Cov kab lus no yog npaj rau java developers uas xav tau sai sai tshaj tawm lawv cov khoom nyob rau hauv sonatype thiab / los yog maven central repositories siv GitLab. Hauv tsab xov xwm no kuv yuav tham txog kev teeb tsa gitlab-khiav, gitlab-ci thiab maven-plugin los daws qhov teeb meem no.
Yam yuavtsum tau kawm uantej:
- Ruaj ntseg cia ntawm mvn thiab GPG yuam sij.
- Ua kom muaj kev nyab xeeb ntawm pej xeem CI cov haujlwm.
- Uploading artifacts (tso tawm/snapshot) rau pej xeem repositories.
- Tsis siv neeg xyuas ntawm kev tso tawm versions rau kev tshaj tawm hauv maven central.
- Ib qho kev daws teeb meem dav dav rau kev xa cov khoom cuav mus rau qhov chaw cia khoom rau ntau qhov haujlwm.
- Simplicity thiab yooj yim ntawm kev siv.
Txheem
General ntaub ntawv
- Cov lus piav qhia ntxaws ntxaws ntawm cov txheej txheem rau kev tshaj tawm cov khoom cuav hauv Maven Central ntawm Sonatype OSS Repository Hosting Service twb tau piav qhia hauv tus neeg siv , yog li kuv yuav xa mus rau tsab xov xwm no hauv qhov chaw zoo.
- Pre-register rau thiab qhib ib daim pib mus qhib lub repository (nyeem cov seem kom paub meej ntxiv ). Tom qab qhib lub repository, tus ID nkag mus / lo lus zais khub los ntawm JIRA (tom qab no hu ua Sonatype account) yuav raug siv los upload cov khoom cuav rau Sonatype nexus.
- Tom ntej no, cov txheej txheem ntawm kev tsim tus yuam sij GPG tau piav qhia qhuav heev. Saib seem kom paub meej ntxiv
- Yog tias koj siv lub console Linux los tsim tus yuam sij GPG (gnupg/gnupg2), ces koj yuav tsum tau nruab los tsim entropy. Txwv tsis pub, cov cim tseem ceeb yuav siv sij hawm ntev heev.
- Cov kev pabcuam khaws cia pej xeem GPG cov yuam sij
Teeb tsa ib qhov project hauv GitLab
- Ua ntej tshaj plaws, koj yuav tsum tsim thiab teeb tsa ib qhov project uas lub raj xa dej yuav raug muab khaws cia rau kev xa cov khoom cuav. Kuv tau hu kuv qhov project yooj yim thiab tsis yooj yim -
- Tom qab tsim lub repository, koj yuav tsum txwv tsis pub nkag mus hloov lub repository.
Mus rau qhov project -> Chaw -> Repository -> Tiv thaiv ceg. Peb tshem tawm tag nrho cov cai thiab ntxiv ib txoj cai nrog Wildcard * nrog rau txoj cai thawb thiab sib koom ua ke tsuas yog rau cov neeg siv nrog lub luag haujlwm Tus Saib Xyuas. Txoj cai no yuav ua haujlwm rau txhua tus neeg siv ntawm ob qho haujlwm no thiab pab pawg uas qhov haujlwm no koom nrog.
- Yog tias muaj ntau tus neeg saib xyuas, ces qhov kev daws teeb meem zoo tshaj plaws yuav txwv tsis pub nkag mus rau qhov project hauv txoj cai.
Mus rau qhov project -> Chaw -> General -> Visibility, qhov project nta, kev tso cai thiab teeb qhov pom kev rau qhov project private.
