Dan l-artikolu huwa maħsub għall-iżviluppaturi java li għandhom bżonn jippubblikaw il-prodotti tagħhom malajr għal repożitorji ċentrali sonatype u/jew maven bl-użu ta 'GitLab. F'dan l-artikolu, se nitkellem dwar it-twaqqif ta 'gitlab-runner, gitlab-ci u maven-plugin biex issolvi din il-problema.
Prerekwiżiti:
- Ħażna sikura ta 'mvn u GPG keys.
- Eżekuzzjoni sigura tal-kompiti pubbliċi tas-CI.
- Tlugħ ta' artifacts (rilaxx/snapshot) f'repożitorji pubbliċi.
- Iċċekkjar awtomatiku tal-verżjonijiet tar-rilaxx għall-pubblikazzjoni f'maven central.
- Soluzzjoni ġenerali għat-tlugħ ta' artifatti f'repożitorju għal proġetti multipli.
- Sempliċità u faċilità ta 'użu.
Kontenut
Informazzjoni Ġenerali
- Deskrizzjoni dettaljata tal-mekkaniżmu għall-pubblikazzjoni ta' artifatti lil Maven Central permezz tas-Servizz ta' Hosting tar-Repożitorju Sonatype OSS hija diġà deskritta f' utent , għalhekk se nirreferi għal dan l-artikolu fil-postijiet it-tajba.
- Irreġistra minn qabel fuq u ibda biljett biex tiftaħ ir-repożitorju (għal aktar dettalji, aqra t-taqsima ). Wara li jinfetaħ ir-repożitorju, il-par login/password minn JIRA (minn hawn 'il quddiem imsejjaħ il-kont Sonatype) se jintuża biex ittella' artifacts fuq Sonatype nexus.
- Sussegwentement, il-proċess tal-ġenerazzjoni ta 'ċavetta GPG huwa deskritt b'mod niexef ħafna. Ara t-taqsima għal aktar dettalji
- Jekk tuża l-console Linux biex tiġġenera ċavetta GPG (gnupg/gnupg2), allura trid tinstalla biex tiġġenera entropija. Inkella, il-ġenerazzjoni taċ-ċavetta tista' tieħu żmien twil ħafna.
- Servizzi ta' ħażna pubbliku Ċwievet GPG
Twaqqif ta 'proġett ta' skjerament f'GitLab
- L-ewwelnett, għandek bżonn toħloq u tikkonfigura proġett li fih il-pipeline se jinħażen għall-iskjerament ta 'artifacts. Semmejt il-proġett tiegħi b'mod sempliċi u bla komplikazzjoni -
- Wara li toħloq ir-repożitorju, trid tirrestrinġi l-aċċess biex tibdel ir-repożitorju.
Mur fil-proġett -> Settings -> Repożitorju -> Fergħat Protetti. Aħna nħassru r-regoli kollha u nżidu regola waħda bil-Wildcard * bid-dritt li timbotta u tgħaqqad biss għall-utenti bir-rwol ta' Maintainers. Din ir-regola se taħdem għall-utenti kollha kemm ta’ dan il-proġett kif ukoll tal-grupp li għalih jappartjeni dan il-proġett.
- Jekk ikun hemm diversi manutenzjoni, allura l-aħjar soluzzjoni tkun li jiġi limitat l-aċċess għall-proġett fil-prinċipju.
Mur fil-proġett -> Settings -> Ġenerali -> Viżibilità, karatteristiċi tal-proġett, permessi u ssettja l-viżibilità tal-proġett għal Privat.
