á€áá±á¬ááºážáá«ážááẠGitLab ááᯠá¡áá¯á¶ážááŒá¯á sonatype ááŸáá·áº/ááá¯á·ááá¯áẠmaven áááá¯ááá¯ááŸá±á¬ááºáááºážáá»á¬ážááœáẠáááºážááá¯á·á áá¯ááºáá¯ááºáá»á¬ážááᯠáá»ááºááŒááºá áœá¬ áá¯ááºáá±ááá¯ááá·áº java developer áá»á¬ážá¡ááœáẠáááºááœááºáá«áááºá á€áá±á¬ááºážáá«ážááœáẠá€ááŒá¿áá¬ááá¯ááŒá±ááŸááºážááẠgitlab-runnerá gitlab-ci ááŸáá·áº maven-plugin ááá¯áááºáá±á¬ááºááŒááºážá¡ááŒá±á¬ááºážááŒá±á¬áá«áááºá
ááá¯á¡ááºáá»ááºáá»á¬áž
- mvn ááŸáá·áº GPG áá±á¬á·áá»á¬ážááᯠáá¯á¶ááŒá¯á¶á áœá¬ááááºážáááºážáá«á
- á¡áá»á¬ážáá°ááŸá¬ CI áá¯ááºáááºážáá»á¬ážááᯠáá¯á¶ááŒá¯á¶á áœá¬ á¡áá±á¬ááºá¡áááºáá±á¬áºááŒááºážá
- ááŸá±ážáá±á¬ááºážáá á¹á ááºážáá»á¬áž (áá¯ááºááœáŸááºááŒááºáž/áá»áŸááºáá áºááŒááº) ááᯠá¡áá»á¬ážáá°ááŸá¬ ááá¯ááŸá±á¬ááºáá¬áá»á¬ážááá¯á· á¡ááºáá¯ááºáá¯ááºááŒááºážá
- maven Central ááœáẠáá¯ááºáá±áááºá¡ááœáẠááœááºááŸááá±á¬áá¬ážááŸááºážáá»á¬ážááᯠá¡ááá¯á¡áá»á±á¬ááºá á áºáá±ážááŒááºážá
- ááá±á¬áá»ááºáá»á¬ážá áœá¬á¡ááœáẠááŸá±ážáá±á¬ááºážáá á¹á ááºážáá»á¬ážááᯠááá¯ááŸá±á¬ááºáá¯á¶ááá¯á· á¡ááºáá¯ááºáááºááŒááºážá¡ááœáẠáá±áá¯áá»ááŒá±ááŸááºážáá»ááºá
- ááá¯ážááŸááºážááŸá¯ááŸáá·áº á¡áá¯á¶ážááŒá¯áááœááºáá°ááŒááºážá
á¡ááŒá±á¬ááºážá¡áá¬
áá±áá¯áá»ááááºážá¡áá»ááºá¡ááẠGitLab ááœáẠááá±á¬áá»ááºáá áºáᯠááŒáá·áºáá»ááºááŸá¯ááᯠáááºááŸááºááŒááºážá GitLab á¡ááŒá±ážááá¬áž GitLab CI Pom.xml ááœá²á·á ááºážááŸá¯ áááẠáá±á¬ááºáá»ááº
áá±áá¯áá»ááááºážá¡áá»ááºá¡áááº
- Sonatype OSS Repository Hosting Service ááŸáá
áºááá·áº Maven Central ááœáẠááŸá±ážáá±á¬ááºážáá
á¹á
ááºážáá»á¬áž ááŒáá·áºáá»áááá·áº ááá¹ááá¬ážá á¡áá±ážá
áááºáá±á¬áºááŒáá»ááºááᯠááœáẠáá±á¬áºááŒáá¬ážááŒá®ážááŒá
áºáááºá
á€áá±á¬ááºáá«áž á¡áá¯á¶ážááŒá¯áá°ááá¯Googolplex ááá¯á·ááŒá±á¬áá·áº áá»áœááºá¯ááºááẠá€áá±á¬ááºážáá«ážááᯠááŸááºáááºáá±á¬áá±áá¬áá»á¬ážááœáẠááá¯ážáá¬ážáá«áááºá - ááŒáá¯áááºá
á¬áááºážáá±ážááœááºážáá«á
Sonatype JIRA ááá¯ááŸá±á¬ááºáá¯á¶ááá¯ááœáá·áºááẠáááºááŸááºáá áºá á±á¬ááºááá¯ááœáá·áºáá« (á¡áá±ážá áááºá¡áá»ááºá¡áááºáá»á¬ážá¡ááœáẠá¡ááá¯ááºážááᯠáááºááŸá¯áá«áSonatype JIRA ááœáẠáááºááŸááºáá áºáᯠáááºáá®ážáá«á ) repository ááá¯ááœáá·áºááŒá®ážáá±á¬ááºá JIRA á០áá±á¬á·ááºá¡ááº/á áá¬ážááŸááºá¡ááœá² (ááá¯áá±á¬ááºááá¯ááºážááœáẠSonatype á¡áá±á¬áá·áºá¡ááŒá áºáááºááœáŸááºážáááº) ááᯠSonatype nexus ááá¯á· ááŸá±ážáá±á¬ááºážáá á¹á ááºážáá»á¬áž á¡ááºáá¯ááºáá¯ááºáááºá¡ááœáẠá¡áá¯á¶ážááŒá¯áá«áááºá - ááá¯á·áá±á¬ááºá GPG áá±á¬á·áá¯ááºáá±ážááŒááºážáá¯ááºáááºážá
ááºááᯠá¡ááœááºááŒá±á¬ááºááœá±á·á
áœá¬áá±á¬áºááŒáááºá á¡áá±ážá
áááºá¡áá»ááºá¡áááºáá»á¬ážá¡ááœáẠááá¹áááᯠááŒáá·áºáá«á
ááŸá±ážáá±á¬ááºážáá á¹á ááºážáá»á¬ážááᯠáááºááŸááºááá¯ážááẠGnuPG ááᯠááŒááºáááºáááºááŸááºááŒááºážá - á¡áááºá áááºááẠGPG áá±á¬á· (gnupg/gnupg2) ááá¯áá¯ááºáá¯ááºááẠLinux ááœááºááá¯ážááºááá¯á¡áá¯á¶ážááŒá¯áá«á áááºááá·áºááœááºážáááºááá¯á¡ááºáááº
RNG-tools áá»á¬áž entropy ááá¯áá¯ááºáá¯ááºáááºá ááá¯ááºáá«á áá±á¬á·áá»áá¯ážáááºááẠá¡ááœááºá¡áá»áááºáá°ááá±áááºá - ááá¯ááŸá±á¬ááºááŒááºážáááºáá±á¬ááºááŸá¯áá»á¬áž á¡áá»á¬ážáá°ááŸá¬ GPG áá±á¬á·áá»á¬áž
http://keys.gnupg.net http://pool.sks-keyservers.net http://keyserver.ubuntu.com
GitLab ááœáẠááŒáá·áºáá»áẠááá±á¬áá»ááºáá áºáᯠáááºáá±á¬ááºááŒááºážá
- ááááŠážá
áœá¬á áááºááẠááŸá±ážáá±á¬ááºážáá
á¹á
ááºážáá»á¬ážááᯠá¡áá¯á¶ážáá»áááºá¡ááœáẠááá¯ááºááá¯ááºážááᯠááááºážáááºážááá·áº ááá±á¬áá»ááºáá
áºáá¯ááᯠáááºáá®ážááŒá®áž ááŒááºáááºáááºááŸááºááẠááá¯á¡ááºáááºá áá»áœááºá¯ááºá ááá±á¬áá»ááºááᯠááá¯ážááá¯ážááŸááºážááŸááºážááŸáá·áº ááŸá¯ááºááœá±ážá
áœá¬ á¡áááºáá±ážáá²á·áá«áááºá
áá»ááºááŒáá·áº - repository ááá¯áááºáá®ážááŒá®ážáá±á¬ááºá repository ááá¯ááŒá±á¬ááºážáá²áááºáááºáá±á¬ááºááœáá·áºááá¯áááºááá·áºáááºáááºááá¯á¡ááºáááºá
