Atik sa a fèt pou devlopè java ki bezwen byen vit pibliye pwodwi yo nan sonatype ak/oswa maven depo santral lè l sèvi avèk GitLab. Nan atik sa a, mwen pral pale sou mete kanpe gitlab-runner, gitlab-ci ak maven-plugin pou rezoud pwoblèm sa a.
Kondisyon:
- Depo san danje nan kle mvn ak GPG.
- Sekirize ekzekisyon travay CI piblik yo.
- Téléchargement zafè (version/snapshot) nan depo piblik yo.
- Tcheke otomatik vèsyon lage pou piblikasyon nan Maven Central.
- Yon solisyon jeneral pou telechaje zafè nan yon depo pou plizyè pwojè.
- Senplisite ak fasilite nan itilize.
Content
Enfòmasyon jeneral
- Yon deskripsyon detaye sou mekanis pou pibliye zafè nan Maven Central atravè Sonatype OSS Repository Hosting Service deja dekri nan itilizatè , Se konsa, mwen pral refere a atik sa a nan kote ki dwat.
- Pre-enskri nan epi kòmanse yon tikè pou louvri depo a (pou plis detay, li seksyon an ). Apre ouvèti repozitwa a, yo pral itilize pè login/modpas JIRA (ki refere yo kòm kont Sonatype) pou telechaje zafè nan Nexus Sonatype.
- Pli lwen, pwosesis la nan jenere yon kle GPG dekri trè sèk. Gade seksyon an pou plis detay.
- Si w ap itilize konsole Linux la pou jenere yon kle GPG (gnupg/gnupg2), ou bezwen enstale. jenere entropi. Sinon, jenerasyon kle ka pran yon tan trè long.
- Sèvis depo piblik GPG kle
Mete kanpe yon pwojè deplwaye nan GitLab
- Premye a tout, ou bezwen kreye ak konfigirasyon yon pwojè nan ki tiyo a pral estoke pou deplwaman nan zafè. Mwen rele pwojè mwen an tou senpleman ak san konplike -
- Apre ou fin kreye depo a, ou bezwen mete restriksyon sou aksè a chanje depo a.
Ale nan pwojè a -> Anviwònman -> Repozitwa -> Branch Pwoteje. Nou efase tout règ epi ajoute yon sèl règ ak Wildcard * ak dwa pou pouse ak rantre sèlman pou itilizatè ki gen wòl Maintainers. Règ sa a pral travay pou tout itilizatè tou de pwojè sa a ak gwoup nan ki pwojè sa a fè pati.
- Si gen plizyè moun ki kenbe, Lè sa a, pi bon solisyon an ta dwe mete restriksyon sou aksè nan pwojè a nan prensip.
Ale nan pwojè a -> Anviwònman -> Jeneral -> Vizibilite, karakteristik pwojè, otorizasyon epi mete vizibilite Pwojè a. Prive.
Mwen gen yon pwojè nan aksè piblik, depi mwen itilize pwòp GitLab Runner mwen epi sèlman mwen gen aksè a modifye depo a. Oke, aktyèlman li pa nan enterè mwen yo montre enfòmasyon prive nan mòso tiyo piblik yo. - Ranfòse règ yo pou chanje depo a
Ale nan pwojè a -> Anviwònman -> Repository -> Pouse Règ epi mete restriksyon sou drapo yo, tcheke si otè a se yon itilizatè GitLab. Mwen rekòmande tou mete , epi mete rejte drapo komèt ki pa siyen yo. - Apre sa, ou bezwen configured yon deklanche pou kouri travay
Ale nan pwojè -> Anviwònman -> CI / CD -> Pipeline deklanche epi kreye yon nouvo deklanche-jeton
Siy sa a ka imedyatman ajoute nan konfigirasyon jeneral varyab pou yon gwoup pwojè.
Ale nan gwoup la -> Anviwònman -> CI / CD -> Varyab epi ajoute yon varyabDEPLOY_TOKENak deklanche-jeton nan valè a.
GitLab kourè
Seksyon sa a dekri konfigirasyon pou kouri travay sou deplwaye lè l sèvi avèk kourè natif natal (Espesifik) ak piblik (Pataj).
