[Email geschützt] Login

ProHoster > Blog > Administratioun > GitLab CI opzestellen fir e Java-Projet op Maven Central eropzelueden

GitLab CI opzestellen fir e Java-Projet op Maven Central eropzelueden

Dësen Artikel ass geduecht fir Java Entwéckler déi hir Produkter séier op Sonatype an / oder Maven zentrale Repositories mat GitLab verëffentleche mussen. An dësem Artikel schwätze ech iwwer Gitlab-runner, gitlab-ci a maven-Plugin opzestellen fir dëse Problem ze léisen.

Viraussetzungen:

Séchert Späichere vu mvn a GPG Schlësselen.
Sécher Ausféierung vun ëffentlechen CI Aufgaben.
Eroplueden vun Artefakte (Verëffentlechung / Snapshot) op ëffentlech Repositories.
Automatesch Kontroll vun Verëffentlechungsversioune fir Verëffentlechung am Maven Central.
Eng allgemeng Léisung fir Artefakte op e Repository fir verschidde Projeten eropzelueden.
Einfachheet an einfacher Benotzung.

Inhalt

Allgemeng Informatiounen
En Deployprojet op GitLab opsetzen
GitLab Runner
- Spezifesch Runner
- Shared Runner
GitLab CI
- Deploy Projet
- Java Projet
pom.xml Configuratioun
Resultat
- Snapshot Versioun publizéieren
- Verëffentlechung vun der Verëffentlechung Versioun
Konklusioun

Allgemeng Informatiounen

Eng detailléiert Beschreiwung vum Mechanismus fir d'Verëffentlechung vun Artefakte op Maven Central iwwer de Sonatype OSS Repository Hosting Service ass scho beschriwwen an dësen Artikel Benotzer Googolplex, Also ech wäert dësen Artikel op de richtege Plazen verweisen.
Pre-Umeldung um Sonatyp JIRA a start en Ticket fir de Repository opzemaachen (fir méi Detailer, liest d'Sektioun Erstellt e Sonatype JIRA Ticket). Nodeems Dir de Repository opgemaach huet, gëtt de JIRA Login/Passwuert Pair (nodréiglech de Sonatype Kont bezeechent) benotzt fir Artefakte op de Sonatype Nexus eropzelueden.
Weider ass de Prozess fir e GPG Schlëssel ze generéieren ganz dréchen beschriwwen. Gesinn der Rubrik fir méi Detailer. GnuPG konfiguréieren fir Artefakte z'ënnerschreiwen
Wann Dir d'Linux Konsole benotzt fir e GPG Schlëssel ze generéieren (gnupg / gnupg2), da musst Dir installéieren rng-Tools Entropie ze generéieren. Soss kann Schlëssel Generatioun ganz laang daueren.
Stockage Servicer ëffentlech GPG Schlësselen
- http://keys.gnupg.net
- http://pool.sks-keyservers.net
- http://keyserver.ubuntu.com