Kuv muaj ib txoj haujlwm siv tau rau pej xeem, txij li thaum kuv siv kuv tus kheej GitLab Runner thiab tsuas yog kuv muaj kev nkag mus hloov lub chaw cia khoom. Zoo, qhov tseeb, nws tsis yog nyob rau hauv kuv qhov kev txaus siab los qhia cov ntaub ntawv ntiag tug hauv pej xeem cov kav dej cav. - Tightening cov cai rau kev hloov lub repository
Mus rau qhov project -> Chaw -> Repository -> Push Rules thiab teeb tsa Committer txwv, Xyuas seb tus sau yog tus neeg siv tus chij GitLab. Kuv kuj pom zoo kom teeb tsa , thiab teem lub Reject unsigned commits chij. - Tom ntej no koj yuav tsum configure ib tug trigger rau tso tej hauj lwm
Mus rau qhov project -> Chaw -> CI / CD -> Pipeline triggers thiab tsim ib tug tshiab trigger-token
Cov token no tuaj yeem raug ntxiv tam sim ntawd rau qhov kev teeb tsa dav dav ntawm qhov hloov pauv rau ib pawg ntawm cov haujlwm.
Mus rau pab pawg -> Chaw -> CI / CD -> Hloov pauv thiab ntxiv qhov sib txawvDEPLOY_TOKENnrog trigger-token hauv tus nqi.
GitLab Khiav
Tshooj lus no piav qhia txog kev teeb tsa rau kev khiav haujlwm ntawm kev xa tawm siv koj tus kheej (Tshwj xeeb) thiab pej xeem (Sib koom) khiav.
Tshwj xeeb khiav
Kuv siv kuv tus kheej khiav vim hais tias, ua ntej ntawm tag nrho cov, nws yog yooj yim, ceev, thiab pheej yig.
Rau tus khiav, kuv pom zoo kom Linux VDS nrog 1 CPU, 2 GB RAM, 20 GB HDD. Qhov teeb meem tus nqi yog ~ 3000₽ ib xyoos.
Kuv tus khiav
Rau tus khiav kuv coj VDS 4 CPU, 4 GB RAM, 50 GB SSD. Tus nqi ~ 11000₽ thiab yeej tsis khuv xim nws.
Kuv muaj tag nrho ntawm 7 lub tshuab. 5 ntawm aruba thiab 2 ntawm ihor.
Yog li peb muaj tus khiav. Tam sim no peb yuav configure nws.
Peb mus rau lub tshuab ntawm SSH thiab nruab java, git, maven, gnupg2.
Txhim kho gitlab khiav
- Tsim ib pab pawg tshiab
runnersudo groupadd runner - Tsim ib daim ntawv teev npe rau maven cache thiab tso cai rau pab pawg
runner
Koj tuaj yeem hla qhov taw tes no yog tias koj tsis npaj yuav khiav ntau tus neeg khiav ntawm ib lub tshuab.mkdir -p /usr/cache/.m2/repository chown -R :runner /usr/cache chmod -R 770 /usr/cache - Tsim tus neeg siv
gitlab-deployerthiab ntxiv rau pawgrunneruseradd -m -d /home/gitlab-deployer gitlab-deployer usermod -a -G runner gitlab-deployer - Ntxiv rau cov ntaub ntawv
/etc/ssh/sshd_configkab tom ntejAllowUsers root@* [email protected] - Rov pib dua
sshdsystemctl restart sshd - Teem tus password rau tus neeg siv
gitlab-deployer(yuav ua tau yooj yim, vim muaj kev txwv rau localhost)passwd gitlab-deployer - Nruab GitLab Runner (Linux x86-64)
sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner - Mus rau lub vev xaib gitlab.com -> deploy-project -> Chaw -> CI/CD -> Runners -> Cov neeg khiav dej num tshwj xeeb thiab luam cov ntawv sau npe.
Screen
- Sau npe tus khiav
gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml
txheej txheem
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!- Peb xyuas tias tus khiav tau sau npe. Mus rau lub vev xaib gitlab.com -> deploy-project -> Chaw -> CI/CD -> Runners -> Specific Runners -> Runners activated for this project
Screen
- Ntxiv cais kev pab cuam
/etc/systemd/system/gitlab-deployer.service[Unit] Description=GitLab Deploy Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/local/bin/gitlab-runner [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target - Cia peb pib qhov kev pabcuam.
systemctl enable gitlab-deployer.service systemctl start gitlab-deployer.service systemctl status gitlab-deployer.service - Peb xyuas tias tus khiav yog khiav.
