O lenei tusiga e faʻamoemoe mo tagata atinaʻe java e manaʻomia le vave faʻasalalau a latou oloa i sonatype ma / poʻo maven faleoloa tutotonu e faʻaaoga ai GitLab. I lenei tusiga, o le a ou talanoa e uiga i le setiina o le gitlab-runner, gitlab-ci ma le maven-plugin e foia ai lenei faafitauli.
Mea e manaʻomia:
- Teuga saogalemu o mvn ma GPG ki.
- Saogalemu le faatinoina o galuega a le lautele o le CI.
- Tu'u i luga mea fa'apitoa (fa'asa'oloto/ata) i fale teuoloa lautele.
- Siaki otometi o fa'asalalauga fa'asalalauga mo fa'asalalauga i le maven central.
- O se fofo lautele mo le tuʻuina atu o mea taua i se fale teu oloa mo le tele o galuega faatino.
- Fa'afaigofie ma faigofie ona fa'aoga.
Mataupu
Faamatalaga lautele
- O se faʻamatalaga auiliili o le masini mo le lolomiina o mea taua i Maven Central e ala i le Sonatype OSS Repository Hosting Service ua uma ona faʻamatalaina i totonu. tagata faʻaaoga , o lea o le a ou faasino i lenei tusiga i nofoaga saʻo.
- mua'i resitala ile ma amata se pepa ulufale e tatala ai le fale teu oloa (mo nisi faʻamatalaga, faitau le vaega ). A maeʻa ona tatalaina le fale teu oloa, o le JIRA login / password pair (o loʻo taʻua mulimuli ane o le Sonatype account) o le a faʻaaogaina e faʻapipiʻi ai mea i le Sonatype nexus.
- E le gata i lea, o le faagasologa o le fausiaina o se ki GPG o loʻo faʻamatalaina matua mago. Va'ai le vaega mo nisi fa'amatalaga.
- Afai o loʻo e faʻaogaina le Linux console e faʻatupu ai se GPG key (gnupg/gnupg2), ona e manaʻomia lea e faʻapipiʻi. e gaosia ai le entropy. A leai, o le fa'atupuina autu e mafai ona umi se taimi.
- Au'aunaga Teuina lautele GPG ki
Faʻatulagaina se galuega faʻapipiʻi i GitLab
- Muamua lava, e tatau ona e fatuina ma faʻapipiʻi se poloketi lea o le a teuina ai le paipa mo le faʻapipiʻiina o mea taua. Sa ou taʻua laʻu galuega faatino faigofie ma le lavelave -
- A maeʻa ona fatuina le fale teu oloa, e te manaʻomia le faʻatapulaʻaina o avanoa e sui ai le fale teu oloa.
Alu i le poloketi -> Faʻatonu -> Faʻamaumauga -> Lala Puipuia. Matou te tape uma tulafono ma faʻaopoopo se tulafono e tasi ma Wildcard * ma le aia tatau e tulei ma tuʻufaʻatasia mo naʻo tagata faʻaoga e iai le matafaioi a le Tausi. O lenei tulafono o le a aoga mo tagata uma o loʻo faʻaogaina lenei poloketi ma le vaega o loʻo iai lenei poloketi.
- Afai e tele tagata tausi, o le fofo sili o le faʻatapulaʻaina o avanoa i le poloketi i le mataupu faavae.
Alu i le poloketi -> Faʻatonu -> Lautele -> Vaʻaia, foliga o galuega, faʻatagaga ma seti le vaʻaia o le Poloketi i patino.