ááá±á¬áá»áẠ-> áááºáááºáá»á¬áž -> ááá¯ááŸá±á¬ááºáá±áž -> á¡áá¬á¡ááœááºáá¬áááœá²áá»á¬ážááá¯á· ááœá¬ážáá«á áá»áœááºá¯ááºááá¯á·ááẠá ááºážáá»ááºážáá»á¬ážá¡á¬ážáá¯á¶ážááᯠáá»ááºááŒá®áž á ááºážáááºážáá»ááºáá áºáá¯áááºážááᯠWildcard * ááŒáá·áº ááááºážááŸááá±ážááá·áº á¡áááºážááá¹áááŒáá·áº á¡áá¯á¶ážááŒá¯áá°áá»á¬ážá¡ááœááºáᬠááœááºážá¡á¬ážáá±ážááŒá®áž áá±á«ááºážá ááºážááá¯ááºááœáá·áºááŸááááºá á€á ááºážáá»ááºážááẠá€ááá±á¬áá»ááºááŸá áºáá¯áá¯á¶ážááŸáá·áº á€ááá±á¬áá»ááºááá¯ááºááá¯ááºááá·áºá¡ááœá²á·á á¡áá¯á¶ážááŒá¯áá°á¡á¬ážáá¯á¶ážá¡ááœáẠá¡áá¯ááºáá¯ááºáááºááŒá áºáááºá
- ááááºážááááºážáá°á¡áá»á¬ážá¡ááŒá¬ážááŸááá«áá á¡áá±á¬ááºážáá¯á¶ážááŒá±ááŸááºážáá»ááºááŸá¬ ááá±á¬áá»ááºááá¯á·áááºáá±á¬ááºááœáá·áºááá¯áá°á¡áááá·áºáááºáááºááŒá
áºáááºá
ááá±á¬áá»áẠ-> áááºáááºáá»á¬áž -> á¡ááœá±ááœá± -> ááŒááºááá¯ááºááŸá¯á ááá±á¬áá»ááºá¡ááºá¹áá«áááºáá»á¬ážá ááœáá·áºááŒá¯áá»ááºáá»á¬ážááᯠááœá¬ážááŒá®áž ááá±á¬áá»ááºááŒááºááá¯ááºá áœááºážááᯠáááºááŸááºáá«á ááá¯ááºááá¯ááº.
áá»áœááºá¯ááºááẠáá»áœááºá¯ááºáááá¯ááºááá¯áẠGitLab Runner ááá¯á¡áá¯á¶ážááŒá¯ááŒá®áž repository ááá¯ááŒá±á¬ááºážáá²ááẠáá áºáŠážáááºážáᬠáááºáá±á¬ááºááœáá·áºááŸááá±á¬ááŒá±á¬áá·áº áá»áœááºá¯ááºááœáẠá¡áá»á¬ážáá°ááŸá¬ á¡áá¯á¶ážááŒá¯ááá¯ááºáá±á¬ ááá±á¬áá»ááºáá áºáá¯ááŸááááºá á¡ááŸááºáá±á¬á·á á¡áá»á¬ážáá°ááŸá¬ ááá¯ááºááá¯ááºážááŸááºáááºážáá»á¬ážááœáẠááá¯ááºáá±ážááá¯ááºáá¬á¡áá»ááºá¡áááºáá»á¬ážááá¯ááŒáááẠáá»áœááºá¯ááºáá¡áá»áá¯ážá á®ážááœá¬ážááá¯ááºáá«á - ááá¯ááŸá±á¬ááºááŸá¯á¡á¬áž ááŒá±á¬ááºážáá²ááŒááºážá¡ááœáẠá
ááºážáá»ááºážáá»á¬áž áááºážáá»ááºááŒááºážá
ááá±á¬áá»áẠ-> Settings -> Repository -> Push Rules ááá¯ááœá¬ážááŒá®áž Committer ááá·áºáááºáá»ááºááᯠáááºááŸááºáá«á á á¬áá±ážáá°ááẠGitLab á¡áá¯á¶ážááŒá¯áá°á¡áá¶áá»á¬áž áá¯ááºááá¯áẠá á áºáá±ážáá«á áááºáááºáááºáááºáž á¡ááŒá¶ááŒá¯áá«áááºááááºááŸááºááá¯ážáá«á ááŸáá·áº Reject unsigned commits á¡áá¶ááᯠáááºááŸááºáá«á - ááá¯á·áá±á¬áẠáá¯ááºáá±á¬ááºá
áá¬áá»á¬ážááᯠá
áááºááẠá¡á
áá»áá¯ážáá
áºáá¯ááᯠáááºááŸááºááẠááá¯á¡ááºáááºá
ááá±á¬áá»áẠ-> áááºáááºáá»á¬áž -> CI / CD -> ááá¯ááºááá¯ááºážá¡á áá»áá¯ážááŸá¯áá»á¬ážááá¯á· ááœá¬ážááŒá®áž á¡á áá»áá¯áž-ááá¯áááºá¡áá áºáá áºáᯠáááºáá®ážáá«á
á€ááá¯áááºááᯠááá±á¬áá»ááºá¡á¯ááºá á¯áá áºáá¯á¡ááœáẠááááºážááŸááºáá»á¬ážá áá±áá¯áá»ááœá²á·á ááºážáá¯á¶ááœáẠáá»ááºáá»ááºážááá·áºááá¯ááºáááºá
group -> Settings -> CI / CD -> Variables ááá¯á·ááœá¬ážá variable ááá¯ááá·áºáá«áDEPLOY_TOKEN
áááºááá¯ážááŸá trigger-token ááŸáá·áºá¡áá°á
GitLab á¡ááŒá±ážááá¬áž
ááá·áºááá¯ááºááá¯áẠ(Specific) ááŸáá·áº á¡áá»á¬ážáá°ááŸá¬ (áá»áŸáá±áá¬ážáá±á¬) á¡ááŒá±ážááá¬ážááᯠá¡áá¯á¶ážááŒá¯á ááŒáá·áºáá»ááºáá¯ááºáá±á¬ááºááá·áº áá¯ááºáá±á¬ááºá áá¬áá»á¬ážááᯠáá¯ááºáá±á¬ááºáááºá¡ááœáẠááœá²á·á ááºážááŸá¯áá¯á¶á á¶ááᯠá€ááá¹áááœáẠáá±á¬áºááŒáá¬ážáááºá
áááºáááºááŸááºááŸáẠá¡ááŒá±ážááá¬áž
ááááá¯á¶ážá¡áá±áá²á· á¡áááºááŒá±áááºá ââááŒááºáááºá á
á»á±ážáá±á«áááºá áá¬ááŒá±á¬áá·áºáá²ááá¯áá±á¬á· ááá¯áá·áºááá¯ááºááá¯áẠá¡ááŒá±ážááá¬ážááœá±ááᯠáá¯á¶ážáááºá
á¡ááŒá±ážááá¬ážá¡ááœááºá CPU 1á 2 GB RAMá 20 GB HDD áá«áá±á¬ Linux VDS ááᯠá¡ááŒá¶ááŒá¯áá«áááºá áá¯ááºáá±ážáá±á¬á
á»á±ážááŸá¯ááºážááŸá¬ áá
áºááŸá
áºáá»áŸáẠ~3000✠ááŒá
áºáááºá
áá«á·á¡ááŒá±ážááá¬áž
á¡ááŒá±ážááá¬ážá¡ááœáẠáá»áœááºá¯ááºááẠVDS 4 CPUá 4 GB RAM á 50 GB SSD ááᯠáá°áá²á·áááºá ~11000✠áá¯ááºáá»ááŒá®áž áááºáá±á¬á·á០áá±á¬ááºááááá«áá°ážá
á
á¯á
á¯áá±á«ááºáž á
áẠá áá¯á¶ážááŸááááºá Aruba ááœáẠ7 ááŸáá·áº 5 ihor á
á¡á²áá®áá±á¬á· á¡ááŒá±ážááá¬ážááŸááááºá ááᯠáá»áœááºá¯ááºááá¯á· áááºážááᯠconfigure áá¯ááºáá«áááºá
SSH ááŸáá
áºááá·áº á
ááºááá¯á·ááœá¬ážá java, git, maven, gnupg2 ááᯠinstall áá¯ááºáá«á
gitlab runner ááᯠááá·áºááœááºážááŒááºážá
- á¡ááœá²á·á¡áá
áºáá
áºáá¯áááºáá®ážáá«á
