Mametraka ny GitLab CI hampiditra tetikasa java ho an'ny maven central

Ity lahatsoratra ity dia natao ho an'ny mpamorona java izay mila mamoaka haingana ny vokatra ao amin'ny sonatype sy/na maven central repository mampiasa GitLab. Amin'ity lahatsoratra ity dia hiresaka momba ny fametrahana gitlab-runner, gitlab-ci ary maven-plugin aho hamahana ity olana ity.

Fepetra takiana:

• Fitehirizana azo antoka ny mvn sy GPG fanalahidy.
• Fanatanterahana azo antoka ny asan'ny CI ho an'ny daholobe.
• Mampakatra artifacts (famoahana/sary) any amin'ny tahiry ho an'ny daholobe.
• Fanamarinana mandeha ho azy ny dikan-teny famoahana ho an'ny famoahana ao amin'ny maven central.
• Vahaolana ankapobeny amin'ny fampiakarana artifacts amin'ny tahiry ho an'ny tetikasa marobe.
• Fahatsorana sy mora ampiasaina.

afa-po

• General information
• Mametraka fametrahana tetikasa ao amin'ny GitLab
• GitLab Runner
  • Mpihazakazaka manokana
    • Fametrahana gitlab runner
    • Mamorona fanalahidy GPG
    • Fametrahana Maven
  • Mpihazakazaka mizara
    • Mamorona fanalahidy GPG
    • Fametrahana Maven
    • Ampidiro sary docker
• GitLab CI
  • Mametraka tetikasa
  • tetikasa Java
• pom.xml configuration
  • maven-install-plugin
  • maven-javadoc-plugin
  • maven-gpg-plugin
  • nexus-staging-maven-plugin
• vokatra
  • Famoahana dikan-tsary snapshot
  • Famoahana dika famoahana
• famaranana

General information

• Ny famaritana amin'ny antsipiriany momba ny mekanika amin'ny famoahana artifact ao amin'ny Maven Central amin'ny alàlan'ny Sonatype OSS Repository Hosting Service dia efa nofaritana tao amin'ny Ity lahatsoratra ity mpampiasa Googolplex, noho izany dia hijery ity lahatsoratra ity amin'ny toerana mety aho.
• Misoratra anarana mialoha ho an'ny Sonatype JIRA ary sokafy tapakila hanokafana ny tahiry (vakio ny fizarana raha mila fanazavana fanampiny Mamorona tapakila amin'ny Sonatype JIRA). Aorian'ny fanokafana ny tahiry, dia hampiasaina handefasana artifacts amin'ny Sonatype nexus ny mpivady fidirana / tenimiafina avy amin'ny JIRA (antsoina hoe kaonty Sonatype).
• Manaraka izany, ny dingan'ny famokarana fanalahidy GPG dia voalaza fa maina be. Jereo ny fizarana raha mila fanazavana fanampiny Fanamboarana GnuPG hanasonia artifacts
• Raha mampiasa ny console Linux ianao hamorona fanalahidin'ny GPG (gnupg/gnupg2), dia mila mametraka izany ianao. rng-fitaovana mba hamoronana entropy. Raha tsy izany dia mety haharitra ela ny famoronana fototra.
• Serivisy fitahirizana -bahoaka GPG fanalahidy
  • http://keys.gnupg.net
  • http://pool.sks-keyservers.net
  • http://keyserver.ubuntu.com

Ho an'ny atiny

Mametraka tetikasa fametrahana ao amin'ny GitLab

• Voalohany indrindra, mila mamorona sy manamboatra tetikasa iray izay hitehirizana ny fantsona ho an'ny fametrahana artifacts ianao. Nomeko anarana tsotra sy tsy sarotra ny tetikasako - miisa
• Rehefa avy namorona ny tahiry ianao dia mila mametra ny fidirana hanovana ny tahiry.
  Mandehana any amin'ny tetikasa -> Settings -> Repository -> Sampana voaaro. Fafantsika ny fitsipika rehetra ary ampiana fitsipika tokana miaraka amin'ny Wildcard * miaraka amin'ny zo hanosika sy hanambatra afa-tsy ho an'ireo mpampiasa manana andraikitry ny Mpitantana. Ity fitsipika ity dia hiasa ho an'ny mpampiasa rehetra amin'ity tetikasa ity sy ny vondrona misy ity tetikasa ity.
  