En Deployprojet op GitLab opsetzen

Als éischt musst Dir e Projet erstellen an konfiguréieren an deem d'Pipeline fir d'Deployment vun Artefakte gespäichert gëtt. Ech hunn mäi Projet einfach an onkomplizéiert genannt - setzen
Nodeems Dir de Repository erstallt hutt, musst Dir den Zougang beschränken fir de Repository z'änneren.
Gitt op de Projet -> Astellungen -> Repository -> Geschützt Branches. Mir läschen all Reegelen a fügen eng eenzeg Regel mat Wildcard * mat dem Recht op ze drécken a fusionéieren nëmme fir Benotzer mat der Maintainer Roll. Dës Regel funktionnéiert souwuel fir all Benotzer vun dësem Projet wéi och fir de Grupp zu deem dëse Projet gehéiert.
Wann et e puer Ënnerhalter gëtt, da wier déi bescht Léisung den Zougang zum Projet am Prinzip ze beschränken.
Gitt op de Projet -> Astellungen -> Allgemeng -> Visibilitéit, Projetsfeatures, Permissiounen a setzt Project Visibilitéit op private.
Ech hunn e Projet am ëffentlechen Zougang, well ech meng eegen GitLab Runner benotzen an nëmmen ech hunn Zougang fir de Repository z'änneren. Gutt, tatsächlech ass et net a mengem Interesse privat Informatioun an ëffentleche Pipeline Logbicher ze weisen.
Stäerkt d'Regele fir de Repository z'änneren
Gitt op de Projet -> Astellungen -> Repository -> Push Regelen a setzt d'Fändelen Committer Restriktioun, Kontrolléiert ob den Auteur e GitLab Benotzer ass. Ech recommandéieren och Kader ënnerschreiwen engagéieren, a setzt de Reject unsigned commits Fändel.
Als nächst musst Dir en Ausléiser konfiguréieren fir Aufgaben ze lafen
Gitt op Projet -> Astellungen -> CI / CD -> Pipeline Trigger a erstellt en neien Trigger-Token
Dësen Token kann direkt an d'allgemeng Konfiguratioun vu Variablen fir eng Grupp vu Projete bäigefüügt ginn.
Gitt an d'Grupp -> Astellungen -> CI / CD -> Variablen a füügt eng Variabel derbäi DEPLOY_TOKEN mat Trigger-Token am Wäert.

GitLab Runner

Dës Sektioun beschreift d'Konfiguratioun fir d'Ausféierung vun Aufgaben mat Ärem eegenen (Spezifizesche) an ëffentlechen (Shared) Leefer.

Spezifesch Runner

Ech benotze meng eegen Leefer, well et ass als éischt praktesch, séier, bëlleg.
Fir Leefer ech recommandéieren Linux VDS mat 1 CPU, 2 GB RAM, 20 GB HDD. Ausgabepräis ~ 3000 ₽ pro Joer.

Mäi Leefer

Fir de Leefer hunn ech VDS 4 CPU, 4 GB RAM, 50 GB SSD. Kascht ~ 11000₽ an huet et ni bedauert.
Ech hunn am Ganzen 7 Maschinnen. 5 op Aruba an 2 op ihor.

Also, mir hunn e Leefer. Elo wäerte mir et opsetzen.
Mir ginn op d'Maschinn iwwer SSH an installéieren Java, Git, Maven, gnupg2.

Gitlab Runner installéieren

Schafen eng nei Grupp runner
```
sudo groupadd runner
```
Erstellt e Verzeechnes fir de Maven Cache a gitt Grupprechter zou runner
Dir kënnt dëse Schrëtt iwwersprangen wann Dir net plangt méi Leefer op der selwechter Maschinn ze lafen.
```
mkdir -p /usr/cache/.m2/repository
chown -R :runner /usr/cache
chmod -R 770 /usr/cache
```

Erstellt e Benotzer gitlab-deployer an dobäi an de Grupp runner

useradd -m -d /home/gitlab-deployer gitlab-deployer
usermod -a -G runner gitlab-deployer

Add to file /etc/ssh/sshd_config nächst Linn
```
AllowUsers root@* [email protected]
```
Neistarten sshd
```
systemctl restart sshd
```
Setzt e Passwuert fir de Benotzer gitlab-deployer (et kann einfach sinn, well et eng Restriktioun fir localhost gëtt)
```
passwd gitlab-deployer
```

Installéiert GitLab Runner (Linux x86-64)

sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64
sudo chmod +x /usr/local/bin/gitlab-runner
ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner
ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner

Gitt op d'Websäit gitlab.com -> deploy-project -> Astellungen -> CI/CD -> Runners -> Spezifesch Runners a kopéiert d'Registrierungstoken

Écran

Aschreiwung vum Leefer

gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml

Prozess

Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded                     runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

Kontrolléiert datt de Leefer registréiert ass. Gitt op gitlab.com -> deploy-project -> Astellungen -> CI/CD -> Leefer -> Spezifesch Leefer -> Leefer aktivéiert fir dëse Projet

Écran

Füügt trennen Déngscht /etc/systemd/system/gitlab-deployer.service

[Unit]
Description=GitLab Deploy Runner
After=syslog.target network.target
ConditionFileIsExecutable=/usr/local/bin/gitlab-runner
[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer"
Restart=always
RestartSec=120
[Install]
WantedBy=multi-user.target

Mir starten de Service.

systemctl enable gitlab-deployer.service
systemctl start gitlab-deployer.service
systemctl status gitlab-deployer.service

Kontrolléiert datt de Leefer leeft.