runner
sudo groupadd runner
- maven áááºááŸáºá¡ááœáẠáááºážááœáŸááºáá
áºáá¯áááºáá®ážááŒá®áž á¡ááœá²á·ááœáá·áºááŒá¯áá»ááºáá»á¬ážááᯠáááºááŸááºáá«á
runner
á ááºáá áºáá¯á¶ážááœáẠá¡ááŒá±ážááá¬ážá¡áá»á¬ážá¡ááŒá¬ážááᯠáááºáááºááẠá¡á á®á¡á ááºáááŸááá«á á€á¡ááŸááºááᯠáá»á±á¬áºááœá¬ážááá¯ááºáááºámkdir -p /usr/cache/.m2/repository chown -R :runner /usr/cache chmod -R 770 /usr/cache
- á¡áá¯á¶ážááŒá¯áá°áááºáá®ážáá«á
gitlab-deployer
ááŸáá·áºá¡ááœá²á·ááá¯á·ááá·áºáá«árunner
useradd -m -d /home/gitlab-deployer gitlab-deployer usermod -a -G runner gitlab-deployer
- ááá¯ááºááá¯á·ááá·áºáá«á
/etc/ssh/sshd_config
áá±á¬ááºáá áºááŒá±á¬ááºážAllowUsers root@* [email protected]
- ááŒááºááœáá·áºáá«á
sshd
systemctl restart sshd
- á¡áá¯á¶ážááŒá¯áá°á¡ááœáẠá
áá¬ážááŸááºáá
áºáᯠáááºááŸááºááŒááºážá
gitlab-deployer
(Localhost á¡ááœáẠááá·áºáááºáá»ááºáá áºáᯠááŸááá±á¬ááŒá±á¬áá·áº ááá¯ážááŸááºážááá¯ááºáá«áááºá)passwd gitlab-deployer
- GitLab Runner (Linux x86-64) ááᯠááá·áºááœááºážáá«á
sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner
- gitlab.com -> deploy-project -> Settings -> CI/CD -> Runners -> Specific Runners ááá¯á·ááœá¬ážá ááŸááºáá¯á¶áááºáá¬ážáá±á¬ ááá¯áááºááᯠáá°ážáá°áá«á
áá»ááºááŸá¬ááŒááº
- á¡ááŒá±ážááá¬áž ááŸááºáá¯á¶áááºááŒááºážá
gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml
ááŒá áºá ááº
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
- á¡ááŒá±ážááá¬ážá á¬áááºážááœááºážááŒá®ážááŒá±á¬ááºáž á á áºáá±ážáá«áááºá gitlab.com -> deploy-project -> áááºáááºáá»á¬áž -> CI/CD -> Runners -> Specific Runners -> Runners áá»á¬ážááᯠá€ááá±á¬áá»ááºá¡ááœáẠactivated
áá»ááºááŸá¬ááŒááº
- ááá·áºáá« áá®ážááŒá¬áž áááºáá±á¬ááºááŸá¯
/etc/systemd/system/gitlab-deployer.service
[Unit] Description=GitLab Deploy Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/local/bin/gitlab-runner [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target
- áááºáá±á¬ááºááŸá¯ááᯠá
ááá¯ááºáá¡á±á¬ááºá
systemctl enable gitlab-deployer.service systemctl start gitlab-deployer.service systemctl status gitlab-deployer.service
- á¡ááŒá±ážááá¬ážá ááŒá±ážáá±áá¬ááᯠá á áºáá±ážáááºá
ááá°áá¬
GPG áá±á¬á·áá»á¬ážáá¯ááºáá±ážááŒááºážá
-
áá°áá®áá±á¬á ááºááŸá¡áá¯á¶ážááŒá¯áá°á¡á±á¬ááºááŸá ssh ááŸáááá·áºáá»áœááºá¯ááºááá¯á·áááºáá±á¬ááºáááºá
gitlab-deployer
(áááºážááẠGPG áá±á¬á·ááá¯áááºáá®ážáááºá¡ááœáẠá¡áá±ážááŒá®ážáááº)ssh [email protected]
-
áá»áœááºá¯ááºááá¯á·ááẠáá±ážááœááºážáá»á¬ážááá¯ááŒá±ááá¯ááŒááºážááŒáá·áº áá±á¬á·áá áºáá¯áá¯ááºáá±ážáá«áááºá ááá¯áá·áºáá¬áááºáá²á· á¡á®ážáá±ážááºááᯠáá¯á¶ážáááºá
áá±á¬á·á¡ááœáẠá áá¬ážááŸááºááᯠáá±áá»á¬áááºááŸááºáá«á áá á¹á ááºážáá»á¬ážááᯠá€áá±á¬á·ááŒáá·áº áááºááŸááºáá±ážááá¯ážáá«áááºágpg --gen-key
-
áááºážá á áºáá±áž
gpg --list-keys -a /home/gitlab-deployer/.gnupg/pubring.gpg ---------------------------------------- pub 4096R/00000000 2019-04-19 uid Petruha Petrov <[email protected]> sub 4096R/11111111 2019-04-19
-
áá»áœááºá¯ááºááá¯á·á á¡áá»á¬ážáá°ááŸá¬áá±á¬á·ááᯠáá±á¬á·áá¬áá¬ááá¯á· á¡ááºáá¯ááºáá¯ááºááŒááºážá
gpg --keyserver keys.gnupg.net --send-key 00000000 gpg: sending key 00000000 to hkp server keys.gnupg.net
Maven ááᯠá áá áºááá·áºááœááºážááŒááºážá
- á¡áá¯á¶ážááŒá¯áá°á¡ááŒá
Ạá¡áá±á¬áá·áºáááºáá«á
gitlab-deployer
su gitlab-deployer
- maven áááºážááœáŸááºáá
áºáá¯áááºáá®ážáá«á repository ááŸáá·áº cache ááá¯á·ááá·áºáẠ(á¡ááŸá¬ážááá¯ááºáá«ááŸáá·áº)
á ááºáá áºáá¯á¶ážááœáẠá¡ááŒá±ážááá¬ážá¡áá»á¬ážá¡ááŒá¬ážááᯠáááºáááºááẠá¡á á®á¡á ááºáááŸááá«á á€á¡ááŸááºááᯠáá»á±á¬áºááœá¬ážááá¯ááºáááºámkdir -p ~/.m2/repository ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository
- áá¬á
áá¬áá®ážáá
áºáá¯áááºáá®ážáá«á
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}
- ~/.m2/settings-security.xml ááá¯ááºáá
áºáᯠáááºáá®ážáá«á
<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity>
- Sonatype á¡áá±á¬áá·áºá¡ááœáẠá
áá¬ážááŸááºááᯠáá¯ááºááŸááºááŒááºážá
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}
- ~/.m2/settings.xml ááá¯ááºáá
áºáᯠáááºáá®ážáá«á
<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>SONATYPE_USERNAME</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
áááºááŸá¬áá²á
GPG_SECRET_KEY_PASSHRASE - GPG áá±á¬á·á¡ááœáẠá
áá¬ážááŸááº
SONATYPE_USERNAME â sonatype á¡áá±á¬áá·áº á¡áá±á¬áá·áºáááºáá«á
áááºážááẠá¡ááŒá±ážááá¬ážá áááºáááºááŸá¯á¡á¬áž á¡ááŒá®ážáááºááŒá®áž á¡ááá¯ááºážááá¯á· áááºáááºáá¯ááºáá±á¬ááºááá¯ááºáááºá
Shared Runner áá«á
GPG áá±á¬á·áá»á¬ážáá¯ááºáá±ážááŒááºážá
-
ááááŠážá áœá¬á áááºááẠGPG áá±á¬á·ááá¯áááºáá®ážáááºááá¯á¡ááºáááºá áá®ááá¯áá¯ááºááá¯á· gnupg ááᯠinstall áá¯ááºáá«á
yum install -y gnupg
-
áá»áœááºá¯ááºááá¯á·ááẠáá±ážááœááºážáá»á¬ážááá¯ááŒá±ááá¯ááŒááºážááŒáá·áº áá±á¬á·áá áºáá¯áá¯ááºáá±ážáá«áááºá ááá¯áá·áºáá¬áááºáá²á· á¡á®ážáá±ážááºááᯠáá¯á¶ážáááºá áá±á¬á·á¡ááœáẠá áá¬ážááŸááºááᯠáá±áá»á¬áááºááŸááºáá«á
gpg --gen-key
-
áá±á¬á·áá±á«áºááœáẠá¡áá»ááºá¡áááºááᯠááŒáááŒááºážá
gpg --list-keys -a pub rsa3072 2019-04-24 [SC] [expires: 2021-04-23] 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 uid [ultimate] tttemp <[email protected]> sub rsa3072 2019-04-24 [E] [expires: none]
-
áá»áœááºá¯ááºááá¯á·á á¡áá»á¬ážáá°ááŸá¬áá±á¬á·ááᯠáá±á¬á·áá¬áá¬ááá¯á· á¡ááºáá¯ááºáá¯ááºááŒááºážá
gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net
-
áá»áœááºá¯ááºááá¯á·ááẠáá®ážááá·áºáá±á¬á·ááᯠáááŸááá«áááºá
gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 -----BEGIN PGP PRIVATE KEY BLOCK----- lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5 ... =2Wd2 -----END PGP PRIVATE KEY BLOCK-----
-
ááá±á¬áá»ááºáááºáááºáá»á¬áž -> áááºáááºáá»á¬áž -> CI / CD -> Variables ááá¯á·ááœá¬ážáᬠáá®ážááá·áºáá®ážááᯠááááºážááŸááºáá áºáá¯ááœáẠááááºážáááºážáá«á
GPG_SECRET_KEY
Maven ááᯠá áá áºááá·áºááœááºážááŒááºážá
- áá¬á
áá¬áá®ážáá
áºáá¯áááºáá®ážáá«á
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}
- ááá±á¬áá»ááºáááºáááºáá»á¬áž -> áááºáááºáá»á¬áž -> CI / CD -> Variables ááá¯á·ááœá¬ážáᬠvariable ááœááºááááºážáááºážáá«á
SETTINGS_SECURITY_XML
á¡á±á¬ááºáá«á á¬ááŒá±á¬ááºážáá»á¬áž<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity>
- Sonatype á¡áá±á¬áá·áºá¡ááœáẠá
áá¬ážááŸááºááᯠáá¯ááºááŸááºááŒááºážá
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}
- ááá±á¬áá»ááºáááºáááºáá»á¬áž -> áááºáááºáá»á¬áž -> CI / CD -> Variables ááá¯á·ááœá¬ážáᬠvariable ááœááºááááºážáááºážáá«á
SETTINGS_XML
á¡á±á¬ááºáá«á á¬ááŒá±á¬ááºážáá»á¬áž<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>sonatype_username</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
áááºááŸá¬áá²á
GPG_SECRET_KEY_PASSHRASE - GPG áá±á¬á·á¡ááœáẠá
áá¬ážááŸááº
SONATYPE_USERNAME â sonatype á¡áá±á¬áá·áº á¡áá±á¬áá·áºáááºáá«á
docker áá¯á¶á¡á¬áž á¡áá¯á¶ážááŒá¯áá«á
-
ááá¯á¡ááºáá±á¬ Java áá¬ážááŸááºážááŒáá·áº áá¯ááºáá±á¬ááºá áá¬áá»á¬ážááᯠááŒáá·áºáá»ááºáá¯ááºáá±á¬ááºááẠáá»áŸáá»áŸáá ááá¯ážááŸááºážáá±á¬ Dockerfile áá áºáá¯ááᯠáááºáá®ážáá«áááºá á¡á±á¬ááºááœáẠalpine á¥ááá¬áá áºáá¯ááŒá áºáááºá
FROM java:8u111-jdk-alpine RUN apk add gnupg maven git --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && mkdir ~/.m2/
-
ááá·áºááá±á¬áá»ááºá¡ááœáẠááœááºááááºáá¬áá áºáá¯ááᯠáááºáááºááŒááºážá
docker build -t registry.gitlab.com/group/deploy .