Kourè espesifik
Mwen sèvi ak kourè pwòp mwen yo, paske premye nan tout li nan pratik, vit, bon mache.
Pou kourè mwen rekòmande Linux VDS ak 1 CPU, 2 GB RAM, 20 GB HDD. Pri pwoblèm ~ 3000₽ pou chak ane.
Kourè mwen an
Pou kourè a mwen te pran VDS 4 CPU, 4 GB RAM, 50 GB SSD. Li te koute ~ 11000₽ epi li pa janm regrèt li.
Mwen gen yon total de 7 machin. 5 sou aruba ak 2 sou ihor.
Se konsa, nou gen yon kourè. Koulye a, nou pral mete kanpe li.
Nou ale nan machin nan atravè SSH epi enstale java, git, maven, gnupg2.
Enstale gitlab runner
- Kreye yon nouvo gwoup
runnersudo groupadd runner - Kreye yon anyè pou kachèt maven a epi bay dwa gwoup yo
runner
Ou ka sote etap sa a si ou pa planifye pou kouri plizyè kourè sou menm machin nan.mkdir -p /usr/cache/.m2/repository chown -R :runner /usr/cache chmod -R 770 /usr/cache - Kreye yon itilizatè
gitlab-deployerepi ajoute nan gwoup larunneruseradd -m -d /home/gitlab-deployer gitlab-deployer usermod -a -G runner gitlab-deployer - Ajoute nan dosye
/etc/ssh/sshd_configpwochen liyAllowUsers root@* [email protected] - Rdemare
sshdsystemctl restart sshd - Mete yon modpas pou itilizatè a
gitlab-deployer(li ka senp, paske gen yon restriksyon pou localhost)passwd gitlab-deployer - Enstale GitLab Runner (Linux x86-64)
sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner - Ale nan gitlab.com -> deploy-project -> Anviwònman -> CI/CD -> Kourè -> Kourè espesifik epi kopye siy enskripsyon an
Ekran
- Anrejistre kourè a
gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml
pwosesis
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!- Tcheke ke kourè a anrejistre. Ale sou gitlab.com -> deploy-project -> Anviwònman -> CI/CD -> Kourè -> Kourè espesifik -> Kourè aktive pou pwojè sa a
Ekran
- Ajoute separe sèvis
/etc/systemd/system/gitlab-deployer.service[Unit] Description=GitLab Deploy Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/local/bin/gitlab-runner [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target - Nou kòmanse sèvis la.
systemctl enable gitlab-deployer.service systemctl start gitlab-deployer.service systemctl status gitlab-deployer.service - Tcheke ke kourè a ap kouri.
Egzanp
GPG jenerasyon kle
-
Soti nan menm machin nan nou ale atravè ssh anba itilizatè a
gitlab-deployer(sa a enpòtan pou jenerasyon kle GPG)ssh [email protected] -
Nou jenere yon kle lè nou reponn kesyon yo. Mwen itilize pwòp non mwen ak imel.
Asire ou ke ou presize modpas la pou kle a. Afèk yo pral siyen ak kle sa a.gpg --gen-key -
Tcheke
gpg --list-keys -a /home/gitlab-deployer/.gnupg/pubring.gpg ---------------------------------------- pub 4096R/00000000 2019-04-19 uid Petruha Petrov <[email protected]> sub 4096R/11111111 2019-04-19 -
Telechaje kle piblik nou an nan sèvè kle a
gpg --keyserver keys.gnupg.net --send-key 00000000 gpg: sending key 00000000 to hkp server keys.gnupg.net
Maven konfigirasyon
- Nou ale anba itilizatè a
gitlab-deployersu gitlab-deployer - Kreye yon anyè maven repozitwa ak konekte ak kachèt la (pa fè okenn erè)
Etap sa a ka sote si ou pa planifye pou kouri plizyè kourè sou menm machin nan.mkdir -p ~/.m2/repository ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository - Kreye yon kle mèt
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Kreye fichye ~/.m2/settings-security.xml
<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Ankode modpas la nan kont Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Kreye fichye ~/.m2/settings.xml
<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>SONATYPE_USERNAME</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
kote,
GPG_SECRET_KEY_PASSPHRASE - GPG kle modpas
SONATYPE_USERNAME - konekte kont sonatype
Sa a konplete konfigirasyon kourè a, ou ka ale nan seksyon an
Pataje kourè
GPG jenerasyon kle
-
Premye a tout, ou bezwen kreye yon kle GPG. Pou fè sa, enstale gnupg.
