Ev gotar ji bo pêşdebirên java-yê ku hewcedariya wan heye ku zû zû hilberên xwe di depoyên navendî yên sonatype û/an maven de bi karanîna GitLab biweşînin. Di vê gotarê de ez ê li ser sazkirina gitlab-runner, gitlab-ci û maven-plugin ji bo çareserkirina vê pirsgirêkê biaxivim.
Reert û merc:
- Hilanîna ewle ya bişkokên mvn û GPG.
- Pêkanîna ewledar a peywirên CI-ya giştî.
- Barkirina berheman (berdan / dîmen) li depoyên giştî.
- Kontrolkirina otomatîkî ya guhertoyên berdanê ji bo weşana li navenda maven.
- Çareseriyek gelemperî ji bo barkirina huneran li depoyek ji bo pir projeyan.
- Simplicity û bikaranîna hêsan e.
Contains
Agahdariya gelemperî
- Danasînek berfireh a mekanîzmaya weşandina huneran li Maven Central bi navgîniya Karûbarê Mêvandariya Depoya Sonatype OSS jixwe di bikaranîvan , ji ber vê yekê ez ê li cîhên rast behsa vê gotarê bikim.
- Ji bo pêş-qeyd bikin û bilêtek vekin da ku depoyê vekin (beşê ji bo bêtir agahdarî bixwînin ). Piştî vekirina depoyê, cotê têketin/şîfreya ji JIRA (li vir wekî hesabê Sonatype tê binavkirin) dê ji bo barkirina huneran li Sonatype nexus were bikar anîn.
- Dûv re, pêvajoya hilberîna mifteyek GPG pir hişk tête diyar kirin. Ji bo bêtir agahdarî li beşa binêre
- Ger hûn konsolê Linux-ê bikar bînin ku mifteyek GPG (gnupg/gnupg2) çêbikin, wê hingê hûn hewce ne ku saz bikin ji bo afirandina entropiyê. Wekî din, nifşa sereke dibe ku demek pir dirêj bigire.
- xizmetên Storage alenî Bişkojkên GPG
Di GitLab de projeyek bicîhkirinê saz kirin
- Berî her tiştî, hûn hewce ne ku projeyek biafirînin û mîheng bikin ku tê de lûle ji bo danîna huneran were hilanîn. Min navê projeya xwe bi hêsanî û ne tevlihev kir -
- Piştî afirandina depoyê, hûn hewce ne ku gihîştinê sînordar bikin da ku depoyê biguhezînin.
Biçe projeyê -> Mîheng -> Depo -> Şaxên Parastî. Em hemî qaîdeyan jê dikin û bi Wildcard * re qaîdeyek yekane lê zêde dikin ku tenê ji bo bikarhênerên bi rola Maintainer re heye ku bişopîne û bike yek. Ev qayde dê ji bo hemî bikarhênerên vê projeyê û koma ku ev proje tê de ye bixebite.
- Ger çend parêzger hebin, wê hingê çareseriya çêtirîn dê di prensîbê de sînorkirina gihîştina projeyê be.
Herin proje -> Mîheng -> Giştî -> Dîtin, taybetmendiyên projeyê, destûr û dîtina projeyê bicîh bikin. taybet.
Projeyek min a gelemperî heye, ji ber ku ez GitLab Runner-a xwe bikar tînim û tenê ez gihîştim guheztina depoyê. Welê, bi rastî, ne di berjewendiya min de ye ku agahdariya taybet di têketinên boriyên gelemperî de nîşan bidim. - Zêdekirina qaîdeyên ji bo guhertina depoyê
Herin projeyê -> Mîhengan -> Depoyê -> Rêbazên Pushê û sînorkirina Committer saz bikin, Kontrol bikin ka nivîskar alên bikarhênerek GitLab e. Ez jî sazkirinê pêşniyar dikim , û ala redkirina bêîmzeyan danîne. - Dûv re hûn hewce ne ku tetikek ji bo destpêkirina karan mîheng bikin
Herin projeyê -> Mîhengan -> CI / CD -> Pipeline dişoxilîne û nîşanek nû ya tetikê biafirîne.
Ev nîşanek yekser dikare li veavakirina giştî ya guhêrbaran ji bo komek projeyan were zêdekirin.
Biçe komê -> Settings -> CI / CD -> Guherbar û guhêrbarek lê zêde bikeDEPLOY_TOKENbi nirxa tetikê-token.
GitLab Runner
Ev beş veavakirina ji bo xebitandina peywirên li ser danînê bi karanîna geroka weya xweya (Taybetî) û gelemperî (Parhevkirî) vedibêje.