E i ai la'u poloketi i avanoa lautele, talu ai ou te faʻaaogaina laʻu lava GitLab Runner ma naʻo aʻu e mafai ona faʻaoga e sui le fale teu oloa. Ia, o le mea moni e le o se mea ou te fiafia i ai le faʻaalia o faʻamatalaga patino i ogalaau paipa lautele. - Faʻamauina tulafono mo le suia o le fale teu oloa
Alu i le poloketi -> Faʻatonu -> Faʻamaumauga -> Push Rules ma seti fuʻa faʻatapulaʻaina Committer, Siaki pe o le tusitala o se tagata GitLab. Ou te fautuaina foi le seti , ma seti le Fu'a Te'ena e le'i sainia. - Le isi, e tatau ona e faʻatulagaina se faʻaoso e faʻatino galuega
Alu i le poloketi -> Seti -> CI / CD -> Pipeline faʻaosoina ma fatuina se faʻailoga fou
O lenei faʻailoga e mafai ona vave faʻaopoopo i le faʻatulagaga lautele o fesuiaiga mo se vaega o galuega faatino.
Alu i le vaega -> Faʻatonu -> CI / CD -> Faʻaliliuga ma faʻaopopo se fesuiaigaDEPLOY_TOKENfa'atasi ai ma fa'ailoga fa'ailoga i le tau.
GitLab Runner
O lenei vaega o loʻo faʻamatalaina ai le faʻatulagaina mo le faʻatinoina o galuega i luga o le faʻaogaina o le tagata taʻavale (Faʻapitoa) ma tagata lautele (Faʻasoa).
Tamomo'e fa'apitoa
Ou te faʻaaogaina aʻu lava tagata tamoʻe, aua o le mea muamua e faigofie, vave, taugofie.
Mo le tagata tamo'e ou te fautuaina le Linux VDS ma le 1 PPU, 2 GB RAM, 20 GB HDD. Fa'amatalaga tau ~ 3000₽ i le tausaga.
O lo'u tamo'e
Mo le tagata tamo'e na ou ave VDS 4 CPU, 4 GB RAM, 50 GB SSD. E tau ~11000₽ ma e le'i salamō lava.
E 7 a'u masini. 5 i le aruba ma le 2 i le ihor.
O lea la, e iai le matou tagata tamoʻe. O lea o le a matou setiina.
Matou te alu i le masini e ala i le SSH ma faʻapipiʻi java, git, maven, gnupg2.
Fa'apipi'i gitlab runner
- Fausia se vaega fou
runnersudo groupadd runner - Fausia se lisi mo le maven cache ma tuʻuina atu aia tatau a vaega
runner
E mafai ona e fa'ase'e le la'asaga lea pe afai e te le'o fuafua e ta'avale ni tagata tamo'e se tele i le masini e tasi.mkdir -p /usr/cache/.m2/repository chown -R :runner /usr/cache chmod -R 770 /usr/cache - Fausia se tagata fa'aoga
gitlab-deployerma faaopoopo i le vaegarunneruseradd -m -d /home/gitlab-deployer gitlab-deployer usermod -a -G runner gitlab-deployer - Fa'aopoopo i le faila
/etc/ssh/sshd_configlaina e sosoo aiAllowUsers root@* [email protected] - Toe fai
sshdsystemctl restart sshd - Seti se upu faataga mo le tagata e faaaogāina
gitlab-deployer(e mafai ona faigofie, talu ai o loʻo i ai se tapulaʻa mo localhost)passwd gitlab-deployer - Fa'atu le GitLab Runner (Linux x86-64)
sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner - Alu i le gitlab.com -> deploy-project -> Sets -> CI / CD -> Runners -> Faʻamatalaga Faʻapitoa ma kopi le faʻailoga resitala
Mata
- Le resitalaina o le tagata tamo'e
gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml
Le faagasologa
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!- Siaki ua lesitala le tagata tamo'e. Alu i le gitlab.com -> deploy-project -> Seti -> CI/CD -> Runners -> Fa'apitoa Taufetuli -> Tagata tamo'e fa'agaoioia mo lenei poloketi
Mata
- Faʻaopoopo vavaeʻese auaunaga
/etc/systemd/system/gitlab-deployer.service[Unit] Description=GitLab Deploy Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/local/bin/gitlab-runner [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target - Tatou amata le auaunaga.
systemctl enable gitlab-deployer.service systemctl start gitlab-deployer.service systemctl status gitlab-deployer.service - Siaki o lo'o tamoe le tagata tamo'e.