Beispill:

GPG Schlëssel Generatioun

Vun der selwechter Maschinn gi mir iwwer ssh ënner dem Benotzer gitlab-deployer (dëst ass wichteg fir de GPG Schlëssel ze generéieren)
```
ssh [email protected]
```
Mir generéieren e Schlëssel andeems mir Froen beäntweren. Ech hunn mäin eegenen Numm an E-Mail benotzt.
Gitt sécher d'Passwuert fir de Schlëssel ze spezifizéieren. Artefakte ginn mat dësem Schlëssel ënnerschriwwen.
```
gpg --gen-key 
```

Iwwerpréiwen

gpg --list-keys -a
/home/gitlab-deployer/.gnupg/pubring.gpg
----------------------------------------
pub   4096R/00000000 2019-04-19
uid                  Petruha Petrov <[email protected]>
sub   4096R/11111111 2019-04-19

Eroplueden eisen ëffentleche Schlëssel op de Schlësselserver

gpg --keyserver keys.gnupg.net --send-key 00000000
gpg: sending key 00000000 to hkp server keys.gnupg.net

Maven Setup

Mir ginn ënnert de Benotzer gitlab-deployer
```
su gitlab-deployer 
```
Erstellt e Maven Verzeichnis Repository a Link mam Cache (maacht kee Feeler)
Dëse Schrëtt kann iwwersprangen ginn wann Dir net plangt e puer Leefer op der selwechter Maschinn ze lafen.
```
mkdir -p ~/.m2/repository
ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository
```

Schafen eng Meeschtesch Schlëssel

mvn --encrypt-master-password password
{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}

Erstellt Datei ~/.m2/settings-security.xml

<settingsSecurity>
<master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master>
</settingsSecurity>

Verschlësselung vum Passwuert fir de Sonatype Kont

mvn --encrypt-password SONATYPE_PASSWORD
{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}

Erstellt Datei ~/.m2/settings.xml

<settings>  
<profiles>
    <profile>
        <id>env</id>
        <activation>
            <activeByDefault>true</activeByDefault>
        </activation>
        <properties>
            <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase>
        </properties>
    </profile>
</profiles>
<servers>
    <server>
        <id>sonatype</id>
        <username>SONATYPE_USERNAME</username>
        <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password>
    </server>
</servers>
</settings>

wou,
GPG_SECRET_KEY_PASSPHRASE - GPG Schlëssel Passwuert
SONATYPE_USERNAME - sonatype Kont Login

Dëst fäerdeg de Leefer Setup, Dir kënnt op d'Sektioun weidergoen GitLab CI

Shared Runner

GPG Schlëssel Generatioun

Als éischt musst Dir e GPG Schlëssel erstellen. Fir dëst ze maachen, installéiert gnupg.
```
yum install -y gnupg
```
Mir generéieren e Schlëssel andeems mir Froen beäntweren. Ech hunn mäin eegenen Numm an E-Mail benotzt. Gitt sécher d'Passwuert fir de Schlëssel ze spezifizéieren.
```
gpg --gen-key 
```

Recuperéieren Schlëssel Informatiounen

gpg --list-keys -a
pub   rsa3072 2019-04-24 [SC] [expires: 2021-04-23]
  2D0D1706366FC4AEF79669E24D09C55BBA3FD728
uid           [ultimate] tttemp <[email protected]>
sub   rsa3072 2019-04-24 [E] [expires: none]