Piv Txwv:
Tsim cov yuam sij GPG
-
Los ntawm tib lub tshuab peb nkag mus ntawm ssh hauv qab tus neeg siv
gitlab-deployer(qhov no yog qhov tseem ceeb rau kev tsim tus yuam sij GPG)ssh [email protected] -
Peb tsim ib qho tseem ceeb los ntawm kev teb cov lus nug. Kuv siv kuv tus kheej lub npe thiab email.
Nco ntsoov qhia tus password rau tus yuam sij. Artifacts yuav kos npe nrog tus yuam sij no.gpg --gen-key -
Txheeb xyuas
gpg --list-keys -a /home/gitlab-deployer/.gnupg/pubring.gpg ---------------------------------------- pub 4096R/00000000 2019-04-19 uid Petruha Petrov <[email protected]> sub 4096R/11111111 2019-04-19 -
Uploading peb public key rau tus key server
gpg --keyserver keys.gnupg.net --send-key 00000000 gpg: sending key 00000000 to hkp server keys.gnupg.net
Kev teeb tsa Maven
- Nkag mus raws li tus neeg siv
gitlab-deployersu gitlab-deployer - Tsim ib daim ntawv qhia maven repository thiab txuas mus rau lub cache (tsis txhob yuam kev)
Koj tuaj yeem hla qhov taw tes no yog tias koj tsis npaj yuav khiav ntau tus neeg khiav ntawm ib lub tshuab.mkdir -p ~/.m2/repository ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository - Tsim tus yuam sij master
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Tsim ib cov ntaub ntawv ~/.m2/settings-security.xml
<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Encrypting tus password rau Sonatype account
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Tsim ib cov ntaub ntawv ~/.m2/settings.xml
<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>SONATYPE_USERNAME</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
qhov twg,
GPG_SECRET_KEY_PASSHRASE - tus password rau tus yuam sij GPG
SONATYPE_USERNAME - sonatype tus account nkag
Qhov no ua tiav kev teeb tsa ntawm tus khiav, koj tuaj yeem mus rau ntu
Shared Runner
Tsim cov yuam sij GPG
-
Ua ntej tshaj plaws, koj yuav tsum tsim tus yuam sij GPG. Txhawm rau ua qhov no, nruab gnupg.
yum install -y gnupg -
Peb tsim ib qho tseem ceeb los ntawm kev teb cov lus nug. Kuv siv kuv tus kheej lub npe thiab email. Nco ntsoov qhia tus password rau tus yuam sij.
gpg --gen-key -
Tso cov ntaub ntawv ntawm tus yuam sij
gpg --list-keys -a pub rsa3072 2019-04-24 [SC] [expires: 2021-04-23] 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 uid [ultimate] tttemp <[email protected]> sub rsa3072 2019-04-24 [E] [expires: none] -
Uploading peb public key rau tus key server
gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net -
Peb tau txais tus yuam sij ntiag tug
gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 -----BEGIN PGP PRIVATE KEY BLOCK----- lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5 ... =2Wd2 -----END PGP PRIVATE KEY BLOCK----- -
Mus rau qhov chaw teeb tsa -> Chaw -> CI / CD -> Hloov pauv thiab txuag tus yuam sij ntiag tug hauv qhov sib txawv
GPG_SECRET_KEY
Kev teeb tsa Maven
- Tsim tus yuam sij master
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Mus rau qhov project nqis -> Nqis -> CI / CD -> Variables thiab txuag hauv qhov sib txawv
SETTINGS_SECURITY_XMLcov kab hauv qab no:<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Encrypting tus password rau Sonatype account
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Mus rau qhov project nqis -> Nqis -> CI / CD -> Variables thiab txuag hauv qhov sib txawv
SETTINGS_XMLcov kab hauv qab no:<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>sonatype_username</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
qhov twg,
GPG_SECRET_KEY_PASSHRASE - tus password rau tus yuam sij GPG
SONATYPE_USERNAME - sonatype tus account nkag
Deploy docker duab
-
Peb tsim ib qho yooj yim yooj yim Dockerfile los khiav cov dej num nrog rau Java version yuav tsum tau. Hauv qab no yog ib qho piv txwv rau alpine.