-
áá»áœááºá¯ááºááá¯á·ááẠá á áºááŸááºááŒá±á¬ááºážá¡áá±á¬ááºá¡áá¬ážááŒááŒá®áž ááœááºááááºáá¬ááᯠááŸááºáá¯á¶áááºááŒááºážááá¯á· áááºáá«áááºá
docker login -u USER -p PASSWORD registry.gitlab.com docker push registry.gitlab.com/group/deploy
GitLab CI
ááá±á¬áá»ááºááᯠá¡áá¯á¶ážáá»áá«á
deploy ááá±á¬áá»ááºá root ááœáẠ.gitlab-ci.yml ááá¯ááºááᯠááá·áºáá«á
áá¬ááºááœáŸááºážááẠá¡ááŒááºá¡ááŸááºáá®ážááá·áº ááŒáá·áºáá»ááºáá¯ááºáá±á¬ááºá
áᬠááŸá
áºáá¯ááᯠáááºááŒáááºá Specific Runner ááá¯á·ááá¯áẠShared Runner á¡áá®ážáá®ážá
.gitlab-ci.yml
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# ÐаЎаÑа бÑÐŽÐµÑ Ð²ÑпПлМÑÑÑÑÑ ÐœÐ° ваÑеЌ shell-ÑаММеÑе
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# ÐаЎаÑа бÑÐŽÐµÑ Ð²ÑпПлМÑÑÑÑÑ ÐœÐ° пÑблОÑМПЌ docker-ÑаММеÑе
tags:
- docker
# ÐбÑаз Оз ÑазЎела GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# ÐЌпПÑÑОÑÑеЌ GPG клÑÑ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# СПÑ
ÑаМÑеЌ maven кПМÑОгÑÑаÑОÑ
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# ÐаЎаÑа ÑÑабПÑÐ°ÐµÑ Ð¿ÐŸ ÑÑОггеÑÑ, еÑлО пеÑеЎаМа пеÑÐµÐŒÐµÐœÐœÐ°Ñ DEPLOY ÑП зМаÑеМОеЌ java
only:
variables:
- $DEPLOY == "java"
variables:
# ПÑклÑÑаеЌ клПМОÑПваМОе ÑекÑÑегП пÑПекÑа
GIT_STRATEGY: none
script:
# ÐÑеЎПÑÑавлÑеЌ вПзЌПжМПÑÑÑ Ñ
ÑÐ°ÐœÐµÐœÐžÑ Ð¿Ð°ÑÐŸÐ»Ñ Ð² МезаÑОÑÑПваММПЌ вОЎе
- git config --global credential.helper store
# СПÑ
ÑаМÑеЌ вÑеЌеММÑе кÑÐµÐŽÑ Ð¿ÐŸÐ»ÑзПваÑÐµÐ»Ñ gitlab-ci-token
# ТПкеМ ÑабПÑÐ°ÐµÑ ÐŽÐ»Ñ Ð²ÑеÑ
пÑблОÑÐœÑÑ
пÑПекÑПв gitlab.com О ÐŽÐ»Ñ Ð¿ÑПекÑПв гÑÑппÑ
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# ÐПлМПÑÑÑÑ ÑОÑÑОЌ ÑекÑÑÑÑ ÐŽÐžÑекÑПÑОÑ
- rm -rf .* *
# ÐлПМОÑÑеЌ пÑÐŸÐµÐºÑ ÐºÐŸÑПÑÑй, бÑЎеЌ ЎеплПОÑÑ Ð² Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# ÐеÑеклÑÑаеЌÑÑ ÐœÐ° ÐœÑжМÑй кПЌЌОÑ
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# ÐÑлО Ñ
ПÑÑ ÐŸÐŽÐžÐœ pom.xml ÑПЎеÑÐ¶ÐžÑ Ð¿Ð°ÑаЌеÑÑ autoReleaseAfterClose валОЌ ÑбПÑкÑ.
# РпÑПÑОвМПЌ ÑлÑÑае еÑÑÑ ÑОÑк залОÑÑ ÑÑÑÑе аÑÑеÑакÑÑ Ð² maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# ÐÑлО паÑаЌеÑÑ DEPLOY_CI_COMMIT_TAG пÑÑÑПй, ÑП пÑОМÑЎОÑелÑМП ÑÑавОЌ SNAPSHOT-веÑÑОÑ
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# ÐапÑÑкаеЌ заЎаÑÑ ÐœÐ° ÑбПÑÐºÑ Ðž ЎеплПй аÑÑеÑакÑПв
- mvn clean deploy -DskipTests=true
Java ááá±á¬áá»ááº
á¡áá»á¬ážáá°ááŸá¬ ááá¯ááŸá±á¬ááºáá¬áá»á¬ážááá¯á· á¡ááºáá¯ááºáá¯ááºáá¬ážáááá·áº java ááá±á¬áá»ááºáá»á¬ážááœááºá Release ááŸáá·áº Snapshot áá¬ážááŸááºážáá»á¬ážááᯠáá±á«ááºážáá¯ááºáá¯ááºááẠá¡ááá·áº á ááá·áº áááºááá·áºááẠááá¯á¡ááºáááºá
.gitlab-ci.yml
stages:
- build
- test
- verify
- deploy
<...>
Release:
extends: .trigger_deploy
# ÐапÑÑкаÑÑ Ð·Ð°ÐŽÐ°ÑÑ ÑПлÑкП пo ÑегÑ.
only:
- tags
Snapshot:
extends: .trigger_deploy
# ÐапÑÑкаеЌ заЎаÑÑ ÐœÐ° пÑблОкаÑÐžÑ SNAPSHOT веÑÑОО вÑÑÑÐœÑÑ
when: manual
# Ðе запÑÑкаÑÑ Ð·Ð°ÐŽÐ°ÑÑ, еÑлО пÑПÑÑавлеМ Ñег.
except:
- tags
.trigger_deploy:
stage: deploy
variables:
# ÐÑклÑÑаеЌ клПМОÑПваМОе ÑекÑÑегП пÑПекÑа
GIT_STRATEGY: none
# СÑÑлка Ма ÑÑÐžÐ³Ð³ÐµÑ deploy-заЎаÑО
URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
# ÐеÑеЌеММÑе deploy-заЎаÑО
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
# Ðе ОÑпПлÑзÑÑ cURL, Ñак как Ñ ÑлагаЌО --fail --show-error
# ПМ Ме вÑÐ²ÐŸÐŽÐžÑ ÑелП ПÑвеÑа, еÑлО HTTP кПЎ 400 О бПлее
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
á€ááŒá±ááŸááºážáá»ááºááœááºá áá»áœááºá¯ááºááẠá¡áááºážáááºááá¯á java ááá±á¬áá»ááºáá»á¬ážá¡ááœáẠCI ááá°áá¬áá¯á¶á á¶áá áºáá¯ááᯠá¡áá¯á¶ážááŒá¯ááẠáá¯á¶ážááŒááºáá²á·áááºá
ááá¯ááŒá®ážá¡áá±ážá áááº
áá®ážááŒá¬ážááá±á¬áá»ááºáá
áºáá¯ááᯠáááºáá®ážáá²á·áááºá
common.yml
stages:
- build
- test
- verify
- deploy
variables:
SONAR_ARGS: "
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
"
.build_java_project:
stage: build
tags:
- touchbit-shell
variables:
SKIP_TEST: "false"
script:
- mvn clean
- mvn package -DskipTests=${SKIP_TEST}
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.build_sphinx_doc:
stage: build
tags:
- touchbit-shell
variables:
DOCKERFILE: .indirect/docs/Dockerfile
script:
- docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .
.junit_module_test_run:
stage: test
tags:
- touchbit-shell
variables:
MODULE: ""
script:
- cd ${MODULE}
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.junit_test_run:
stage: test
tags:
- touchbit-shell
script:
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.sonar_review:
stage: verify
tags:
- touchbit-shell
dependencies: []
script:
- >
if [ "$CI_BUILD_REF_NAME" == "master" ]; then
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
else
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
fi
.trigger_deploy:
stage: deploy
tags:
- touchbit-shell
variables:
URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
.trigger_release_deploy:
extends: .trigger_deploy
only:
- tags
.trigger_snapshot_deploy:
extends: .trigger_deploy
when: manual
except:
- tags
ááááºá¡áá±ááŸáá·áºá java ááá±á¬áá»ááºáá»á¬ážááœáẠáááºážááá¯á·ááá¯ááºááá¯ááºá .gitlab-ci.yml ááẠá¡ááœááºáá»á áºáá»á áºááŒá®áž á áá¬ážáááŒá±á¬ááá¯ááºá
.gitlab-ci.yml
include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml
Shields4J:
extends: .build_java_project
Sphinx doc:
extends: .build_sphinx_doc
variables:
DOCKERFILE: .docs/Dockerfile
Sonar review:
extends: .sonar_review
dependencies:
- Shields4J
Release:
extends: .trigger_release_deploy
Snapshot:
extends: .trigger_snapshot_deploy
Pom.xml ááœá²á·á ááºážááŸá¯
á€á¡ááŒá±á¬ááºážá¡áá¬ááᯠá¡áá±ážá
áááºáá±á¬áºááŒáá¬ážáááºá nexus-staging-maven-plugin
ááá·áºááá±á¬áá»ááºá¡ááœáẠáááá¡áá±ááŒáá·áº org.sonatype.oss:oss-parent ááᯠá¡áá¯á¶ážáááŒá¯ááá¯áá«á ááá¯á·ááá¯áẠááá¯á¶ážááá¯ááºáá»áŸááºá
maven-install-plugin
áá±áááá¯ááºáá¬ááá¯ááŸá±á¬ááºááŸá¯ááœáẠáá±á¬áºáá»á°ážáá»á¬ážááᯠááá·áºááœááºážáá«á
á¡ááŒá¬ážááá±á¬áá»ááºáá»á¬ážááŸá ááŒá±ááŸááºážáá»ááºáá»á¬ážá¡á¬áž áá±áááá¯ááºáᬠá
áá
á
áºááŒááºážá¡ááŒáẠchecksum áá
áºáá¯á¡ááœáẠá¡ááœááºá¡áá¯á¶ážáááºáá«áááºá
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- ÐÑлО Ñ Ð²Ð°Ñ ÐŒÐœÐŸÐ³ÐŸÐŒÐŸÐŽÑлÑÐœÑй пÑÐŸÐµÐºÑ Ñ ÐŽÐµÐ¿Ð»ÐŸÐµÐŒ ÑПЎОÑелÑÑкПгП пПЌОка -->
<phase>install</phase>
<!-- ЯвМП ÑказÑваеЌ ÑÐ°Ð¹Ð»Ñ ÐŽÐ»Ñ Ð»ÐŸÐºÐ°Ð»ÑМПй ÑÑÑаМПвкО -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- ÐÑОМÑЎОÑелÑМПе ПбМПвлеМОе ЌеÑаЎаММÑÑ
пÑПекÑа -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- ÐПМÑÑПлÑÐœÑе ÑÑÐŒÐŒÑ ÐŽÐ»Ñ Ð¿ÑПвеÑкО ÑелПÑÑМПÑÑО -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
maven-javadoc-ááááºá¡ááº
