[post-d fo dhìon] login

ProHoster > Blog > Rianachd > A’ stèidheachadh GitLab CI gus pròiseact java a luchdachadh suas gu maven central

A’ stèidheachadh GitLab CI gus pròiseact java a luchdachadh suas gu maven central

Tha an artaigil seo airson luchd-leasachaidh java a dh’ fheumas na toraidhean aca fhoillseachadh gu sgiobalta gu stòran sonatype agus / no maven meadhanach a ’cleachdadh GitLab. San artaigil seo, bruidhnidh mi mu bhith a’ stèidheachadh gitlab-runner, gitlab-ci agus maven-plugin gus an duilgheadas seo fhuasgladh.

Ro-ghoireasan:

Stòradh sàbhailte de iuchraichean mvn agus GPG.
Cur an gnìomh gnìomhan CI poblach gu tèarainte.
A’ luchdachadh suas stuthan (sgaoileadh / dealbh) gu stòran poblach.
Sgrùdadh fèin-ghluasadach air dreachan fuasglaidh airson am foillseachadh ann am meadhan maven.
Fuasgladh coitcheann airson stuthan a luchdachadh suas gu stòr airson grunn phròiseactan.
Simple agus furasta a chleachdadh.

Clàr-innse

Fiosrachadh coitcheann
A’ stèidheachadh pròiseact cleachdadh ann an GitLab
Runner GitLab
- Runaire sònraichte
- Runner Co-roinnte
GitLab CI
- Cur an gnìomh pròiseact
- Java pròiseact a
rèiteachadh pom.xml
thoradh air
- Foillsich dreach snapshot
- Foillseachadh an dreach foillseachaidh
co-dhùnadh

Fiosrachadh coitcheann

Tha tuairisgeul mionaideach air an uidheamachd airson stuthan fhoillseachadh gu Maven Central tro Sheirbheis aoigheachd Stòr Sonatype OSS air a mhìneachadh mar-thà ann an artaigil seo neach-cleachdaidh Googolplex, mar sin bheir mi iomradh air an artaigil seo anns na h-àiteachan ceart.
Clàraich ro-làimh aig Sonatype JIRA agus tòisich tiogaid gus an stòr fhosgladh (airson tuilleadh fiosrachaidh, leugh an earrann Cruthaich tiogaid Sonatype JIRA). Às deidh an stòr fhosgladh, thèid an logadh a-steach / facal-faire JIRA paidhir (ris an canar an cunntas Sonatype an-seo) a chleachdadh gus artifacts a luchdachadh suas chun Sonatype nexus.
A bharrachd air an sin, thathas a’ toirt cunntas gu math tioram air a’ phròiseas airson iuchair GPG a ghineadh. Faic an earrann airson tuilleadh fiosrachaidh. A’ rèiteachadh GnuPG gu Soidhnigeadh Artifacts
Ma tha thu a’ cleachdadh consol Linux gus iuchair GPG a ghineadh (gnupg/gnupg2), feumaidh tu stàladh innealan rng gus entropy a ghineadh. Rud eile, faodaidh prìomh ghineadh ùine mhòr a thoirt.
Seirbheisean stòraidh poblach Iuchraichean GPG
- http://keys.gnupg.net
- http://pool.sks-keyservers.net
- http://keyserver.ubuntu.com

