Artikel ieu dimaksudkeun pikeun pamekar java anu kudu gancang nyebarkeun produk maranéhna pikeun sonatype na / atawa maven repositories sentral maké GitLab. Dina artikel ieu, kuring bakal ngobrol ngeunaan nyetel gitlab-runner, gitlab-ci jeung maven-plugin pikeun ngajawab masalah ieu.
Prasyarat:
- Panyimpenan aman tina mvn sareng konci GPG.
- Palaksanaan aman tina tugas CI publik.
- Ngunggah artefak (release/snapshot) ka repositori umum.
- Pariksa otomatis versi release pikeun publikasi dina maven sentral.
- Solusi umum pikeun unggah artefak ka gudang pikeun sababaraha proyék.
- Kesederhanaan sareng betah dianggo.
eusi
inpo umum
- Katerangan lengkep ngeunaan mékanisme pikeun nyebarkeun artefak ka Maven Central via Sonatype OSS Repository Hosting Service parantos dijelaskeun dina pamaké , janten kuring bakal ngarujuk kana tulisan ieu dina tempat anu leres.
- Pra-pendaptaran di sareng ngamimitian tikét pikeun muka gudang (pikeun langkung rinci, baca bagian éta ). Saatos muka gudang, pasangan login / sandi JIRA (saterusna disebut akun Sonatype) bakal dipaké pikeun unggah artefak kana Sonatype nexus.
- Salajengna, prosés ngahasilkeun konci GPG dijelaskeun pisan garing. Tempo bagian pikeun leuwih rinci.
- Upami anjeun nganggo konsol Linux pikeun ngahasilkeun konci GPG (gnupg/gnupg2), maka anjeun kedah pasang. pikeun ngahasilkeun éntropi. Upami teu kitu, generasi konci tiasa nyandak waktos anu pohara lila.
- Jasa Panyimpenan umum konci GPG
Nyetel hiji proyék nyebarkeun di GitLab
- Anu mimiti, anjeun kedah nyiptakeun sareng ngonpigurasikeun proyék dimana pipa bakal disimpen pikeun panyebaran artefak. Kuring nyauran proyék kuring saderhana sareng teu rumit -
- Saatos nyiptakeun gudang, anjeun kedah ngabatesan aksés pikeun ngarobih gudang.
Pindah ka proyék -> Setélan -> Repositori -> Cabang Dilindungan. Kami ngahapus sadaya aturan sareng nambihan aturan tunggal sareng Wildcard * kalayan hak nyorong sareng ngagabung ngan pikeun pangguna anu ngagaduhan peran Maintainers. Aturan ieu bakal dianggo pikeun sadaya pangguna tina proyék ieu sareng grup dimana proyék ieu milik.
- Upami aya sababaraha pangropéa, maka solusi anu pangsaéna nyaéta ngabatesan aksés kana proyék sacara prinsip.
Pindah ka proyék -> Setélan -> Umum -> Visibilitas, fitur proyék, idin tur nyetel pisibilitas Project ka wasta.
Kuring boga proyék di aksés umum, saprak kuring make sorangan GitLab runner na ngan kuring boga aksés ka ngaropéa Repository nu. Nya, saleresna sanés kapentingan kuring pikeun nunjukkeun inpormasi pribadi dina log pipa umum. - Tightening aturan pikeun ngarobah Repository nu
Pindah ka proyék -> Setélan -> Repository -> Aturan Push tur nyetel umbul larangan Committer, Pariksa naha pangarang téh pamaké GitLab. Kuring ogé nyarankeun setelan , tur nyetel Bandéra commits Tolak unsigned. - Salajengna, anjeun kedah ngonpigurasikeun pemicu pikeun ngajalankeun tugas
Pindah ka proyék -> Setélan -> CI / CD -> Pipeline micu sareng jieun pemicu-token énggal
token Ieu bisa langsung ditambahkeun kana konfigurasi umum variabel pikeun grup proyék.
Pindah ka grup -> Setélan -> CI / CD -> Variabel sareng tambahkeun variabelDEPLOY_TOKENkalawan pemicu-token dina nilai.