Runner taybetî
Ez bezvanên xwe bikar tînim ji ber ku, berî her tiştî, ew hêsan, bilez û erzan e.
Ji bo bezê, ez Linux VDS-ê bi 1 CPU, 2 GB RAM, 20 GB HDD pêşniyar dikim. Buhayê pirsgirêkê salê ~ 3000₽ e.
Runerê min
Ji bo runner min VDS 4 CPU, 4 GB RAM, 50 GB SSD girt. Mesrefa ~ 11000 ₽ û qet jê poşman nebû.
Bi tevahî 7 makîneyên min hene. 5 li ser aruba û 2 li ser ihor.
Ji ber vê yekê me revînek heye. Niha em ê wê mîheng bikin.
Em bi rêya SSH diçin makîneyê û java, git, maven, gnupg2 saz dikin.
Sazkirina gitlab runner
- Komek nû ava bikin
runnersudo groupadd runner - Ji bo cache maven pelrêçek biafirînin û destûrên komê bidin
runner
Heke hûn ne plan dikin ku li ser yek makîneyek çend bazdan bimeşînin hûn dikarin vê xalê berdin.mkdir -p /usr/cache/.m2/repository chown -R :runner /usr/cache chmod -R 770 /usr/cache - Bikarhênerek çêbikin
gitlab-deployerû li komê zêde bikerunneruseradd -m -d /home/gitlab-deployer gitlab-deployer usermod -a -G runner gitlab-deployer - Li pelê zêde bike
/etc/ssh/sshd_configline nextAllowUsers root@* [email protected] - Reboot
sshdsystemctl restart sshd - Sazkirina şîfreyek ji bo bikarhêner
gitlab-deployer(dibe ku hêsan be, ji ber ku ji bo localhost sînorek heye)passwd gitlab-deployer - GitLab Runner (Linux x86-64) saz bike
sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner - Herin malpera gitlab.com -> deploy-project -> Mîheng -> CI/CD -> Runners -> Runnersên Taybet û nîşana qeydkirinê kopî bikin.
Parêzî
- Tomarkirina bezê
gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml
pêvajoya
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!- Em kontrol dikin ku bezê qeydkirî ye. Biçe ser malpera gitlab.com -> deploy-project -> Mîheng -> CI/CD -> Runners -> Runnersên Taybet -> Runners ji bo vê projeyê çalak kirin
Parêzî
- Zêde bikin veqetandin xizmeta
/etc/systemd/system/gitlab-deployer.service[Unit] Description=GitLab Deploy Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/local/bin/gitlab-runner [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target - Werin em dest bi xizmetê bikin.
systemctl enable gitlab-deployer.service systemctl start gitlab-deployer.service systemctl status gitlab-deployer.service - Em kontrol dikin ku bez diherike.
Nimûne:
Bişkojkên GPG-ê çêdikin
-
Ji heman makîneyê em bi ssh-ê di binê bikarhêner de têkevin
gitlab-deployer(ev ji bo çêkirina mifteya GPG girîng e)ssh [email protected] -
Em bi bersiva pirsan mifteyek çêdikin. Min navê xwe û e-nameya xwe bikar anî.
Bawer bikin ku şîfreya mifteyê diyar bikin. Bi vê mifteyê dê berhem bên îmzekirin.gpg --gen-key -
Kontrolkirin
gpg --list-keys -a /home/gitlab-deployer/.gnupg/pubring.gpg ---------------------------------------- pub 4096R/00000000 2019-04-19 uid Petruha Petrov <[email protected]> sub 4096R/11111111 2019-04-19 -
Mifteya meya giştî li servera mifteyê barkirin
gpg --keyserver keys.gnupg.net --send-key 00000000 gpg: sending key 00000000 to hkp server keys.gnupg.net
Sazkirina Maven
- Têkeve wekî bikarhêner
gitlab-deployersu gitlab-deployer - Peldanka maven çêbikin pirtûkxaneyê û bi kaşê ve girêdin (şaşiyê nekin)
Heke hûn ne plan dikin ku li ser yek makîneyek çend bazdan bimeşînin hûn dikarin vê xalê berdin.mkdir -p ~/.m2/repository ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository - Bişkojkek sereke çêbikin
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Pelek ~/.m2/settings-security.xml biafirîne
<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Şîfrekirina şîfreya ji bo hesabê Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Pelek ~/.m2/settings.xml biafirîne
<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>SONATYPE_USERNAME</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
ko,
GPG_SECRET_KEY_PASSPHRASE - şîfreya mifteya GPG
SONATYPE_USERNAME — Têketina hesabê sonatype
Ev sazkirina runner temam dike, hûn dikarin biçin beşê
Shared Runner
Bişkojkên GPG-ê çêdikin
-
Berî her tiştî, hûn hewce ne ku mifteyek GPG-ê biafirînin. Ji bo vê yekê, gnupg saz bikin.