Chun an t-susbaint

A’ stèidheachadh pròiseact cleachdadh ann an GitLab

An toiseach, feumaidh tu pròiseact a chruthachadh agus a rèiteachadh anns am bi an loidhne-phìoban air a stòradh airson artifacts a chleachdadh. Dh’ ainmich mi mo phròiseact gu sìmplidh agus gu sìmplidh - cleachdadh
Às deidh dhut an stòr a chruthachadh, feumaidh tu ruigsinneachd a chuingealachadh gus an stòr atharrachadh.
Rach gu pròiseact -> Roghainnean -> Stòr -> Meuran Dìon. Bidh sinn a’ cuir às do na riaghailtean gu lèir agus a’ cur aon riaghailt ri Wildcard * leis a’ chòir a bhith a’ putadh agus a’ tighinn còmhla a-mhàin airson luchd-cleachdaidh le dreuchd Neach-gleidhidh. Bidh an riaghailt seo ag obair airson luchd-cleachdaidh a’ phròiseict seo agus a’ bhuidheann dham buin am pròiseact seo.
Ma tha grunn luchd-gleidhidh ann, is e am fuasgladh as fheàrr a bhith a’ cuingealachadh ruigsinneachd don phròiseact ann am prionnsapal.
Rach don phròiseact -> Roghainnean -> Coitcheann -> Faicsinneachd, feartan pròiseict, ceadan agus suidhich faicsinneachd pròiseict gu prìobhaideach.
Tha pròiseact agam ann an ruigsinneachd poblach, leis gu bheil mi a’ cleachdadh an GitLab Runner agam fhìn agus is e dìreach cothrom a tha agam an stòr atharrachadh. Uill, gu fìrinneach chan eil e gu math dhomh fiosrachadh prìobhaideach a nochdadh ann an logaichean loidhne-phìoban poblach.
A 'teannachadh nan riaghailtean airson atharrachadh an stòrais
Rach don phròiseact -> Suidhichidhean -> Stòr -> Put air Riaghailtean agus suidhich cuingealachadh an Neach-coimhid, Dèan cinnteach a bheil an t-ùghdar na bhrataichean cleachdaiche GitLab. Tha mi cuideachd a’ moladh stèidheachadh soidhnigeadh a dhèanamh, agus suidhich am bratach gealltanas Reject gun ainm.
An ath rud, feumaidh tu inneal-brosnachaidh a rèiteachadh gus gnìomhan a ruith
Rach don phròiseact -> Suidhichidhean -> CI / CD -> Piobair loidhne-phìoban agus cruthaich comharra brosnachaidh ùr
Faodar an comharra seo a chuir sa bhad ris an rèiteachadh coitcheann de chaochladairean airson buidheann de phròiseactan.
Rach don bhuidheann -> Roghainnean -> CI / CD -> caochladairean agus cuir caochladair ris DEPLOY_TOKEN le comharra brosnachaidh anns an luach.

Chun an t-susbaint

Runner GitLab

Tha an earrann seo a’ toirt cunntas air an rèiteachadh airson gnìomhan ruith air an cleachdadh a’ cleachdadh an ruitheadair dùthchasach (Sònraichte) agus poblach (Co-roinnte).

Runaire sònraichte

Bidh mi a’ cleachdadh na ruitheadairean agam fhìn, oir an toiseach tha e goireasach, luath, saor.
Airson ruitheadair tha mi a’ moladh Linux VDS le 1 CPU, 2 GB RAM, 20 GB HDD. Prìs cuir a-mach ~ 3000₽ gach bliadhna.

Mo runadair

Airson an ruitheadair ghabh mi VDS 4 CPU, 4 GB RAM, 50 GB SSD. Chosg e ~11000₽ agus cha do ghabh e aithreachas a-riamh.
Tha 7 innealan agam gu h-iomlan. 5 air aruba agus 2 air ihor.

Mar sin, tha ruitheadair againn. A-nis cuiridh sinn air dòigh e.
Bidh sinn a’ dol chun inneal tro SSH agus a’ stàladh java, git, maven, gnupg2.

Chun an t-susbaint

A stàladh gitlab runner

Cruthaich buidheann ùr runner
```
sudo groupadd runner
```
Cruthaich eòlaire airson an tasgadan maven agus sònraich còraichean buidhne runner
Faodaidh tu an ceum seo a sheachnadh mura h-eil thu an dùil iomadh ruitheadair a ruith air an aon inneal.
```
mkdir -p /usr/cache/.m2/repository
chown -R :runner /usr/cache
chmod -R 770 /usr/cache
```

Cruthaich cleachdaiche gitlab-deployer agus cuir ris a’ bhuidheann runner

useradd -m -d /home/gitlab-deployer gitlab-deployer
usermod -a -G runner gitlab-deployer

Cuir ris an fhaidhle /etc/ssh/sshd_config an ath loidhne
```
AllowUsers root@* [email protected]
```
Ath-thòisich sshd
```
systemctl restart sshd
```
Suidhich facal-faire airson an neach-cleachdaidh gitlab-deployer (faodaidh e a bhith sìmplidh, leis gu bheil cuingealachadh ann airson localhost)
```
passwd gitlab-deployer
```

Stàlaich GitLab Runner (Linux x86-64)

sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64
sudo chmod +x /usr/local/bin/gitlab-runner
ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner
ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner

Rach gu gitlab.com -> deploy-project -> Roghainnean -> CI/CD -> Runners -> Luchd-ruith sònraichte agus dèan lethbhreac den tòcan clàraidh