GitLab Runner
bagian ieu ngajelaskeun konfigurasi pikeun ngajalankeun tugas on nyebarkeun maké pribumi (spésifik) jeung umum (dibagikeun) runner.
Runner husus
Kuring make runners sorangan, sabab mimitina éta merenah, gancang, mirah.
Pikeun runner I nyarankeun Linux Ubuntu VDS kalawan 1 CPU, 2 GB RAM, 20 GB HDD. Harga ngaluarkeun ~ 3000₽ per taun.
Lumpat kuring
Pikeun runner I nyandak VDS 4 CPU, 4 GB RAM, 50 GB SSD. Éta hargana ~ 11000₽ sareng henteu kantos kuciwa.
Kuring boga total 7 mesin. 5 on aruba jeung 2 on ihor.
Janten, urang gaduh runner. Ayeuna urang bakal nyetél éta.
Urang buka mesin via SSH tur masang java, git, maven, gnupg2.
Masang gitlab runner
- Jieun grup anyar
runnersudo groupadd runner - Jieun diréktori pikeun cache maven jeung napelkeun hak grup
runner
Anjeun tiasa ngalangkungan léngkah ieu upami anjeun henteu ngarencanakeun ngajalankeun sababaraha pelari dina mesin anu sami.mkdir -p /usr/cache/.m2/repository chown -R :runner /usr/cache chmod -R 770 /usr/cache - Jieun pamaké
gitlab-deployerjeung tambahkeun ka gruprunneruseradd -m -d /home/gitlab-deployer gitlab-deployer usermod -a -G runner gitlab-deployer - Tambahkeun ka file
/etc/ssh/sshd_configbaris salajengnaAllowUsers root@* [email protected] - Reboot
sshdsystemctl restart sshd - Setel kecap akses pikeun pamaké
gitlab-deployer(tiasa saderhana, sabab aya larangan pikeun localhost)passwd gitlab-deployer - Pasang GitLab Runner (Linux x86-64)
sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner - Buka gitlab.com -> deploy-project -> Setélan -> CI/CD -> Runners -> Runners Spésifik sareng salin token pendaptaran
layar
- Ngadaptarkeun runner
gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml
proses
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!- Pariksa yén runner kadaptar. Buka gitlab.com -> deploy-project -> Setélan -> CI/CD -> Runners -> Runners Spésifik -> Runners diaktipkeun pikeun proyék ieu
layar
- Tambihkeun papisah palayanan
/etc/systemd/system/gitlab-deployer.service[Unit] Description=GitLab Deploy Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/local/bin/gitlab-runner [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target - Urang ngamimitian jasa.
systemctl enable gitlab-deployer.service systemctl start gitlab-deployer.service systemctl status gitlab-deployer.service - Pariksa yén runner ngajalankeun.
conto
Generasi konci GPG
-
Ti mesin sarua urang buka via ssh handapeun pamaké
gitlab-deployer(ieu penting pikeun generasi konci GPG)ssh [email protected] -
Urang ngahasilkeun konci ku ngajawab patarosan. Kuring nganggo nami sareng email kuring sorangan.
Pastikeun pikeun nangtukeun sandi pikeun konci. Artefak bakal ditandatanganan ku konci ieu.gpg --gen-key -
Cék
gpg --list-keys -a /home/gitlab-deployer/.gnupg/pubring.gpg ---------------------------------------- pub 4096R/00000000 2019-04-19 uid Petruha Petrov <[email protected]> sub 4096R/11111111 2019-04-19 -
Unggah konci publik kami ka keyserver
gpg --keyserver keys.gnupg.net --send-key 00000000 gpg: sending key 00000000 to hkp server keys.gnupg.net
Setélan Maven
- Urang buka handapeun pamaké
gitlab-deployersu gitlab-deployer - Jieun diréktori maven Repository sareng numbu sareng cache (teu salah)
Léngkah ieu tiasa dilewatan upami anjeun henteu ngarencanakeun ngajalankeun sababaraha pelari dina mesin anu sami.mkdir -p ~/.m2/repository ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository - Jieun konci master
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Jieun file ~/.m2/settings-security.xml
<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Encrypting sandi ti akun Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Jieun file ~/.m2/settings.xml
<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>SONATYPE_USERNAME</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
dimana,
GPG_SECRET_KEY_PASSPHRASE - sandi konci GPG
SONATYPE_USERNAME - asup akun sonatype
Ieu ngalengkepan setelan runner, Anjeun bisa neruskeun ka bagian
Runner dibagikeun
Generasi konci GPG
-
Anu mimiti, anjeun kedah nyiptakeun konci GPG. Jang ngalampahkeun ieu, install gnupg.