Faataitaiga:
GPG fa'atupuina autu
-
Mai le masini lava e tasi matou te alu i le ssh i lalo o le tagata faʻaoga
gitlab-deployer(e taua tele mo le GPG fa'atupuina autu)ssh [email protected] -
Matou te fatuina se ki e ala i le taliina o fesili. Sa ou faaaogaina lo'u lava igoa ma le imeli.
Ia mautinoa e faʻamaonia le upu faʻamaonia mo le ki. O mea taulima o le a sainia i lenei ki.gpg --gen-key -
Siakiina
gpg --list-keys -a /home/gitlab-deployer/.gnupg/pubring.gpg ---------------------------------------- pub 4096R/00000000 2019-04-19 uid Petruha Petrov <[email protected]> sub 4096R/11111111 2019-04-19 -
Tu'u atu a matou ki fa'alaua'itele i le keyserver
gpg --keyserver keys.gnupg.net --send-key 00000000 gpg: sending key 00000000 to hkp server keys.gnupg.net
Maven seti
- Matou te alu i lalo o le tagata faʻaoga
gitlab-deployersu gitlab-deployer - Fausia se maven directory fale teu oloa ma feso'ota'i ma le fa'aoga (aua ne'i sese)
O lenei laasaga e mafai ona faase'e pe afai e te le o fuafua e tamomoe ni tagata tamo'e i luga o le masini e tasi.mkdir -p ~/.m2/repository ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository - Fausia se ki matua
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Fausia faila ~/.m2/settings-security.xml
<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Fa'ailogaina le upu fa'amaonia mai le tala Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Fausia faila ~/.m2/settings.xml
<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>SONATYPE_USERNAME</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
o fea,
GPG_SECRET_KEY_PASSPHRASE - GPG key password
SONATYPE_USERNAME - sontype account login
O le mea lea e faʻamaeʻa ai le seti o le tamoʻe, e mafai ona e alu i le vaega
Fa'asoa Fa'atasi
GPG fa'atupuina autu
-
Muamua, e tatau ona e fatuina se ki GPG. Ina ia faia lenei mea, faʻapipiʻi le gnupg.
yum install -y gnupg -
Matou te fatuina se ki e ala i le taliina o fesili. Sa ou faaaogaina lo'u lava igoa ma le imeli. Ia mautinoa e faʻamaonia le upu faʻamaonia mo le ki.
gpg --gen-key -
Toe aumai faamatalaga autu
gpg --list-keys -a pub rsa3072 2019-04-24 [SC] [expires: 2021-04-23] 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 uid [ultimate] tttemp <[email protected]> sub rsa3072 2019-04-24 [E] [expires: none] -
Tu'u atu a matou ki fa'alaua'itele i le keyserver
gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net -
Mauaina o se ki patino
gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 -----BEGIN PGP PRIVATE KEY BLOCK----- lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5 ... =2Wd2 -----END PGP PRIVATE KEY BLOCK----- -
Alu i le faʻatulagaina o galuega -> Faʻatonu -> CI / CD -> Faʻaliliuga ma faʻasaoina le ki tumaoti i se fesuiaiga
GPG_SECRET_KEY
Maven seti
- Fausia se ki matua
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Alu i le faʻatulagaina o galuega -> Faʻatonu -> CI / CD -> Faʻaliliuga ma teu i se fesuiaiga
SETTINGS_SECURITY_XMLlaina nei:<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Fa'ailogaina le upu fa'amaonia mai le tala Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Alu i le faʻatulagaina o galuega -> Faʻatonu -> CI / CD -> Faʻaliliuga ma teu i se fesuiaiga
SETTINGS_XMLlaina nei:<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>sonatype_username</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
o fea,
GPG_SECRET_KEY_PASSPHRASE - GPG key password
SONATYPE_USERNAME - sontype account login
Fa'ata'ita'i fa'ata fa'atauta'i
-
Matou te fatuina se Dockerfile faigofie e faʻatino galuega i luga o le faʻaogaina ma le manaʻoga o Java. Lalo o se faʻataʻitaʻiga mo alpine.