Sgrion

A ' clàradh an runner

gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml

phròiseas

Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded                     runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

Dèan cinnteach gu bheil an ruitheadair clàraichte. Rach gu gitlab.com -> deploy-project -> Settings -> CI/CD -> Runners -> Runners sònraichte -> Runners air an cur an gnìomh airson a’ phròiseict seo

Sgrion

A' cur ris fa leth seirbheis /etc/systemd/system/gitlab-deployer.service

[Unit]
Description=GitLab Deploy Runner
After=syslog.target network.target
ConditionFileIsExecutable=/usr/local/bin/gitlab-runner
[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer"
Restart=always
RestartSec=120
[Install]
WantedBy=multi-user.target

Bidh sinn a 'tòiseachadh air an t-seirbheis.

systemctl enable gitlab-deployer.service
systemctl start gitlab-deployer.service
systemctl status gitlab-deployer.service

Dèan cinnteach gu bheil an ruitheadair a’ ruith.

Eisimpleir:

Chun an t-susbaint

GPG prìomh ghinealach

Bhon aon inneal thèid sinn tro ssh fon neach-cleachdaidh gitlab-deployer (tha seo cudromach airson prìomh ghinealach GPG)
```
ssh [email protected]
```
Bidh sinn a’ cruthachadh iuchair le bhith a’ freagairt cheistean. Chleachd mi m’ ainm fhìn agus post-d.
Dèan cinnteach gun sònraich thu am facal-faire airson an iuchair. Thèid artifacts a shoidhnigeadh leis an iuchair seo.
```
gpg --gen-key 
```

Thoir sùil air

gpg --list-keys -a
/home/gitlab-deployer/.gnupg/pubring.gpg
----------------------------------------
pub   4096R/00000000 2019-04-19
uid                  Petruha Petrov <[email protected]>
sub   4096R/11111111 2019-04-19

A’ luchdachadh suas an iuchair phoblach againn gu prìomh fhrithealaiche

gpg --keyserver keys.gnupg.net --send-key 00000000
gpg: sending key 00000000 to hkp server keys.gnupg.net

Chun an t-susbaint

Suidheachadh Maven

Bidh sinn a 'dol fon neach-cleachdaidh gitlab-deployer
```
su gitlab-deployer 
```
Cruthaich eòlaire maven stòras agus ceangail ris an tasgadan (na dèan mearachd)
Faodar an ceum seo a sheachnadh mura h-eil thu an dùil grunn ruitheadairean a ruith air an aon inneal.
```
mkdir -p ~/.m2/repository
ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository
```

Cruthaich prìomh iuchair

mvn --encrypt-master-password password
{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}

Cruthaich faidhle ~/.m2/settings-security.xml

<settingsSecurity>
<master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master>
</settingsSecurity>

A’ crioptachadh am facal-faire bhon chunntas Sonatype

mvn --encrypt-password SONATYPE_PASSWORD
{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}

Cruthaich faidhle ~/.m2/settings.xml

<settings>  
<profiles>
    <profile>
        <id>env</id>
        <activation>
            <activeByDefault>true</activeByDefault>
        </activation>
        <properties>
            <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase>
        </properties>
    </profile>
</profiles>
<servers>
    <server>
        <id>sonatype</id>
        <username>SONATYPE_USERNAME</username>
        <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password>
    </server>
</servers>
</settings>

càite, càite,
GPG_SECRET_KEY_PASSPHRASE - Facal-faire iuchrach GPG
SONATYPE_USERNAME - logadh a-steach cunntas sonatype

Cuiridh seo crìoch air suidheachadh an ruitheadair, faodaidh tu a dhol air adhart chun roinn GitLab CI

Chun an t-susbaint

Runner Co-roinnte

GPG prìomh ghinealach

An toiseach, feumaidh tu iuchair GPG a chruthachadh. Gus seo a dhèanamh, stàlaich gnupg.
```
yum install -y gnupg
```
Bidh sinn a’ cruthachadh iuchair le bhith a’ freagairt cheistean. Chleachd mi m’ ainm fhìn agus post-d. Dèan cinnteach gun sònraich thu am facal-faire airson an iuchair.
```
gpg --gen-key 
```