Għandi proġett f'aċċess pubbliku, peress li nuża GitLab Runner tiegħi stess u jien biss għandi aċċess biex timmodifika r-repożitorju. Ukoll, fil-fatt mhuwiex fl-interess tiegħi li nuri informazzjoni privata f'pipeline logs pubbliċi. - Issikkar tar-regoli għall-bidla tar-repożitorju
Mur fil-proġett -> Settings -> Repożitorju -> Imbotta Regoli u waqqaf ir-restrizzjoni tal-Committer, Iċċekkja jekk l-awtur huwiex bnadar utent GitLab. Nirrakkomanda wkoll it-twaqqif , u ssettja l-bandiera ta' impenji mhux iffirmati ta' Irrifjuta. - Sussegwentement trid tikkonfigura grillu biex tniedi l-kompiti
Mur fil-proġett -> Settings -> CI / CD -> Pipeline triggers u oħloq trigger-token ġdid
Dan it-token jista 'jiżdied immedjatament mal-konfigurazzjoni ġenerali tal-varjabbli għal grupp ta' proġetti.
Mur fil-grupp -> Settings -> CI / CD -> Varjabbli u żid varjabbliDEPLOY_TOKENbi trigger-token fil-valur.
GitLab Runner
Din it-taqsima tiddeskrivi l-konfigurazzjoni għat-tmexxija tal-kompiti fuq l-iskjerament bl-użu tar-runner nattiv (Speċifiku) u pubbliku (Kondiviżi).
Runner Speċifiku
Jiena nuża r-runners tiegħi stess għax, l-ewwelnett, huwa konvenjenti, veloċi u rħis.
Għal runner nirrakkomanda Linux VDS b'1 CPU, 2 GB RAM, 20 GB HDD. Prezz tal-ħruġ ~ 3000₽ fis-sena.
Ir-runner tiegħi
Għar-runner ħadt VDS 4 CPU, 4 GB RAM, 50 GB SSD. Sewa ~ 11000₽ u qatt ma ddispjaċih.
Għandi total ta '7 magni. 5 fuq aruba u 2 fuq ihor.
Allura għandna runner. Issa aħna se tikkonfiguraha.
Immorru għall-magna permezz ta 'SSH u ninstallaw java, git, maven, gnupg2.
Installazzjoni ta' gitlab runner
- Oħloq grupp ġdid
runnersudo groupadd runner - Oħloq direttorju għall-maven cache u tassenja drittijiet tal-grupp
runner
Tista' taqbeż dan il-pass jekk ma tippjanax li tħaddem diversi runners fuq l-istess magna.mkdir -p /usr/cache/.m2/repository chown -R :runner /usr/cache chmod -R 770 /usr/cache - Oħloq utent
gitlab-deployeru żid mal-grupprunneruseradd -m -d /home/gitlab-deployer gitlab-deployer usermod -a -G runner gitlab-deployer - Żid mal-fajl
/etc/ssh/sshd_configlinja li jmissAllowUsers root@* [email protected] - Reboot
sshdsystemctl restart sshd - L-issettjar ta' password għall-utent
gitlab-deployer(jista 'jkun sempliċi, peress li hemm restrizzjoni għal localhost)passwd gitlab-deployer - Installa GitLab Runner (Linux x86-64)
sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner - Mur fil-websajt gitlab.com -> deploy-project -> Settings -> CI/CD -> Runners -> Specific Runners u kkopja t-token tar-reġistrazzjoni
Skrin
- Tirreġistra runner
gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml
proċess
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!- Iċċekkja li r-runner huwa reġistrat. Mur fuq gitlab.com -> deploy-project -> Settings -> CI/CD -> Runners -> Specific Runners -> Runners attivati għal dan il-proġett
Skrin
- Żid separat servizz
/etc/systemd/system/gitlab-deployer.service[Unit] Description=GitLab Deploy Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/local/bin/gitlab-runner [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target - Nibdew is-servizz.
systemctl enable gitlab-deployer.service systemctl start gitlab-deployer.service systemctl status gitlab-deployer.service - Aħna niċċekkjaw li r-runner qed jaħdem.