• Raha misy mpikarakara maromaro, ny vahaolana tsara indrindra dia ny famerana ny fidirana amin'ny tetikasa amin'ny ankapobeny.
  Mandehana any amin'ny tetikasa -> Settings -> General -> Visibility, endri-javatra tetikasa, fahazoan-dàlana ary apetraho amin'ny fahitana ny tetikasa Private.
  Manana tetikasa azo idirana ho an'ny besinimaro aho, satria mampiasa ny GitLab Runner ahy aho ary izaho irery no afaka manova ny tahiry. Eny, raha ny marina, tsy mahaliana ahy ny mampiseho fampahalalana manokana amin'ny diarin'ny fantsona ho an'ny daholobe.
• Fanamafisana ny fitsipika momba ny fanovana ny tahiry
  Mandehana any amin'ny tetikasa -> Settings -> Repository -> Push Rules ary apetraho ny famerana ny Committer, Jereo raha saina mpampiasa GitLab ny mpanoratra. Manoro hevitra ny hametraka ihany koa aho manao sonia, ary apetraho ny saina Mandà tsy misy sonia.
• Avy eo dia mila manamboatra trigger ianao hanombohana asa
  Mandehana any amin'ny tetikasa -> Settings -> CI / CD -> Pipeline triggers ary mamorona trigger-token vaovao
  Ity mari-pamantarana ity dia azo ampidirina avy hatrany amin'ny fanefena ankapoben'ny variables ho an'ny vondrona tetikasa.
  Mandehana any amin'ny vondrona -> Settings -> CI / CD -> Variables ary ampio ny variable DEPLOY_TOKEN miaraka amin'ny sanda trigger-token.

Ho an'ny atiny

GitLab Runner

Ity fizarana ity dia mamaritra ny fanefena amin'ny fampandehanana asa amin'ny fampiasana ny mpihazakazakanao manokana (Specific) sy ho an'ny daholobe (Mizara).

Mpihazakazaka manokana

Mampiasa ny mpihazakazaka manokana aho satria, voalohany indrindra, mety, haingana ary mora.
Ho an'ny mpihazakazaka, manoro hevitra aho Linux VDS misy CPU 1, 2 GB RAM, 20 GB HDD. Ny vidin'ny famoahana dia ~3000₽ isan-taona.

Ny mpihazakazaka ahy

Ho an'ny mpihazakazaka dia naka VDS 4 CPU, 4 GB RAM, 50 GB SSD aho. Vidiny ~11000₽ ary tsy nanenina mihitsy.
Manana milina 7 aho. 5 amin'ny aruba ary 2 amin'ny ihor.

Noho izany dia manana mpihazakazaka izahay. Ankehitriny dia hamboarina izany.
Mandeha amin'ny milina amin'ny SSH izahay ary mametraka java, git, maven, gnupg2.

Ho an'ny atiny

Fametrahana gitlab runner

• Mamorona vondrona vaovao runner

  sudo groupadd runner

• Mamorona lahatahiry ho an'ny cache maven ary omeo alalana vondrona runner
  Azonao atao ny mandingana an'io teboka io raha tsy mikasa ny hampandeha mpihazakazaka maromaro amin'ny milina iray ianao.

  mkdir -p /usr/cache/.m2/repository
  chown -R :runner /usr/cache
  chmod -R 770 /usr/cache

• Mamorona mpampiasa gitlab-deployer ary ampio ao amin'ny vondrona runner

  useradd -m -d /home/gitlab-deployer gitlab-deployer
  usermod -a -G runner gitlab-deployer

• Ampio amin'ny rakitra /etc/ssh/sshd_config andalana manaraka

  AllowUsers root@* [email protected]

• Reboot sshd

  systemctl restart sshd

• Mametraka tenimiafina ho an'ny mpampiasa gitlab-deployer (mety ho tsotra, satria misy famerana ny localhost)

  passwd gitlab-deployer

• Mametraka GitLab Runner (Linux x86-64)

  sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64
  sudo chmod +x /usr/local/bin/gitlab-runner
  ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner
  ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner

• Mandehana any amin'ny tranokala gitlab.com -> deploy-project -> Settings -> CI/CD -> Runners -> Runners manokana ary kopia ny mari-pamantarana fisoratana anarana

