[email tiakina] Takiuru

ProHoster > Блог > Whakahaerenga > Te whakatu GitLab CI ki te tuku i tetahi kaupapa java ki te maven central

Te whakatu GitLab CI ki te tuku i tetahi kaupapa java ki te maven central

Ko tenei tuhinga mo nga kaiwhakawhanake java e hiahia ana ki te whakaputa tere i o raatau hua ki te sonatype me/ranei maven pokapū putunga ma te whakamahi i a GitLab. I roto i tenei tuhinga ka korero ahau mo te whakarite i te gitlab-runner, gitlab-ci me te maven-plugin hei whakaoti i tenei raru.

Nga whakaritenga:

Pupuri haumaru o mvn me nga taviri GPG.
Te mahi haumaru o nga mahi CI a te iwi.
Te tuku i nga taonga toi (whakaputa/whakaahua) ki nga whare pupuri a te iwi.
Te tirotiro aunoa i nga putanga tuku mo te whakaputanga ki te pokapū maven.
He otinga whanui mo te tuku i nga taonga toi ki te putunga mo nga kaupapa maha.
Te ngawari me te ngawari o te whakamahi.

Tuhinga

Mōhiohio General
Te whakarite i te whakatakoto kaupapa ki GitLab
Kaiwhaiwhai a GitLab
- Runner motuhake
- Kaiwhaiwhai Tiri
GitLab CI
- Hoatu kaupapa
- kaupapa Java
Pom.xml whirihoranga
hua
- Te whakaputa i te putanga whakaahua
- Te whakaputa i te putanga tuku
mutunga

Mōhiohio General

He whakamaarama taipitopito mo te tikanga mo te whakaputa taonga ki Maven Central ma te Sonatype OSS Repository Hosting Service kua korerohia i roto i tenei tuhinga kaiwhakamahi Ko te Googolplex, no reira ka korero ahau ki tenei tuhinga i nga waahi tika.
Rēhita-mua mo Sonatype JIRA me te whakatuwhera i tetahi tikiti hei whakatuwhera i te putunga (panuihia te waahanga mo etahi atu korero Waihangatia he tikiti mo Sonatype JIRA). Whai muri i te whakatuwheratanga o te putunga, ka whakamahia te takirua takiuru/kupuhipa mai i te JIRA (ka kiia i muri nei ko te kaute Sonatype) ki te tuku i nga taonga toi ki te Sonatype nexus.
I muri mai, ka tino whakamarokehia te tukanga o te whakaputa i te taviri GPG. Tirohia te waahanga mo etahi atu korero Te whirihora i te GnuPG ki te haina i nga taonga
Mena ka whakamahi koe i te papatohu Linux ki te whakaputa i te kī GPG (gnupg/gnupg2), katahi koe me whakauru. rng-taputapu ki te whakaputa entropy. Ki te kore, ka roa pea te whakatipuranga matua.
Nga ratonga rokiroki tūmatanui Taviri GPG
- http://keys.gnupg.net
- http://pool.sks-keyservers.net
- http://keyserver.ubuntu.com

