Ezubere akụkọ a maka ndị mmepe java nwere mkpa ibipụta ngwaahịa ha ngwa ngwa na sonatype na/ma ọ bụ maven Central repositories iji GitLab. N'isiokwu a, m ga-ekwu maka ịtọlite gitlab-runner, gitlab-ci na maven-plugin iji dozie nsogbu a.
Ihe ndị a chọrọ:
- Nchekwa echekwabara nke mvn na igodo GPG.
- Ezubeghi mmezu nke ọrụ CI ọha.
- Na-ebugote arịa (mwepụta/nyocha) na ebe nchekwa ọha.
- Nyochaa ụdị ntọhapụ na akpaghị aka maka mbipụta na maven Central.
- Ngwọta n'ozuzu maka ibugo ihe arịa na ebe nchekwa maka ọtụtụ ọrụ.
- Mfe na ịdị mfe nke ojiji.
Ihe
General ọmụma
- Nkọwa zuru ezu nke usoro maka ibipụta arịa na Maven Central site na Sonatype OSS Repository Hosting Service ka akọwarala na onye ọrụ , yabụ m ga-ezo aka n'isiokwu a na ebe kwesịrị ekwesị.
- Debanye aha maka ma mepee tiketi iji mepee ebe nchekwa (gụọ ngalaba maka nkọwa ndị ọzọ ). Mgbe imepechara ebe nchekwa ahụ, a ga-eji ụzọ nbanye/paswọdu si na JIRA (nke a na-akpọ akaụntụ Sonatype) bulite arịa na Sonatype nexus.
- Na-esote, a na-akọwa usoro nke ịmepụta igodo GPG nke ọma. Lee ngalaba maka nkọwa ndị ọzọ
- Ọ bụrụ na ị na-eji ihe njikwa Linux mepụta igodo GPG (gnupg/gnupg2), yabụ ịkwesịrị ịwụnye iji mepụta entropy. Ma ọ bụghị ya, ọgbọ isi nwere ike iwe ogologo oge.
- Ọrụ nchekwa ọha igodo GPG
Ịtọlite ọrụ mbugharị na GitLab
- Nke mbụ, ịkwesịrị ịmepụta na hazie ọrụ nke a ga-echekwa pipeline maka ịkwanye ihe ndị dị na ya. Akpọrọ m ọrụ m aha n'ụzọ dị mfe na enweghị mgbagwoju anya -
- Mgbe ịmepụtara ebe nchekwa ahụ, ịkwesịrị igbochi ohere ịgbanwe ebe nchekwa ahụ.
Gaa na oru ngo -> Ntọala -> Ebe nchekwa -> Alaka echedoro. Anyị na-ehichapụ iwu niile wee tinye otu iwu na Wildcard * nke nwere ikike ịkwanye na jikọta naanị maka ndị ọrụ nwere ọrụ ndị na-elekọta. Iwu a ga-arụ ọrụ maka ndị ọrụ niile nke ma ọrụ a na otu nke ọrụ a nwere.
- Ọ bụrụ na enwere ọtụtụ ndị na-elekọta, mgbe ahụ, ngwọta kachasị mma ga-abụ njedebe ịnweta ọrụ ahụ na ụkpụrụ.
Gaa na oru ngo -> Ntọala -> Ozuruọnụ -> Nhụta, atụmatụ ọrụ, ikike na tọọ visibiliti Project ka. Private.
Enwere m ọrụ a na-enweta n'ihu ọha, ebe m na-eji GitLab Runner nke m, naanị enwere m ike ịgbanwe ebe nchekwa ahụ. Ọfọn, n'ezie, ọ bụghị maka ọdịmma m igosi ozi nzuzo na ndekọ pipeline ọha. - Ịkwụsị iwu maka ịgbanwe ebe nchekwa
Gaa na oru ngo a -> Ntọala -> Ebe nchekwa -> Push Iwu ma tọọ mmachi nke Committer, Lelee ma onye edemede bụ ọkọlọtọ njirimara GitLab. Ana m akwado ịtọ ntọala , ma tọọ Ọkọlọtọ jụrụ mbinye aka n'akwụkwọ. - Ọzọ, ịkwesịrị ịhazi ihe mkpalite iji malite ọrụ
Gaa na oru ngo -> Ntọala -> CI / CD -> Pipeline na-akpalite ma mepụta ihe mkpali ọhụrụ
Enwere ike ịgbakwunye akara ngosi a ozugbo na nhazi izugbe nke mgbanwe maka otu ọrụ.