yum install -y gnupg -
Urang ngahasilkeun konci ku ngajawab patarosan. Kuring nganggo nami sareng email kuring sorangan. Pastikeun pikeun nangtukeun sandi pikeun konci.
gpg --gen-key -
Kéngingkeun inpormasi konci
gpg --list-keys -a pub rsa3072 2019-04-24 [SC] [expires: 2021-04-23] 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 uid [ultimate] tttemp <[email protected]> sub rsa3072 2019-04-24 [E] [expires: none] -
Unggah konci publik kami ka keyserver
gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net -
Meunangkeun konci pribadi
gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 -----BEGIN PGP PRIVATE KEY BLOCK----- lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5 ... =2Wd2 -----END PGP PRIVATE KEY BLOCK----- -
Pindah ka setélan proyék -> Setélan -> CI / CD -> Variabel sareng simpen konci pribadi dina variabel
GPG_SECRET_KEY
Setélan Maven
- Jieun konci master
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Pindah ka setélan proyék -> Setélan -> CI / CD -> Variabel sareng simpen dina variabel
SETTINGS_SECURITY_XMLgaris handap:<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Encrypting sandi ti akun Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Pindah ka setélan proyék -> Setélan -> CI / CD -> Variabel sareng simpen dina variabel
SETTINGS_XMLgaris handap:<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>sonatype_username</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
dimana,
GPG_SECRET_KEY_PASSPHRASE - sandi konci GPG
SONATYPE_USERNAME - asup akun sonatype
Nyebarkeun gambar docker
-
Kami nyiptakeun Dockerfile anu cukup saderhana pikeun ngajalankeun tugas dina nyebarkeun sareng versi Java anu dipikahoyong. Di handap ieu conto pikeun alpine.
FROM java:8u111-jdk-alpine RUN apk add gnupg maven git --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && mkdir ~/.m2/ -
Ngawangun wadah pikeun proyék anjeun
docker build -t registry.gitlab.com/group/deploy . -
Urang ngabuktoskeun kaaslianana sareng ngamuat wadahna kana pendaptaran.
docker login -u USER -p PASSWORD registry.gitlab.com docker push registry.gitlab.com/group/deploy
GitLab CI
Nyebarkeun proyék
Tambahkeun file .gitlab-ci.yml kana akar proyék nyebarkeun
Skrip nampilkeun dua tugas panyebaran anu saling ekslusif. Runner Spésifik atanapi Runner Dibagi masing-masing.
.gitlab-ci.yml
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# Задача будет выполняться на вашем shell-раннере
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# Задача будет выполняться на публичном docker-раннере
tags:
- docker
# Образ из раздела GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# Импортируем GPG ключ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# Сохраняем maven конфигурацию
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# Задача сработает по триггеру, если передана переменная DEPLOY со значением java
only:
variables:
- $DEPLOY == "java"
variables:
# отключаем клонирование текущего проекта
GIT_STRATEGY: none
script:
# Предоставляем возможность хранения пароля в незашифрованном виде
- git config --global credential.helper store
# Сохраняем временные креды пользователя gitlab-ci-token
# Токен работает для всех публичных проектов gitlab.com и для проектов группы
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# Полностью чистим текущую директорию
- rm -rf .* *
# Клонируем проект который, будем деплоить в Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# Переключаемся на нужный коммит
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
# В противном случае есть риск залить сырые артефакты в maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# Запускаем задачу на сборку и деплой артефактов
- mvn clean deploy -DskipTests=true
proyék Java
Dina proyék java anu sakuduna diunggah ka repositori umum, anjeun kedah nambihan 2 léngkah pikeun ngaunduh versi Release sareng Snapshot.