FROM java:8u111-jdk-alpine RUN apk add gnupg maven git --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && mkdir ~/.m2/ -
Fausia se koneteina mo lau poloketi
docker build -t registry.gitlab.com/group/deploy . -
Matou te faʻamaonia ma utaina le koneteina i totonu o le resitala.
docker login -u USER -p PASSWORD registry.gitlab.com docker push registry.gitlab.com/group/deploy
GitLab CI
Fa'atino galuega
Faʻaopoopo le faila .gitlab-ci.yml i le aʻa o le galuega faʻapipiʻi
O lo'o tu'uina mai e le fa'amaumauga ni galuega fa'atino e lua. Tamomo'e Fa'apitoa po'o Fa'asoa Fa'atasi.
.gitlab-ci.yml
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# Задача будет выполняться на вашем shell-раннере
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# Задача будет выполняться на публичном docker-раннере
tags:
- docker
# Образ из раздела GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# Импортируем GPG ключ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# Сохраняем maven конфигурацию
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# Задача сработает по триггеру, если передана переменная DEPLOY со значением java
only:
variables:
- $DEPLOY == "java"
variables:
# отключаем клонирование текущего проекта
GIT_STRATEGY: none
script:
# Предоставляем возможность хранения пароля в незашифрованном виде
- git config --global credential.helper store
# Сохраняем временные креды пользователя gitlab-ci-token
# Токен работает для всех публичных проектов gitlab.com и для проектов группы
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# Полностью чистим текущую директорию
- rm -rf .* *
# Клонируем проект который, будем деплоить в Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# Переключаемся на нужный коммит
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
# В противном случае есть риск залить сырые артефакты в maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# Запускаем задачу на сборку и деплой артефактов
- mvn clean deploy -DskipTests=true
Poloketi Java
I galuega java e tatau ona tuʻuina atu i faleoloa lautele, e tatau ona e faʻaopoopoina 2 laasaga e sii mai ai le Faʻasalalauga ma le Snapshot versions.
.gitlab-ci.yml
stages:
- build
- test
- verify
- deploy
<...>
Release:
extends: .trigger_deploy
# Запускать задачу только пo тегу.
only:
- tags
Snapshot:
extends: .trigger_deploy
# Запускаем задачу на публикацию SNAPSHOT версии вручную
when: manual
# Не запускать задачу, если проставлен тег.
except:
- tags
.trigger_deploy:
stage: deploy
variables:
# Отключаем клонирование текущего проекта
GIT_STRATEGY: none
# Ссылка на триггер deploy-задачи
URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
# Переменные deploy-задачи
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
# Не использую cURL, так как с флагами --fail --show-error
# он не выводит тело ответа, если HTTP код 400 и более
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}I lenei fofo, na ou alu i luma ma filifili e faʻaaoga se tasi CI template mo galuega java.
Faʻamatalaga auiliili
Sa ou faia se galuega faatino ese lea na ia tuʻuina ai le mamanu CI mo poloketi java .
masani.yml
stages:
- build
- test
- verify
- deploy
variables:
SONAR_ARGS: "
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
"
.build_java_project:
stage: build
tags:
- touchbit-shell
variables:
SKIP_TEST: "false"
script:
- mvn clean
- mvn package -DskipTests=${SKIP_TEST}
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.build_sphinx_doc:
stage: build
tags:
- touchbit-shell
variables:
DOCKERFILE: .indirect/docs/Dockerfile
script:
- docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .
.junit_module_test_run:
stage: test
tags:
- touchbit-shell
variables:
MODULE: ""
script:
- cd ${MODULE}
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.junit_test_run:
stage: test
tags:
- touchbit-shell
script:
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.sonar_review:
stage: verify
tags:
- touchbit-shell
dependencies: []
script:
- >
if [ "$CI_BUILD_REF_NAME" == "master" ]; then
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
else
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
fi
.trigger_deploy:
stage: deploy
tags:
- touchbit-shell
variables:
URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
.trigger_release_deploy:
extends: .trigger_deploy
only:
- tags
.trigger_snapshot_deploy:
extends: .trigger_deploy
when: manual
except:
- tags
O le iʻuga, i totonu o le java poloketi lava ia, .gitlab-ci.yml e foliga faʻapitoa ma e le o faʻamatalaga.
.gitlab-ci.yml
include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml
Shields4J:
extends: .build_java_project
Sphinx doc:
extends: .build_sphinx_doc
variables:
DOCKERFILE: .docs/Dockerfile
Sonar review:
extends: .sonar_review
dependencies:
- Shields4J
Release:
extends: .trigger_release_deploy
Snapshot:
extends: .trigger_snapshot_deploy
pom.xml faatulagaga
O lenei autu o loʻo faʻamatalaina auiliili. в , o lea o le a ou faamatalaina nisi o nuances o le faaaogaina plugins. O le a ou faʻamatalaina foi le faigofie ma le natura e mafai ona e faʻaogaina nexus-staging-maven-pluginpe afai e te le manaʻo pe le mafai ona faʻaogaina org.sonatype.oss:oss-parent e fai ma matua mo lau poloketi.
maven-install-plugin
Fa'apipi'i modules i le fale teu oloa.
E aoga tele mo faʻamaoniga faʻapitonuʻu o fofo i isi poloketi, faʻapea foʻi ma se siaki tupe.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- Если у вас многомодульный проект с деплоем родительского помика -->
<phase>install</phase>
<!-- Явно указываем файлы для локальной установки -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- Принудительное обновление метаданных проекта -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- Контрольные суммы для проверки целостности -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
maven-javadoc-plugin
Fausia javadoc mo le poloketi.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
<phase>prepare-package</phase>
<configuration>
<!-- Очень помогает в публичных проектах -->
<failOnError>true</failOnError>
<failOnWarnings>true</failOnWarnings>
<!-- Убирает ошибку поиска документации в target директории -->
<detectOfflineLinks>false</detectOfflineLinks>
</configuration>
</execution>
</executions>
</plugin>Afai ei ai sau module e leai se java (mo se faʻataʻitaʻiga naʻo punaoa)
Pe e te le manaʻo e faʻatupu le javadoc i le mataupu faavae, ona fesoasoani lea maven-jar-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>empty-javadoc-jar</id>
<phase>generate-resources</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>javadoc</classifier>
<classesDirectory>${basedir}/javadoc</classesDirectory>
</configuration>
</execution>
</executions>
</plugin>
maven-gpg-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<!-- Сборка будет падать, если отсутствует GPG ключ -->
<!-- Подписываем артефакты только на фазе deploy -->
<phase>deploy</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
nexus-staging-maven-plugin
Fa'atonuga:
<project>
<!-- ... -->
<build>
<plugins>
<!-- ... -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- Обновляем метаданные, чтобы пометить артефакт как release -->
<!-- Не влияет на snapshot версии -->
<updateReleaseInfo>true</updateReleaseInfo>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<!-- Отключаем плагин -->
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype</id>
<name>Nexus Snapshot Repository</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>Afai ei ai sau poloketi e tele-module, ma e te le manaʻomia le tuʻuina atu o se module faʻapitoa i le fale teu oloa, ona e manaʻomia lea e faʻaopoopo i le pom.xml o lenei module nexus-staging-maven-plugin ma le fu'a skipNexusStagingDeployMojo
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
</plugin>
</plugins>
</build>A mae'a ona tu'uina atu fa'amatalaga ata/fa'asa'oloto e maua i totonu
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- Не надо указывать флаги snapshot/release для репозитория -->
</repository>
</repositories>Fa'aopoopo atili
- O se lisi mauoa tele o sini mo le galulue faatasi ma le nexus repository (
mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin). - Siaki fa'amatu'u otometi mo le la'uina i totonu o le maven central
iʻuga
Fa'asalalauina se Fa'aliliuga SNAPSHOT
A fausia se poloketi, e mafai ona amata ma le lima se galuega e sii mai ai le SNAPSHOT version i le nexus
A faʻalauiloa lenei galuega, o le galuega tutusa i le galuega faʻapipiʻi e faʻaosoina ().