yum install -y gnupg -
Nou jenere yon kle lè nou reponn kesyon yo. Mwen itilize pwòp non mwen ak imel. Asire ou ke ou presize modpas la pou kle a.
gpg --gen-key -
Rekipere enfòmasyon kle yo
gpg --list-keys -a pub rsa3072 2019-04-24 [SC] [expires: 2021-04-23] 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 uid [ultimate] tttemp <[email protected]> sub rsa3072 2019-04-24 [E] [expires: none] -
Telechaje kle piblik nou an nan sèvè kle a
gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net -
Jwenn yon kle prive
gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 -----BEGIN PGP PRIVATE KEY BLOCK----- lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5 ... =2Wd2 -----END PGP PRIVATE KEY BLOCK----- -
Ale nan anviwònman pwojè -> Anviwònman -> CI / CD -> Varyab epi sove kle prive a nan yon varyab
GPG_SECRET_KEY
Maven konfigirasyon
- Kreye yon kle mèt
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Ale nan anviwònman pwojè -> Anviwònman -> CI / CD -> Varyab epi sove nan yon varyab
SETTINGS_SECURITY_XMLliy sa yo:<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Ankode modpas la nan kont Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Ale nan anviwònman pwojè -> Anviwònman -> CI / CD -> Varyab epi sove nan yon varyab
SETTINGS_XMLliy sa yo:<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>sonatype_username</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
kote,
GPG_SECRET_KEY_PASSPHRASE - GPG kle modpas
SONATYPE_USERNAME - konekte kont sonatype
Deplwaye imaj docker
-
Nou kreye yon Dockerfile jistis senp pou kouri travay sou deplwaye ak vèsyon an vle nan Java. Anba a se yon egzanp pou alpine.
FROM java:8u111-jdk-alpine RUN apk add gnupg maven git --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && mkdir ~/.m2/ -
Bati yon veso pou pwojè ou a
docker build -t registry.gitlab.com/group/deploy . -
Nou otantifye epi chaje veso a nan rejis la.
docker login -u USER -p PASSWORD registry.gitlab.com docker push registry.gitlab.com/group/deploy
GitLab CI
Deplwaye pwojè
Ajoute fichye a .gitlab-ci.yml nan rasin pwojè deplwaye a
Script la prezante de travay deplwaman mityèlman eksklizif. Kourè espesifik oswa kourè pataje respektivman.
.gitlab-ci.yml
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# Задача будет выполняться на вашем shell-раннере
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# Задача будет выполняться на публичном docker-раннере
tags:
- docker
# Образ из раздела GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# Импортируем GPG ключ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# Сохраняем maven конфигурацию
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# Задача сработает по триггеру, если передана переменная DEPLOY со значением java
only:
variables:
- $DEPLOY == "java"
variables:
# отключаем клонирование текущего проекта
GIT_STRATEGY: none
script:
# Предоставляем возможность хранения пароля в незашифрованном виде
- git config --global credential.helper store
# Сохраняем временные креды пользователя gitlab-ci-token
# Токен работает для всех публичных проектов gitlab.com и для проектов группы
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# Полностью чистим текущую директорию
- rm -rf .* *
# Клонируем проект который, будем деплоить в Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# Переключаемся на нужный коммит
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
# В противном случае есть риск залить сырые артефакты в maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# Запускаем задачу на сборку и деплой артефактов
- mvn clean deploy -DskipTests=true
Pwojè Java
Nan pwojè java ki sipoze telechaje nan depo piblik yo, ou bezwen ajoute 2 etap pou telechaje vèsyon Release ak Snapshot yo.