Gaa na otu -> Ntọala -> CI / CD -> Variables wee tinye mgbanweDEPLOY_TOKENya na ihe mkpali na uru.
GitLab Runner
Nkebi a na-akọwa nhazi maka ịrụ ọrụ na-ebunye site na iji nke gị (kpọmkwem) na ọha (nkekọrịta) agba ọsọ.
Onye na-agba ọsọ akọwapụtara
M na-eji ndị na-agba ọsọ nke m eme ihe n'ihi na, nke mbụ, ọ dị mma, ngwa ngwa, na ọnụ ala.
Maka onye na-agba ọsọ, ana m akwado Linux VDS nwere 1 CPU, 2 GB Ram, 20 GB HDD. Ọnụ ego a na-akwụ bụ ~ 3000₽ kwa afọ.
Onye oso m
Maka onye na-agba ọsọ m weere VDS 4 CPU, 4 GB Ram, 50 GB SSD. Ọ na-efu ~ 11000₽ na ọ dịghị mgbe ọ bụla ịkwa ụta ya.
Enwere m ngụkọta nke igwe 7. 5 na aruba na 2 na ihor.
Ya mere, anyị nwere onye na-agba ọsọ. Ugbu a, anyị ga-ahazi ya.
Anyị na-aga igwe site na SSH wee wụnye java, git, maven, gnupg2.
Ịwụnye onye na-agba ọsọ gitlab
- Mepụta otu ọhụrụ
runnersudo groupadd runner - Mepụta ndekọ aha maka cache maven wee kenye ikike otu
runner
Ị nwere ike ịgafe ebe a ma ọ bụrụ na ị naghị eme atụmatụ ịgba ọsọ ọtụtụ ndị na-agba ọsọ n'otu igwe.mkdir -p /usr/cache/.m2/repository chown -R :runner /usr/cache chmod -R 770 /usr/cache - Mepụta onye ọrụ
gitlab-deployerma gbakwunye na oturunneruseradd -m -d /home/gitlab-deployer gitlab-deployer usermod -a -G runner gitlab-deployer - Tinye na faịlụ
/etc/ssh/sshd_configahịrị ọzọAllowUsers root@* [email protected] - Malitegharịa ekwentị
sshdsystemctl restart sshd - Ịtọ ntọala paswọọdụ maka onye ọrụ
gitlab-deployer(nwere ike ịdị mfe, ebe enwere mmachi maka localhost)passwd gitlab-deployer - Wụnye GitLab Runner (Linux x86-64)
sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner - Gaa na webụsaịtị gitlab.com -> deploy-project -> Ntọala -> CI/CD -> Ndị na-agba ọsọ -> Ndị na-agba ọsọ akọwapụtara ma detuo akara ndebanye aha.
Ihuenyo
- Ịdenye onye na-agba ọsọ aha
gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml
usoro
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!- Anyị na-enyocha na edebanye aha onye na-agba ọsọ. Gaa na webụsaịtị gitlab.com -> deploy-project -> Ntọala -> CI/CD -> Ndị na-agba ọsọ -> Ndị na-agba ọsọ pụrụ iche -> Ndị na-agba ọsọ agbagoro maka ọrụ a.
Ihuenyo
- Tinye iche ọrụ
/etc/systemd/system/gitlab-deployer.service[Unit] Description=GitLab Deploy Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/local/bin/gitlab-runner [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target - Ka anyị malite ọrụ.
systemctl enable gitlab-deployer.service systemctl start gitlab-deployer.service systemctl status gitlab-deployer.service - Anyị na-enyocha na onye na-agba ọsọ na-agba ọsọ.