ááá±á¬áá»ááºá¡ááœáẠjavadoc ááá¯áá¯ááºáá¯ááºááŒááºážá
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<!-- ÐеМеÑаÑÐžÑ javadoc ЎПлжМа бÑÑÑ Ð¿ÐŸÑле ÑÐ°Ð·Ñ Ð³ÐµÐœÐµÑаÑОО ÑеÑÑÑÑПв -->
<phase>prepare-package</phase>
<configuration>
<!-- ÐÑÐµÐœÑ Ð¿ÐŸÐŒÐŸÐ³Ð°ÐµÑ Ð² пÑблОÑÐœÑÑ
пÑПекÑаÑ
-->
<failOnError>true</failOnError>
<failOnWarnings>true</failOnWarnings>
<!-- УбОÑÐ°ÐµÑ ÐŸÑÐžÐ±ÐºÑ Ð¿ÐŸÐžÑка ЎПкÑЌеМÑаÑОО в target ЎОÑекÑПÑОО -->
<detectOfflineLinks>false</detectOfflineLinks>
</configuration>
</execution>
</executions>
</plugin>
ááá·áºááœáẠjava ááá«áááºááá·áº module áá
áºáá¯ááŸááá«á (á¥ááᬠá¡áááºážá¡ááŒá
áºáá»á¬ážáá¬)
áá«ááŸááá¯áẠáá°á¡á javadoc ááᯠááááºáá®ážáá»ááºáá°ážááá¯ááẠáá°áá®ááá¯ááºáá«á maven-jar-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>empty-javadoc-jar</id>
<phase>generate-resources</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>javadoc</classifier>
<classesDirectory>${basedir}/javadoc</classesDirectory>
</configuration>
</execution>
</executions>
</plugin>
maven-gpg-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<!-- СбПÑка бÑÐŽÐµÑ Ð¿Ð°ÐŽÐ°ÑÑ, еÑлО ПÑÑÑÑÑÑвÑÐµÑ GPG клÑÑ -->
<!-- ÐПЎпОÑÑваеЌ аÑÑеÑакÑÑ ÑПлÑкП Ма Ñазе deploy -->
<phase>deploy</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
nexus-staging-maven-plugin
ááœá²á·á ááºážááŸá¯-
<project>
<!-- ... -->
<build>
<plugins>
<!-- ... -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- ÐбМПвлÑеЌ ЌеÑаЎаММÑе, ÑÑÐŸÐ±Ñ Ð¿ÐŸÐŒÐµÑОÑÑ Ð°ÑÑеÑÐ°ÐºÑ ÐºÐ°Ðº release -->
<!-- Ðе влОÑÐµÑ ÐœÐ° snapshot веÑÑОО -->
<updateReleaseInfo>true</updateReleaseInfo>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<!-- ÐÑклÑÑаеЌ плагОМ -->
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype</id>
<name>Nexus Snapshot Repository</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>
ááá·áºááœáẠmulti-module ááá±á¬áá»ááºáá
áºáá¯ááŸáá ááá¯ááŸá±á¬ááºáááºážááá¯á· áá®ážááŒá¬áž module áá
áºáá¯ááᯠá¡ááºáá¯ááºáá¯ááºááẠáááá¯á¡ááºáá«áá áááºááá·áºááẠááá¯á¡ááºáá«áááºá nexus-staging-maven-plugin
á¡áá¶ááŸáá·áºá¡áá° skipNexusStagingDeployMojo
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
</plugin>
</plugins>
</build>
áá±á«ááºážáá¯ááºáá¯ááºááŒá®ážáá±á¬ááºá áá»áŸááºáá
áºááŒááºááá¯ááºáá»ááº/áá¯ááºáá±ááŸá¯áá¬ážááŸááºážáá»á¬ážááœáẠáááá¯ááºáá«áááºá
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- Ðе МаЎП ÑказÑваÑÑ ÑлагО snapshot/release ÐŽÐ»Ñ ÑепПзОÑПÑÐžÑ -->
</repository>
</repositories>
ááá¯á¡á¬ážáá¬áá»ááºáá»á¬áž
- nexus repository ááŸáá·áº á¡áá¯ááºáá¯ááºáááºá¡ááœáẠá¡ááœááºááŒáœááºááá±á¬ áááºážááá¯ááºáá»á¬ážá
á¬áááºáž (
mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin
). - maven áááá¯ááá¯á· á¡ááºáá¯ááºáááºááŒááºážá¡ááœáẠá¡ááá¯á¡áá»á±á¬ááºáá¯ááºááœáŸááºááŸá¯ááᯠá á áºáá±ážáá«á
ááááº
SNAPSHOT áá¬ážááŸááºážááᯠáá¯ááºáá±ááŒááºážá
ááá±á¬áá»ááºáá áºáá¯áááºáá±á¬ááºáá±á¬á¡áá«á SNAPSHOT áá¬ážááŸááºážááᯠáá»áááºáááºáááºá¡ááœáẠáá¯ááºáá±á¬ááºá áá¬áá áºáá¯ááᯠááá¯ááºááá¯ááºá áááºáá¯ááºáá±á¬ááºááá¯ááºáááºá
á€áá¯ááºáááºážááᯠá
áááºáá±á¬á¡áá«á ááŒáá·áºáá»ááºááá±á¬áá»ááºááŸá áááºááá¯ááºááá·áºáá¬áááºááᯠá¡á
áá»áá¯ážááẠ(
ááŒááºáá±á¬ááºáá¬ážáá±á¬ ááŸááºáááºáž
Running with gitlab-runner 11.10.0 (3001a600)
on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0 [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO] Updating project org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:client
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:test-core
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:testng
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:client
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO] * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [ 2.375 s]
[INFO] test-core .......................................... SUCCESS [ 3.929 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------