Eroplueden eisen ëffentleche Schlëssel op de Schlësselserver

gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728
gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net

Gitt e private Schlëssel

gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728
-----BEGIN PGP PRIVATE KEY BLOCK-----
lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5
...
=2Wd2
-----END PGP PRIVATE KEY BLOCK-----

Gitt op de Projet Astellungen -> Astellungen -> CI / CD -> Variablen a späichert de private Schlëssel an enger Variabel GPG_SECRET_KEY

Maven Setup

Schafen eng Meeschtesch Schlëssel

mvn --encrypt-master-password password
{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}

Gitt op de Projet Astellungen -> Astellungen -> CI / CD -> Variablen a späichert an enger Variabel SETTINGS_SECURITY_XML déi folgend Zeilen:
```
<settingsSecurity>
<master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master>
</settingsSecurity>
```

Verschlësselung vum Passwuert fir de Sonatype Kont

mvn --encrypt-password SONATYPE_PASSWORD
{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}

Gitt op de Projet Astellungen -> Astellungen -> CI / CD -> Variablen a späichert an enger Variabel SETTINGS_XML déi folgend Zeilen:

<settings>  
<profiles>
    <profile>
        <id>env</id>
        <activation>
            <activeByDefault>true</activeByDefault>
        </activation>
        <properties>
            <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase>
        </properties>
    </profile>
</profiles>
<servers>
    <server>
        <id>sonatype</id>
        <username>sonatype_username</username>
        <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password>
    </server>
</servers>
</settings>

wou,
GPG_SECRET_KEY_PASSPHRASE - GPG Schlëssel Passwuert
SONATYPE_USERNAME - sonatype Kont Login

Deploy Docker Bild

Mir kreéieren eng zimlech einfach Dockerfile fir Aufgaben op Deploy mat der gewënschter Versioun vu Java auszeféieren. Drënner ass e Beispill fir alpine.

FROM java:8u111-jdk-alpine
RUN apk add gnupg maven git --update-cache 
--repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && 
mkdir ~/.m2/

Bauen e Container fir Äre Projet

docker build -t registry.gitlab.com/group/deploy .

Mir authentifizéieren a lued de Container an de Registry.

docker login -u USER -p PASSWORD registry.gitlab.com
docker push registry.gitlab.com/group/deploy

GitLab CI

Deploy Projet

Füügt d'Datei .gitlab-ci.yml un der Wuerzel vum Deployprojet
De Skript stellt zwee géigesäiteg exklusiv Deployment Aufgaben vir. Spezifesch Runner oder Shared Runner respektiv.

.gitlab-ci.yml

stages:
  - deploy

Specific Runner:
  extends: .java_deploy_template
  # Задача будет выполняться на вашем shell-раннере
  tags:
    - deploy

Shared Runner:
  extends: .java_deploy_template
  # Задача будет выполняться на публичном docker-раннере
  tags:
    - docker
  # Образ из раздела GitLab Runner -> Shared Runner -> Docker
  image: registry.gitlab.com/group/deploy-project:latest
  before_script:
    # Импортируем GPG ключ
    - printf "${GPG_SECRET_KEY}" | gpg --batch --import
    # Сохраняем maven конфигурацию
    - printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
    - printf "${SETTINGS_XML}" > ~/.m2/settings.xml

.java_deploy_template:
  stage: deploy
  # Задача сработает по триггеру, если передана переменная DEPLOY со значением java
  only:
    variables:
    - $DEPLOY == "java"
  variables:
    # отключаем клонирование текущего проекта
    GIT_STRATEGY: none
  script:
    # Предоставляем возможность хранения пароля в незашифрованном виде
    - git config --global credential.helper store
    # Сохраняем временные креды пользователя gitlab-ci-token
    # Токен работает для всех публичных проектов gitlab.com и для проектов группы
    - echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
    # Полностью чистим текущую директорию
    - rm -rf .* *
    # Клонируем проект который, будем деплоить в Sonatype Nexus
    - git clone ${DEPLOY_CI_REPOSITORY_URL} .
    # Переключаемся на нужный коммит
    - git checkout ${DEPLOY_CI_COMMIT_SHA} -f
    # Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
    # В противном случае есть риск залить сырые артефакты в maven central
    - >
      for pom in $(find . -name pom.xml); do
        if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
          echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
          exit 1;
        fi;
      done
    # Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
    - >
      if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
        mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
      else
        VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
        if [[ "${VERSION}" == *-SNAPSHOT ]]; then
          mvn versions:set -DnewVersion=${VERSION}
        else
          mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
        fi
      fi
    # Запускаем задачу на сборку и деплой артефактов
    - mvn clean deploy -DskipTests=true