Eżempju
Ġenerazzjoni taċ-ċavetta GPG
-
Mill-istess magna mmorru permezz ssh taħt l-utent
gitlab-deployer(dan huwa importanti għall-ġenerazzjoni taċ-ċavetta GPG)ssh [email protected] -
Aħna niġġeneraw ċavetta billi nwieġbu mistoqsijiet. Jien użajt ismi u l-email.
Kun żgur li tispeċifika l-password għaċ-ċavetta. L-artifacts se jiġu ffirmati b'din iċ-ċavetta.gpg --gen-key -
Iċċekkja
gpg --list-keys -a /home/gitlab-deployer/.gnupg/pubring.gpg ---------------------------------------- pub 4096R/00000000 2019-04-19 uid Petruha Petrov <[email protected]> sub 4096R/11111111 2019-04-19 -
Intellgħu ċ-ċavetta pubblika tagħna fuq is-server taċ-ċavetta
gpg --keyserver keys.gnupg.net --send-key 00000000 gpg: sending key 00000000 to hkp server keys.gnupg.net
It-twaqqif ta’ Maven
- Immorru taħt l-utent
gitlab-deployersu gitlab-deployer - Oħloq direttorju maven repożitorju u link għall-cache (tagħmel l-ebda żball)
Tista' taqbeż dan il-punt jekk ma tippjanax li tmexxi diversi runners fuq magna waħda.mkdir -p ~/.m2/repository ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository - Oħloq ċavetta prinċipali
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Oħloq fajl ~/.m2/settings-security.xml
<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Kriptaġġ tal-password mill-kont Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Oħloq fajl ~/.m2/settings.xml
<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>SONATYPE_USERNAME</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
fejn,
GPG_SECRET_KEY_PASSPHRASE - password taċ-ċavetta tal-GPG
SONATYPE_USERNAME — login fil-kont sonatype
Dan jikkompleta s-setup tar-runner, tista 'tipproċedi għat-taqsima
Shared Runner
Ġenerazzjoni taċ-ċavetta GPG
-
L-ewwelnett, għandek bżonn toħloq ċavetta GPG. Biex tagħmel dan, installa gnupg.
yum install -y gnupg -
Aħna niġġeneraw ċavetta billi nwieġbu mistoqsijiet. Jien użajt ismi u l-email. Kun żgur li tispeċifika l-password għaċ-ċavetta.
gpg --gen-key -
Wiri ta 'informazzjoni fuq iċ-ċavetta
gpg --list-keys -a pub rsa3072 2019-04-24 [SC] [expires: 2021-04-23] 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 uid [ultimate] tttemp <[email protected]> sub rsa3072 2019-04-24 [E] [expires: none] -
Intellgħu ċ-ċavetta pubblika tagħna fuq is-server taċ-ċavetta
gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net -
Ikseb ċavetta privata
gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 -----BEGIN PGP PRIVATE KEY BLOCK----- lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5 ... =2Wd2 -----END PGP PRIVATE KEY BLOCK----- -
Mur fl-issettjar tal-proġett -> Settings -> CI / CD -> Varjabbli u ssalva ċ-ċavetta privata f'varjabbli
GPG_SECRET_KEY
It-twaqqif ta’ Maven
- Oħloq ċavetta prinċipali
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Mur fl-issettjar tal-proġett -> Settings -> CI / CD -> Varjabbli u ssejvja f'varjabbli
SETTINGS_SECURITY_XMLil-linji li ġejjin:<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Kriptaġġ tal-password mill-kont Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Mur fl-issettjar tal-proġett -> Settings -> CI / CD -> Varjabbli u ssejvja f'varjabbli
SETTINGS_XMLil-linji li ġejjin:<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>sonatype_username</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
fejn,
GPG_SECRET_KEY_PASSPHRASE - password taċ-ċavetta tal-GPG
SONATYPE_USERNAME — login fil-kont sonatype
Uża immaġni docker
-
Aħna noħolqu Dockerfile pjuttost sempliċi biex imexxu l-kompiti fuq l-iskjerament bil-verżjoni mixtieqa ta 'Java. Hawn taħt hemm eżempju għall-alpini.