ááááºá¡áá±ááŒáá·áºá áá¬ážááŸááºážááᯠNexus ááœááºáááºáá¬ážáááºá
áá»áŸááºáá
áºááŒáẠáá¬ážááŸááºážá¡á¬ážáá¯á¶ážááᯠáááºááá¯ááºááŸá ááá¯ááŸá±á¬ááºááŸá¯á០áá»ááºááá¯ááºáááºá
áá¯ááºáá±ááŸá¯áá¬ážááŸááºážááᯠáá¯ááºáá±ááŒááºážá
áááºááᯠááá·áºááœááºážáá±á¬á¡áá«á ááŒáá·áºáá»ááºááá±á¬áá»ááºááŸá áááºááá¯ááºáá¬áá¯ááºáááºážáá¬áááºááẠááŒáá·áºáá»áááá·áºáá¬ážááŸááºážááᯠnexus ááá¯á·áá±á«ááºážáá¯ááºáá¯ááºááẠá¡ááá¯á¡áá»á±á¬áẠá¡á
áá»áá¯ážááœá¬ážááẠ(
á¡áá±á¬ááºážáá¯á¶ážá¡ááá¯ááºážááŸá¬ á¡áá®ážáááºáá¯ááºááœáŸááºááŸá¯ááẠáá»áááºáááºááŸá¯ááœáẠá¡ááá¯á¡áá»á±á¬áẠá¡á áá»áá¯ážáá±ááŒááºáž ááŒá áºáááºá
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------
áá áºáá¯áá¯ááŸá¬ážááœá¬ážááẠá¡áá¯ááºá áá»áááºážáá±áá«áá²á
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
ááá¯á·ááŒá±á¬áá·áº áá»áœááºá¯ááºááá¯á·ááẠááœá±ážáá»ááºááŸá¯áá áºáá¯áᬠáá»ááºáá±á¬á·áááºá á€áá¬ážááŸááºážááᯠáá»ááºáá áºáá« ááá¯á·ááá¯áẠáá¯ááºáá±áááºáá¬ážá
áá¯ááºáá±ááŒá®ážáá±á¬áẠá¡áá»áááºá¡áááºááŒá¬áá±á¬á¡áá«ááœáẠáá
á¹á
ááºážáá»á¬áž áááºáá¬áááºááŒá
áºáááºá
ááŒááºáá¡ááŒá±á¬ááºážá¡áá¬
maven ááẠá¡ááŒá¬ážáá±á¬ á¡áá»á¬ážáá°ááŸá¬ ááá¯ááŸá±á¬ááºáá¬áá»á¬ážááᯠá¡ááœáŸááºážááááºážáá»á¬áž ááŒá¯áá¯ááºáá±ážáá±á¬ ááŸá¬ááœá±ááœá±á·ááŸáááŸá¯áá
áºáá¯ááŒá
áºáááºá
áááºážááẠáá»áœááºá¯ááºá ááá¯ááŸá±á¬ááºááŸá¯áá±á¬ááºážááᯠááœáŸááºážáá¬ážáá±á¬ááŒá±á¬áá·áº robots.txt ááᯠááá·áºáá²á·ááááºá
áá±á¬ááºáá»ááº
áá«ááá¯á·ááŸá¬ áá¬ááŸááá²á
- ááœá¶á·ááŒáá¯ážááá¯ážáááºááŸá¯áá¬áá¬á áá¬ážá¡áá»áá¯ážáá»áá¯ážá¡ááœáẠartifacts áá»á¬ážááᯠá¡áá»á¬ážáá°ááŸá¬ ááá¯ááŸá±á¬ááºáá¬áá»á¬ážááá¯á· á¡ááºáá¯ááºáááºáááºá¡ááœáẠCI áá¯ááºáááºážáá»á¬ážá áœá¬ááᯠáááºá¡áá±á¬ááºá¡áááºáá±á¬áºááá¯ááºááá·áº áá®ážááŒá¬ážá¡áá¯á¶ážáá»ááá±á¬áá»ááºáá áºáá¯á
- Deploy ááá±á¬áá»ááºááᯠááŒááºááááºáá±á¬ááºá áœááºáááºááŸá¯á០áá®ážááŒá¬ážááœá²áá¯ááºáá¬ážááŒá®áž ááá¯ááºááŸááºááŸáá·áº ááááºážááááºážáá° á¡áááºážááá¹ááá»á¬ážááŒáá·áº á¡áá¯á¶ážááŒá¯áá°áá»á¬ážáᬠááŒá±á¬ááºážáá²ááá¯ááºáááºá
- áá¯ááºáá±á¬ááºá áá¬áá»á¬ážááᯠá¡áá¯á¶ážáá»áááºá¡ááœááºáᬠáá¯ááºáá±á¬ááºááẠ"hot" cache áá«áá±á¬ áá®ážááŒá¬áž áá®ážááŒá¬áž Runner áá áºáá¯á
- á¡áá»á¬ážáá°ááŸá¬ ááá¯ááŸá±á¬ááºááŸá¯ááœáẠáá»áŸááºáá áºááŒááºááá¯ááºáá»ááº/áá¯ááºáá±ááŸá¯áá¬ážááŸááºážáá»á¬ážááᯠáá¯ááºáá±ááŒááºážá
- maven Central ááœáẠáá¯ááºáá±ááẠá¡áááºááá·áºááŒá áºááŸá¯ á¡ááœáẠááœááºááŸáááá·áºáá¬ážááŸááºážááᯠá¡ááá¯á¡áá»á±á¬ááºá á áºáá±ážáá«á
- maven á¡áááºááá¯ááºážááŸá "ááŒááºáž" áá¬ážááŸááºážáá»á¬ážá¡ááá¯á¡áá»á±á¬ááºáá¯ááºáá±ááŒááºážááŸáá¬ááœááºááŸá¯á
- áá»áŸááºáá áºááŒáẠáá¬ážááŸááºážáá»á¬ážááᯠ"ááá áºááŸáááºáá«" ááᯠáááºáá±á¬ááºááŒá®áž áá¯ááºáá±áá«á
- áá»áŸááºáá áºááŒááºááá¯ááºáá»ááº/áá¯ááºááœáŸááºááŸá¯áá¬ážááŸááºážáá»á¬ážááá°áááºá¡ááœáẠáá áºáá¯áááºážáá±á¬ ááá¯ááŸá±á¬ááºáá¯á¶á
- Java ááá±á¬áá»ááºáá áºáá¯ááᯠáááºáá±á¬ááºááŒááºáž/á ááºážáááºááŒááºáž/áá¯ááºáá±ááŒááºážá¡ááœáẠá¡ááœá±ááœá±ááá¯ááºááá¯ááºážá
GitLab CI ááᯠá áááºáááºááŸááºááŒááºážááẠááááá áºáá»ááºááœáẠáááºáá¬ážááá·áºá¡ááá¯ááºáž ááŸá¯ááºááœá±ážáá±á¬á¡ááŒá±á¬ááºážá¡áá¬ááá¯ááºáá«á CI ááᯠá¡ááŒáááºá¡áááºážááẠááŸáá·áºáá®ážá¡ááŒá±áá¶ááŒáá·áº áááºááŸááºááẠáá¯á¶áá±á¬ááºááŒá®á ááᯠáááºááẠá€ááá á¹á áááºááœáẠá¡áá»á±á¬áºáááºážááŸáá·áº áá±ážááœá¬ááœá¬ážáá«ááŒá®á ááá¯á·á¡ááŒááºá GitLab á á¬ááœááºá á¬áááºážáááºá¡ááœááºáááá¯á¡ááºáá«á áááááŒá±ááŸááºážááá¯ááŸááºážááá¯á· áááŒá±á¬ááºáá«áá²á·á áááºážááẠáááºážáá»áŸá±á¬ááºáá±áá°á ááŒá±ááŸááºážáá»á¬ážá¡á±á¬ááºááœáẠáá±á«áºáá¬ááẠ(áááºáá°ááŒá±á¬áá²áá±á¬á· áááŸááºáááá±á¬á·áá°áž :)
áá¯á¶á·ááŒááºáá»ááºáááá¯á· áááºážáá¬áá«áááºá
áá¬ááá·áºáá±á¬ááºážáá«ážááœáẠááá·áºááœáẠshell runner áá áºáá¯áá¬ááŸááá»áŸáẠáá±á«ááºážá ááºá ááºážáááºááŸá¯áá»á¬ážááŒáá·áº á¡áá¯ááºáá»á¬ážááᯠá¡ááŒáá¯ááºá¡ááá¯ááºáá¯ááºáá±á¬ááºááẠ(docker-compose ááá¯á¡áá¯á¶ážááŒá¯á á ááºážáááºááŸá¯á¡á±á¬ááºááœáẠáááºáá±á¬ááºááŸá¯áá»á¬ážááᯠáá¯ááºáá±á¬ááºáá±áááº) ááœáẠGitLab CI ááᯠáááºááá¯á· configure áá¯ááºááááºááᯠááœá±ážááœá±ážáá«áááºá
source: www.habr.com