Ecran

• Misoratra anarana mpihazakazaka

  gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml

dingana

Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded                     runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

• Manamarina izahay fa voasoratra anarana ny mpihazakazaka. Mandehana any amin'ny tranokala gitlab.com -> deploy-project -> Settings -> CI/CD -> Runners -> Runners manokana -> Runners activated for this project

Ecran

• manampy misaraka fanompoana /etc/systemd/system/gitlab-deployer.service

  [Unit]
  Description=GitLab Deploy Runner
  After=syslog.target network.target
  ConditionFileIsExecutable=/usr/local/bin/gitlab-runner
  [Service]
  StartLimitInterval=5
  StartLimitBurst=10
  ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer"
  Restart=always
  RestartSec=120
  [Install]
  WantedBy=multi-user.target

• Andao hanomboka ny serivisy.

  systemctl enable gitlab-deployer.service
  systemctl start gitlab-deployer.service
  systemctl status gitlab-deployer.service

• Manamarina izahay fa mihazakazaka ny mpihazakazaka.

ohatra

Ho an'ny atiny

Mamorona fanalahidy GPG

• Avy amin'io milina io ihany no miditra amin'ny ssh eo ambanin'ny mpampiasa gitlab-deployer (Zava-dehibe amin'ny famoronana ny lakile GPG izany)

  ssh [email protected]

• Mamorona fanalahidy izahay amin'ny famaliana fanontaniana. Nampiasa ny anarako sy ny mailaka aho.
  Ataovy azo antoka ny mamaritra ny tenimiafina ho an'ny fanalahidy. Ny artifacts dia hosoniavina amin'ity fanalahidy ity.

  gpg --gen-key 

• fanamarinana

  gpg --list-keys -a
  /home/gitlab-deployer/.gnupg/pubring.gpg
  ----------------------------------------
  pub   4096R/00000000 2019-04-19
  uid                  Petruha Petrov <[email protected]>
  sub   4096R/11111111 2019-04-19

• Mampakatra ny fanalahidin'ny besinimaro amin'ny lohamilina fanalahidy

  gpg --keyserver keys.gnupg.net --send-key 00000000
  gpg: sending key 00000000 to hkp server keys.gnupg.net

Ho an'ny atiny

Fametrahana Maven

• Midira ho mpampiasa gitlab-deployer

  su gitlab-deployer 

• Mamorona lahatahiry maven repository ary mampifandray amin'ny cache (aza manao fahadisoana)
  Azonao atao ny mandingana ity teboka ity raha tsy mikasa ny hampandeha mpihazakazaka maromaro amin'ny milina iray ianao.

  mkdir -p ~/.m2/repository
  ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository

• Mamorona fanalahidy master

  mvn --encrypt-master-password password
  {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}

• Mamorona rakitra ~/.m2/settings-security.xml

  <settingsSecurity>
  <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master>
  </settingsSecurity>

• Fametahana ny tenimiafina ho an'ny kaonty Sonatype

  mvn --encrypt-password SONATYPE_PASSWORD
  {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}

• Mamorona rakitra ~/.m2/settings.xml

  <settings>  
  <profiles>
      <profile>
          <id>env</id>
          <activation>
              <activeByDefault>true</activeByDefault>
          </activation>
          <properties>
              <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase>
          </properties>
      </profile>
  </profiles>
  <servers>
      <server>
          <id>sonatype</id>
          <username>SONATYPE_USERNAME</username>
          <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password>
      </server>
  </servers>
  </settings>

aiza,
GPG_SECRET_KEY_PASSPHRASE - tenimiafina ho an'ny lakile GPG
SONATYPE_USERNAME — fidirana kaonty sonatype

Izany dia mameno ny fametrahana ny mpihazakazaka, afaka mandroso amin'ny fizarana ianao GitLab CI

Ho an'ny atiny

Mpihazakazaka mizara

Mamorona fanalahidy GPG

• Voalohany indrindra, mila mamorona fanalahidy GPG ianao. Mba hanaovana izany, mametraka ny gnupg.

  yum install -y gnupg

• Mamorona fanalahidy izahay amin'ny famaliana fanontaniana. Nampiasa ny anarako sy ny mailaka aho. Ataovy azo antoka ny mamaritra ny tenimiafina ho an'ny fanalahidy.

