Mete kanpe GitLab CI pou telechaje yon pwojè java nan maven central
Atik sa a fèt pou devlopè java ki bezwen byen vit pibliye pwodwi yo nan sonatype ak/oswa maven depo santral lè l sèvi avèk GitLab. Nan atik sa a, mwen pral pale sou mete kanpe gitlab-runner, gitlab-ci ak maven-plugin pou rezoud pwoblèm sa a.
Kondisyon:
Depo san danje nan kle mvn ak GPG.
Sekirize ekzekisyon travay CI piblik yo.
Téléchargement zafè (version/snapshot) nan depo piblik yo.
Tcheke otomatik vèsyon lage pou piblikasyon nan Maven Central.
Yon solisyon jeneral pou telechaje zafè nan yon depo pou plizyè pwojè.
Yon deskripsyon detaye sou mekanis pou pibliye zafè nan Maven Central atravè Sonatype OSS Repository Hosting Service deja dekri nan Atik sa itilizatè Googleolplex, Se konsa, mwen pral refere a atik sa a nan kote ki dwat.
Pre-enskri nan Sonatype JIRA epi kòmanse yon tikè pou louvri depo a (pou plis detay, li seksyon an Kreye yon tikè Sonatype JIRA). Apre ouvèti repozitwa a, yo pral itilize pè login/modpas JIRA (ki refere yo kòm kont Sonatype) pou telechaje zafè nan Nexus Sonatype.
Si w ap itilize konsole Linux la pou jenere yon kle GPG (gnupg/gnupg2), ou bezwen enstale. zouti-rng jenere entropi. Sinon, jenerasyon kle ka pran yon tan trè long.
Premye a tout, ou bezwen kreye ak konfigirasyon yon pwojè nan ki tiyo a pral estoke pou deplwaman nan zafè. Mwen rele pwojè mwen an tou senpleman ak san konplike - deplwaye
Apre ou fin kreye depo a, ou bezwen mete restriksyon sou aksè a chanje depo a.
Ale nan pwojè a -> Anviwònman -> Repozitwa -> Branch Pwoteje. Nou efase tout règ epi ajoute yon sèl règ ak Wildcard * ak dwa pou pouse ak rantre sèlman pou itilizatè ki gen wòl Maintainers. Règ sa a pral travay pou tout itilizatè tou de pwojè sa a ak gwoup nan ki pwojè sa a fè pati.
Si gen plizyè moun ki kenbe, Lè sa a, pi bon solisyon an ta dwe mete restriksyon sou aksè nan pwojè a nan prensip.
Ale nan pwojè a -> Anviwònman -> Jeneral -> Vizibilite, karakteristik pwojè, otorizasyon epi mete vizibilite Pwojè a. Prive.
Mwen gen yon pwojè nan aksè piblik, depi mwen itilize pwòp GitLab Runner mwen epi sèlman mwen gen aksè a modifye depo a. Oke, aktyèlman li pa nan enterè mwen yo montre enfòmasyon prive nan mòso tiyo piblik yo.
Ranfòse règ yo pou chanje depo a
Ale nan pwojè a -> Anviwònman -> Repository -> Pouse Règ epi mete restriksyon sou drapo yo, tcheke si otè a se yon itilizatè GitLab. Mwen rekòmande tou mete komèt siyen, epi mete rejte drapo komèt ki pa siyen yo.
Apre sa, ou bezwen configured yon deklanche pou kouri travay
Ale nan pwojè -> Anviwònman -> CI / CD -> Pipeline deklanche epi kreye yon nouvo deklanche-jeton
Siy sa a ka imedyatman ajoute nan konfigirasyon jeneral varyab pou yon gwoup pwojè.
Ale nan gwoup la -> Anviwònman -> CI / CD -> Varyab epi ajoute yon varyab DEPLOY_TOKEN ak deklanche-jeton nan valè a.
Seksyon sa a dekri konfigirasyon pou kouri travay sou deplwaye lè l sèvi avèk kourè natif natal (Espesifik) ak piblik (Pataj).
Kourè espesifik
Mwen sèvi ak kourè pwòp mwen yo, paske premye nan tout li nan pratik, vit, bon mache.
Pou kourè mwen rekòmande Linux VDS ak 1 CPU, 2 GB RAM, 20 GB HDD. Pri pwoblèm ~ 3000₽ pou chak ane.
Kourè mwen an
Pou kourè a mwen te pran VDS 4 CPU, 4 GB RAM, 50 GB SSD. Li te koute ~ 11000₽ epi li pa janm regrèt li.
Mwen gen yon total de 7 machin. 5 sou aruba ak 2 sou ihor.
Se konsa, nou gen yon kourè. Koulye a, nou pral mete kanpe li.
Nou ale nan machin nan atravè SSH epi enstale java, git, maven, gnupg2.
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
Tcheke ke kourè a anrejistre. Ale sou gitlab.com -> deploy-project -> Anviwònman -> CI/CD -> Kourè -> Kourè espesifik -> Kourè aktive pou pwojè sa a
Nou jenere yon kle lè nou reponn kesyon yo. Mwen itilize pwòp non mwen ak imel.