FROM java:8u111-jdk-alpine RUN apk add gnupg maven git --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && mkdir ~/.m2/ -
Bini ta 'kontenitur għall-proġett tiegħek
docker build -t registry.gitlab.com/group/deploy . -
Aħna jawtentikaw u tagħbija l-kontenitur fir-reġistru.
docker login -u USER -p PASSWORD registry.gitlab.com docker push registry.gitlab.com/group/deploy
GitLab CI
Skjerament proġett
Żid il-fajl .gitlab-ci.yml mal-għerq tal-proġett tal-iskjerament
L-iskrittura tippreżenta żewġ kompiti ta 'skjerament esklussivi reċiprokament. Runner Speċifiku jew Shared Runner rispettivament.
.gitlab-ci.yml
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# Задача будет выполняться на вашем shell-раннере
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# Задача будет выполняться на публичном docker-раннере
tags:
- docker
# Образ из раздела GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# Импортируем GPG ключ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# Сохраняем maven конфигурацию
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# Задача сработает по триггеру, если передана переменная DEPLOY со значением java
only:
variables:
- $DEPLOY == "java"
variables:
# отключаем клонирование текущего проекта
GIT_STRATEGY: none
script:
# Предоставляем возможность хранения пароля в незашифрованном виде
- git config --global credential.helper store
# Сохраняем временные креды пользователя gitlab-ci-token
# Токен работает для всех публичных проектов gitlab.com и для проектов группы
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# Полностью чистим текущую директорию
- rm -rf .* *
# Клонируем проект который, будем деплоить в Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# Переключаемся на нужный коммит
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
# В противном случае есть риск залить сырые артефакты в maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# Запускаем задачу на сборку и деплой артефактов
- mvn clean deploy -DskipTests=true
Proġett Java
Fi proġetti java li suppost jittellgħu f'repożitorji pubbliċi, trid iżżid 2 passi biex tniżżel il-verżjonijiet ta' Rilaxx u Snapshot.
.gitlab-ci.yml
stages:
- build
- test
- verify
- deploy
<...>
Release:
extends: .trigger_deploy
# Запускать задачу только пo тегу.
only:
- tags
Snapshot:
extends: .trigger_deploy
# Запускаем задачу на публикацию SNAPSHOT версии вручную
when: manual
# Не запускать задачу, если проставлен тег.
except:
- tags
.trigger_deploy:
stage: deploy
variables:
# Отключаем клонирование текущего проекта
GIT_STRATEGY: none
# Ссылка на триггер deploy-задачи
URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
# Переменные deploy-задачи
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
# Не использую cURL, так как с флагами --fail --show-error
# он не выводит тело ответа, если HTTP код 400 и более
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}F'din is-soluzzjoni, mort ftit aktar u ddeċidejt li nuża mudell CI wieħed għal proġetti java.
Fid-dettalji
Ħloqt proġett separat li fih poġġa l-mudell CI għal proġetti java .
komuni.yml
stages:
- build
- test
- verify
- deploy
variables:
SONAR_ARGS: "
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
"
.build_java_project:
stage: build
tags:
- touchbit-shell
variables:
SKIP_TEST: "false"
script:
- mvn clean
- mvn package -DskipTests=${SKIP_TEST}
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.build_sphinx_doc:
stage: build
tags:
- touchbit-shell
variables:
DOCKERFILE: .indirect/docs/Dockerfile
script:
- docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .
.junit_module_test_run:
stage: test
tags:
- touchbit-shell
variables:
MODULE: ""
script:
- cd ${MODULE}
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.junit_test_run:
stage: test
tags:
- touchbit-shell
script:
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.sonar_review:
stage: verify
tags:
- touchbit-shell
dependencies: []
script:
- >
if [ "$CI_BUILD_REF_NAME" == "master" ]; then
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
else
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
fi
.trigger_deploy:
stage: deploy
tags:
- touchbit-shell
variables:
URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
.trigger_release_deploy:
extends: .trigger_deploy
only:
- tags
.trigger_snapshot_deploy:
extends: .trigger_deploy
when: manual
except:
- tags
Bħala riżultat, fil-proġetti java nfushom, .gitlab-ci.yml jidher kompatt ħafna u mhux verbose
.gitlab-ci.yml
include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml
Shields4J:
extends: .build_java_project
Sphinx doc:
extends: .build_sphinx_doc
variables:
DOCKERFILE: .docs/Dockerfile
Sonar review:
extends: .sonar_review
dependencies:
- Shields4J
Release:
extends: .trigger_release_deploy
Snapshot:
extends: .trigger_snapshot_deploy
Konfigurazzjoni Pom.xml
Dan is-suġġett huwa deskritt f'dettall kbir. в , għalhekk se niddeskrivi xi wħud mill-sfumaturi tal-użu tal-plugins. Se niddeskrivi wkoll kemm tista' tuża faċilment u b'mod naturali nexus-staging-maven-pluginjekk ma tridx jew ma tistax tuża org.sonatype.oss:oss-parent bħala ġenitur għall-proġett tiegħek.
maven-install-plugin
Jinstalla moduli fir-repożitorju lokali.
Utli ħafna għall-verifika lokali ta 'soluzzjonijiet fi proġetti oħra, kif ukoll checksum.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- Если у вас многомодульный проект с деплоем родительского помика -->
<phase>install</phase>
<!-- Явно указываем файлы для локальной установки -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- Принудительное обновление метаданных проекта -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- Контрольные суммы для проверки целостности -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
maven-javadoc-plugin
Ġenerazzjoni javadoc għall-proġett.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
<phase>prepare-package</phase>
<configuration>
<!-- Очень помогает в публичных проектах -->
<failOnError>true</failOnError>
<failOnWarnings>true</failOnWarnings>
<!-- Убирает ошибку поиска документации в target директории -->
<detectOfflineLinks>false</detectOfflineLinks>
</configuration>
</execution>
</executions>
</plugin>Jekk għandek modulu li ma fihx java (pereżempju riżorsi biss)
Jew ma tridx tiġġenera javadoc fil-prinċipju, imbagħad tgħin maven-jar-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>empty-javadoc-jar</id>
<phase>generate-resources</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>javadoc</classifier>
<classesDirectory>${basedir}/javadoc</classesDirectory>
</configuration>
</execution>
</executions>
</plugin>
maven-gpg-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<!-- Сборка будет падать, если отсутствует GPG ключ -->
<!-- Подписываем артефакты только на фазе deploy -->
<phase>deploy</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
nexus-staging-maven-plugin
Konfigurazzjoni:
<project>
<!-- ... -->
<build>
<plugins>
<!-- ... -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- Обновляем метаданные, чтобы пометить артефакт как release -->
<!-- Не влияет на snapshot версии -->
<updateReleaseInfo>true</updateReleaseInfo>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<!-- Отключаем плагин -->
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype</id>
<name>Nexus Snapshot Repository</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>Jekk għandek proġett b'ħafna moduli, u m'għandekx bżonn ittella' modulu speċifiku fir-repożitorju, allura trid iżżid mal-pom.xml ta' dan il-modulu nexus-staging-maven-plugin bil-bandiera skipNexusStagingDeployMojo
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
</plugin>
</plugins>
</build>Wara li ttella' verżjonijiet snapshot/rilaxx huma disponibbli fi
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- Не надо указывать флаги snapshot/release для репозитория -->
</repository>
</repositories>Aktar pluses
- Lista rikka ħafna ta' miri biex taħdem mar-repożitorju ta' nexus (
mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin). - Kontroll tar-rilaxx awtomatiku għall-downloadability f'maven central
Riżultat
Tippubblika Verżjoni SNAPSHOT
Meta tibni proġett, huwa possibbli li manwalment tibda kompitu biex tniżżel il-verżjoni SNAPSHOT għal nexus
Meta dan il-kompitu jiġi mniedi, il-kompitu korrispondenti fil-proġett ta' skjerament jiġi attivat ().