  gpg --gen-key 

• Fampisehoana fampahalalana momba ny fanalahidy

  gpg --list-keys -a
  pub   rsa3072 2019-04-24 [SC] [expires: 2021-04-23]
    2D0D1706366FC4AEF79669E24D09C55BBA3FD728
  uid           [ultimate] tttemp <[email protected]>
  sub   rsa3072 2019-04-24 [E] [expires: none]

• Mampakatra ny fanalahidin'ny besinimaro amin'ny lohamilina fanalahidy

  gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728
  gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net

• Mahazo ny fanalahidy manokana izahay

  gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728
  -----BEGIN PGP PRIVATE KEY BLOCK-----
  lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5
  ...
  =2Wd2
  -----END PGP PRIVATE KEY BLOCK-----

• Mandehana any amin'ny fikandrana tetikasa -> Settings -> CI / CD -> Variables ary tehirizo ny lakile manokana amin'ny fari-piainana GPG_SECRET_KEY
  

Ho an'ny atiny

Fametrahana Maven

• Mamorona fanalahidy master

  mvn --encrypt-master-password password
  {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}

• Mandehana any amin'ny fikandrana tetikasa -> Settings -> CI / CD -> Variables ary tehirizo ao anaty faribolana SETTINGS_SECURITY_XML ireto andalana manaraka ireto:

  <settingsSecurity>
  <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master>
  </settingsSecurity>

• Fametahana ny tenimiafina ho an'ny kaonty Sonatype

  mvn --encrypt-password SONATYPE_PASSWORD
  {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}

• Mandehana any amin'ny fikandrana tetikasa -> Settings -> CI / CD -> Variables ary tehirizo ao anaty faribolana SETTINGS_XML ireto andalana manaraka ireto:

  <settings>  
  <profiles>
      <profile>
          <id>env</id>
          <activation>
              <activeByDefault>true</activeByDefault>
          </activation>
          <properties>
              <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase>
          </properties>
      </profile>
  </profiles>
  <servers>
      <server>
          <id>sonatype</id>
          <username>sonatype_username</username>
          <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password>
      </server>
  </servers>
  </settings>

aiza,
GPG_SECRET_KEY_PASSPHRASE - tenimiafina ho an'ny lakile GPG
SONATYPE_USERNAME — fidirana kaonty sonatype

Ho an'ny atiny

Ampidiro sary docker

• Mamorona Dockerfile tsotra izahay mba handefasana asa miaraka amin'ny dikan-teny Java ilaina. Ity ambany ity ny ohatra ho an'ny alpine.

  FROM java:8u111-jdk-alpine
  RUN apk add gnupg maven git --update-cache 
  --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && 
  mkdir ~/.m2/

• Manangona kaontenera ho an'ny tetikasanao

  docker build -t registry.gitlab.com/group/deploy .

• Manamarina sy mampiditra ny kaontenera ao amin'ny rejisitra izahay.

  docker login -u USER -p PASSWORD registry.gitlab.com
  docker push registry.gitlab.com/group/deploy

Ho an'ny atiny

GitLab CI

Mametraka tetikasa

Ampio ny rakitra .gitlab-ci.yml amin'ny fototry ny tetikasa fametrahana
Ny script dia manolotra asa fampielezam-peo roa miavaka. Mpihazakazaka manokana na mpihazakazaka iombonana.

.gitlab-ci.yml

stages:
  - deploy

Specific Runner:
  extends: .java_deploy_template
  # Задача будет выполняться на вашем shell-раннере
  tags:
    - deploy

Shared Runner:
  extends: .java_deploy_template
  # Задача будет выполняться на публичном docker-раннере
  tags:
    - docker
  # Образ из раздела GitLab Runner -> Shared Runner -> Docker
  image: registry.gitlab.com/group/deploy-project:latest
  before_script:
    # Импортируем GPG ключ
    - printf "${GPG_SECRET_KEY}" | gpg --batch --import
    # Сохраняем maven конфигурацию
    - printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
    - printf "${SETTINGS_XML}" > ~/.m2/settings.xml