Ki nga ihirangi

Te whakatu i tetahi kaupapa tohatoha ki GitLab

Tuatahi, me hanga me te whirihora i tetahi kaupapa e penapena ai te paipa mo te tuku taonga. I whakaingoatia e ahau taku kaupapa he ngawari me te ngawari - whakato
I muri i te hanga i te putunga, me whakatiki te uru ki te huri i te putunga.
Haere ki te kaupapa -> Tautuhinga -> Repository -> Peka Tiaki. Ka mukua e matou nga ture katoa ka taapirihia he ture kotahi me te Wildcard * me te mana ki te pana me te hanumi mo nga kaiwhakamahi anake kei a raatau te mahi a te Kaipupuri. Ka whai hua tenei ture mo nga kaiwhakamahi katoa o tenei kaupapa me te roopu no ratou tenei kaupapa.
Mena he maha nga kaitiaki, ko te otinga pai ko te whakawhāiti i te uru ki te kaupapa i runga i te maapono.
Haere ki te kaupapa -> Tautuhinga -> Whānui -> Te Tirohanga, nga ahuatanga kaupapa, nga whakaaetanga me te tautuhi i te tirohanga Kaupapa ki Private.
He kaupapa e taea ana e te iwi whanui taku mahi, na te mea ka whakamahi ahau i taku ake GitLab Runner a ko au anake te uru ki te huri i te putunga. Ae, ko te tikanga, ehara i taku hiahia ki te whakaatu korero motuhake i roto i nga raarangi paipa a te iwi.
Te whakamau i nga ture mo te whakarereke i te putunga
Haere ki te kaupapa -> Tautuhinga -> Repository -> Ture Pana me te whakarite i te aukati Kaituku, Tirohia mehemea he haki kaiwhakamahi GitLab te kaituhi. Ka tūtohu ano ahau ki te whakarite tuku hainatanga, ka tautuhi i te haki Whakakahoretia te hainatanga.
Whai muri ka hiahia koe ki te whirihora i tetahi keu hei whakarewa i nga mahi
Haere ki te kaupapa -> Tautuhinga -> CI / CD -> Pipeline triggers me te hanga i tetahi tohu-tohu hou
Ka taea te taapiri tonu tenei tohu ki te whirihoranga whanui o nga taurangi mo te roopu kaupapa.
Haere ki te roopu -> Tautuhinga -> CI / CD -> Taurangi me te taapiri i tetahi taurangi DEPLOY_TOKEN me te tohu keu i roto i te uara.

Ki nga ihirangi

Kaiwhaiwhai a GitLab

Ko tenei waahanga e whakaatu ana i te whirihoranga mo te whakahaere i nga mahi i runga i te tohatoha ma te whakamahi i a koe ake (Tauwhāiti) me te iwi whanui (Tirihia).

Runner motuhake

Ka whakamahi ahau i aku ake oma na te mea, tuatahi, he watea, he tere, he iti.
Mo te kaiwhaiwhai, ka tūtohu ahau he Linux VDS me te 1 PTM, 2 GB RAM, 20 GB HDD. Ko te utu tuku he ~3000₽ ia tau.

Taku omaoma

Mo te kaikawe ka mau ahau i te VDS 4 CPU, 4 GB RAM, 50 GB SSD. Utu ~11000₽ a kore rawa i pouri.
E 7 katoa aku mihini. 5 ki te aruba me te 2 ki te ihor.

No reira he kaiwhaiwhai taatau. Inaianei ka whirihora e matou.
Ka haere matou ki te miihini ma te SSH ka whakauru i te java, git, maven, gnupg2.

Ki nga ihirangi

Kei te whakauru i te gitlab runner

Waihangahia he roopu hou runner
```
sudo groupadd runner
```
Waihangahia he whaiaronga mo te keteroki maven ka tautapa i nga whakaaetanga roopu runner
Ka taea e koe te peke i tenei waahi ki te kore koe e whakaaro ki te whakahaere i etahi oma i runga i te miihini kotahi.
```
mkdir -p /usr/cache/.m2/repository
chown -R :runner /usr/cache
chmod -R 770 /usr/cache
```

Waihangahia he kaiwhakamahi gitlab-deployer me te taapiri atu ki te roopu runner

useradd -m -d /home/gitlab-deployer gitlab-deployer
usermod -a -G runner gitlab-deployer

Tāpiri ki te kōnae /etc/ssh/sshd_config raina e whai ake nei
```
AllowUsers root@* [email protected]
```
Whakahou ano sshd
```
systemctl restart sshd
```
Te whakatakoto kupuhipa mo te kaiwhakamahi gitlab-deployer (Ka taea te ngawari, na te mea he herenga mo te localhost)
```
passwd gitlab-deployer
```

Tāuta GitLab Runner (Linux x86-64)

sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64
sudo chmod +x /usr/local/bin/gitlab-runner
ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner
ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner

Haere ki te paetukutuku gitlab.com -> deploy-project -> Tautuhinga -> CI/CD -> Runners -> Runners motuhake me te kape i te tohu rehitatanga

Mata

Te rehita i te kaiwhaiwhai

gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml

tukanga

Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded                     runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