FROM java:8u111-jdk-alpine RUN apk add gnupg maven git --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && mkdir ~/.m2/ -
Sib sau ua ke lub thawv rau koj qhov project
docker build -t registry.gitlab.com/group/deploy . -
Peb txheeb xyuas thiab thauj lub thawv rau hauv daim ntawv teev npe.
docker login -u USER -p PASSWORD registry.gitlab.com docker push registry.gitlab.com/group/deploy
GitLab CI
Deploy qhov project
Ntxiv cov ntaub ntawv .gitlab-ci.yml rau hauv paus ntawm qhov kev xa tawm
Tsab ntawv nthuav tawm ob txoj haujlwm tshwj xeeb rau kev xa tawm. Tshwj xeeb Runner lossis Shared Runner feem.
.gitlab-ci.yml
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# Задача будет выполняться на вашем shell-раннере
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# Задача будет выполняться на публичном docker-раннере
tags:
- docker
# Образ из раздела GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# Импортируем GPG ключ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# Сохраняем maven конфигурацию
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# Задача сработает по триггеру, если передана переменная DEPLOY со значением java
only:
variables:
- $DEPLOY == "java"
variables:
# отключаем клонирование текущего проекта
GIT_STRATEGY: none
script:
# Предоставляем возможность хранения пароля в незашифрованном виде
- git config --global credential.helper store
# Сохраняем временные креды пользователя gitlab-ci-token
# Токен работает для всех публичных проектов gitlab.com и для проектов группы
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# Полностью чистим текущую директорию
- rm -rf .* *
# Клонируем проект который, будем деплоить в Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# Переключаемся на нужный коммит
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
# В противном случае есть риск залить сырые артефакты в maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# Запускаем задачу на сборку и деплой артефактов
- mvn clean deploy -DskipTests=true
Java project
Nyob rau hauv java tej yaam num uas yuav tsum tau muab upload rau pej xeem repositories, koj yuav tsum tau ntxiv 2 kauj ruam mus download tau lub Release thiab Snapshot versions.
.gitlab-ci.yml
stages:
- build
- test
- verify
- deploy
<...>
Release:
extends: .trigger_deploy
# Запускать задачу только пo тегу.
only:
- tags
Snapshot:
extends: .trigger_deploy
# Запускаем задачу на публикацию SNAPSHOT версии вручную
when: manual
# Не запускать задачу, если проставлен тег.
except:
- tags
.trigger_deploy:
stage: deploy
variables:
# Отключаем клонирование текущего проекта
GIT_STRATEGY: none
# Ссылка на триггер deploy-задачи
URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
# Переменные deploy-задачи
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
# Не использую cURL, так как с флагами --fail --show-error
# он не выводит тело ответа, если HTTP код 400 и более
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}Hauv qhov kev daws teeb meem no, kuv mus ntxiv me ntsis thiab txiav txim siab siv ib qho CI template rau java tej yaam num.
Hauv cov ntsiab lus
Kuv tsim ib qhov project cais nyob rau hauv uas kuv tso ib tug CI template rau java tej yaam num .
common.yml
stages:
- build
- test
- verify
- deploy
variables:
SONAR_ARGS: "
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
"
.build_java_project:
stage: build
tags:
- touchbit-shell
variables:
SKIP_TEST: "false"
script:
- mvn clean
- mvn package -DskipTests=${SKIP_TEST}
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.build_sphinx_doc:
stage: build
tags:
- touchbit-shell
variables:
DOCKERFILE: .indirect/docs/Dockerfile
script:
- docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .
.junit_module_test_run:
stage: test
tags:
- touchbit-shell
variables:
MODULE: ""
script:
- cd ${MODULE}
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.junit_test_run:
stage: test
tags:
- touchbit-shell
script:
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.sonar_review:
stage: verify
tags:
- touchbit-shell
dependencies: []
script:
- >
if [ "$CI_BUILD_REF_NAME" == "master" ]; then
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
else
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
fi
.trigger_deploy:
stage: deploy
tags:
- touchbit-shell
variables:
URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
.trigger_release_deploy:
extends: .trigger_deploy
only:
- tags
.trigger_snapshot_deploy:
extends: .trigger_deploy
when: manual
except:
- tags
Yog li ntawd, hauv java tej yaam num lawv tus kheej, .gitlab-ci.yml zoo nkaus li compact thiab tsis verbose.
.gitlab-ci.yml
include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml
Shields4J:
extends: .build_java_project
Sphinx doc:
extends: .build_sphinx_doc
variables:
DOCKERFILE: .docs/Dockerfile
Sonar review:
extends: .sonar_review
dependencies:
- Shields4J
Release:
extends: .trigger_release_deploy
Snapshot:
extends: .trigger_snapshot_deploy
Pom.xml configuration
Lub ntsiab lus no tau piav qhia ntau yam. в , yog li kuv yuav piav qhia qee qhov nuances ntawm kev siv plugins. Kuv tseem yuav piav qhia seb koj siv tau yooj yim thiab so nexus-staging-maven-pluginyog tias koj tsis xav tau lossis siv tsis tau org.sonatype.oss:oss-niam txiv ua niam txiv rau koj qhov project.
maven-install-plugin
Installs modules rau hauv lub zos repository.
Muaj txiaj ntsig zoo rau kev txheeb xyuas hauv zos ntawm cov kev daws teeb meem hauv lwm cov haujlwm, nrog rau kev txheeb xyuas.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- Если у вас многомодульный проект с деплоем родительского помика -->
<phase>install</phase>
<!-- Явно указываем файлы для локальной установки -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- Принудительное обновление метаданных проекта -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- Контрольные суммы для проверки целостности -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
maven-javadoc-plugin
Tsim javadoc rau qhov project.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
<phase>prepare-package</phase>
<configuration>
<!-- Очень помогает в публичных проектах -->
<failOnError>true</failOnError>
<failOnWarnings>true</failOnWarnings>
<!-- Убирает ошибку поиска документации в target директории -->
<detectOfflineLinks>false</detectOfflineLinks>
</configuration>
</execution>
</executions>
</plugin>Yog tias koj muaj ib qho module uas tsis muaj java (piv txwv li cov peev txheej nkaus xwb)
Los yog koj tsis xav tsim javadoc hauv txoj cai, ces pab maven-jar-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>empty-javadoc-jar</id>
<phase>generate-resources</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>javadoc</classifier>
<classesDirectory>${basedir}/javadoc</classesDirectory>
</configuration>
</execution>
</executions>
</plugin>
maven-gpg-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<!-- Сборка будет падать, если отсутствует GPG ключ -->
<!-- Подписываем артефакты только на фазе deploy -->
<phase>deploy</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
nexus-staging-maven-plugin
Configuration:
<project>
<!-- ... -->
<build>
<plugins>
<!-- ... -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- Обновляем метаданные, чтобы пометить артефакт как release -->
<!-- Не влияет на snapshot версии -->
<updateReleaseInfo>true</updateReleaseInfo>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<!-- Отключаем плагин -->
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype</id>
<name>Nexus Snapshot Repository</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>Yog tias koj muaj ib qhov project multi-module thiab koj tsis tas yuav upload ib qho module rau qhov chaw cia, ces koj yuav tsum tau ntxiv nexus-staging-maven-plugin nrog chij skipNexusStagingDeployMojo
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
</plugin>
</plugins>
</build>Tom qab rub tawm, snapshot / tso tawm versions muaj nyob rau hauv
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- Не надо указывать флаги snapshot/release для репозитория -->
</repository>
</repositories>Ntau pluses
- Ib daim ntawv teev npe nplua nuj ntawm cov hom phiaj rau kev ua haujlwm nrog lub chaw cia khoom sib txuas (
mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin). - Tsis siv neeg tso tawm kos rau uploading rau maven central
tshwm sim
Tshaj tawm SNAPSHOT version
Thaum tsim ib qhov project, nws muaj peev xwm ua haujlwm ua haujlwm los rub tawm SNAPSHOT version rau txuas
Thaum txoj haujlwm no tau pib, cov haujlwm sib thooj hauv qhov kev xa tawm tau tshwm sim ().