Java Projet

An Java Projeten déi sollen op ëffentlech Repositories eropgeluede ginn, musst Dir 2 Schrëtt derbäi fir d'Verëffentlechung a Snapshot Versiounen erofzelueden.

.gitlab-ci.yml

stages:
  - build
  - test
  - verify
  - deploy

<...>

Release:
  extends: .trigger_deploy
  # Запускать задачу только пo тегу.
  only:
    - tags

Snapshot:
  extends: .trigger_deploy
  # Запускаем задачу на публикацию SNAPSHOT версии вручную
  when: manual
  # Не запускать задачу, если проставлен тег.
  except:
    - tags

.trigger_deploy:
  stage: deploy
  variables:
    # Отключаем клонирование текущего проекта
    GIT_STRATEGY: none
    # Ссылка на триггер deploy-задачи
    URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
    # Переменные deploy-задачи
    POST_DATA: "
      token=${DEPLOY_TOKEN}&
      ref=master&
      variables[DEPLOY]=${DEPLOY}&
      variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
      variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
      variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
      variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
      "
  script:
    # Не использую cURL, так как с флагами --fail --show-error
    # он не выводит тело ответа, если HTTP код 400 и более 
    - wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}

An dëser Léisung sinn ech e bësse méi wäit gaang an hunn decidéiert eng CI Schabloun fir Java Projeten ze benotzen.

Méi Detailer

Ech hunn e separate Projet erstallt gitlab-ci an deem ech eng CI Schabloun fir Java Projeten gesat hunn gemeinsam.yml.

gemeinsam.yml

stages:
  - build
  - test
  - verify
  - deploy

variables:
  SONAR_ARGS: "
  -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} 
  -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME} 
  "

.build_java_project:
  stage: build
  tags:
    - touchbit-shell
  variables:
    SKIP_TEST: "false"
  script:
    - mvn clean
    - mvn package -DskipTests=${SKIP_TEST}
  artifacts:
    when: always
    expire_in: 30 day
    paths:
      - "*/target/reports"

.build_sphinx_doc:
  stage: build
  tags:
    - touchbit-shell
  variables:
    DOCKERFILE: .indirect/docs/Dockerfile
  script:
    - docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .

.junit_module_test_run:
  stage: test
  tags:
    - touchbit-shell
  variables:
    MODULE: ""
  script:
    - cd ${MODULE}
    - mvn test
  artifacts:
    when: always
    expire_in: 30 day
    paths:
      - "*/target/reports"

.junit_test_run:
  stage: test
  tags:
    - touchbit-shell
  script:
    - mvn test
  artifacts:
    when: always
    expire_in: 30 day
    paths:
    - "*/target/reports"

.sonar_review:
  stage: verify
  tags:
    - touchbit-shell
  dependencies: []
  script:
    - >
      if [ "$CI_BUILD_REF_NAME" == "master" ]; then
        mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
      else
        mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
      fi

.trigger_deploy:
  stage: deploy
  tags:
    - touchbit-shell
  variables:
    URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
    POST_DATA: "
      token=${DEPLOY_TOKEN}&
      ref=master&
      variables[DEPLOY]=${DEPLOY}&
      variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
      variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
      variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
      variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
      "
  script:
  - wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}