Ka tirohia e matou kua rehitatia te kaiwhai. Haere ki te paetukutuku gitlab.com -> deploy-project -> Tautuhinga -> CI/CD -> Runners -> Runners Specific -> Runners activated for this project

Mata

Tapiri wehe ratonga /etc/systemd/system/gitlab-deployer.service

[Unit]
Description=GitLab Deploy Runner
After=syslog.target network.target
ConditionFileIsExecutable=/usr/local/bin/gitlab-runner
[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer"
Restart=always
RestartSec=120
[Install]
WantedBy=multi-user.target

Kia timata te mahi.

systemctl enable gitlab-deployer.service
systemctl start gitlab-deployer.service
systemctl status gitlab-deployer.service

Ka tirohia e matou kei te oma te kaiwhai.

Hei tauira:

Ki nga ihirangi

Te whakaputa i nga taviri GPG

Mai i te miihini ano ka uru matou ma te ssh i raro i te kaiwhakamahi gitlab-deployer (he mea nui tenei mo te whakaputa i te taviri GPG)
```
ssh [email protected]
```
Ka hangaia e matou he matua ma te whakautu i nga paatai. I whakamahia e au taku ake ingoa me taku imeera.
Me whakapūtā te kupuhipa mō te kī. Ka hainatia nga taonga me tenei ki.
```
gpg --gen-key 
```

Arowhai

gpg --list-keys -a
/home/gitlab-deployer/.gnupg/pubring.gpg
----------------------------------------
pub   4096R/00000000 2019-04-19
uid                  Petruha Petrov <[email protected]>
sub   4096R/11111111 2019-04-19

Te tuku ake i to maatau matua ki te tūmau matua

gpg --keyserver keys.gnupg.net --send-key 00000000
gpg: sending key 00000000 to hkp server keys.gnupg.net

Ki nga ihirangi

Te whakatu Maven

Takiuru hei kaiwhakamahi gitlab-deployer
```
su gitlab-deployer 
```
Waihangahia he whaiaronga maven rehitatanga me te hono ki te keteroki (kaua e pohehe)
Ka taea e koe te peke i tenei waahi ki te kore koe e whakaaro ki te whakahaere i etahi oma i runga i te miihini kotahi.
```
mkdir -p ~/.m2/repository
ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository
```

Waihangahia he matua matua

mvn --encrypt-master-password password
{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}

Waihangahia he konae ~/.m2/settings-security.xml

<settingsSecurity>
<master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master>
</settingsSecurity>

Whakamuna i te kupuhipa mo te pūkete Sonatype

mvn --encrypt-password SONATYPE_PASSWORD
{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}

Waihangatia he kōnae ~/.m2/settings.xml

<settings>  
<profiles>
    <profile>
        <id>env</id>
        <activation>
            <activeByDefault>true</activeByDefault>
        </activation>
        <properties>
            <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase>
        </properties>
    </profile>
</profiles>
<servers>
    <server>
        <id>sonatype</id>
        <username>SONATYPE_USERNAME</username>
        <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password>
    </server>
</servers>
</settings>

hea
GPG_SECRET_KEY_PASSPHRASE - kupuhipa mo te kī GPG
SONATYPE_USERNAME — takiuru pūkete sonatype

Ka oti i tenei te tatūnga o te kaihoroi, ka taea e koe te haere ki te waahanga GitLab CI

Ki nga ihirangi

Kaiwhaiwhai Tiri

Te whakaputa i nga taviri GPG

Tuatahi, me hanga e koe he matua GPG. Ki te mahi i tenei, tāuta gnupg.
```
yum install -y gnupg
```
Ka hangaia e matou he matua ma te whakautu i nga paatai. I whakamahia e au taku ake ingoa me taku imeera. Me whakapūtā te kupuhipa mō te kī.
```
gpg --gen-key 
```

Te whakaatu i nga korero mo te ki

gpg --list-keys -a
pub   rsa3072 2019-04-24 [SC] [expires: 2021-04-23]
  2D0D1706366FC4AEF79669E24D09C55BBA3FD728
uid           [ultimate] tttemp <[email protected]>
sub   rsa3072 2019-04-24 [E] [expires: none]

Te tuku ake i to maatau matua ki te tūmau matua

gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728
gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net