Luchdaich a-nuas am prìomh fhiosrachadh

gpg --list-keys -a
pub   rsa3072 2019-04-24 [SC] [expires: 2021-04-23]
  2D0D1706366FC4AEF79669E24D09C55BBA3FD728
uid           [ultimate] tttemp <[email protected]>
sub   rsa3072 2019-04-24 [E] [expires: none]

A’ luchdachadh suas an iuchair phoblach againn gu prìomh fhrithealaiche

gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728
gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net

A 'faighinn iuchair phrìobhaideach

gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728
-----BEGIN PGP PRIVATE KEY BLOCK-----
lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5
...
=2Wd2
-----END PGP PRIVATE KEY BLOCK-----

Rach gu roghainnean pròiseict -> Roghainnean -> CI / CD -> caochladairean agus sàbhail an iuchair phrìobhaideach ann an caochladair GPG_SECRET_KEY

Chun an t-susbaint

Suidheachadh Maven

Cruthaich prìomh iuchair

mvn --encrypt-master-password password
{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}

Rach gu roghainnean pròiseict -> Roghainnean -> CI / CD -> caochladairean agus sàbhail ann an caochladair SETTINGS_SECURITY_XML na sreathan a leanas:
```
<settingsSecurity>
<master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master>
</settingsSecurity>
```

A’ crioptachadh am facal-faire bhon chunntas Sonatype

mvn --encrypt-password SONATYPE_PASSWORD
{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}

Rach gu roghainnean pròiseict -> Roghainnean -> CI / CD -> caochladairean agus sàbhail ann an caochladair SETTINGS_XML na sreathan a leanas:

<settings>  
<profiles>
    <profile>
        <id>env</id>
        <activation>
            <activeByDefault>true</activeByDefault>
        </activation>
        <properties>
            <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase>
        </properties>
    </profile>
</profiles>
<servers>
    <server>
        <id>sonatype</id>
        <username>sonatype_username</username>
        <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password>
    </server>
</servers>
</settings>

càite, càite,
GPG_SECRET_KEY_PASSPHRASE - Facal-faire iuchrach GPG
SONATYPE_USERNAME - logadh a-steach cunntas sonatype

Chun an t-susbaint

Cuir a-steach dealbh docker

Bidh sinn a’ cruthachadh Dockerfile gu math sìmplidh gus gnìomhan a ruith air an cleachdadh leis an dreach a tha thu ag iarraidh de Java. Gu h-ìosal tha eisimpleir airson alpach.
```
FROM java:8u111-jdk-alpine
RUN apk add gnupg maven git --update-cache 
--repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && 
mkdir ~/.m2/
```

A 'togail soitheach airson do phròiseact

docker build -t registry.gitlab.com/group/deploy .

Bidh sinn a 'dearbhadh agus a' luchdachadh an t-soithich a-steach don chlàr.

docker login -u USER -p PASSWORD registry.gitlab.com
docker push registry.gitlab.com/group/deploy

Chun an t-susbaint

GitLab CI

Cur an gnìomh pròiseact

Cuir am faidhle .gitlab-ci.yml ri freumh a’ phròiseict cleachdadh
Tha an sgriobt a’ taisbeanadh dà ghnìomh cleachdadh gun samhail. Runner Sònraichte no Runner Co-roinnte fa leth.

.gitlab-ci.yml

stages:
  - deploy

Specific Runner:
  extends: .java_deploy_template
  # Задача будет выполняться на вашем shell-раннере
  tags:
    - deploy

Shared Runner:
  extends: .java_deploy_template
  # Задача будет выполняться на публичном docker-раннере
  tags:
    - docker
  # Образ из раздела GitLab Runner -> Shared Runner -> Docker
  image: registry.gitlab.com/group/deploy-project:latest
  before_script:
    # Импортируем GPG ключ
    - printf "${GPG_SECRET_KEY}" | gpg --batch --import
    # Сохраняем maven конфигурацию
    - printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
    - printf "${SETTINGS_XML}" > ~/.m2/settings.xml