.trigger_release_deploy:
  extends: .trigger_deploy
  only:
    - tags

.trigger_snapshot_deploy:
  extends: .trigger_deploy
  when: manual
  except:
    - tags

Als Resultat, an de Java Projeten selwer, gesäit .gitlab-ci.yml ganz kompakt an net verbose aus

.gitlab-ci.yml

include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml

Shields4J:
  extends: .build_java_project

Sphinx doc:
  extends: .build_sphinx_doc
  variables:
    DOCKERFILE: .docs/Dockerfile

Sonar review:
  extends: .sonar_review
  dependencies:
    - Shields4J

Release:
  extends: .trigger_release_deploy

Snapshot:
  extends: .trigger_snapshot_deploy

pom.xml Configuratioun

Dëst Thema gëtt am Detail beschriwwen. Googolplex в Maven opsetzen fir automatesch Artefakte op Snapshot- a Staging Repositories z'ënnerschreiwen an eropzelueden, Also wäert ech e puer vun den Nuancen vun der Benotzung vu Plugins beschreiwen. Ech wäert och beschreiwen wéi einfach an natierlech Dir benotze kënnt nexus-staging-maven-pluginwann Dir net wëllt oder kann org.sonatype.oss:oss-parent als Elterendeel fir Äre Projet benotzen.

maven-install-plugin

Installéiert Moduler an de lokale Repository.
Ganz nëtzlech fir lokal Verifizéierung vu Léisungen an anere Projeten, souwéi e Checksum.

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-install-plugin</artifactId>
  <executions>
    <execution>
      <id>install-project</id>
      <!-- Если у вас многомодульный проект с деплоем родительского помика -->
      <phase>install</phase>
      <!-- Явно указываем файлы для локальной установки -->
      <configuration>
        <file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
        <pomFile>dependency-reduced-pom.xml</pomFile>
        <!-- Принудительное обновление метаданных проекта -->
        <updateReleaseInfo>true</updateReleaseInfo>
        <!-- Контрольные суммы для проверки целостности -->
        <createChecksum>true</createChecksum>
      </configuration>
    </execution>
  </executions>
</plugin>

maven-javadoc-plugin

Generéiere Javadoc fir de Projet.

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-javadoc-plugin</artifactId>
  <executions>
    <execution>
      <goals>
        <goal>jar</goal>
      </goals>
      <!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
      <phase>prepare-package</phase>
      <configuration>
        <!-- Очень помогает в публичных проектах -->
        <failOnError>true</failOnError>
        <failOnWarnings>true</failOnWarnings>
        <!-- Убирает ошибку поиска документации в target директории -->
        <detectOfflineLinks>false</detectOfflineLinks>
      </configuration>
    </execution>
  </executions>
</plugin>

Wann Dir e Modul hutt deen net Java enthält (zum Beispill nëmmen Ressourcen)
Oder Dir wëllt net Javadoc am Prinzip generéieren, dann ze hëllefen maven-jar-plugin

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-jar-plugin</artifactId>
  <executions>
    <execution>
      <id>empty-javadoc-jar</id>
      <phase>generate-resources</phase>
      <goals>
        <goal>jar</goal>
      </goals>
      <configuration>
        <classifier>javadoc</classifier>
        <classesDirectory>${basedir}/javadoc</classesDirectory>
      </configuration>
    </execution>
  </executions>
</plugin>

maven-gpg-plugin

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-gpg-plugin</artifactId>
  <executions>
    <execution>
      <id>sign-artifacts</id>
      <!-- Сборка будет падать, если отсутствует GPG ключ -->
      <!-- Подписываем артефакты только на фазе deploy -->
      <phase>deploy</phase>
      <goals>
        <goal>sign</goal>
      </goals>
    </execution>
  </executions>
</plugin>

nexus-staging-maven-plugin

Konfiguratioun:

<project>
  <!-- ... -->
  <build>
    <plugins>
      <!-- ... -->
      <plugin>
        <groupId>org.sonatype.plugins</groupId>
        <artifactId>nexus-staging-maven-plugin</artifactId>
      </plugin>
    </plugins>
    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.sonatype.plugins</groupId>
          <artifactId>nexus-staging-maven-plugin</artifactId>
          <extensions>true</extensions>
          <configuration>
            <serverId>sonatype</serverId>
            <nexusUrl>https://oss.sonatype.org/</nexusUrl>
            <!-- Обновляем метаданные, чтобы пометить артефакт как release -->
            <!-- Не влияет на snapshot версии -->
            <updateReleaseInfo>true</updateReleaseInfo>
          </configuration>
        </plugin>
        <plugin>
          <groupId>org.apache.maven.plugins</groupId>
          <artifactId>maven-deploy-plugin</artifactId>
          <configuration>
            <!-- Отключаем плагин -->
            <skip>true</skip>
          </configuration>
        </plugin>
      </plugins>
    </pluginManagement>
  </build>
  <distributionManagement>
    <snapshotRepository>
      <id>sonatype</id>
      <name>Nexus Snapshot Repository</name>
      <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </snapshotRepository>
    <repository>
      <id>sonatype</id>
      <name>Nexus Release Repository</name>
      <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
    </repository>
  </distributionManagement>
</project>

Wann Dir e Multi-Modul-Projet hutt, an Dir braucht kee spezifesche Modul an de Repository eropzelueden, da musst Dir op de pom.xml vun dësem Modul addéieren nexus-staging-maven-plugin mat Fändel skipNexusStagingDeployMojo

<build>
  <plugins>
    <plugin>
      <groupId>org.sonatype.plugins</groupId>
      <artifactId>nexus-staging-maven-plugin</artifactId>
      <configuration>
        <skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
      </configuration>
    </plugin>
  </plugins>
</build>

Nom Eroplueden Snapshot / Verëffentlechung Versioune sinn verfügbar an Staging Repositories

<repositories>
  <repository>
    <id>SonatypeNexus</id>
    <url>https://oss.sonatype.org/content/groups/staging/</url>
    <!-- Не надо указывать флаги snapshot/release для репозитория -->
  </repository>
</repositories>

Méi pluses

Eng ganz räich Lëscht vun Ziler fir mam Nexus Repository ze schaffen (mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin).
Automatesch Verëffentlechungscheck fir Downloadbarkeet am Maven Central

Resultat

Verëffentlechung vun enger SNAPSHOT Versioun

Wann Dir e Projet baut, ass et méiglech eng Aufgab manuell ze starten fir d'SNAPSHOT Versioun op Nexus erofzelueden

Wann dës Aufgab lancéiert gëtt, gëtt déi entspriechend Aufgab am Deployprojet ausgeléist (Beispill).

geschnidde Logbicher

Running with gitlab-runner 11.10.0 (3001a600)
  on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
  git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO]   ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
[INFO] Shields4J                                                          [pom]
[INFO] test-core                                                          [jar]
[INFO] Shields4J client                                                   [jar]
[INFO] TestNG listener                                                    [jar]
[INFO] 
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0                                           [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO] 
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO]     Updating project org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] Processing org.touchbit.shields4j:client
[INFO]     Updating parent org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]     Updating dependency org.touchbit.shields4j:test-core
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] Processing org.touchbit.shields4j:test-core
[INFO]     Updating parent org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] Processing org.touchbit.shields4j:testng
[INFO]     Updating parent org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]     Updating dependency org.touchbit.shields4j:client
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]     Updating dependency org.touchbit.shields4j:test-core
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0 .................................... SUCCESS [  0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO]   ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
[INFO] Shields4J                                                          [pom]
[INFO] test-core                                                          [jar]
[INFO] Shields4J client                                                   [jar]
[INFO] TestNG listener                                                    [jar]
[INFO] 
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT                                  [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO]  * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [  2.375 s]
[INFO] test-core .......................................... SUCCESS [  3.929 s]
[INFO] Shields4J client ................................... SUCCESS [  3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------

Als Resultat gëtt d'Nexus Versioun gelueden 1.0.0-SNAPSHOT.