.gitlab-ci.yml
stages:
- build
- test
- verify
- deploy
<...>
Release:
extends: .trigger_deploy
# Запускать задачу только пo тегу.
only:
- tags
Snapshot:
extends: .trigger_deploy
# Запускаем задачу на публикацию SNAPSHOT версии вручную
when: manual
# Не запускать задачу, если проставлен тег.
except:
- tags
.trigger_deploy:
stage: deploy
variables:
# Отключаем клонирование текущего проекта
GIT_STRATEGY: none
# Ссылка на триггер deploy-задачи
URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
# Переменные deploy-задачи
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
# Не использую cURL, так как с флагами --fail --show-error
# он не выводит тело ответа, если HTTP код 400 и более
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}Nan solisyon sa a, mwen te ale yon ti kras pi lwen epi deside sèvi ak yon modèl CI pou pwojè java.
Plis detay
Mwen te kreye yon pwojè separe kote li te mete modèl CI pou pwojè java .
komen.yml
stages:
- build
- test
- verify
- deploy
variables:
SONAR_ARGS: "
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
"
.build_java_project:
stage: build
tags:
- touchbit-shell
variables:
SKIP_TEST: "false"
script:
- mvn clean
- mvn package -DskipTests=${SKIP_TEST}
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.build_sphinx_doc:
stage: build
tags:
- touchbit-shell
variables:
DOCKERFILE: .indirect/docs/Dockerfile
script:
- docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .
.junit_module_test_run:
stage: test
tags:
- touchbit-shell
variables:
MODULE: ""
script:
- cd ${MODULE}
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.junit_test_run:
stage: test
tags:
- touchbit-shell
script:
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.sonar_review:
stage: verify
tags:
- touchbit-shell
dependencies: []
script:
- >
if [ "$CI_BUILD_REF_NAME" == "master" ]; then
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
else
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
fi
.trigger_deploy:
stage: deploy
tags:
- touchbit-shell
variables:
URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
.trigger_release_deploy:
extends: .trigger_deploy
only:
- tags
.trigger_snapshot_deploy:
extends: .trigger_deploy
when: manual
except:
- tags
Kòm yon rezilta, nan pwojè java yo tèt yo, .gitlab-ci.yml sanble trè kontra enfòmèl ant epi yo pa pwolib.
.gitlab-ci.yml
include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml
Shields4J:
extends: .build_java_project
Sphinx doc:
extends: .build_sphinx_doc
variables:
DOCKERFILE: .docs/Dockerfile
Sonar review:
extends: .sonar_review
dependencies:
- Shields4J
Release:
extends: .trigger_release_deploy
Snapshot:
extends: .trigger_snapshot_deploy
konfigirasyon pom.xml
Sijè sa a dekri an detay anpil. в , Se konsa, mwen pral dekri kèk nan nuans yo nan lè l sèvi avèk grefon. Mwen pral tou dekri kouman fasil ak natirèlman ou ka itilize nexus-staging-maven-pluginsi ou pa vle oswa ou pa ka itilize org.sonatype.oss:oss-parent kòm paran pou pwojè ou a.
maven-install-plugin
Enstale modil nan depo lokal la.
Trè itil pou verifikasyon lokal nan solisyon nan lòt pwojè, osi byen ke yon sòm chèk.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- Если у вас многомодульный проект с деплоем родительского помика -->
<phase>install</phase>
<!-- Явно указываем файлы для локальной установки -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- Принудительное обновление метаданных проекта -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- Контрольные суммы для проверки целостности -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
maven-javadoc-plugin
Jenere javadoc pou pwojè a.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
<phase>prepare-package</phase>
<configuration>
<!-- Очень помогает в публичных проектах -->
<failOnError>true</failOnError>
<failOnWarnings>true</failOnWarnings>
<!-- Убирает ошибку поиска документации в target директории -->
<detectOfflineLinks>false</detectOfflineLinks>
</configuration>
</execution>
</executions>
</plugin>Si ou gen yon modil ki pa gen java (pa egzanp resous sèlman)
Oswa ou pa vle jenere javadoc nan prensip, Lè sa a, ede maven-jar-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>empty-javadoc-jar</id>
<phase>generate-resources</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>javadoc</classifier>
<classesDirectory>${basedir}/javadoc</classesDirectory>
</configuration>
</execution>
</executions>
</plugin>