Trimmed log
Running with gitlab-runner 11.10.0 (3001a600)
on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0 [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO] Updating project org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:client
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:test-core
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:testng
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:client
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO] * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [ 2.375 s]
[INFO] test-core .......................................... SUCCESS [ 3.929 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------Yog li ntawd, lub version yog loaded rau hauv nexus .
Tag nrho cov snapshot versions tuaj yeem raug tshem tawm ntawm qhov chaw cia khoom ntawm lub vev xaib nyob rau hauv koj tus account.
Tshaj tawm qhov kev tso tawm version
Thaum ib lub cim tau teeb tsa, cov hauj lwm sib thooj hauv qhov kev xa tawm yog cia li ua rau rub tawm cov ntawv tso tawm rau nexus ().
Qhov zoo tshaj plaws yog tias qhov kev tso tawm kaw tau txiav tawm hauv nexus.
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------Thiab yog tias muaj ib yam dab tsi tsis ncaj ncees lawm, txoj haujlwm yuav ua tsis tiav
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------Yog li ntawd, peb tsuas tshuav ib qho kev xaiv xwb. Los yog rho tawm no version los yog luam tawm nws.
Tom qab tso tawm, tom qab qee lub sijhawm cov khoom qub yuav nyob hauv
offtopic
Nws yog ib qho kev tshawb pom rau kuv tias maven indexes lwm cov chaw khaws ntaub ntawv pej xeem.
Kuv yuav tsum tau ntxiv robots.txt vim nws indexed kuv qub repository.
xaus
Peb muaj dab tsi
- Ib txoj haujlwm cais tawm uas koj tuaj yeem siv ntau yam haujlwm CI rau kev xa cov khoom qub rau cov chaw khaws ntaub ntawv pej xeem rau ntau hom lus.
- Lub Deploy project yog cais los ntawm kev cuam tshuam sab nraud thiab tsuas yog hloov tau los ntawm cov neeg siv nrog Tus Tswv thiab Tus Saib Xyuas lub luag haujlwm.
- Ib qho tshwj xeeb Runner nrog "kub" cache kom khiav tsuas yog xa cov dej num.
- Publishing snapshot/release versions in a public repository.
- Tsis siv neeg xyuas ntawm qhov tso tawm version rau kev npaj rau kev tshaj tawm hauv maven central.
- Kev tiv thaiv tsis siv neeg tshaj tawm ntawm "raws" versions hauv maven central.
- Tsim thiab tshaj tawm snapshot versions "ntawm nyem".
- Ib qho chaw khaws cia rau kev tau txais snapshot / tso tawm versions.
- General pipeline rau lub tsev / kuaj / luam tawm ib qhov project java.
Kev teeb tsa GitLab CI tsis yog ib lub ntsiab lus nyuaj raws li nws zoo nkaus li thaum xub thawj siab ib muag. Nws yog txaus los teeb tsa CI ntawm lub hauv paus turnkey ob peb zaug, thiab tam sim no koj nyob deb ntawm tus neeg nyiam ua haujlwm hauv qhov teeb meem no. Ntxiv mus, GitLab cov ntaub ntawv yog qhov tsis txaus ntseeg heev. Tsis txhob ntshai ua thawj kauj ruam. Txoj kev tshwm nyob rau hauv cov kauj ruam ntawm tus neeg taug kev (Kuv tsis nco qab leej twg hais nws :)
Kuv yuav zoo siab tau txais cov lus qhia.
Hauv tsab xov xwm tom ntej no kuv yuav tham txog yuav ua li cas teeb tsa GitLab CI los khiav cov haujlwm nrog kev sib koom ua ke kev sib tw (khiav cov kev pabcuam hauv kev sim siv docker-compose) yog tias koj tsuas muaj ib lub plhaub khiav.
Tau qhov twg los: www.hab.com