.java_deploy_template:
  stage: deploy
  # Задача сработает по триггеру, если передана переменная DEPLOY со значением java
  only:
    variables:
    - $DEPLOY == "java"
  variables:
    # отключаем клонирование текущего проекта
    GIT_STRATEGY: none
  script:
    # Предоставляем возможность хранения пароля в незашифрованном виде
    - git config --global credential.helper store
    # Сохраняем временные креды пользователя gitlab-ci-token
    # Токен работает для всех публичных проектов gitlab.com и для проектов группы
    - echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
    # Полностью чистим текущую директорию
    - rm -rf .* *
    # Клонируем проект который, будем деплоить в Sonatype Nexus
    - git clone ${DEPLOY_CI_REPOSITORY_URL} .
    # Переключаемся на нужный коммит
    - git checkout ${DEPLOY_CI_COMMIT_SHA} -f
    # Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
    # В противном случае есть риск залить сырые артефакты в maven central
    - >
      for pom in $(find . -name pom.xml); do
        if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
          echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
          exit 1;
        fi;
      done
    # Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
    - >
      if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
        mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
      else
        VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
        if [[ "${VERSION}" == *-SNAPSHOT ]]; then
          mvn versions:set -DnewVersion=${VERSION}
        else
          mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
        fi
      fi
    # Запускаем задачу на сборку и деплой артефактов
    - mvn clean deploy -DskipTests=true

Chun an t-susbaint

Java pròiseact a

Ann am pròiseactan java a tha còir a bhith air an luchdachadh suas gu stòran poblach, feumaidh tu ceumannan 2 a chuir ris gus na dreachan Release and Snapshot a luchdachadh sìos.

.gitlab-ci.yml

stages:
  - build
  - test
  - verify
  - deploy

<...>

Release:
  extends: .trigger_deploy
  # Запускать задачу только пo тегу.
  only:
    - tags

Snapshot:
  extends: .trigger_deploy
  # Запускаем задачу на публикацию SNAPSHOT версии вручную
  when: manual
  # Не запускать задачу, если проставлен тег.
  except:
    - tags

.trigger_deploy:
  stage: deploy
  variables:
    # Отключаем клонирование текущего проекта
    GIT_STRATEGY: none
    # Ссылка на триггер deploy-задачи
    URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
    # Переменные deploy-задачи
    POST_DATA: "
      token=${DEPLOY_TOKEN}&
      ref=master&
      variables[DEPLOY]=${DEPLOY}&
      variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
      variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
      variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
      variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
      "
  script:
    # Не использую cURL, так как с флагами --fail --show-error
    # он не выводит тело ответа, если HTTP код 400 и более 
    - wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}

Anns an fhuasgladh seo, chaidh mi beagan nas fhaide agus cho-dhùin mi aon teamplaid CI a chleachdadh airson pròiseactan java.

Gu mion-fhiosrachadh

Chruthaich mi pròiseact air leth gitlab-ci anns an do chuir e an teamplaid CI airson pròiseactan java cumanta.yml.

cumanta.yml

stages:
  - build
  - test
  - verify
  - deploy

variables:
  SONAR_ARGS: "
  -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} 
  -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME} 
  "

.build_java_project:
  stage: build
  tags:
    - touchbit-shell
  variables:
    SKIP_TEST: "false"
  script:
    - mvn clean
    - mvn package -DskipTests=${SKIP_TEST}
  artifacts:
    when: always
    expire_in: 30 day
    paths:
      - "*/target/reports"

.build_sphinx_doc:
  stage: build
  tags:
    - touchbit-shell
  variables:
    DOCKERFILE: .indirect/docs/Dockerfile
  script:
    - docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .

.junit_module_test_run:
  stage: test
  tags:
    - touchbit-shell
  variables:
    MODULE: ""
  script:
    - cd ${MODULE}
    - mvn test
  artifacts:
    when: always
    expire_in: 30 day
    paths:
      - "*/target/reports"

.junit_test_run:
  stage: test
  tags:
    - touchbit-shell
  script:
    - mvn test
  artifacts:
    when: always
    expire_in: 30 day
    paths:
    - "*/target/reports"

.sonar_review:
  stage: verify
  tags:
    - touchbit-shell
  dependencies: []
  script:
    - >
      if [ "$CI_BUILD_REF_NAME" == "master" ]; then
        mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
      else
        mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
      fi

.trigger_deploy:
  stage: deploy
  tags:
    - touchbit-shell
  variables:
    URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
    POST_DATA: "
      token=${DEPLOY_TOKEN}&
      ref=master&
      variables[DEPLOY]=${DEPLOY}&
      variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
      variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
      variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
      variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
      "
  script:
  - wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}

.trigger_release_deploy:
  extends: .trigger_deploy
  only:
    - tags

.trigger_snapshot_deploy:
  extends: .trigger_deploy
  when: manual
  except:
    - tags