Ihe nlele:
Na-emepụta igodo GPG
-
Site n'otu igwe ahụ anyị na-abanye site na ssh n'okpuru onye ọrụ
gitlab-deployer(nke a dị mkpa maka ịmepụta igodo GPG)ssh [email protected] -
Anyị na-ewepụta igodo site na ịza ajụjụ. Eji m aha na email nke m.
Jide n'aka na ezipụta paswọọdụ maka igodo ahụ. A ga-eji igodo a bịanye aka n'ihe arụrụ arụ.gpg --gen-key -
Na-enyocha
gpg --list-keys -a /home/gitlab-deployer/.gnupg/pubring.gpg ---------------------------------------- pub 4096R/00000000 2019-04-19 uid Petruha Petrov <[email protected]> sub 4096R/11111111 2019-04-19 -
Na-ebugote igodo ọha anyị na sava igodo
gpg --keyserver keys.gnupg.net --send-key 00000000 gpg: sending key 00000000 to hkp server keys.gnupg.net
Ịtọlite Maven
- Nbanye dị ka onye ọrụ
gitlab-deployersu gitlab-deployer - Mepụta ndekọ ndekọ maven ebe nchekwa na njikọ na cache (emehieghị)
Ị nwere ike ịgafe ebe a ma ọ bụrụ na ị naghị eme atụmatụ ịgba ọsọ ọtụtụ ndị na-agba ọsọ n'otu igwe.mkdir -p ~/.m2/repository ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository - Mepụta igodo ukwu
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Mepụta faịlụ ~/.m2/settings-security.xml
<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Na-ezochi paswọọdụ maka akaụntụ Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Mepụta faịlụ ~/.m2/settings.xml
<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>SONATYPE_USERNAME</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
ebe,
GPG_SECRET_KEY_PASSPRASE - paswọọdụ maka igodo GPG
SONATYPE_USERNAME — nbanye akaụntụ sonatype
Nke a mezuru nhazi nke onye na-agba ọsọ, ị nwere ike ịga n'ihu na ngalaba
Onye na-agba ọsọ ekekọrịtara
Na-emepụta igodo GPG
-
Nke mbụ, ịkwesịrị ịmepụta igodo GPG. Iji mee nke a, wụnye gnupg.
yum install -y gnupg -
Anyị na-ewepụta igodo site na ịza ajụjụ. Eji m aha na email nke m. Jide n'aka na ezipụta paswọọdụ maka igodo ahụ.
gpg --gen-key -
Na-egosipụta ozi na igodo
gpg --list-keys -a pub rsa3072 2019-04-24 [SC] [expires: 2021-04-23] 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 uid [ultimate] tttemp <[email protected]> sub rsa3072 2019-04-24 [E] [expires: none] -
Na-ebugote igodo ọha anyị na sava igodo
gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net -
Anyị nwetara igodo nzuzo
gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 -----BEGIN PGP PRIVATE KEY BLOCK----- lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5 ... =2Wd2 -----END PGP PRIVATE KEY BLOCK----- -
Gaa na ntọala oru ngo -> Ntọala -> CI / CD -> Variables wee chekwaa igodo nzuzo na mgbanwe.
GPG_SECRET_KEY
Ịtọlite Maven
- Mepụta igodo ukwu
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Gaa na ntọala oru ngo -> Ntọala -> CI / CD -> Variables wee chekwaa na mgbanwe
SETTINGS_SECURITY_XMLahịrị ndị a:<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Na-ezochi paswọọdụ maka akaụntụ Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Gaa na ntọala oru ngo -> Ntọala -> CI / CD -> Variables wee chekwaa na mgbanwe
SETTINGS_XMLahịrị ndị a:<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>sonatype_username</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
ebe,
GPG_SECRET_KEY_PASSPRASE - paswọọdụ maka igodo GPG
SONATYPE_USERNAME — nbanye akaụntụ sonatype
Nyefee onyonyo docker
-
Anyị na-emepụta Dockerfile dị mfe iji were ụdị Java achọrọ rụọ ọrụ. N'okpuru ebe a bụ ihe atụ maka alpine.