Log mirqum
Running with gitlab-runner 11.10.0 (3001a600)
on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0 [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO] Updating project org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:client
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:test-core
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:testng
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:client
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO] * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [ 2.375 s]
[INFO] test-core .......................................... SUCCESS [ 3.929 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------Bħala riżultat, il-verżjoni tan-nexus hija mgħobbija .
Il-verżjonijiet snapshot kollha jistgħu jitneħħew mir-repożitorju fuq is-sit taħt il-kont tiegħek.
Il-pubblikazzjoni ta' verżjoni tar-rilaxx
Meta t-tikketta tkun issettjata, il-kompitu korrispondenti fil-proġett ta' skjerament jiġi awtomatikament attivat biex ittella' l-verżjoni tar-rilaxx fuq nexus ().
L-aħjar parti hija li r-rilaxx mill-qrib jiġi awtomatikament attivat fir-rabta.
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------U jekk xi ħaġa tmur ħażin, il-kompitu definittivament se jfalli
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------Bħala riżultat, nibqgħu b'għażla waħda biss. Jew ħassar din il-verżjoni jew ippubblikaha.
Wara r-rilaxx, wara xi żmien, l-artifacts se jkunu ġewwa
offtopic
Kienet skoperta għalija li maven indiċi repożitorji pubbliċi oħra.
Kelli ntella' robots.txt għax indiċjat ir-repożitorju l-antik tiegħi.
Konklużjoni
Dak li għandna
- Proġett ta' skjerament separat li fih tista' timplimenta diversi kompiti CI għat-tlugħ ta' artifacts f'repożitorji pubbliċi għal diversi lingwi ta' żvilupp.
- Il-proġett Deploy huwa iżolat minn interferenza esterna u jista' jinbidel biss minn utenti bir-rwoli ta' Sid u Mantenitur.
- Runner Speċifiku separat b'cache "taħraq" biex jaħdem biss kompiti.
- Il-pubblikazzjoni ta' verżjonijiet ta' snapshot/rilaxx f'repożitorju pubbliku.
- Kontroll awtomatiku tal-verżjoni tar-rilaxx għar-rieda għall-pubblikazzjoni f'maven central.
- Protezzjoni kontra l-pubblikazzjoni awtomatika ta 'verżjonijiet "mhux maħduma" f'maven central.
- Ibni u ppubblika verżjonijiet snapshot "fuq ikklikkja".
- Repożitorju wieħed għall-kisba ta' verżjonijiet ta' snapshot/rilaxx.
- Pipeline ġenerali għall-bini/ittestjar/pubblikazzjoni ta 'proġett java.
It-twaqqif ta' GitLab CI mhuwiex suġġett ikkumplikat daqs kemm jidher mal-ewwel daqqa t'għajn. Huwa biżżejjed li twaqqaf CI fuq bażi turnkey ftit drabi, u issa int bogħod minn dilettant f'din il-kwistjoni. Barra minn hekk, id-dokumentazzjoni GitLab hija żejda ħafna. Tibżax tieħu l-ewwel pass. It-triq tidher taħt it-taraġ tal-persuna li tkun miexja (ma niftakarx min qalha :)
Inkun kuntent li nirċievi feedback.
Fl-artiklu li jmiss, ser nuruk kif twaqqaf GitLab CI biex tmexxi l-kompiti tat-test tal-integrazzjoni b'mod kompetittiv (tmexxija tas-servizzi tat-test b'docker-compose) jekk għandek shell runner wieħed biss.
Sors: www.habr.com