Mar thoradh air an sin, anns na pròiseactan java fhèin, tha .gitlab-ci.yml a’ coimhead gu math toinnte agus chan e gnìomhair

.gitlab-ci.yml

include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml

Shields4J:
  extends: .build_java_project

Sphinx doc:
  extends: .build_sphinx_doc
  variables:
    DOCKERFILE: .docs/Dockerfile

Sonar review:
  extends: .sonar_review
  dependencies:
    - Shields4J

Release:
  extends: .trigger_release_deploy

Snapshot:
  extends: .trigger_snapshot_deploy

Chun an t-susbaint

rèiteachadh pom.xml

Tha an cuspair seo air a mhìneachadh gu mionaideach. Googolplex в A’ stèidheachadh maven gus soidhnigeadh gu fèin-ghluasadach agus luchdachadh suas artifacts gu snaidheadh agus stòran-stòrais, mar sin bheir mi cunntas air cuid de na nuances a thaobh a bhith a’ cleachdadh plugins. Bheir mi cunntas cuideachd air cho furasta agus cho nàdarrach ‘s as urrainn dhut a chleachdadh nexus-staging-maven-pluginmura h-eil thu ag iarraidh no mura h-urrainn dhut org.sonatype.oss:oss-parent a chleachdadh mar phàrant airson do phròiseact.

maven-install-plugin

Stàladh mhodalan anns an stòr ionadail.
Fìor feumail airson dearbhadh ionadail fuasglaidhean ann am pròiseactan eile, a bharrachd air checksum.

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-install-plugin</artifactId>
  <executions>
    <execution>
      <id>install-project</id>
      <!-- Если у вас многомодульный проект с деплоем родительского помика -->
      <phase>install</phase>
      <!-- Явно указываем файлы для локальной установки -->
      <configuration>
        <file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
        <pomFile>dependency-reduced-pom.xml</pomFile>
        <!-- Принудительное обновление метаданных проекта -->
        <updateReleaseInfo>true</updateReleaseInfo>
        <!-- Контрольные суммы для проверки целостности -->
        <createChecksum>true</createChecksum>
      </configuration>
    </execution>
  </executions>
</plugin>

Chun an t-susbaint

maven-javadoc-plugin

A 'cruthachadh javadoc airson a' phròiseict.

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-javadoc-plugin</artifactId>
  <executions>
    <execution>
      <goals>
        <goal>jar</goal>
      </goals>
      <!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
      <phase>prepare-package</phase>
      <configuration>
        <!-- Очень помогает в публичных проектах -->
        <failOnError>true</failOnError>
        <failOnWarnings>true</failOnWarnings>
        <!-- Убирает ошибку поиска документации в target директории -->
        <detectOfflineLinks>false</detectOfflineLinks>
      </configuration>
    </execution>
  </executions>
</plugin>

Ma tha modal agad anns nach eil java (mar eisimpleir goireasan a-mhàin)
No chan eil thu airson javadoc a ghineadh ann am prionnsapal, an uairsin airson cuideachadh maven-jar-plugin

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-jar-plugin</artifactId>
  <executions>
    <execution>
      <id>empty-javadoc-jar</id>
      <phase>generate-resources</phase>
      <goals>
        <goal>jar</goal>
      </goals>
      <configuration>
        <classifier>javadoc</classifier>
        <classesDirectory>${basedir}/javadoc</classesDirectory>
      </configuration>
    </execution>
  </executions>
</plugin>

Chun an t-susbaint

maven-gpg-plugan

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-gpg-plugin</artifactId>
  <executions>
    <execution>
      <id>sign-artifacts</id>
      <!-- Сборка будет падать, если отсутствует GPG ключ -->
      <!-- Подписываем артефакты только на фазе deploy -->
      <phase>deploy</phase>
      <goals>
        <goal>sign</goal>
      </goals>
    </execution>
  </executions>
</plugin>

Chun an t-susbaint

nexus-staging-maven-plugin

rèiteachadh:

<project>
  <!-- ... -->
  <build>
    <plugins>
      <!-- ... -->
      <plugin>
        <groupId>org.sonatype.plugins</groupId>
        <artifactId>nexus-staging-maven-plugin</artifactId>
      </plugin>
    </plugins>
    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.sonatype.plugins</groupId>
          <artifactId>nexus-staging-maven-plugin</artifactId>
          <extensions>true</extensions>
          <configuration>
            <serverId>sonatype</serverId>
            <nexusUrl>https://oss.sonatype.org/</nexusUrl>
            <!-- Обновляем метаданные, чтобы пометить артефакт как release -->
            <!-- Не влияет на snapshot версии -->
            <updateReleaseInfo>true</updateReleaseInfo>
          </configuration>
        </plugin>
        <plugin>
          <groupId>org.apache.maven.plugins</groupId>
          <artifactId>maven-deploy-plugin</artifactId>
          <configuration>
            <!-- Отключаем плагин -->
            <skip>true</skip>
          </configuration>
        </plugin>
      </plugins>
    </pluginManagement>
  </build>
  <distributionManagement>
    <snapshotRepository>
      <id>sonatype</id>
      <name>Nexus Snapshot Repository</name>
      <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </snapshotRepository>
    <repository>
      <id>sonatype</id>
      <name>Nexus Release Repository</name>
      <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
    </repository>
  </distributionManagement>
</project>

Ma tha pròiseact ioma-mhodal agad, agus nach fheum thu modal sònraichte a luchdachadh suas don stòr, feumaidh tu cuir ri pom.xml a’ mhodal seo nexus-staging-maven-plugin le bratach skipNexusStagingDeployMojo

<build>
  <plugins>
    <plugin>
      <groupId>org.sonatype.plugins</groupId>
      <artifactId>nexus-staging-maven-plugin</artifactId>
      <configuration>
        <skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
      </configuration>
    </plugin>
  </plugins>
</build>

Às deidh dhut dealbh a luchdachadh suas / leigeil ma sgaoil tha dreachan rim faighinn ann an stèidse a chur air dòigh

<repositories>
  <repository>
    <id>SonatypeNexus</id>
    <url>https://oss.sonatype.org/content/groups/staging/</url>
    <!-- Не надо указывать флаги snapshot/release для репозитория -->
  </repository>
</repositories>

Barrachd bhuannachdan

Liosta fìor bheairteach de thargaidean airson a bhith ag obair leis an stòr nexus (mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin).
Sgrùdadh fuasglaidh fèin-ghluasadach airson a luchdachadh suas gu maven central

Chun an t-susbaint

thoradh air

A’ foillseachadh dreach SNAPSHOT

Nuair a bhios tu a’ togail pròiseact, tha e comasach gnìomh a thòiseachadh le làimh gus an dreach SNAPSHOT a luchdachadh sìos gu nexus

Nuair a thèid an obair seo a chuir air bhog, thèid an obair fhreagarrach sa phròiseact cleachdadh a phiobrachadh (eisimpleir).

log air a ghearradh

Running with gitlab-runner 11.10.0 (3001a600)
  on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
  git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO]   ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
[INFO] Shields4J                                                          [pom]
[INFO] test-core                                                          [jar]
[INFO] Shields4J client                                                   [jar]
[INFO] TestNG listener                                                    [jar]
[INFO] 
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0                                           [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO] 
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO]     Updating project org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] Processing org.touchbit.shields4j:client
[INFO]     Updating parent org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]     Updating dependency org.touchbit.shields4j:test-core
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] Processing org.touchbit.shields4j:test-core
[INFO]     Updating parent org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] Processing org.touchbit.shields4j:testng
[INFO]     Updating parent org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]     Updating dependency org.touchbit.shields4j:client
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]     Updating dependency org.touchbit.shields4j:test-core
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0 .................................... SUCCESS [  0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO]   ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
[INFO] Shields4J                                                          [pom]
[INFO] test-core                                                          [jar]
[INFO] Shields4J client                                                   [jar]
[INFO] TestNG listener                                                    [jar]
[INFO] 
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT                                  [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO]  * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [  2.375 s]
[INFO] test-core .......................................... SUCCESS [  3.929 s]
[INFO] Shields4J client ................................... SUCCESS [  3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------

Mar thoradh air an sin, tha an dreach nexus air a luchdachadh 1.0.0-SNAPSHOT.

Faodar a h-uile dreach snapshot a thoirt air falbh bhon stòr air an làrach oss.sonatype.org fo do chunntas.

Chun an t-susbaint

Foillseachadh an dreach foillseachaidh

Nuair a thèid an taga a shuidheachadh, thèid an obair fhreagarrach sa phròiseact cleachdadh a chuir air adhart gu fèin-ghluasadach gus an dreach fuasglaidh a luchdachadh suas gu nexus (eisimpleir).

