверки целостности -->
        <createChecksum>true</createChecksum>
      </configuration>
    </execution>
  </executions>
</plugin>

Chun an t-ábhar

breiseán maven-javadoc

Javadoc a ghiniúint don tionscadal.

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-javadoc-plugin</artifactId>
  <executions>
    <execution>
      <goals>
        <goal>jar</goal>
      </goals>
      <!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
      <phase>prepare-package</phase>
      <configuration>
        <!-- Очень помогает в публичных проектах -->
        <failOnError>true</failOnError>
        <failOnWarnings>true</failOnWarnings>
        <!-- Убирает ошибку поиска документации в target директории -->
        <detectOfflineLinks>false</detectOfflineLinks>
      </configuration>
    </execution>
  </executions>
</plugin>

Má tá modúl agat nach bhfuil java ann (mar shampla acmhainní amháin)
Nó níl tú ag iarraidh javadoc a ghiniúint i bprionsabal, mar sin cuidigh leat maven-jar-plugin

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-jar-plugin</artifactId>
  <executions>
    <execution>
      <id>empty-javadoc-jar</id>
      <phase>generate-resources</phase>
      <goals>
        <goal>jar</goal>
      </goals>
      <configuration>
        <classifier>javadoc</classifier>
        <classesDirectory>${basedir}/javadoc</classesDirectory>
      </configuration>
    </execution>
  </executions>
</plugin>

Chun an t-ábhar

breiseán maven-gpg

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-gpg-plugin</artifactId>
  <executions>
    <execution>
      <id>sign-artifacts</id>
      <!-- Сборка будет падать, если отсутствует GPG ключ -->
      <!-- Подписываем артефакты только на фазе deploy -->
      <phase>deploy</phase>
      <goals>
        <goal>sign</goal>
      </goals>
    </execution>
  </executions>
</plugin>

Chun an t-ábhar

nexus-staging-maven-breiseán

Cumraíocht:

<project>
  <!-- ... -->
  <build>
    <plugins>
      <!-- ... -->
      <plugin>
        <groupId>org.sonatype.plugins</groupId>
        <artifactId>nexus-staging-maven-plugin</artifactId>
      </plugin>
    </plugins>
    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.sonatype.plugins</groupId>
          <artifactId>nexus-staging-maven-plugin</artifactId>
          <extensions>true</extensions>
          <configuration>
            <serverId>sonatype</serverId>
            <nexusUrl>https://oss.sonatype.org/</nexusUrl>
            <!-- Обновляем метаданные, чтобы пометить артефакт как release -->
            <!-- Не влияет на snapshot версии -->
            <updateReleaseInfo>true</updateReleaseInfo>
          </configuration>
        </plugin>
        <plugin>
          <groupId>org.apache.maven.plugins</groupId>
          <artifactId>maven-deploy-plugin</artifactId>
          <configuration>
            <!-- Отключаем плагин -->
            <skip>true</skip>
          </configuration>
        </plugin>
      </plugins>
    </pluginManagement>
  </build>
  <distributionManagement>
    <snapshotRepository>
      <id>sonatype</id>
      <name>Nexus Snapshot Repository</name>
      <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </snapshotRepository>
    <repository>
      <id>sonatype</id>
      <name>Nexus Release Repository</name>
      <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
    </repository>
  </distributionManagement>
</project>

Má tá tionscadal ilmhodúil agat agus nach gá duit modúl ar leith a uaslódáil chuig an stór, ansin caithfidh tú nexus-staging-maven-plugin le bratach skipNexusStagingDeployMojo

<build>
  <plugins>
    <plugin>
      <groupId>org.sonatype.plugins</groupId>
      <artifactId>nexus-staging-maven-plugin</artifactId>
      <configuration>
        <skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
      </configuration>
    </plugin>
  </plugins>
</build>

Tar éis iad a íoslódáil, tá leaganacha seat/eisiúint ar fáil i stórtha stáitse

<repositories>
  <repository>
    <id>SonatypeNexus</id>
    <url>https://oss.sonatype.org/content/groups/staging/</url>
    <!-- Не надо указывать флаги snapshot/release для репозитория -->
  </repository>
</repositories>

Tuilleadh buntáistí

Liosta an-saibhir spriocanna chun oibriú leis an stór nexus (mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin).
Seiceáil scaoileadh uathoibríoch le huaslódáil go maven lárnach

Chun an t-ábhar

Toradh

Leagan SNAPSHOT a fhoilsiú

Agus tionscadal á thógáil, is féidir tasc a sheoladh de láimh chun an leagan SNAPSHOT a íoslódáil chuig nexus

Nuair a sheoltar an tasc seo, spreagtar an tasc comhfhreagrach sa tionscadal imlonnaithe (mar shampla).