.java_deploy_template:
  stage: deploy
  # Задача сработает по триггеру, если передана переменная DEPLOY со значением java
  only:
    variables:
    - $DEPLOY == "java"
  variables:
    # отключаем клонирование текущего проекта
    GIT_STRATEGY: none
  script:
    # Предоставляем возможность хранения пароля в незашифрованном виде
    - git config --global credential.helper store
    # Сохраняем временные креды пользователя gitlab-ci-token
    # Токен работает для всех публичных проектов gitlab.com и для проектов группы
    - echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
    # Полностью чистим текущую директорию
    - rm -rf .* *
    # Клонируем проект который, будем деплоить в Sonatype Nexus
    - git clone ${DEPLOY_CI_REPOSITORY_URL} .
    # Переключаемся на нужный коммит
    - git checkout ${DEPLOY_CI_COMMIT_SHA} -f
    # Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
    # В противном случае есть риск залить сырые артефакты в maven central
    - >
      for pom in $(find . -name pom.xml); do
        if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
          echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
          exit 1;
        fi;
      done
    # Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
    - >
      if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
        mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
      else
        VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
        if [[ "${VERSION}" == *-SNAPSHOT ]]; then
          mvn versions:set -DnewVersion=${VERSION}
        else
          mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
        fi
      fi
    # Запускаем задачу на сборку и деплой артефактов
    - mvn clean deploy -DskipTests=true

Ho an'ny atiny

tetikasa Java

Ao amin'ny tetikasa java izay tokony hampidirina any amin'ny trano fitahirizana ho an'ny daholobe dia mila manampy dingana 2 ianao mba hisintonana ny dikan-teny Release sy Snapshot.

.gitlab-ci.yml

stages:
  - build
  - test
  - verify
  - deploy

<...>

Release:
  extends: .trigger_deploy
  # Запускать задачу только пo тегу.
  only:
    - tags

Snapshot:
  extends: .trigger_deploy
  # Запускаем задачу на публикацию SNAPSHOT версии вручную
  when: manual
  # Не запускать задачу, если проставлен тег.
  except:
    - tags

.trigger_deploy:
  stage: deploy
  variables:
    # Отключаем клонирование текущего проекта
    GIT_STRATEGY: none
    # Ссылка на триггер deploy-задачи
    URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
    # Переменные deploy-задачи
    POST_DATA: "
      token=${DEPLOY_TOKEN}&
      ref=master&
      variables[DEPLOY]=${DEPLOY}&
      variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
      variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
      variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
      variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
      "
  script:
    # Не использую cURL, так как с флагами --fail --show-error
    # он не выводит тело ответа, если HTTP код 400 и более 
    - wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}

Amin'ity vahaolana ity dia nandeha lavidavitra kokoa aho ary nanapa-kevitra ny hampiasa template CI iray ho an'ny tetikasa java.

More details

Namorona tetikasa manokana aho gitlab-ci izay nametrahako template CI ho an'ny tetikasa java common.yml.

common.yml

stages:
  - build
  - test
  - verify
  - deploy

variables:
  SONAR_ARGS: "
  -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} 
  -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME} 
  "

.build_java_project:
  stage: build
  tags:
    - touchbit-shell
  variables:
    SKIP_TEST: "false"
  script:
    - mvn clean
    - mvn package -DskipTests=${SKIP_TEST}
  artifacts:
    when: always
    expire_in: 30 day
    paths:
      - "*/target/reports"

.build_sphinx_doc:
  stage: build
  tags:
    - touchbit-shell
  variables:
    DOCKERFILE: .indirect/docs/Dockerfile
  script:
    - docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .

.junit_module_test_run:
  stage: test
  tags:
    - touchbit-shell
  variables:
    MODULE: ""
  script:
    - cd ${MODULE}
    - mvn test
  artifacts:
    when: always
    expire_in: 30 day
    paths:
      - "*/target/reports"

.junit_test_run:
  stage: test
  tags:
    - touchbit-shell
  script:
    - mvn test
  artifacts:
    when: always
    expire_in: 30 day
    paths:
    - "*/target/reports"

.sonar_review:
  stage: verify
  tags:
    - touchbit-shell
  dependencies: []
  script:
    - >
      if [ "$CI_BUILD_REF_NAME" == "master" ]; then
        mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
      else
        mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
      fi

.trigger_deploy:
  stage: deploy
  tags:
    - touchbit-shell
  variables:
    URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
    POST_DATA: "
      token=${DEPLOY_TOKEN}&
      ref=master&
      variables[DEPLOY]=${DEPLOY}&
      variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
      variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
      variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
      variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
      "
  script:
  - wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}

.trigger_release_deploy:
  extends: .trigger_deploy
  only:
    - tags

.trigger_snapshot_deploy:
  extends: .trigger_deploy
  when: manual
  except:
    - tags

Vokatr'izany, ao amin'ny tetikasa java mihitsy, ny .gitlab-ci.yml dia toa tena mirindra ary tsy miteniteny foana.