yum install -y gnupg -
Em bi bersiva pirsan mifteyek çêdikin. Min navê xwe û e-nameya xwe bikar anî. Bawer bikin ku şîfreya mifteyê diyar bikin.
gpg --gen-key -
Agahdariya li ser mifteyê nîşan dide
gpg --list-keys -a pub rsa3072 2019-04-24 [SC] [expires: 2021-04-23] 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 uid [ultimate] tttemp <[email protected]> sub rsa3072 2019-04-24 [E] [expires: none] -
Mifteya meya giştî li servera mifteyê barkirin
gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net -
Em mifteya taybet digirin
gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 -----BEGIN PGP PRIVATE KEY BLOCK----- lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5 ... =2Wd2 -----END PGP PRIVATE KEY BLOCK----- -
Herin mîhengên projeyê -> Settings -> CI / CD -> Guherbar û mifteya taybet di guherbarekê de hilînin.
GPG_SECRET_KEY
Sazkirina Maven
- Bişkojkek sereke çêbikin
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Herin mîhengên projeyê -> Mîheng -> CI / CD -> Guherbar û di guherbarekê de hilînin
SETTINGS_SECURITY_XMLrêzikên jêrîn:<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Şîfrekirina şîfreya ji bo hesabê Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Herin mîhengên projeyê -> Mîheng -> CI / CD -> Guherbar û di guherbarekê de hilînin
SETTINGS_XMLrêzikên jêrîn:<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>sonatype_username</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
ko,
GPG_SECRET_KEY_PASSPHRASE - şîfreya mifteya GPG
SONATYPE_USERNAME — Têketina hesabê sonatype
Wêneyê docker bicîh bikin
-
Em Dockerfilek pir hêsan diafirînin da ku peywiran bi guhertoya pêdivî ya Java-yê bicîh bikin. Li jêr mînakek ji bo alpine ye.
FROM java:8u111-jdk-alpine RUN apk add gnupg maven git --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && mkdir ~/.m2/ -
Ji bo projeya xwe konteynerek berhev dikin
docker build -t registry.gitlab.com/group/deploy . -
Em verast dikin û konteynerê di nav qeydê de bar dikin.
docker login -u USER -p PASSWORD registry.gitlab.com docker push registry.gitlab.com/group/deploy
GitLab CI
Projeya bicîhkirinê
Pelê .gitlab-ci.yml li koka projeya vesazkirinê zêde bikin
Skrîpta du peywirên veqetandinê yên ji hev veqetandî pêşkêşî dike. Bi rêzê ve Runner an Parvekirî ya Taybet.
.gitlab-ci.yml
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# Задача будет выполняться на вашем shell-раннере
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# Задача будет выполняться на публичном docker-раннере
tags:
- docker
# Образ из раздела GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# Импортируем GPG ключ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# Сохраняем maven конфигурацию
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# Задача сработает по триггеру, если передана переменная DEPLOY со значением java
only:
variables:
- $DEPLOY == "java"
variables:
# отключаем клонирование текущего проекта
GIT_STRATEGY: none
script:
# Предоставляем возможность хранения пароля в незашифрованном виде
- git config --global credential.helper store
# Сохраняем временные креды пользователя gitlab-ci-token
# Токен работает для всех публичных проектов gitlab.com и для проектов группы
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# Полностью чистим текущую директорию
- rm -rf .* *
# Клонируем проект который, будем деплоить в Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# Переключаемся на нужный коммит
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
# В противном случае есть риск залить сырые артефакты в maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# Запускаем задачу на сборку и деплой артефактов
- mvn clean deploy -DskipTests=true
Projeya Java
Di projeyên java yên ku tê xwestin li depoyên giştî werin barkirin, hûn hewce ne ku 2 gavan zêde bikin da ku guhertoyên Release û Snapshot dakêşin.