Ka whiwhi tatou i te kī tūmataiti

gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728
-----BEGIN PGP PRIVATE KEY BLOCK-----
lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5
...
=2Wd2
-----END PGP PRIVATE KEY BLOCK-----

Haere ki nga tautuhinga kaupapa -> Tautuhinga -> CI / CD -> Taurangi me te tiaki i te kī tūmataiti i roto i te taurangi GPG_SECRET_KEY

Ki nga ihirangi

Te whakatu Maven

Waihangahia he matua matua

mvn --encrypt-master-password password
{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}

Haere ki nga tautuhinga kaupapa -> Tautuhinga -> CI / CD -> Taurangi ka tiakina i roto i te taurangi SETTINGS_SECURITY_XML nga rarangi e whai ake nei:
```
<settingsSecurity>
<master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master>
</settingsSecurity>
```

Whakamuna i te kupuhipa mo te pūkete Sonatype

mvn --encrypt-password SONATYPE_PASSWORD
{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}

Haere ki nga tautuhinga kaupapa -> Tautuhinga -> CI / CD -> Taurangi ka tiakina i roto i te taurangi SETTINGS_XML nga rarangi e whai ake nei:

<settings>  
<profiles>
    <profile>
        <id>env</id>
        <activation>
            <activeByDefault>true</activeByDefault>
        </activation>
        <properties>
            <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase>
        </properties>
    </profile>
</profiles>
<servers>
    <server>
        <id>sonatype</id>
        <username>sonatype_username</username>
        <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password>
    </server>
</servers>
</settings>

hea
GPG_SECRET_KEY_PASSPHRASE - kupuhipa mo te kī GPG
SONATYPE_USERNAME — takiuru pūkete sonatype

Ki nga ihirangi

Hoatuhia te ahua docker

Ka hangaia e matou he Dockerfile tino ngawari ki te whakahaere i nga mahi toha me te putanga e hiahiatia ana o Java. Kei raro nei he tauira mo te alpine.

FROM java:8u111-jdk-alpine
RUN apk add gnupg maven git --update-cache 
--repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && 
mkdir ~/.m2/

Te kohikohi ipu mo to kaupapa

docker build -t registry.gitlab.com/group/deploy .

Ka whakamotuhēhēhia ka utaina e mātou te ipu ki roto i te rehita.

docker login -u USER -p PASSWORD registry.gitlab.com
docker push registry.gitlab.com/group/deploy

Ki nga ihirangi

GitLab CI

Hoatu kaupapa

Tāpirihia te kōnae .gitlab-ci.yml ki te putake o te kaupapa tohatoha
Ko te tuhinga e whakaatu ana i nga mahi tohatoha e rua. Runner Tauwhāiti, Runner tiritahi ranei.

.gitlab-ci.yml

stages:
  - deploy

Specific Runner:
  extends: .java_deploy_template
  # Задача будет выполняться на вашем shell-раннере
  tags:
    - deploy

Shared Runner:
  extends: .java_deploy_template
  # Задача будет выполняться на публичном docker-раннере
  tags:
    - docker
  # Образ из раздела GitLab Runner -> Shared Runner -> Docker
  image: registry.gitlab.com/group/deploy-project:latest
  before_script:
    # Импортируем GPG ключ
    - printf "${GPG_SECRET_KEY}" | gpg --batch --import
    # Сохраняем maven конфигурацию
    - printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
    - printf "${SETTINGS_XML}" > ~/.m2/settings.xml

.java_deploy_template:
  stage: deploy
  # Задача сработает по триггеру, если передана переменная DEPLOY со значением java
  only:
    variables:
    - $DEPLOY == "java"
  variables:
    # отключаем клонирование текущего проекта
    GIT_STRATEGY: none
  script:
    # Предоставляем возможность хранения пароля в незашифрованном виде
    - git config --global credential.helper store
    # Сохраняем временные креды пользователя gitlab-ci-token
    # Токен работает для всех публичных проектов gitlab.com и для проектов группы
    - echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
    # Полностью чистим текущую директорию
    - rm -rf .* *
    # Клонируем проект который, будем деплоить в Sonatype Nexus
    - git clone ${DEPLOY_CI_REPOSITORY_URL} .
    # Переключаемся на нужный коммит
    - git checkout ${DEPLOY_CI_COMMIT_SHA} -f
    # Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
    # В противном случае есть риск залить сырые артефакты в maven central
    - >
      for pom in $(find . -name pom.xml); do
        if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
          echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
          exit 1;
        fi;
      done
    # Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
    - >
      if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
        mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
      else
        VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
        if [[ "${VERSION}" == *-SNAPSHOT ]]; then
          mvn versions:set -DnewVersion=${VERSION}
        else
          mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
        fi
      fi
    # Запускаем задачу на сборку и деплой артефактов
    - mvn clean deploy -DskipTests=true