maven-gpg-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<!-- Сборка будет падать, если отсутствует GPG ключ -->
<!-- Подписываем артефакты только на фазе deploy -->
<phase>deploy</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
nexus-staging-maven-plugin
Konfigirasyon:
<project>
<!-- ... -->
<build>
<plugins>
<!-- ... -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- Обновляем метаданные, чтобы пометить артефакт как release -->
<!-- Не влияет на snapshot версии -->
<updateReleaseInfo>true</updateReleaseInfo>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<!-- Отключаем плагин -->
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype</id>
<name>Nexus Snapshot Repository</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>Si ou gen yon pwojè milti-modil, epi ou pa bezwen telechaje yon modil espesifik nan repozitwa a, Lè sa a, ou bezwen ajoute nan pom.xml nan modil sa a. nexus-staging-maven-plugin ak drapo skipNexusStagingDeployMojo
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
</plugin>
</plugins>
</build>Apre yo fin telechaje snapshot/version vèsyon yo disponib nan
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- Не надо указывать флаги snapshot/release для репозитория -->
</repository>
</repositories>Plis plis
- Yon lis trè rich nan objektif pou travay ak depo nexus la (
mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin). - Tcheke lage otomatik pou telechaje nan Maven Central
Rezilta
Pibliye yon vèsyon SNAPSHOT
Lè w ap bati yon pwojè, li posib pou w kòmanse manyèlman yon travay pou telechaje vèsyon SNAPSHOT la sou nexus
Lè travay sa a lanse, travay ki koresponn lan nan pwojè deplwaye a deklanche ().
boutèy koupe
Running with gitlab-runner 11.10.0 (3001a600)
on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0 [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO] Updating project org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:client
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:test-core
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:testng
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:client
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO] * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [ 2.375 s]
[INFO] test-core .......................................... SUCCESS [ 3.929 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------Kòm yon rezilta, vèsyon an nexus chaje .
Tout vèsyon snapshot yo ka retire nan repozitwa a sou sit la anba kont ou.
Piblikasyon vèsyon an lage
Lè tag la mete, travay ki koresponn lan nan pwojè deplwaye a otomatikman deklanche pou telechaje vèsyon an lage nan nexus ().
Pati ki pi bon se ke fèmen lage otomatikman deklannche nan lyen.
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------Men, si yon bagay ale mal, Lè sa a, travay la ap echwe
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------Kòm yon rezilta, nou rete ak yon sèl chwa. Oswa efase vèsyon sa a oswa pibliye.
Apre liberasyon an, apre kèk tan, zafè yo pral nan
offtopic
Se te yon revelasyon pou mwen ke maven endis lòt depo piblik yo.
Mwen te oblije telechaje robots.txt paske li endis depo ansyen mwen an.
Konklizyon
Sa nou genyen
- Yon pwojè deplwaye separe kote ou ka aplike plizyè travay CI pou telechaje zafè nan depo piblik pou divès lang devlopman.
- Pwojè deplwaman an izole nan entèferans deyò epi itilizatè yo ka modifye sèlman ak wòl Pwopriyetè ak Antretyen.
- Отдельный Specific Runner с "горячим" кэшем для запуска только deploy задач.
- Piblikasyon vèsyon snapshot/divilgasyon nan yon depo piblik.
- Tcheke otomatik nan vèsyon an lage pou preparasyon pou piblikasyon nan Maven Central.
- Защита от автоматической публикации "сырых" версий в maven central.
- Сборка и публикация snapshot версий "по клику".
- Single repozitwa pou jwenn vèsyon snapshot / lage.
- Tiyo jeneral pou bati / tès / pibliye yon pwojè java.
Настройка GitLab CI не такая сложная тема как кажется на первый взгляд. Достаточно пару раз настроить CI "под ключ" и вот, ты уже далеко не дилетант в этом деле. Тем более GitLab документация весьма избыточна. Не бойтесь делать первый шаг. Дорога возникает под шагами идущего (не помню кто сказал 🙂 ).
Mwen pral kontan bay fidbak.
Nan pwochen atik la, mwen pral montre w kouman yo mete GitLab CI pou kouri travay tès entegrasyon konpetitif (kouri sèvis tès ak docker-compose) si ou gen sèlman yon kourè koki.
Sous: www.habr.com