.gitlab-ci.yml

include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml

Shields4J:
  extends: .build_java_project

Sphinx doc:
  extends: .build_sphinx_doc
  variables:
    DOCKERFILE: .docs/Dockerfile

Sonar review:
  extends: .sonar_review
  dependencies:
    - Shields4J

Release:
  extends: .trigger_release_deploy

Snapshot:
  extends: .trigger_snapshot_deploy

Ho an'ny atiny

pom.xml configuration

Ity lohahevitra ity dia voafaritra amin'ny antsipiriany. Googolplex в Ny fanamafisana an'i Maven hanasonia ho azy sy hampakatra artifact ho an'ny fitehirizam-bokatra sy fitehirizana, noho izany dia hamaritra ny sasany amin'ireo nuances amin'ny fampiasana plugins aho. Holazaiko ihany koa ny fomba mora sy milamina azonao ampiasaina nexus-staging-maven-pluginraha tsy tianao na tsy azonao ampiasaina ny org.sonatype.oss:oss-parent ho ray aman-dreny amin'ny tetikasanao.

maven-install-plugin

Mametraka modules ao amin'ny tahiry eo an-toerana.
Tena ilaina amin'ny fanamarinana eo an-toerana ny vahaolana amin'ny tetikasa hafa, ary koa ny checksum.

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-install-plugin</artifactId>
  <executions>
    <execution>
      <id>install-project</id>
      <!-- Если у вас многомодульный проект с деплоем родительского помика -->
      <phase>install</phase>
      <!-- Явно указываем файлы для локальной установки -->
      <configuration>
        <file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
        <pomFile>dependency-reduced-pom.xml</pomFile>
        <!-- Принудительное обновление метаданных проекта -->
        <updateReleaseInfo>true</updateReleaseInfo>
        <!-- Контрольные суммы для проверки целостности -->
        <createChecksum>true</createChecksum>
      </configuration>
    </execution>
  </executions>
</plugin>

Ho an'ny atiny

maven-javadoc-plugin

Mamorona javadoc ho an'ny tetikasa.

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-javadoc-plugin</artifactId>
  <executions>
    <execution>
      <goals>
        <goal>jar</goal>
      </goals>
      <!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
      <phase>prepare-package</phase>
      <configuration>
        <!-- Очень помогает в публичных проектах -->
        <failOnError>true</failOnError>
        <failOnWarnings>true</failOnWarnings>
        <!-- Убирает ошибку поиска документации в target директории -->
        <detectOfflineLinks>false</detectOfflineLinks>
      </configuration>
    </execution>
  </executions>
</plugin>

Raha manana module tsy misy java ianao (ohatra, loharano ihany)
Na tsy te hamorona javadoc amin'ny fitsipika ianao, dia ampio maven-jar-plugin

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-jar-plugin</artifactId>
  <executions>
    <execution>
      <id>empty-javadoc-jar</id>
      <phase>generate-resources</phase>
      <goals>
        <goal>jar</goal>
      </goals>
      <configuration>
        <classifier>javadoc</classifier>
        <classesDirectory>${basedir}/javadoc</classesDirectory>
      </configuration>
    </execution>
  </executions>
</plugin>

Ho an'ny atiny

maven-gpg-plugin

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-gpg-plugin</artifactId>
  <executions>
    <execution>
      <id>sign-artifacts</id>
      <!-- Сборка будет падать, если отсутствует GPG ключ -->
      <!-- Подписываем артефакты только на фазе deploy -->
      <phase>deploy</phase>
      <goals>
        <goal>sign</goal>
      </goals>
    </execution>
  </executions>
</plugin>

Ho an'ny atiny

nexus-staging-maven-plugin

Fanamboarana:

<project>
  <!-- ... -->
  <build>
    <plugins>
      <!-- ... -->
      <plugin>
        <groupId>org.sonatype.plugins</groupId>
        <artifactId>nexus-staging-maven-plugin</artifactId>
      </plugin>
    </plugins>
    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.sonatype.plugins</groupId>
          <artifactId>nexus-staging-maven-plugin</artifactId>
          <extensions>true</extensions>
          <configuration>
            <serverId>sonatype</serverId>
            <nexusUrl>https://oss.sonatype.org/</nexusUrl>
            <!-- Обновляем метаданные, чтобы пометить артефакт как release -->
            <!-- Не влияет на snapshot версии -->
            <updateReleaseInfo>true</updateReleaseInfo>
          </configuration>
        </plugin>
        <plugin>
          <groupId>org.apache.maven.plugins</groupId>
          <artifactId>maven-deploy-plugin</artifactId>
          <configuration>
            <!-- Отключаем плагин -->
            <skip>true</skip>
          </configuration>
        </plugin>
      </plugins>
    </pluginManagement>
  </build>
  <distributionManagement>
    <snapshotRepository>
      <id>sonatype</id>
      <name>Nexus Snapshot Repository</name>
      <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </snapshotRepository>
    <repository>
      <id>sonatype</id>
      <name>Nexus Release Repository</name>
      <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
    </repository>
  </distributionManagement>
</project>

Raha manana tetikasa multi-module ianao ary tsy mila mampiditra môdely manokana amin'ny tahiry, dia mila manampy nexus-staging-maven-plugin miaraka amin'ny saina skipNexusStagingDeployMojo

<build>
  <plugins>
    <plugin>
      <groupId>org.sonatype.plugins</groupId>
      <artifactId>nexus-staging-maven-plugin</artifactId>
      <configuration>
        <skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
      </configuration>
    </plugin>
  </plugins>
</build>

Aorian'ny fampidinana dia misy ny dikan-tsary snapshot/release trano fitehirizam-bokatra

<repositories>
  <repository>
    <id>SonatypeNexus</id>
    <url>https://oss.sonatype.org/content/groups/staging/</url>
    <!-- Не надо указывать флаги snapshot/release для репозитория -->
  </repository>
</repositories>

Plus plus

• Lisitry ny tanjona manankarena indrindra amin'ny fiaraha-miasa amin'ny tahiry nexus (mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin).
• Fanamarinana famotsorana mandeha ho azy raha ampidirina ao amin'ny maven central

Ho an'ny atiny

vokatra

Famoahana version SNAPSHOT

Rehefa manangana tetikasa dia azo atao ny manangana asa amin'ny tanana hisintonana ny kinova SNAPSHOT mankany amin'ny nexus

Rehefa atomboka io asa io, dia mipoitra ny asa mifanaraka amin'izany ao amin'ny tetikasa fametrahana (ohatra).

Log voatetika

Running with gitlab-runner 11.10.0 (3001a600)
  on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
  git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO]   ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
[INFO] Shields4J                                                          [pom]
[INFO] test-core                                                          [jar]
[INFO] Shields4J client                                                   [jar]
[INFO] TestNG listener                                                    [jar]
[INFO] 
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0                                           [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO] 
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO]     Updating project org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] Processing org.touchbit.shields4j:client
[INFO]     Updating parent org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]     Updating dependency org.touchbit.shields4j:test-core
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] Processing org.touchbit.shields4j:test-core
[INFO]     Updating parent org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] Processing org.touchbit.shields4j:testng
[INFO]     Updating parent org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]     Updating dependency org.touchbit.shields4j:client
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]     Updating dependency org.touchbit.shields4j:test-core
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0 .................................... SUCCESS [  0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO]   ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
[INFO] Shields4J                                                          [pom]
[INFO] test-core                                                          [jar]
[INFO] Shields4J client                                                   [jar]
[INFO] TestNG listener                                                    [jar]
[INFO] 
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT                                  [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO]  * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [  2.375 s]
[INFO] test-core .......................................... SUCCESS [  3.929 s]
[INFO] Shields4J client ................................... SUCCESS [  3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------

Vokatr'izany dia ampidirina amin'ny nexus ny dikan-teny 1.0.0-SAPSHOT.

Ny dikan-tsary snapshot rehetra dia azo esorina amin'ny tahiry ao amin'ny tranokala oss.sonatype.org eo ambanin'ny kaontinao.