Ki nga ihirangi

kaupapa Java

I roto i nga kaupapa java e tika ana kia tukuna atu ki nga whare putunga a te iwi, me taapiri e koe kia 2 nga waahanga hei tango i nga putanga Tuku me te Whakaahua.

.gitlab-ci.yml

stages:
  - build
  - test
  - verify
  - deploy

<...>

Release:
  extends: .trigger_deploy
  # Запускать задачу только пo тегу.
  only:
    - tags

Snapshot:
  extends: .trigger_deploy
  # Запускаем задачу на публикацию SNAPSHOT версии вручную
  when: manual
  # Не запускать задачу, если проставлен тег.
  except:
    - tags

.trigger_deploy:
  stage: deploy
  variables:
    # Отключаем клонирование текущего проекта
    GIT_STRATEGY: none
    # Ссылка на триггер deploy-задачи
    URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
    # Переменные deploy-задачи
    POST_DATA: "
      token=${DEPLOY_TOKEN}&
      ref=master&
      variables[DEPLOY]=${DEPLOY}&
      variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
      variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
      variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
      variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
      "
  script:
    # Не использую cURL, так как с флагами --fail --show-error
    # он не выводит тело ответа, если HTTP код 400 и более 
    - wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}

I roto i tenei otinga, i haere ahau i etahi atu ka whakatau ahau ki te whakamahi i tetahi tauira CI mo nga kaupapa java.

Nga taipitopito atu

I hanga e ahau he kaupapa motuhake gitlab-ci i whakanohoia e ahau he tauira CI mo nga kaupapa java noa.yml.

noa.yml

stages:
  - build
  - test
  - verify
  - deploy

variables:
  SONAR_ARGS: "
  -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} 
  -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME} 
  "

.build_java_project:
  stage: build
  tags:
    - touchbit-shell
  variables:
    SKIP_TEST: "false"
  script:
    - mvn clean
    - mvn package -DskipTests=${SKIP_TEST}
  artifacts:
    when: always
    expire_in: 30 day
    paths:
      - "*/target/reports"

.build_sphinx_doc:
  stage: build
  tags:
    - touchbit-shell
  variables:
    DOCKERFILE: .indirect/docs/Dockerfile
  script:
    - docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .

.junit_module_test_run:
  stage: test
  tags:
    - touchbit-shell
  variables:
    MODULE: ""
  script:
    - cd ${MODULE}
    - mvn test
  artifacts:
    when: always
    expire_in: 30 day
    paths:
      - "*/target/reports"

.junit_test_run:
  stage: test
  tags:
    - touchbit-shell
  script:
    - mvn test
  artifacts:
    when: always
    expire_in: 30 day
    paths:
    - "*/target/reports"

.sonar_review:
  stage: verify
  tags:
    - touchbit-shell
  dependencies: []
  script:
    - >
      if [ "$CI_BUILD_REF_NAME" == "master" ]; then
        mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
      else
        mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
      fi

.trigger_deploy:
  stage: deploy
  tags:
    - touchbit-shell
  variables:
    URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
    POST_DATA: "
      token=${DEPLOY_TOKEN}&
      ref=master&
      variables[DEPLOY]=${DEPLOY}&
      variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
      variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
      variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
      variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
      "
  script:
  - wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}

.trigger_release_deploy:
  extends: .trigger_deploy
  only:
    - tags

.trigger_snapshot_deploy:
  extends: .trigger_deploy
  when: manual
  except:
    - tags

Ko te mutunga mai, i roto i nga kaupapa java ano, .gitlab-ci.yml he ahua tino totika me te kore korero.