All Snapshot Versioune kënnen aus dem Repository um Site geläscht ginn oss.sonatype.org ënner Ärem Kont.

Verëffentlechung vun der Verëffentlechung Versioun

Wann de Tag gesat ass, gëtt déi entspriechend Aufgab am Deployprojet automatesch ausgeléist fir d'Verëffentlechungsversioun op Nexus eropzelueden (Beispill).

Dee beschten Deel ass datt enk Verëffentlechung automatesch am Nexus ausléist.

[INFO] Performing remote staging...
[INFO] 
[INFO]  * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO]  * Created staging repository with ID "orgtouchbit-1037".
[INFO]  * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO]  * Uploading locally staged artifacts to profile org.touchbit
[INFO]  * Upload of locally staged artifacts finished.
[INFO]  * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0 .................................... SUCCESS [  9.603 s]
[INFO] test-core .......................................... SUCCESS [  3.419 s]
[INFO] Shields4J client ................................... SUCCESS [  9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------

A wann eppes falsch gaang ass, da wäert d'Aufgab versoen

[INFO] Performing remote staging...
[INFO] 
[INFO]  * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO]  * Created staging repository with ID "orgtouchbit-1038".
[INFO]  * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO]  * Uploading locally staged artifacts to profile org.touchbit
[INFO]  * Upload of locally staged artifacts finished.
[INFO]  * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR] 
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR] 
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR]   Rule "signature-staging" failures
[ERROR]     * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on &lt;a href=http://keys.gnupg.net:11371/&gt;http://keys.gnupg.net:11371/&lt;/a&gt;. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR]  * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR]  * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0 .................................... SUCCESS [  4.073 s]
[INFO] test-core .......................................... SUCCESS [  2.788 s]
[INFO] Shields4J client ................................... SUCCESS [  3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------

Als Resultat hu mir nëmmen eng Wiel. Oder dës Versioun läschen oder publizéieren.

No der Verëffentlechung, no enger Zäit, wäerten d'Artefakte erakommen

offtopic

Et war eng Offenbarung fir mech datt Maven aner ëffentlech Repositories indexéiert.
Ech hu misse robots.txt eropluede well et meng al Repository indexéiert huet.

Konklusioun

Wat mir hunn

En separaten Deployprojet an deem Dir verschidde CI Aufgaben implementéiere kënnt fir Artefakte op ëffentlech Repositories fir verschidden Entwécklungssproochen eropzelueden.
Den Deploymentprojet ass vun externen Interferenz isoléiert a kann nëmme vu Benotzer mat de Besëtzer a Maintainer Rollen geännert ginn.
Отдельный Specific Runner с "горячим" кэшем для запуска только deploy задач.
Verëffentlechung vun Snapshot / Verëffentlechung Versiounen an engem ëffentleche Repository.
Automatesch Kontroll vun der Verëffentlechung Versioun fir Bereetschaft fir Publikatioun an Maven Central.
Защита от автоматической публикации "сырых" версий в maven central.
Сборка и публикация snapshot версий "по клику".
Een eenzege Repository fir Snapshot / Release Versiounen ze kréien.
Allgemeng Pipeline fir ze bauen / Testen / Verëffentlechung vun engem Java Projet.

Настройка GitLab CI не такая сложная тема как кажется на первый взгляд. Достаточно пару раз настроить CI "под ключ" и вот, ты уже далеко не дилетант в этом деле. Тем более GitLab документация весьма избыточна. Не бойтесь делать первый шаг. Дорога возникает под шагами идущего (не помню кто сказал 🙂 ).

Ech wäert frou Feedback.

Am nächsten Artikel weisen ech Iech wéi Dir GitLab CI opstellt fir Integratiounstestaufgaben kompetitiv ze lafen (Testservicer mat Docker-compose lafen) wann Dir nëmmen ee Shell Runner hutt.

Source: will.com

Setzt e Commentaire annuléieren reply

Fir e Kommentar ze posten, braucht Dir aloggen.