FROM java:8u111-jdk-alpine RUN apk add gnupg maven git --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && mkdir ~/.m2/ -
Ịchịkọta akpa maka ọrụ gị
docker build -t registry.gitlab.com/group/deploy . -
Anyị na-enyocha ma na-ebunye akpa ahụ n'ime ndekọ.
docker login -u USER -p PASSWORD registry.gitlab.com docker push registry.gitlab.com/group/deploy
GitLab CI
Nyefee oru ngo
Tinye faịlụ .gitlab-ci.yml na mgbọrọgwụ nke ọrụ ebuga
Edemede a na-egosi ọrụ mbugharị abụọ na-akpakọrịta. Onye na-agba ọsọ akọwapụtara ma ọ bụ onye na-agba ọsọ ekekọrịtara n'otu n'otu.
.gitlab-ci.yml
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# Задача будет выполняться на вашем shell-раннере
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# Задача будет выполняться на публичном docker-раннере
tags:
- docker
# Образ из раздела GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# Импортируем GPG ключ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# Сохраняем maven конфигурацию
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# Задача сработает по триггеру, если передана переменная DEPLOY со значением java
only:
variables:
- $DEPLOY == "java"
variables:
# отключаем клонирование текущего проекта
GIT_STRATEGY: none
script:
# Предоставляем возможность хранения пароля в незашифрованном виде
- git config --global credential.helper store
# Сохраняем временные креды пользователя gitlab-ci-token
# Токен работает для всех публичных проектов gitlab.com и для проектов группы
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# Полностью чистим текущую директорию
- rm -rf .* *
# Клонируем проект который, будем деплоить в Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# Переключаемся на нужный коммит
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
# В противном случае есть риск залить сырые артефакты в maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# Запускаем задачу на сборку и деплой артефактов
- mvn clean deploy -DskipTests=true
Ọrụ Java
N'ime ọrụ java nke kwesiri ibugo na ebe nchekwa ọha, ịkwesịrị ịgbakwunye usoro abụọ iji budata ụdị mwepụta na foto.
.gitlab-ci.yml
stages:
- build
- test
- verify
- deploy
<...>
Release:
extends: .trigger_deploy
# Запускать задачу только пo тегу.
only:
- tags
Snapshot:
extends: .trigger_deploy
# Запускаем задачу на публикацию SNAPSHOT версии вручную
when: manual
# Не запускать задачу, если проставлен тег.
except:
- tags
.trigger_deploy:
stage: deploy
variables:
# Отключаем клонирование текущего проекта
GIT_STRATEGY: none
# Ссылка на триггер deploy-задачи
URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
# Переменные deploy-задачи
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
# Не использую cURL, так как с флагами --fail --show-error
# он не выводит тело ответа, если HTTP код 400 и более
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}Na ngwọta a, agara m ntakịrị n'ihu wee kpebie iji otu template CI maka ọrụ java.
Ihe ndi ozo
Emepụtara m ọrụ dị iche nke m tinyere template CI maka ọrụ java .
nkịtị.yml
stages:
- build
- test
- verify
- deploy
variables:
SONAR_ARGS: "
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
"
.build_java_project:
stage: build
tags:
- touchbit-shell
variables:
SKIP_TEST: "false"
script:
- mvn clean
- mvn package -DskipTests=${SKIP_TEST}
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.build_sphinx_doc:
stage: build
tags:
- touchbit-shell
variables:
DOCKERFILE: .indirect/docs/Dockerfile
script:
- docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .
.junit_module_test_run:
stage: test
tags:
- touchbit-shell
variables:
MODULE: ""
script:
- cd ${MODULE}
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.junit_test_run:
stage: test
tags:
- touchbit-shell
script:
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.sonar_review:
stage: verify
tags:
- touchbit-shell
dependencies: []
script:
- >
if [ "$CI_BUILD_REF_NAME" == "master" ]; then
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
else
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
fi
.trigger_deploy:
stage: deploy
tags:
- touchbit-shell
variables:
URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
.trigger_release_deploy:
extends: .trigger_deploy
only:
- tags
.trigger_snapshot_deploy:
extends: .trigger_deploy
when: manual
except:
- tags
N'ihi ya, na java oru ngo n'onwe ha, .gitlab-ci.yml na-ele anya nke ọma na ọ bụghị okwu ọnụ.
.gitlab-ci.yml
include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml
Shields4J:
extends: .build_java_project
Sphinx doc:
extends: .build_sphinx_doc
variables:
DOCKERFILE: .docs/Dockerfile
Sonar review:
extends: .sonar_review
dependencies:
- Shields4J
Release:
extends: .trigger_release_deploy
Snapshot:
extends: .trigger_snapshot_deploy
Nhazi Pom.xml
A kọwara isiokwu a n'ụzọ zuru ezu. в , yabụ m ga-akọwa ụfọdụ nuances nke iji plugins. M ga-akọwakwa otú mfe na izu ike ị nwere ike iji nexus-staging-maven-pluginọ bụrụ na ịchọghị ma ọ bụ enweghị ike iji org.sonatype.oss:oss-parent dị ka nne na nna maka ọrụ gị.
maven-install-plugin
Wụnye modul n'ime ebe nchekwa mpaghara.
Ọ bara ezigbo uru maka nkwenye mpaghara nke ngwọta na ọrụ ndị ọzọ, yana checksum.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- Если у вас многомодульный проект с деплоем родительского помика -->
<phase>install</phase>
<!-- Явно указываем файлы для локальной установки -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- Принудительное обновление метаданных проекта -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- Контрольные суммы для проверки целостности -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
maven-javadoc-plugin
Na-emepụta Javadoc maka ọrụ ahụ.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
<phase>prepare-package</phase>
<configuration>
<!-- Очень помогает в публичных проектах -->
<failOnError>true</failOnError>
<failOnWarnings>true</failOnWarnings>
<!-- Убирает ошибку поиска документации в target директории -->
<detectOfflineLinks>false</detectOfflineLinks>
</configuration>
</execution>
</executions>
</plugin>Ọ bụrụ na ị nwere modul na-enweghị java (dịka ọmụmaatụ naanị akụrụngwa)
Ma ọ bụ na ị chọghị ịmepụta javadoc na ụkpụrụ, wee nyere aka maven-jar-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>empty-javadoc-jar</id>
<phase>generate-resources</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>javadoc</classifier>
<classesDirectory>${basedir}/javadoc</classesDirectory>
</configuration>
</execution>
</executions>
</plugin>
maven-gpg-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<!-- Сборка будет падать, если отсутствует GPG ключ -->
<!-- Подписываем артефакты только на фазе deploy -->
<phase>deploy</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
nexus-staging-maven-plugin
Nhazi:
<project>
<!-- ... -->
<build>
<plugins>
<!-- ... -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- Обновляем метаданные, чтобы пометить артефакт как release -->
<!-- Не влияет на snapshot версии -->
<updateReleaseInfo>true</updateReleaseInfo>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<!-- Отключаем плагин -->
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype</id>
<name>Nexus Snapshot Repository</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>Ọ bụrụ na ị nwere ọrụ multi-module ma ọ dịghị mkpa ka ị bulite otu modul na ebe nchekwa, mgbe ahụ ịkwesịrị ịgbakwunye. nexus-staging-maven-plugin na ọkọlọtọ skipNexusStagingDeployMojo
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
</plugin>
</plugins>
</build>Mgbe nbudata, ọnyà/nhapụta ụdị dị na
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- Не надо указывать флаги snapshot/release для репозитория -->
</repository>
</repositories>pluses ndị ọzọ
- Ndepụta ihe mgbaru ọsọ bara ụba nke ukwuu maka ịrụ ọrụ na ebe nchekwa nexus (
mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin). - Nyocha mwepụta akpaaka maka ibugo na maven Central
N'ihi
Na-ebipụta ụdị SNAPSHOT
Mgbe ị na-arụ ọrụ, ọ ga-ekwe omume iji aka gị malite ọrụ iji budata ụdị SNAPSHOT na nexus
Mgbe arụ ọrụ a na-arụ ọrụ, a na-eme ka ọrụ ahụ dabara na ntinye ọrụ (ọrụ).).