Is e am pàirt as fheàrr gu bheil sgaoileadh dùinte a’ piobrachadh gu fèin-ghluasadach ann an nexus.

[INFO] Performing remote staging...
[INFO] 
[INFO]  * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO]  * Created staging repository with ID "orgtouchbit-1037".
[INFO]  * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO]  * Uploading locally staged artifacts to profile org.touchbit
[INFO]  * Upload of locally staged artifacts finished.
[INFO]  * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0 .................................... SUCCESS [  9.603 s]
[INFO] test-core .......................................... SUCCESS [  3.419 s]
[INFO] Shields4J client ................................... SUCCESS [  9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------

Agus ma thèid rudeigin ceàrr, bidh an obair gu cinnteach a’ fàiligeadh

[INFO] Performing remote staging...
[INFO] 
[INFO]  * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO]  * Created staging repository with ID "orgtouchbit-1038".
[INFO]  * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO]  * Uploading locally staged artifacts to profile org.touchbit
[INFO]  * Upload of locally staged artifacts finished.
[INFO]  * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR] 
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR] 
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR]   Rule "signature-staging" failures
[ERROR]     * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on &lt;a href=http://keys.gnupg.net:11371/&gt;http://keys.gnupg.net:11371/&lt;/a&gt;. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR]  * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR]  * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0 .................................... SUCCESS [  4.073 s]
[INFO] test-core .......................................... SUCCESS [  2.788 s]
[INFO] Shields4J client ................................... SUCCESS [  3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------

Mar thoradh air an sin, chan eil againn ach aon roghainn. No sguab às an tionndadh seo no foillsich.

Às deidh an leigeil ma sgaoil, às deidh beagan ùine, bidh na stuthan a-staigh

offtopic

Bha e na fhoillseachadh dhomh gu bheil maven a’ clàradh stòran poblach eile.
B’ fheudar dhomh robots.txt a luchdachadh suas oir rinn e clàr-amais air an t-seann stòr-tasgaidh agam.

Chun an t-susbaint

co-dhùnadh

Na tha againn

Pròiseact cleachdadh air leth anns an urrainn dhut grunn ghnìomhan CI a chuir an gnìomh airson stuthan a luchdachadh suas gu stòran poblach airson diofar chànanan leasachaidh.
Tha am pròiseact cleachdadh air leth bho bhacadh bhon taobh a-muigh agus chan urrainn dha atharrachadh ach le luchd-cleachdaidh le dreuchdan an t-sealbhadair agus an neach-gleidhidh.
Runner Sònraichte air leth le tasgadan “teth” gus dìreach gnìomhan a chuir an gnìomh.
Foillseachadh dreachan dealbh / fuasglaidh ann an stòr poblach.
Sgrùdadh fèin-ghluasadach air an dreach fuasglaidh airson a bhith deiseil airson fhoillseachadh ann am meadhan maven.
Dìon an aghaidh foillseachadh fèin-ghluasadach de dhreachan “amh” ann am meadhan maven.
Tog agus foillsich dreachan snapshot “air cliog”.
Stòr singilte airson dreachan dealbh / fuasglaidh fhaighinn.
Loidhne-phìoban coitcheann airson togail / deuchainn / foillseachadh pròiseact java.

Chan eil stèidheachadh GitLab CI na chuspair cho iom-fhillte ‘s a tha e coltach aig a’ chiad sealladh. Tha e gu leòr CI a stèidheachadh air stèidh turnkey dà uair, agus a-nis tha thu fada bho bhith neo-dhreuchdail sa chùis seo. A bharrachd air an sin, tha sgrìobhainnean GitLab gu math gun fheum. Na biodh eagal ort a 'chiad cheum a ghabhail. Tha an rathad a’ nochdadh fo staidhre an neach a bha a’ coiseachd (chan eil cuimhne agam cò thuirt e :)

Bidh mi toilichte fios air ais.

Anns an ath artaigil, seallaidh mi dhut mar a stèidhicheas tu GitLab CI gus gnìomhan deuchainn amalachaidh a ruith gu farpaiseach (a ’ruith seirbheisean deuchainn le docker-compose) mura h-eil agad ach aon ruitheadair slige.

Chun an t-susbaint

Source: www.habr.com

Cuir beachd ann freagairt a chur dheth

Gus beachd a phostadh, feumaidh tu log a-steach.