Loga bearrtha

Running with gitlab-runner 11.10.0 (3001a600)
  on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
  git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO]   ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
[INFO] Shields4J                                                          [pom]
[INFO] test-core                                                          [jar]
[INFO] Shields4J client                                                   [jar]
[INFO] TestNG listener                                                    [jar]
[INFO] 
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0                                           [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO] 
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO]     Updating project org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] Processing org.touchbit.shields4j:client
[INFO]     Updating parent org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]     Updating dependency org.touchbit.shields4j:test-core
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] Processing org.touchbit.shields4j:test-core
[INFO]     Updating parent org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] Processing org.touchbit.shields4j:testng
[INFO]     Updating parent org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]     Updating dependency org.touchbit.shields4j:client
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]     Updating dependency org.touchbit.shields4j:test-core
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0 .................................... SUCCESS [  0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO]   ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
[INFO] Shields4J                                                          [pom]
[INFO] test-core                                                          [jar]
[INFO] Shields4J client                                                   [jar]
[INFO] TestNG listener                                                    [jar]
[INFO] 
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT                                  [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO]  * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [  2.375 s]
[INFO] test-core .......................................... SUCCESS [  3.929 s]
[INFO] Shields4J client ................................... SUCCESS [  3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------

Mar thoradh air sin, tá an leagan luchtaithe i nexus 1.0.0-GAIRM.

Is féidir gach leagan seat a scriosadh as an stór ar an suíomh Gréasáin oss.sonatype.org faoi do chuntas.

Chun an t-ábhar

Leagan scaoilte a fhoilsiú

Nuair a shuiteáiltear clib, spreagtar an tasc comhfhreagrach sa tionscadal imlonnaithe go huathoibríoch chun an leagan scaoileadh a íoslódáil chuig nexus (mar shampla).

Is é an chuid is fearr ná go spreagtar scaoileadh gar go huathoibríoch i nexus.

[INFO] Performing remote staging...
[INFO] 
[INFO]  * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO]  * Created staging repository with ID "orgtouchbit-1037".
[INFO]  * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO]  * Uploading locally staged artifacts to profile org.touchbit
[INFO]  * Upload of locally staged artifacts finished.
[INFO]  * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0 .................................... SUCCESS [  9.603 s]
[INFO] test-core .......................................... SUCCESS [  3.419 s]
[INFO] Shields4J client ................................... SUCCESS [  9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------

Agus má théann rud éigin mícheart, beidh an tasc theipeann cinnte

[INFO] Performing remote staging...
[INFO] 
[INFO]  * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO]  * Created staging repository with ID "orgtouchbit-1038".
[INFO]  * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO]  * Uploading locally staged artifacts to profile org.touchbit
[INFO]  * Upload of locally staged artifacts finished.
[INFO]  * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR] 
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR] 
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR]   Rule "signature-staging" failures
[ERROR]     * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on &lt;a href=http://keys.gnupg.net:11371/&gt;http://keys.gnupg.net:11371/&lt;/a&gt;. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR]  * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR]  * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0 .................................... SUCCESS [  4.073 s]
[INFO] test-core .......................................... SUCCESS [  2.788 s]
[INFO] Shields4J client ................................... SUCCESS [  3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------

Mar thoradh air sin, níl ach rogha amháin fágtha againn. Scrios an leagan seo nó foilsigh é.

Tar éis é a scaoileadh, tar éis roinnt ama beidh na déantáin isteach

offtopic

Ba fhionnachtain domsa é go ndéanann maven innéacsú ar stórtha poiblí eile.
Bhí orm robots.txt a chur leis toisc gur innéacsaigh sé mo sheanstór.

Chun an t-ábhar

Conclúid

Cad atá againn

Tionscadal imscartha ar leith inar féidir leat roinnt tascanna CI a chur i bhfeidhm chun déantúsáin a uaslódáil chuig stórtha poiblí do theangacha forbartha éagsúla.
Tá an tionscadal Imscaradh scoite amach ó chur isteach ón taobh amuigh agus ní féidir ach le húsáideoirí a bhfuil róil an Úinéara agus an Chothabhlóra acu é a athrú.
Runaire Sonrach ar leith le taisce “te” chun tascanna a imscaradh amháin a rith.
Gearrscéalta/leaganacha scaoilte a fhoilsiú i stór poiblí.
Seiceáil go huathoibríoch ar an leagan eisithe chun a bheith ullamh le foilsiú i maven central.
Cosaint ar fhoilsiú uathoibríoch leaganacha “amh” i maven lárnach.
Tóg agus foilsigh leaganacha seat “ar chliceáil”.
Taisclann amháin chun leaganacha pictiúr/scaoileadh a fháil.
Píblíne ghinearálta chun tionscadal java a thógáil / a thástáil / a fhoilsiú.

Ní ábhar chomh casta é GitLab CI a bhunú agus a fheictear ar an gcéad amharc. Is leor CI a bhunú ar bhonn turnkey cúpla uair, agus anois tá tú i bhfad ó amaitéarach san ábhar seo. Ina theannta sin, tá doiciméadú GitLab an-iomarcach. Ná bíodh eagla ort an chéad chéim a ghlacadh. Tá an bóthar le feiceáil faoi chéimeanna an duine a bhí ag siúl (ní cuimhin liom cé a dúirt é :)

Beidh áthas orm aiseolas a fháil.

Sa chéad alt eile beidh mé ag caint faoi conas GitLab CI a chumrú chun tascanna a reáchtáil le tástálacha comhtháthaithe go hiomaíoch (ag rith na seirbhísí faoi thástáil ag baint úsáide as docker-compose) mura bhfuil agat ach rádala sliogáin amháin.

Chun an t-ábhar

Foinse: will.com

Add a comment Cealaigh freagra

Chun trácht a phostáil atá uait Logáil isteach.