Asire ou ke ou presize modpas la pou kle a. Afèk yo pral siyen ak kle sa a.
gpg --gen-key
Tcheke
gpg --list-keys -a
/home/gitlab-deployer/.gnupg/pubring.gpg
----------------------------------------
pub 4096R/00000000 2019-04-19
uid Petruha Petrov <[email protected]>
sub 4096R/11111111 2019-04-19
Telechaje kle piblik nou an nan sèvè kle a
gpg --keyserver keys.gnupg.net --send-key 00000000
gpg: sending key 00000000 to hkp server keys.gnupg.net
Kreye yon anyè maven repozitwa ak konekte ak kachèt la (pa fè okenn erè)
Etap sa a ka sote si ou pa planifye pou kouri plizyè kourè sou menm machin nan.
Ajoute fichye a .gitlab-ci.yml nan rasin pwojè deplwaye a
Script la prezante de travay deplwaman mityèlman eksklizif. Kourè espesifik oswa kourè pataje respektivman.
.gitlab-ci.yml
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# Задача будет выполняться на вашем shell-раннере
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# Задача будет выполняться на публичном docker-раннере
tags:
- docker
# Образ из раздела GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# Импортируем GPG ключ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# Сохраняем maven конфигурацию
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# Задача сработает по триггеру, если передана переменная DEPLOY со значением java
only:
variables:
- $DEPLOY == "java"
variables:
# отключаем клонирование текущего проекта
GIT_STRATEGY: none
script:
# Предоставляем возможность хранения пароля в незашифрованном виде
- git config --global credential.helper store
# Сохраняем временные креды пользователя gitlab-ci-token
# Токен работает для всех публичных проектов gitlab.com и для проектов группы
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# Полностью чистим текущую директорию
- rm -rf .* *
# Клонируем проект который, будем деплоить в Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# Переключаемся на нужный коммит
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
# В противном случае есть риск залить сырые артефакты в maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# Запускаем задачу на сборку и деплой артефактов
- mvn clean deploy -DskipTests=true
Sijè sa a dekri an detay anpil. Googleolplex в Mete kanpe maven pou otomatikman siyen ak telechaje zafè nan snapshot ak depo, Se konsa, mwen pral dekri kèk nan nuans yo nan lè l sèvi avèk grefon. Mwen pral tou dekri kouman fasil ak natirèlman ou ka itilize nexus-staging-maven-pluginsi ou pa vle oswa ou pa ka itilize org.sonatype.oss:oss-parent kòm paran pou pwojè ou a.
maven-install-plugin
Enstale modil nan depo lokal la.
Trè itil pou verifikasyon lokal nan solisyon nan lòt pwojè, osi byen ke yon sòm chèk.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- Если у вас многомодульный проект с деплоем родительского помика -->
<phase>install</phase>
<!-- Явно указываем файлы для локальной установки -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- Принудительное обновление метаданных проекта -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- Контрольные суммы для проверки целостности -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
Si ou gen yon pwojè milti-modil, epi ou pa bezwen telechaje yon modil espesifik nan repozitwa a, Lè sa a, ou bezwen ajoute nan pom.xml nan modil sa a. nexus-staging-maven-plugin ak drapo skipNexusStagingDeployMojo
Apre yo fin telechaje snapshot/version vèsyon yo disponib nan depo depo
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- Не надо указывать флаги snapshot/release для репозитория -->
</repository>
</repositories>
Plis plis
Yon lis trè rich nan objektif pou travay ak depo nexus la (mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin).
Tcheke lage otomatik pou telechaje nan Maven Central
Lè tag la mete, travay ki koresponn lan nan pwojè deplwaye a otomatikman deklanche pou telechaje vèsyon an lage nan nexus (egzanp).
Pati ki pi bon se ke fèmen lage otomatikman deklannche nan lyen.
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------
Men, si yon bagay ale mal, Lè sa a, travay la ap echwe
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
Kòm yon rezilta, nou rete ak yon sèl chwa. Oswa efase vèsyon sa a oswa pibliye.
Apre liberasyon an, apre kèk tan, zafè yo pral nan
offtopic
Se te yon revelasyon pou mwen ke maven endis lòt depo piblik yo.
Mwen te oblije telechaje robots.txt paske li endis depo ansyen mwen an.
Yon pwojè deplwaye separe kote ou ka aplike plizyè travay CI pou telechaje zafè nan depo piblik pou divès lang devlopman.
Pwojè deplwaman an izole nan entèferans deyò epi itilizatè yo ka modifye sèlman ak wòl Pwopriyetè ak Antretyen.
Отдельный Specific Runner с "горячим" кэшем для запуска только deploy задач.
Piblikasyon vèsyon snapshot/divilgasyon nan yon depo piblik.
Tcheke otomatik nan vèsyon an lage pou preparasyon pou piblikasyon nan Maven Central.
Защита от автоматической публикации "сырых" версий в maven central.
Сборка и публикация snapshot версий "по клику".
Single repozitwa pou jwenn vèsyon snapshot / lage.
Tiyo jeneral pou bati / tès / pibliye yon pwojè java.
Настройка GitLab CI не такая сложная тема как кажется на первый взгляд. Достаточно пару раз настроить CI "под ключ" и вот, ты уже далеко не дилетант в этом деле. Тем более GitLab документация весьма избыточна. Не бойтесь делать первый шаг. Дорога возникает под шагами идущего (не помню кто сказал 🙂 ).
Mwen pral kontan bay fidbak.
Nan pwochen atik la, mwen pral montre w kouman yo mete GitLab CI pou kouri travay tès entegrasyon konpetitif (kouri sèvis tès ak docker-compose) si ou gen sèlman yon kourè koki.