.gitlab-ci.yml
stages:
- build
- test
- verify
- deploy
<...>
Release:
extends: .trigger_deploy
# Запускать задачу только пo тегу.
only:
- tags
Snapshot:
extends: .trigger_deploy
# Запускаем задачу на публикацию SNAPSHOT версии вручную
when: manual
# Не запускать задачу, если проставлен тег.
except:
- tags
.trigger_deploy:
stage: deploy
variables:
# Отключаем клонирование текущего проекта
GIT_STRATEGY: none
# Ссылка на триггер deploy-задачи
URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
# Переменные deploy-задачи
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
# Не использую cURL, так как с флагами --fail --show-error
# он не выводит тело ответа, если HTTP код 400 и более
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}Di vê çareseriyê de, ez hinekî pêş de çûm û min biryar da ku ji bo projeyên java şablonê yek CI bikar bînim.
Agahiya zêdetir
Min projeyek cuda çêkir tê de min şablonek CI ji bo projeyên java danîn .
hevpar.yml
stages:
- build
- test
- verify
- deploy
variables:
SONAR_ARGS: "
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
"
.build_java_project:
stage: build
tags:
- touchbit-shell
variables:
SKIP_TEST: "false"
script:
- mvn clean
- mvn package -DskipTests=${SKIP_TEST}
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.build_sphinx_doc:
stage: build
tags:
- touchbit-shell
variables:
DOCKERFILE: .indirect/docs/Dockerfile
script:
- docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .
.junit_module_test_run:
stage: test
tags:
- touchbit-shell
variables:
MODULE: ""
script:
- cd ${MODULE}
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.junit_test_run:
stage: test
tags:
- touchbit-shell
script:
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.sonar_review:
stage: verify
tags:
- touchbit-shell
dependencies: []
script:
- >
if [ "$CI_BUILD_REF_NAME" == "master" ]; then
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
else
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
fi
.trigger_deploy:
stage: deploy
tags:
- touchbit-shell
variables:
URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
.trigger_release_deploy:
extends: .trigger_deploy
only:
- tags
.trigger_snapshot_deploy:
extends: .trigger_deploy
when: manual
except:
- tags
Wekî encamek, di projeyên java bixwe de, .gitlab-ci.yml pir tevlihev û ne devkî xuya dike.
.gitlab-ci.yml
include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml
Shields4J:
extends: .build_java_project
Sphinx doc:
extends: .build_sphinx_doc
variables:
DOCKERFILE: .docs/Dockerfile
Sonar review:
extends: .sonar_review
dependencies:
- Shields4J
Release:
extends: .trigger_release_deploy
Snapshot:
extends: .trigger_snapshot_deploy
veavakirina pom.xml
Ev mijar bi berfirehî tê vegotin. в , ji ber vê yekê ez ê hin hûrgelên karanîna pêvekan diyar bikim. Ez ê jî diyar bikim ka hûn dikarin çiqas hêsan û rehet bikar bînin nexus-staging-maven-pluginheke hûn nexwazin an nekarin org.sonatype.oss:oss-parent wekî dêûbav ji bo projeya xwe bikar bînin.
maven-install-plugin
Modulan di depoya herêmî de saz dike.
Ji bo verastkirina herêmî ya çareseriyên di projeyên din de, û her weha jimareyek kontrolê pir bikêr e.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- Если у вас многомодульный проект с деплоем родительского помика -->
<phase>install</phase>
<!-- Явно указываем файлы для локальной установки -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- Принудительное обновление метаданных проекта -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- Контрольные суммы для проверки целостности -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
maven-javadoc-plugin
Çêkirina javadoc ji bo projeyê.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
<phase>prepare-package</phase>
<configuration>
<!-- Очень помогает в публичных проектах -->
<failOnError>true</failOnError>
<failOnWarnings>true</failOnWarnings>
<!-- Убирает ошибку поиска документации в target директории -->
<detectOfflineLinks>false</detectOfflineLinks>
</configuration>
</execution>
</executions>
</plugin>Ger modulek we heye ku java nahewîne (mînakî tenê çavkaniyan)
An jî hûn naxwazin di prensîbê de javadoc biafirînin, wê hingê bibin alîkar maven-jar-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>empty-javadoc-jar</id>
<phase>generate-resources</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>javadoc</classifier>
<classesDirectory>${basedir}/javadoc</classesDirectory>
</configuration>
</execution>
</executions>
</plugin>
maven-gpg-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<!-- Сборка будет падать, если отсутствует GPG ключ -->
<!-- Подписываем артефакты только на фазе deploy -->
<phase>deploy</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
nexus-staging-maven-plugin
Veavakirin:
<project>
<!-- ... -->
<build>
<plugins>
<!-- ... -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- Обновляем метаданные, чтобы пометить артефакт как release -->
<!-- Не влияет на snapshot версии -->
<updateReleaseInfo>true</updateReleaseInfo>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<!-- Отключаем плагин -->
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype</id>
<name>Nexus Snapshot Repository</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>Ger projeyek weya pir-modûl hebe û hûn ne hewce ne ku modulek taybetî li depoyê bar bikin, wê hingê pêdivî ye ku hûn lê zêde bikin nexus-staging-maven-plugin bi ala skipNexusStagingDeployMojo
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
</plugin>
</plugins>
</build>Piştî dakêşandinê, guhertoyên snapshot / berdanê tê de hene
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- Не надо указывать флаги snapshot/release для репозитория -->
</repository>
</repositories>Zêdetir pluss
- Lîsteyek pir dewlemend a armancên ji bo xebata bi depoya nexus (
mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin). - Kontrola berdana otomatîkî ji bo barkirina maven navendî
Di encama
Weşana guhertoya SNAPSHOT
Dema ku projeyek ava dike, gengaz e ku meriv bi destan karek bide destpêkirin da ku guhertoya SNAPSHOT ji nexus re dakêşîne
Dema ku ev peywir tê destpêkirin, di projeya bicîhkirinê de peywira têkildar tê dest pê kirin ().