.gitlab-ci.yml

include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml

Shields4J:
  extends: .build_java_project

Sphinx doc:
  extends: .build_sphinx_doc
  variables:
    DOCKERFILE: .docs/Dockerfile

Sonar review:
  extends: .sonar_review
  dependencies:
    - Shields4J

Release:
  extends: .trigger_release_deploy

Snapshot:
  extends: .trigger_snapshot_deploy

Ki nga ihirangi

Pom.xml whirihoranga

He nui nga korero mo tenei kaupapa. Ko te Googolplex в Te whakatu maven ki te haina aunoa me te tuku i nga taonga toi ki te hopu whakaahua me te whakatakoto i nga putunga, na ka whakaahuahia e au etahi o nga ahuatanga o te whakamahi i nga mono. Ka whakaahua ano ahau i te ngawari me te ngawari ka taea e koe te whakamahi nexus-staging-maven-pluginki te kore koe e hiahia, kare ranei e taea te whakamahi org.sonatype.oss:oss-parent hei matua mo to kaupapa.

maven-install-monomai

Tāuta kōwae ki roto i te putunga paetata.
He tino whai hua mo te manatoko a-rohe mo nga otinga i etahi atu kaupapa, me te utu arowhai.

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-install-plugin</artifactId>
  <executions>
    <execution>
      <id>install-project</id>
      <!-- Если у вас многомодульный проект с деплоем родительского помика -->
      <phase>install</phase>
      <!-- Явно указываем файлы для локальной установки -->
      <configuration>
        <file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
        <pomFile>dependency-reduced-pom.xml</pomFile>
        <!-- Принудительное обновление метаданных проекта -->
        <updateReleaseInfo>true</updateReleaseInfo>
        <!-- Контрольные суммы для проверки целостности -->
        <createChecksum>true</createChecksum>
      </configuration>
    </execution>
  </executions>
</plugin>

Ki nga ihirangi

maven-javadoc-monomai

Te whakaputa javadoc mo te kaupapa.

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-javadoc-plugin</artifactId>
  <executions>
    <execution>
      <goals>
        <goal>jar</goal>
      </goals>
      <!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
      <phase>prepare-package</phase>
      <configuration>
        <!-- Очень помогает в публичных проектах -->
        <failOnError>true</failOnError>
        <failOnWarnings>true</failOnWarnings>
        <!-- Убирает ошибку поиска документации в target директории -->
        <detectOfflineLinks>false</detectOfflineLinks>
      </configuration>
    </execution>
  </executions>
</plugin>

Mēnā he kōwae tāu kāore he java (hei tauira ko ngā rauemi anake)
Kaore ranei koe e hiahia ki te whakaputa javadoc i runga i te kaupapa, ka awhina maven-jar-plugin

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-jar-plugin</artifactId>
  <executions>
    <execution>
      <id>empty-javadoc-jar</id>
      <phase>generate-resources</phase>
      <goals>
        <goal>jar</goal>
      </goals>
      <configuration>
        <classifier>javadoc</classifier>
        <classesDirectory>${basedir}/javadoc</classesDirectory>
      </configuration>
    </execution>
  </executions>
</plugin>

Ki nga ihirangi

maven-gpg-monomai

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-gpg-plugin</artifactId>
  <executions>
    <execution>
      <id>sign-artifacts</id>
      <!-- Сборка будет падать, если отсутствует GPG ключ -->
      <!-- Подписываем артефакты только на фазе deploy -->
      <phase>deploy</phase>
      <goals>
        <goal>sign</goal>
      </goals>
    </execution>
  </executions>
</plugin>

Ki nga ihirangi

nexus-staging-maven-monomai

Whirihoranga:

<project>
  <!-- ... -->
  <build>
    <plugins>
      <!-- ... -->
      <plugin>
        <groupId>org.sonatype.plugins</groupId>
        <artifactId>nexus-staging-maven-plugin</artifactId>
      </plugin>
    </plugins>
    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.sonatype.plugins</groupId>
          <artifactId>nexus-staging-maven-plugin</artifactId>
          <extensions>true</extensions>
          <configuration>
            <serverId>sonatype</serverId>
            <nexusUrl>https://oss.sonatype.org/</nexusUrl>
            <!-- Обновляем метаданные, чтобы пометить артефакт как release -->
            <!-- Не влияет на snapshot версии -->
            <updateReleaseInfo>true</updateReleaseInfo>
          </configuration>
        </plugin>
        <plugin>
          <groupId>org.apache.maven.plugins</groupId>
          <artifactId>maven-deploy-plugin</artifactId>
          <configuration>
            <!-- Отключаем плагин -->
            <skip>true</skip>
          </configuration>
        </plugin>
      </plugins>
    </pluginManagement>
  </build>
  <distributionManagement>
    <snapshotRepository>
      <id>sonatype</id>
      <name>Nexus Snapshot Repository</name>
      <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </snapshotRepository>
    <repository>
      <id>sonatype</id>
      <name>Nexus Release Repository</name>
      <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
    </repository>
  </distributionManagement>
</project>

Mēnā he kaupapa kōwae-maha koe, ā, kāore koe e hiahia ki te tuku ake i tētahi kōwae motuhake ki te putunga, me tāpiri koe nexus-staging-maven-plugin me te haki skipNexusStagingDeployMojo

<build>
  <plugins>
    <plugin>
      <groupId>org.sonatype.plugins</groupId>
      <artifactId>nexus-staging-maven-plugin</artifactId>
      <configuration>
        <skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
      </configuration>
    </plugin>
  </plugins>
</build>

Whai muri i te tango, ka waatea nga waahanga whakaahua/tuku whare putunga

<repositories>
  <repository>
    <id>SonatypeNexus</id>
    <url>https://oss.sonatype.org/content/groups/staging/</url>
    <!-- Не надо указывать флаги snapshot/release для репозитория -->
  </repository>
</repositories>

Ētahi atu taapiri

He rarangi tino whai kiko o nga whaainga mo te mahi me te rehitatanga hono (mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin).
Taki tuku aunoa mo te tuku ki te maven central

Ki nga ihirangi

hua

Te whakaputa i te putanga SAPSHOT

I te wa e hanga ana i tetahi kaupapa, ka taea te whakarewa-a-ringa i tetahi mahi hei tango i te putanga SNAPSHOT ki te nohonga

Ina whakarewahia tenei mahi, ka puta te mahi e rite ana ki te kaupapa tohatoha (tauira).

Rakau kuti

Running with gitlab-runner 11.10.0 (3001a600)
  on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
  git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO]   ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
[INFO] Shields4J                                                          [pom]
[INFO] test-core                                                          [jar]
[INFO] Shields4J client                                                   [jar]
[INFO] TestNG listener                                                    [jar]
[INFO] 
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0                                           [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO] 
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO]     Updating project org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] Processing org.touchbit.shields4j:client
[INFO]     Updating parent org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]     Updating dependency org.touchbit.shields4j:test-core
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] Processing org.touchbit.shields4j:test-core
[INFO]     Updating parent org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] Processing org.touchbit.shields4j:testng
[INFO]     Updating parent org.touchbit.shields4j:shields4j-parent
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]     Updating dependency org.touchbit.shields4j:client
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]     Updating dependency org.touchbit.shields4j:test-core
[INFO]         from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0 .................................... SUCCESS [  0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO]   ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
[INFO] Shields4J                                                          [pom]
[INFO] test-core                                                          [jar]
[INFO] Shields4J client                                                   [jar]
[INFO] TestNG listener                                                    [jar]
[INFO] 
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT                                  [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO]  * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [  2.375 s]
[INFO] test-core .......................................... SUCCESS [  3.929 s]
[INFO] Shields4J client ................................... SUCCESS [  3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------

Ko te mutunga, ka utaina te putanga ki te nohonga 1.0.0-HOPETA.

Ka taea te whakakore i nga putanga whakaahua katoa mai i te putunga i runga i te paetukutuku oss.sonatype.org i raro i to putea.

Ki nga ihirangi

Te whakaputa i te putanga tuku

Ina whakauruhia he tohu, ko te mahi e rite ana i roto i te kaupapa tohatoha ka whakaoho aunoa ki te tango i te putanga tuku ki te nohonga (tauira).