.gitlab-ci.yml
stages:
- build
- test
- verify
- deploy
<...>
Release:
extends: .trigger_deploy
# Запускать задачу только пo тегу.
only:
- tags
Snapshot:
extends: .trigger_deploy
# Запускаем задачу на публикацию SNAPSHOT версии вручную
when: manual
# Не запускать задачу, если проставлен тег.
except:
- tags
.trigger_deploy:
stage: deploy
variables:
# Отключаем клонирование текущего проекта
GIT_STRATEGY: none
# Ссылка на триггер deploy-задачи
URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
# Переменные deploy-задачи
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
# Не использую cURL, так как с флагами --fail --show-error
# он не выводит тело ответа, если HTTP код 400 и более
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}Dina leyuran ieu, kuring indit saeutik salajengna jeung mutuskeun hiji pamakéan template CI pikeun proyék-proyék java.
leuwih jéntré
Kuring nyieun proyék misah dimana anjeunna nempatkeun template CI pikeun proyék-proyék java .
umum.yml
stages:
- build
- test
- verify
- deploy
variables:
SONAR_ARGS: "
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
"
.build_java_project:
stage: build
tags:
- touchbit-shell
variables:
SKIP_TEST: "false"
script:
- mvn clean
- mvn package -DskipTests=${SKIP_TEST}
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.build_sphinx_doc:
stage: build
tags:
- touchbit-shell
variables:
DOCKERFILE: .indirect/docs/Dockerfile
script:
- docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .
.junit_module_test_run:
stage: test
tags:
- touchbit-shell
variables:
MODULE: ""
script:
- cd ${MODULE}
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.junit_test_run:
stage: test
tags:
- touchbit-shell
script:
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.sonar_review:
stage: verify
tags:
- touchbit-shell
dependencies: []
script:
- >
if [ "$CI_BUILD_REF_NAME" == "master" ]; then
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
else
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
fi
.trigger_deploy:
stage: deploy
tags:
- touchbit-shell
variables:
URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
.trigger_release_deploy:
extends: .trigger_deploy
only:
- tags
.trigger_snapshot_deploy:
extends: .trigger_deploy
when: manual
except:
- tags
Hasilna, dina proyék java sorangan, .gitlab-ci.yml katingalina kompak pisan sareng henteu verbose.
.gitlab-ci.yml
include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml
Shields4J:
extends: .build_java_project
Sphinx doc:
extends: .build_sphinx_doc
variables:
DOCKERFILE: .docs/Dockerfile
Sonar review:
extends: .sonar_review
dependencies:
- Shields4J
Release:
extends: .trigger_release_deploy
Snapshot:
extends: .trigger_snapshot_deploy
pom.xml konfigurasi
Topik ieu dijelaskeun sacara rinci. в , Jadi kuring bakal ngajelaskeun sababaraha nuansa ngagunakeun plugins. Kuring ogé bakal ngajelaskeun kumaha gampang sareng alami anjeun tiasa dianggo nexus-staging-maven-pluginupami anjeun henteu hoyong atanapi henteu tiasa nganggo org.sonatype.oss:oss-parent salaku indungna pikeun proyék anjeun.
maven-install-plugin
Masang modul kana gudang lokal.
Mangpaat pisan pikeun verifikasi lokal solusi dina proyék séjén, kitu ogé checksum a.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- Если у вас многомодульный проект с деплоем родительского помика -->
<phase>install</phase>
<!-- Явно указываем файлы для локальной установки -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- Принудительное обновление метаданных проекта -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- Контрольные суммы для проверки целостности -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
maven-javadoc-plugin
Ngahasilkeun javadoc pikeun proyék éta.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
<phase>prepare-package</phase>
<configuration>
<!-- