Maqaalkan waxaa loogu talagalay horumarinta Java kuwaas oo u baahan inay si dhakhso leh ugu daabacaan alaabtooda sonatype iyo/ama maven central repositories isticmaalaya GitLab. Maqaalkan waxaan ka hadli doonaa dejinta gitlab-runner, gitlab-ci iyo maven-plugin si loo xalliyo dhibaatadan.
Shuruudaha:
- Kaydinta sugan ee mvn iyo furayaasha GPG
- Fulin sugan oo ah hawlaha CI ee dadweynaha.
- U soo raritaanka agabka (sii daynta/ sawir-qaadista) meelaha dadweynaha
- Hubinta tooska ah ee noocyada sii daynta si loogu daabaco maven central.
- Xalka guud ee raritaanka alaabta farshaxan ee kaydka mashaariicda badan.
- Fududnaanta iyo fududaynta isticmaalka.
Tusmo
Macluumaad Guud
- Sharaxaad faahfaahsan oo ku saabsan habka daabacaadda farshaxanimada ee Maven Central iyada oo loo sii marayo Sonatype OSS Repository Hosting Service ayaa mar hore lagu sifeeyay isticmaalaha , marka waxaan tixraaci doonaa maqaalkan meelaha saxda ah.
- Horay isu diiwaangeli oo fur tigidh si aad u furto kaydka (akhri qaybta faahfaahin dheeraad ah ). Kadib furitaanka kaydka, galitaanka/lammaanaha sirta ah ee JIRA (oo hadda ka dib loo tixraacayo koontada Sonatype) ayaa loo isticmaali doonaa in lagu dhejiyo artifacts Sonatype nexus.
- Marka xigta, habka soo saarista furaha GPG waxaa lagu sifeeyaa si aad u qalalan. Faahfaahin dheeraad ah ka eeg qaybta
- Haddii aad isticmaasho kumbuyuutarka Linux si aad u abuurto fure GPG (gnupg/gnupg2), markaa waxaad u baahan tahay inaad rakibto si loo abuuro entropy. Haddii kale, jiilka muhiimka ah wuxuu qaadan karaa waqti aad u dheer.
- Adeegyada kaydinta dadweynaha Furayaasha GPG
Dejinta mashruuc geyn gudaha GitLab
- Ugu horreyntii, waxaad u baahan tahay inaad abuurto oo aad habayso mashruuc kaas oo dhuumaha lagu kaydin doono si loo geeyo agabka farshaxanka. Waxaan u magacaabay mashruucayga si fudud oo aan dhib lahayn -
- Kadib abuurista kaydka, waxaad u baahan tahay inaad xaddido gelitaanka si aad u bedesho kaydka.
Tag mashruuca -> Settings -> Kaydka -> Laamaha la ilaaliyo. Waxaan tirtirnaa dhammaan sharciyada oo aan ku darnaa hal xeer oo leh Wildcard * oo leh xuquuqda riixitaanka iyo isku-dhafka kaliya isticmaalayaasha leh doorka ilaaliyeyaasha. Xeerkani wuxuu u shaqayn doonaa dhammaan isticmaalayaasha mashruucan iyo kooxda uu mashruucani ka tirsan yahay.
- Haddii ay jiraan dhowr ilaaliyeyaal, markaa xalka ugu fiican wuxuu noqon lahaa in la xaddido gelitaanka mashruuca mabda'a ahaan.
Tag mashruuca -> Settings -> Guud -> Muuqa, sifooyinka mashruuca, oggolaanshaha oo deji muuqaalka mashruuca Private.
Waxaan haystaa mashruuc si guud loo heli karo, maadaama aan isticmaalo GitLab Runner-kayga oo kaliya waxaan fursad u helay inaan beddelo kaydka. Hagaag, dhab ahaantii, dantayda kuma jirto inaan xogta gaarka ah ku tuso diiwaannada dhuumaha dadweynaha. - Adkeynta shuruucda beddelka kaydka
Tag mashruuca -> Settings -> Kaydka -> Shuruucda Riix oo deji xaddidaadda Dambiyada, Hubi in qoraagu yahay calanka isticmaalaha GitLab. Waxaan sidoo kale ku talinayaa dejinta , oo dhigay diidmada calan aan saxeexin. - Marka xigta waxaad u baahan tahay inaad habayso kiciye si aad hawlaha u bilowdo
Tag mashruuca -> Settings -> CI / CD -> Tubooyinka kiciya oo samee calaamad cusub oo kicinaysa
Calaamaddan waxaa isla markiiba lagu dari karaa habaynta guud ee doorsoomayaasha koox mashruucyo ah.
Tag kooxda -> Settings -> CI / CD -> Variables oo ku dar doorsoomeDEPLOY_TOKENoo leh kiciyeyaasha-qiimaha.
GitLab Runner
Qaybtani waxa ay sharraxaysaa habaynta hawlaha hawlgelinta adiga oo isticmaalaya orodiyahaaga (Qaar) iyo dadweyne (la wadaago).
Orodyahan Gaar ah
Waxaan isticmaalaa orodyahannadayda sababtoo ah, marka hore, way ku habboon tahay, dhakhso badan, iyo raqiis ah.
Orodyahanka, waxaan kula talinayaa Linux VDS oo leh 1 CPU, 2 GB RAM, 20 GB HDD. Qiimaha la weydiinayo waa ~3000₽ sanadkii.
Orodyahankaygii
Orodyahanka waxaan u qaatay VDS 4 CPU, 4 GB RAM, 50 GB SSD. Qiimaha ~11000₽ oo aan waligeed ka shallayn.
Waxaan haystaa wadar ahaan 7 mashiin. 5 on aruba iyo 2 on ihor.
Markaa waxaan leenahay orodyahan. Hadda waxaan u habayn doonaa.
Waxaan u tageynaa mashiinka anagoo adeegsanayna SSH oo ku rakib Java, git, maven, gnupg2.
Ku rakibida orodeeyaha gitlab
- Abuur koox cusub
runnersudo groupadd runner - U samee buug hagaha maven cache oo u qoondee ogolaanshaha kooxda
runner
Waxaad ka boodi kartaa bartan haddii aadan qorsheyneynin inaad ku ordo dhowr orodyahan oo hal mashiin ah.mkdir -p /usr/cache/.m2/repository chown -R :runner /usr/cache chmod -R 770 /usr/cache - Abuur isticmaale
gitlab-deployeroo ku dar kooxdarunneruseradd -m -d /home/gitlab-deployer gitlab-deployer usermod -a -G runner gitlab-deployer - Kudar faylka
/etc/ssh/sshd_configsafka xigaAllowUsers root@* [email protected] - Dib u bilow
sshdsystemctl restart sshd - Dejinta erayga sirta ah ee isticmaalaha
gitlab-deployer(waxay noqon kartaa mid fudud, maadaama ay jirto xannibaad loogu talagalay localhost)passwd gitlab-deployer - Ku rakib GitLab Runner (Linux x86-64)
sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner - Tag website-ka gitlab.com -> deploy-project -> Settings -> CI/CD -> Runners -> Runners -> Gaarka ah orodyahannada oo koobi calaamadda diiwaangelinta
Shaashada
- Diiwaangelinta orodyahan
gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml
habka
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!- Waxaan hubineynaa in orodyahanku diiwaangashan yahay. Tag website-ka gitlab.com -> deploy-project -> Settings -> CI/CD -> Runners -> Orodyahannada gaarka ah -> Orodyahannada loo hawlgeliyay mashruucan
Shaashada
- Ku dar gooni ah adeegga
/etc/systemd/system/gitlab-deployer.service[Unit] Description=GitLab Deploy Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/local/bin/gitlab-runner [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target - Aan bilowno adeegga.
systemctl enable gitlab-deployer.service systemctl start gitlab-deployer.service systemctl status gitlab-deployer.service - Waxaan hubineynaa in orodyahanku ordo.
Tusaale:
Soo saarista furayaasha GPG
-
Mashiinka isku midka ah waxaan ka galeynaa ssh hoosta isticmaalaha
gitlab-deployer(tani waxay muhiim u tahay abuurista furaha GPG)ssh [email protected] -
Waxaan abuurnaa fure annagoo ka jawaabayna su'aalaha. Waxaan isticmaalay magacayga iyo iimaylkayga.
Hubi inaad u caddayso furaha sirta ah ee furaha. Farshaxanka ayaa lagu saxeexi doonaa furahan.gpg --gen-key -
Hubi
gpg --list-keys -a /home/gitlab-deployer/.gnupg/pubring.gpg ---------------------------------------- pub 4096R/00000000 2019-04-19 uid Petruha Petrov <[email protected]> sub 4096R/11111111 2019-04-19 -
Soo dejinta furahayaga dadweynaha ee serverka muhiimka ah
gpg --keyserver keys.gnupg.net --send-key 00000000 gpg: sending key 00000000 to hkp server keys.gnupg.net
Dejinta Maven
- Soo gal isticmaal ahaan
gitlab-deployersu gitlab-deployer - Samee hage maven boodh oo ku xidh khasnadda (khalad ha samayn)
Waxaad ka boodi kartaa bartan haddii aadan qorsheyneynin inaad ku ordo dhowr orodyahan oo hal mashiin ah.mkdir -p ~/.m2/repository ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository - Samee furaha sare
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Samee fayl ~/.m2/settings-security.xml
<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Sirin sirta sirta ah ee koontada Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Samee fayl ~/.m2/settings.xml
<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>SONATYPE_USERNAME</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
halkee,
GPG_SECRET_KEY_PASSPRASE - erayga sirta ah ee furaha GPG
SONATYPE_USERNAME - galida koontada sonatype
Tani waxay dhamaystiraysaa habaynta orodeeyaha, waxaad sii wadi kartaa qaybta
Orodyahanka La Wadaago
Soo saarista furayaasha GPG
-
Marka hore, waxaad u baahan tahay inaad abuurto fure GPG ah. Si tan loo sameeyo, rakib gnupg.
yum install -y gnupg -
Waxaan abuurnaa fure annagoo ka jawaabayna su'aalaha. Waxaan isticmaalay magacayga iyo iimaylkayga. Hubi inaad u caddayso furaha sirta ah ee furaha.
gpg --gen-key -
Muujinaya macluumaadka furaha
gpg --list-keys -a pub rsa3072 2019-04-24 [SC] [expires: 2021-04-23] 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 uid [ultimate] tttemp <[email protected]> sub rsa3072 2019-04-24 [E] [expires: none] -
Soo dejinta furahayaga dadweynaha ee serverka muhiimka ah
gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net -
Waxaan helnaa furaha gaarka ah
gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 -----BEGIN PGP PRIVATE KEY BLOCK----- lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5 ... =2Wd2 -----END PGP PRIVATE KEY BLOCK----- -
Tag goobaha mashruuca -> Settings -> CI / CD -> Variables oo ku keydi furaha gaarka ah doorsoome
GPG_SECRET_KEY
Dejinta Maven
- Samee furaha sare
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Tag goobaha mashruuca -> Settings -> CI / CD -> Variables oo ku keydi doorsoome
SETTINGS_SECURITY_XMLkhadadka soo socda:<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Sirin sirta sirta ah ee koontada Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Tag goobaha mashruuca -> Settings -> CI / CD -> Variables oo ku keydi doorsoome
SETTINGS_XMLkhadadka soo socda:<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>sonatype_username</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
halkee,
GPG_SECRET_KEY_PASSPRASE - erayga sirta ah ee furaha GPG
SONATYPE_USERNAME - galida koontada sonatype
Geli sawirka docker
-
Waxaan abuurnaa Dockerfile fudud oo fudud si aan u socodsiino hawlaha nooca Java ee loo baahan yahay. Hoos waxaa ku yaal tusaale u ah alpine.
FROM java:8u111-jdk-alpine RUN apk add gnupg maven git --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && mkdir ~/.m2/ -
U-ururinta weel mashruucaaga
docker build -t registry.gitlab.com/group/deploy . -
Waanu xaqiijinay oo ku shubnaa weelka diiwaanka.
docker login -u USER -p PASSWORD registry.gitlab.com docker push registry.gitlab.com/group/deploy
GitLab CI
Meesha mashruuca
Ku dar faylka .gitlab-ci.yml xididka mashruuca geynta
Qoraalku waxa uu soo bandhigayaa laba hawlood oo kala diris ah oo gooni u ah. Orodyahan gaar ah ama Orodyahan la wadaago siday u kala horreeyaan.
.gitlab-ci.yml
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# Задача будет выполняться на вашем shell-раннере
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# Задача будет выполняться на публичном docker-раннере
tags:
- docker
# Образ из раздела GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# Импортируем GPG ключ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# Сохраняем maven конфигурацию
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# Задача сработает по триггеру, если передана переменная DEPLOY со значением java
only:
variables:
- $DEPLOY == "java"
variables:
# отключаем клонирование текущего проекта
GIT_STRATEGY: none
script:
# Предоставляем возможность хранения пароля в незашифрованном виде
- git config --global credential.helper store
# Сохраняем временные креды пользователя gitlab-ci-token
# Токен работает для всех публичных проектов gitlab.com и для проектов группы
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# Полностью чистим текущую директорию
- rm -rf .* *
# Клонируем проект который, будем деплоить в Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# Переключаемся на нужный коммит
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
# В противном случае есть риск залить сырые артефакты в maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# Запускаем задачу на сборку и деплой артефактов
- mvn clean deploy -DskipTests=true
Mashruuca Java
Mashaariicda java ee la rabo in lagu shubo meelaha dadweynaha, waxaad u baahan tahay inaad ku darto 2 tillaabo si aad u soo dejiso noocyada Siideynta iyo Sawirka.
.gitlab-ci.yml
stages:
- build
- test
- verify
- deploy
<...>
Release:
extends: .trigger_deploy
# Запускать задачу только пo тегу.
only:
- tags
Snapshot:
extends: .trigger_deploy
# Запускаем задачу на публикацию SNAPSHOT версии вручную
when: manual
# Не запускать задачу, если проставлен тег.
except:
- tags
.trigger_deploy:
stage: deploy
variables:
# Отключаем клонирование текущего проекта
GIT_STRATEGY: none
# Ссылка на триггер deploy-задачи
URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
# Переменные deploy-задачи
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
# Не использую cURL, так как с флагами --fail --show-error
# он не выводит тело ответа, если HTTP код 400 и более
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}Xalkan, waxaan u socday wax yar oo waxaan go'aansaday inaan isticmaalo hal template CI mashaariicda Java.
Faahfaahin dheeraad ah
Mashruuc gaar ah ayaan sameeyay kaas oo aan dhigay template CI mashaariicda java .
caadi.yml
stages:
- build
- test
- verify
- deploy
variables:
SONAR_ARGS: "
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
"
.build_java_project:
stage: build
tags:
- touchbit-shell
variables:
SKIP_TEST: "false"
script:
- mvn clean
- mvn package -DskipTests=${SKIP_TEST}
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.build_sphinx_doc:
stage: build
tags:
- touchbit-shell
variables:
DOCKERFILE: .indirect/docs/Dockerfile
script:
- docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .
.junit_module_test_run:
stage: test
tags:
- touchbit-shell
variables:
MODULE: ""
script:
- cd ${MODULE}
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.junit_test_run:
stage: test
tags:
- touchbit-shell
script:
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.sonar_review:
stage: verify
tags:
- touchbit-shell
dependencies: []
script:
- >
if [ "$CI_BUILD_REF_NAME" == "master" ]; then
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
else
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
fi
.trigger_deploy:
stage: deploy
tags:
- touchbit-shell
variables:
URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
.trigger_release_deploy:
extends: .trigger_deploy
only:
- tags
.trigger_snapshot_deploy:
extends: .trigger_deploy
when: manual
except:
- tags
Natiijo ahaan, mashaariicda java laftooda, .gitlab-ci.yml waxay u muuqdaan kuwo isku dhafan oo aan hadal ahayn.
.gitlab-ci.yml
include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml
Shields4J:
extends: .build_java_project
Sphinx doc:
extends: .build_sphinx_doc
variables:
DOCKERFILE: .docs/Dockerfile
Sonar review:
extends: .sonar_review
dependencies:
- Shields4J
Release:
extends: .trigger_release_deploy
Snapshot:
extends: .trigger_snapshot_deploy
qaabeynta Pom.xml
Mawduucan waxaa lagu sifeeyay si faahfaahsan. в , sidaa darteed waxaan sharxi doonaa qaar ka mid ah nuucyada isticmaalka plugins. Waxaan sidoo kale sharxi doonaa sida ugu fudud oo dabacsan ee aad u isticmaali karto nexus-staging-maven-pluginHaddii aadan rabin ama aadan isticmaali karin org.sonatype.oss:oss-parent waalid ahaan mashruucaaga.
maven-install-plugin
Ku rakib cutubyada kaydka deegaanka
Aad bay faa'iido u leedahay xaqiijinta maxalliga ah ee xalalka mashaariicda kale, iyo sidoo kale xisaab hubin.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- Если у вас многомодульный проект с деплоем родительского помика -->
<phase>install</phase>
<!-- Явно указываем файлы для локальной установки -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- Принудительное обновление метаданных проекта -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- Контрольные суммы для проверки целостности -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
maven-javadoc-plugin
Soo saarista Javadoc ee mashruuca.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
<phase>prepare-package</phase>
<configuration>
<!-- Очень помогает в публичных проектах -->
<failOnError>true</failOnError>
<failOnWarnings>true</failOnWarnings>
<!-- Убирает ошибку поиска документации в target директории -->
<detectOfflineLinks>false</detectOfflineLinks>
</configuration>
</execution>
</executions>
</plugin>Haddii aad haysato module aan ku jirin java (tusaale kaliya agab)
Ama ma rabto inaad abuurto javadoc mabda'a, ka dibna caawi maven-jar-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>empty-javadoc-jar</id>
<phase>generate-resources</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>javadoc</classifier>
<classesDirectory>${basedir}/javadoc</classesDirectory>
</configuration>
</execution>
</executions>
</plugin>
maven-gpg-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<!-- Сборка будет падать, если отсутствует GPG ключ -->
<!-- Подписываем артефакты только на фазе deploy -->
<phase>deploy</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
nexus-staging-maven-plugin
Habaynta:
<project>
<!-- ... -->
<build>
<plugins>
<!-- ... -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- Обновляем метаданные, чтобы пометить артефакт как release -->
<!-- Не влияет на snapshot версии -->
<updateReleaseInfo>true</updateReleaseInfo>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<!-- Отключаем плагин -->
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype</id>
<name>Nexus Snapshot Repository</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>Haddii aad haysato mashruuc module badan leh oo aadan u baahnayn inaad module gaar ah ku dhejiso kaydka, markaa waxaad u baahan tahay inaad ku darto nexus-staging-maven-plugin calan leh skipNexusStagingDeployMojo
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
</plugin>
</plugins>
</build>Ka dib markii la soo dejiyo, noocyada sawir-qaadista/sii daynta ayaa laga heli karaa gudaha
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- Не надо указывать флаги snapshot/release для репозитория -->
</repository>
</repositories>Pluses badan
- Liis aad u qani ah oo ah yoolalka la shaqaynta kaydka nexus (
mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin). - Hubi si otomaatig ah oo lagu soo dejiyo maven central
natiijada
Daabacaada nooca SNAPSHOT
Marka la dhisayo mashruuca, waxaa suurtagal ah in gacanta lagu bilaabo hawl si loo soo dejiyo nooca SNAPSHOT ee xiriirinta
Marka hawshan la bilaabo, hawsha u dhiganta ee mashruuca geynta ayaa kicinaysa ().
Log la jarjaray
Running with gitlab-runner 11.10.0 (3001a600)
on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0 [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO] Updating project org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:client
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:test-core
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:testng
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:client
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO] * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [ 2.375 s]
[INFO] test-core .......................................... SUCCESS [ 3.929 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------Natiijo ahaan, nooca waxaa lagu dhejiyaa nexus .
Dhammaan noocyada sawir-qaadista waa laga tirtiri karaa kaydka bogga internetka hoos xisaabtaada.
Daabacaada nooca sii daynta
Marka sumadda la rakibo, hawsha u dhiganta ee mashruuca geynta ayaa si toos ah u kicisa si loo soo dejiyo nooca sii deynta ee nexus ().
Qaybta ugu fiican ayaa ah in siidaynta dhow ay si toos ah u kiciso xidhiidhka.
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------Haddii ay wax qaldamaanna waxa hubaal ah in hawshu fashilmi doonto
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------Sidaas darteed, waxaa noo haray hal doorasho oo keliya. Ama tirtir noocaan ama daabac.
Siideynta ka dib, muddo ka dib alaabtu waxay soo geli doontaa
dusha ka baxsan
Waxay ii ahayd daahfurka in maven uu tilmaamayo meelaha kale ee dadweynaha.
Waa inaan ku daraa robots.txt sababtoo ah waxay tilmaamtay kaydkaygii hore.
gunaanad
Waxa aan hayno
- Mashruuc gaar ah oo aad ku fulin karto hawlo badan oo CI ah oo loogu talagalay soo dejinta agabka dadweynaha ee luqadaha horumarinta ee kala duwan.
- Mashruuca Deploy waa ka go'doonsan faragelinta dibadda waxaana bedeli kara oo kaliya isticmaalayaasha leh doorarka Mulkiilaha iyo Ilaaliyaha.
- Runner gaar ah oo leh kayd "kulul" si uu u socodsiiyo oo kaliya hawlo.
- Daabacaadda sawir-qaadis/nooca sii daynta ee kaydka dadweynaha
- Si otomaatig ah u hubi nooca sii daynta si loogu diyaargaroobo daabacaadda Maven central.
- Ka ilaalinta daabacaadda tooska ah ee noocyada "ceeriin" ee maven central.
- Dhis oo daabac noocyada sawir-qaadista "guji".
- Hal meel oo kayd ah oo lagu helo muuqaal sawireed/siidayn.
- Dhuumaha guud ee dhismaha/tijaabinta/daabacaadda mashruuca java.
Dejinta GitLab CI maaha mawduuc u adag sida ay u muuqato jaleecada hore. Waa ku filan tahay in la sameeyo CI ku salaysan furaha dhowr jeer, oo hadda waxaad ka fog tahay hiwaayadda arrintan. Intaa waxaa dheer, dukumeenti GitLab waa mid aad u badan. Ha ka baqin inaad qaado talaabada ugu horeysa. Waddadu waxay ka hoos muuqataa jaranjarooyinka qofka socda (ma xasuusto cidda tidhi :)
Waan ku farxi doonaa inaan helo jawaab celin.
Maqaalka soo socda waxaan ka hadli doonaa sida loo habeeyo GitLab CI si ay u socodsiiso hawlaha imtixaannada isdhexgalka si tartan ah (ku socodsiinta adeegyada tijaabada iyadoo la adeegsanayo docker-compose) haddii aad leedahay hal orodyahan oo qolof ah.
Source: www.habr.com