Ko te waahanga pai rawa atu ko te tukunga tata ka puta aunoa i roto i te nohonga.

[INFO] Performing remote staging...
[INFO] 
[INFO]  * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO]  * Created staging repository with ID "orgtouchbit-1037".
[INFO]  * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO]  * Uploading locally staged artifacts to profile org.touchbit
[INFO]  * Upload of locally staged artifacts finished.
[INFO]  * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0 .................................... SUCCESS [  9.603 s]
[INFO] test-core .......................................... SUCCESS [  3.419 s]
[INFO] Shields4J client ................................... SUCCESS [  9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------

A, ki te he tetahi mea, ka tino kore te mahi

[INFO] Performing remote staging...
[INFO] 
[INFO]  * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO]  * Created staging repository with ID "orgtouchbit-1038".
[INFO]  * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO]  * Uploading locally staged artifacts to profile org.touchbit
[INFO]  * Upload of locally staged artifacts finished.
[INFO]  * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR] 
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR] 
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR]   Rule "signature-staging" failures
[ERROR]     * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on &lt;a href=http://keys.gnupg.net:11371/&gt;http://keys.gnupg.net:11371/&lt;/a&gt;. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR]  * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR]  * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Shields4J 1.0.0 .................................... SUCCESS [  4.073 s]
[INFO] test-core .......................................... SUCCESS [  2.788 s]
[INFO] Shields4J client ................................... SUCCESS [  3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------

Ko te mutunga mai, kotahi noa te whiringa ka toe. Mukua tenei putanga ka whakaputa ranei.

I muri i te tukunga, i muri i etahi wa ka uru nga taonga

o waho

He kitenga ki ahau ko te maven e tohu ana i etahi atu whare putunga a te iwi.
Me taapiri e au te robots.txt na te mea i tohuhia taku putunga tawhito.

Ki nga ihirangi

mutunga

He aha ta tatou

He kaupapa tohatoha motuhake ka taea e koe te whakatinana i nga mahi CI maha mo te tuku i nga taonga toi ki nga whare pupuri a te iwi mo nga momo reo whanaketanga.
Ko te kaupapa Deploy he mokemoke mai i te wawaotanga o waho, ka taea anake te whakarereke e nga kaiwhakamahi me nga turanga Kaipupuri me te Kaipupuri.
He Kaiwhaiwhai Motuhake me te keteroki "wera" hei whakahaere i nga mahi tuku noa.
Te whakaputa i nga waahanga whakaahua/tuku i roto i te putunga putunga whanui.
Tirohanga aunoa o te putanga tuku mo te reri mo te whakaputanga i te maven central.
Parenga ki te whakaputa aunoa o nga putanga "mata" ki te maven central.
Hanga me te whakaputa i nga putanga whakaahua "ma te paato".
He putunga kotahi mo te tiki whakaahua whakaahua/tuku putanga.
Raina paipa mo te hanga/whakamatautau/whakaputa i tetahi kaupapa java.

Ko te whakarite i te GitLab CI ehara i te mea uaua te kaupapa penei i te titiro tuatahi. He nui noa ki te whakatu CI i runga i te kaupapa turnkey i nga wa e rua, a inaianei kei tawhiti atu koe i te runaruna mo tenei kaupapa. Ano, ko nga tuhinga a GitLab he nui noa atu. Kaua e wehi ki te tango i te taahiraa tuatahi. Ka puta te huarahi i raro i nga hikoinga o te tangata e hikoi ana (kare au e mahara na wai i korero :)

Ka koa ahau ki te whiwhi urupare.

I roto i te tuhinga e whai ake nei ka korero ahau me pehea te whirihora i a GitLab CI ki te whakahaere i nga mahi me nga whakamatautau whakaurunga whakataetae (te whakahaere i nga ratonga i raro i te whakamatautau ma te whakamahi i te docker-compose) mena he kotahi noa te kaikawe anga.

Ki nga ihirangi

Source: will.com

Tāpiri i te kōrero whakakore whakautu

Hei tuku i tetahi korero e hiahia ana koe takiuru.