Têketinê qutkirî
Running with gitlab-runner 11.10.0 (3001a600)
on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0 [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO] Updating project org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:client
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:test-core
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:testng
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:client
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO] * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [ 2.375 s]
[INFO] test-core .......................................... SUCCESS [ 3.929 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------Wekî encamek, guherto di nexusê de tê barkirin .
Hemî guhertoyên snapshot dikarin ji depoya li ser malperê werin jêbirin di bin hesabê we de.
Weşandina guhertoyek berdanê
Dema ku etîketek tê saz kirin, di projeya bicîhkirinê de peywira têkildar bixweber tê dest pê kirin da ku guhertoya berdanê ji nexus re dakêşe ().
Beşa çêtirîn ev e ku serbestberdana nêzîk bixweber di nexusê de tê destpêkirin.
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------Û heke tiştek xelet derkeve, dê peywir bê guman têk bibe
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------Di encamê de, em tenê bi yek bijartî re dimînin. An vê guhertoyê jêbikin an jî biweşînin.
Piştî serbestberdanê, piştî demek şûnda dê huner tê de bin
derî behsê
Ji bo min vedîtinek bû ku maven depoyên giştî yên din nîşan dide.
Diviya bû ku ez robots.txt lê zêde bikim ji ber ku ew depoya min a kevn îndeks kir.
encamê
Tiştê ku me heye
- Projeyek veqetandî ya cihê ku tê de hûn dikarin gelek peywirên CI-yê ji bo barkirina huneran li depoyên gelemperî ji bo zimanên pêşkeftinê yên cihêreng bicîh bikin.
- Projeya Deploy ji destwerdana derveyî veqetandî ye û tenê ji hêla bikarhênerên bi rola Xwedî û Xwedîder ve dikare were guheztin.
- Runnerek Taybet a veqetandî bi kaşek "germ" ve ku tenê peywiran dimeşîne.
- Di depoyek giştî de guhertoyên snapshot/berdan weşandin.
- Kontrolkirina otomatîkî ya guhertoya berdanê ji bo amadebûna ji bo weşanê li navenda maven.
- Parastina li dijî weşana otomatîkî ya guhertoyên "raw" li navenda maven.
- Guhertoyên wêneyê "li ser klîk" ava bikin û biweşînin.
- Depoyek yekane ya ji bo bidestxistina guhertoyên wênekêş / berdanê.
- Rêzeya gelemperî ji bo avakirina / ceribandin / weşandina projeyek java.
Sazkirina GitLab CI ne mijarek tevlihev e ku di nihêrîna pêşîn de xuya dike. Bes e ku meriv çend caran CI-ê li ser bingehek kilît saz bike, û naha hûn di vê mijarê de ji amatorek dûr in. Wekî din, belgeyên GitLab pir zêde ne. Ji avêtina gava yekem netirsin. Rê di bin gavên kesê ku dimeşe xuya dike (Kê gotiye nayê bîra min:)
Ez ê kêfxweş bibim ku bersivê werbigirim.
Di gotara din de ez ê bipeyivim ka meriv çawa GitLab CI-ê çawa mîheng dike da ku peywirên bi ceribandinên entegrasyonê re bi pêşbazî bimeşîne (xebata karûbarên di bin ceribandinê de bi karanîna docker-compose) heke we tenê yek gerokek şêlê hebe.
Source: www.habr.com