Ho an'ny atiny

Famoahana dika famoahana

Rehefa apetraka ny tenifototra, ny asa mifandraika amin'izany ao amin'ny tetikasa fanapariahana dia atomboka ho azy mba hisintona ny kinova famoahana ho an'ny nexus (ohatra).

Ny ampahany tsara indrindra dia ny famotsorana akaiky dia mandeha ho azy amin'ny nexus.

[INFO] Performing remote staging...
[INFO] 
[INFO]  * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO]  * Created staging repository with ID "orgtouchbit-1037".
[INFO]  * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO]  * Uploading locally staged artifacts to profile org.touchbit
[INFO]  * Upload of locally staged artifacts finished.
[INFO]  * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0 .................................... SUCCESS [  9.603 s]
[INFO] test-core .......................................... SUCCESS [  3.419 s]
[INFO] Shields4J client ................................... SUCCESS [  9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------

Ary raha misy zavatra tsy mety, dia tsy hahomby ny asa

[INFO] Performing remote staging...
[INFO] 
[INFO]  * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO]  * Created staging repository with ID "orgtouchbit-1038".
[INFO]  * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO]  * Uploading locally staged artifacts to profile org.touchbit
[INFO]  * Upload of locally staged artifacts finished.
[INFO]  * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR] 
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR] 
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR]   Rule "signature-staging" failures
[ERROR]     * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR]  * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR]  * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0 .................................... SUCCESS [  4.073 s]
[INFO] test-core .......................................... SUCCESS [  2.788 s]
[INFO] Shields4J client ................................... SUCCESS [  3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------

Vokany, safidy iray ihany no sisa tavela amintsika. Na vonoy ity dikan-teny ity na avoaka.

Aorian'ny famotsorana, aorian'ny fotoana kelikely dia ho ao ny artifacts

offtopic

Hitako izany fa maven no manisy indexes ho an'ny daholobe hafa.
Tsy maintsy nampiana robots.txt aho satria nanondro ny fitehirizako taloha.

Ho an'ny atiny

famaranana

Izay ananantsika

• Tetikasa fanapariahana mitokana izay ahafahanao manatanteraka asa CI maromaro amin'ny fampiakarana artifacts any amin'ny trano fitehirizam-bahoaka ho an'ny fiteny fampandrosoana isan-karazany.
• Ny tetikasa Deploy dia mitoka-monina amin'ny fitsabahana avy any ivelany ary tsy azon'ny mpampiasa ovaina afa-tsy amin'ny andraikitry ny Tompo sy Mpiambina.
• Mpihazakazaka manokana miaraka amin'ny cache "mafana" mba handefasana asa fotsiny.
• Famoahana ny kinova snapshot/famoahana ao anaty tahiry ho an'ny daholobe.
• Fanamarinana mandeha ho azy ny kinova famoahana ho an'ny fahavononana havoaka ao amin'ny maven central.
• Fiarovana amin'ny famoahana mandeha ho azy ny dikan-teny "manta" ao amin'ny maven central.
• Mamorona sy mamoaka dikan-tsary "amin'ny fipihana".
• Fitehirizam-boky tokana hahazoana ny dikan-tsary snapshot/famoahana.
• Fantsona ankapobeny ho an'ny fananganana/fitsapana/famoahana tetikasa java.

Ny fametrahana ny GitLab CI dia tsy lohahevitra sarotra tahaka ny hita amin'ny voalohany. Ampy ny mametraka CI amin'ny sehatra turnkey imbetsaka, ary ankehitriny dia lavitra ny mpankafy amin'ity raharaha ity ianao. Ambonin'izany, ny antontan-taratasy GitLab dia tena tafahoatra. Aza matahotra ny hanao ny dingana voalohany. Ny lalana dia miseho eo ambanin'ny dingan'ny olona mandeha (tsy tadidiko hoe iza no nilaza izany :)

Ho faly aho handray valiny.

Ao amin'ny lahatsoratra manaraka dia hiresaka momba ny fomba fanamboarana ny GitLab CI aho amin'ny fampandehanana asa miaraka amin'ny fitsapana fampidirana amin'ny fifaninanana (manatanteraka ny serivisy amin'ny fitsapana amin'ny fampiasana docker-compose) raha manana mpihazakazaka akorandriaka iray ianao.

Ho an'ny atiny

Source: www.habr.com