ogalaau tipi
Running with gitlab-runner 11.10.0 (3001a600)
on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0 [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO] Updating project org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:client
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:test-core
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:testng
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:client
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO] * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [ 2.375 s]
[INFO] test-core .......................................... SUCCESS [ 3.929 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------O se taunuuga, ua utaina le version nexus .
E mafai ona ave'esea uma fa'amatalaga ata mai le fale teu oloa i luga o le saite i lalo o lau teugatupe.
Fa'asalalauina o le fa'asalalauga
Pe a seti le pine, o le galuega tutusa i le galuega faʻapipiʻi e otometi lava ona faʻaosoina e faʻapipiʻi le faʻasalalauga faʻasalalauga i nexus ().
O le vaega pito sili ona lelei o le fa'amuta lata mai e otometi lava ona fa'aoso i le nexus.
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------Ma afai ei ai se mea na faaletonu, o le a le manuia le galuega
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------O le taunuuga, e na o le tasi lava le filifiliga e totoe. Pe tape lenei lomiga pe lolomi.
A maeʻa le faʻamalolo, a maeʻa sina taimi, o mea faʻapitoa o le a i totonu
ototonu
O se faaaliga ia te au le faavasegaina e le maven isi faleteuoloa lautele.
Sa tatau ona ou lafoina le robots.txt ona sa faasino igoa i la'u fale teu oloa tuai.
iʻuga
O mea ua tatou maua
- Ose galuega fa'apipi'i tu'ufa'atasi e mafai ai ona e fa'atinoina ni galuega CI mo le fa'auluina o meafaitino i faleteuoloa mo le tele o gagana tau atina'e.
- O le galuega fa'atino e tu'ufua mai fa'alavelave mai fafo ma e na'o tagata fa'aoga e iai le matafaioi a le Pule ma le Tausia.
- Ose Fa'atauva'a Fa'apitoa fa'atasi ma se fa'aoga "vevela" e fa'atino ai na'o galuega fa'atino.
- Fa'asalalauga o fa'amatalaga ata/fa'asa'oloto i totonu o se faleteuoloa lautele.
- Siaki otometi le lomiga fa'asa'olotoga mo le fa'asalalauina i le maven central.
- Puipuiga mai le lolomiina otometi o lomiga "mata" ile maven central.
- Fausia ma faʻasalalau faʻamatalaga ata "i luga ole kiliki".
- Fa'ato'aga ta'itasi mo le mauaina o fa'amatalaga ata/fa'asalalau.
- Pipa lautele mo le fausiaina / su'ega / lolomiina o se poloketi java.
O le setiina o le GitLab CI e le faigata tele o se autu e pei ona foliga mai i le tepa muamua. Ua lava le faʻatulagaina o le CI i luga o le turnkey i ni nai taimi, ma o lea ua e mamao ese mai se amateur i lenei mataupu. E le gata i lea, o faʻamaumauga a GitLab e tele naua. Aua e te fefe e fai le laasaga muamua. E aliali mai le auala i lalo o faasitepu o le tagata e savali (Ou te le manatua po o ai na fai mai :)
O le a ou fiafia e tali atu.
I le isi tala, o le a ou faʻaali atu ia te oe le faʻatulagaina o le GitLab CI e faʻatautaia galuega faʻataʻitaʻiga faʻatasi ma le faʻatauvaʻa (faʻataʻitaʻiina auaunaga faʻataʻitaʻiga ma le docker-compose) pe a na o le tasi le atigi tamoʻe.
puna: www.habr.com