Ndekọ ewepụghị
Running with gitlab-runner 11.10.0 (3001a600)
on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0 [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO] Updating project org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:client
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:test-core
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:testng
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:client
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO] * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [ 2.375 s]
[INFO] test-core .......................................... SUCCESS [ 3.929 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------N'ihi ya, a na-etinye ụdị ahụ n'ime nexus .
Enwere ike ihichapụ ụdị foto ọ bụla na ebe nchekwa dị na webụsaịtị n'okpuru akaụntụ gị.
Na-ebipụta ụdị mwepụta
Mgbe arụnyere mkpado, ọrụ kwekọrọ na ọrụ mbugharị ga-akpalite ozugbo ka ibudata ụdị ntọhapụ na nexus ().
Nke kacha mma bụ na nso ntọhapụ na-akpaghị aka triggered na nexus.
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------Ma ọ bụrụ na ihe adịghị mma, ọrụ ahụ ga-adarịrị
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------N'ihi ya, a hapụrụ anyị naanị otu nhọrọ. Hichapụ ụdị a ma ọ bụ bipụta ya.
Mgbe ahapụchara, mgbe oge ụfọdụ gachara, ihe ndị ahụ ga-abanye
Offtopic
Ọ bụ nchoputa nye m na maven na-edepụta ebe nchekwa ọha ndị ọzọ.
Ekwesịrị m itinye robots.txt n'ihi na ọ depụtara ebe nchekwa ochie m.
nkwubi
Ihe anyị nwere
- Ọrụ mbugharị dị iche iche nke ị nwere ike mejuputa ọtụtụ ọrụ CI maka ibugo ihe arịa na ebe nchekwa ọha maka asụsụ mmepe dị iche iche.
- Ihe oru ngo a dịpụrụ adịpụ site na nnyonye anya n'èzí, naanị ndị ọrụ nwere ọrụ onye nwe na onye na-elekọta nwere ike ịgbanwe ya.
- Отдельный Specific Runner с "горячим" кэшем для запуска только deploy задач.
- Na-ebipụta ụdị ọnsọ/nhapụta n'ime ebe nchekwa ọha.
- Nyochaa akpaaka nke ụdị mwepụta maka ịdị njikere maka mbipụta na maven Central.
- Защита от автоматической публикации "сырых" версий в maven central.
- Сборка и публикация snapshot версий "по клику".
- Otu ebe nchekwa maka inweta ụdị foto/nhapụta.
- Pipeline izugbe maka iwulite/nnwale/bipụta ọrụ java.
Настройка GitLab CI не такая сложная тема как кажется на первый взгляд. Достаточно пару раз настроить CI "под ключ" и вот, ты уже далеко не дилетант в этом деле. Тем более GitLab документация весьма избыточна. Не бойтесь делать первый шаг. Дорога возникает под шагами идущего (не помню кто сказал 🙂 ).
Obi ga-adị m ụtọ ịnata nzaghachi.
N'isiokwu na-esonụ, m ga-ekwu maka otu esi ahazi GitLab CI ka ọ rụọ ọrụ na ule ntinye aka na-asọmpi (na-arụ ọrụ n'okpuru ule site na iji docker-compose) ma ọ bụrụ na ị nwere naanị otu onye na-agba ọsọ.
isi: www.habr.com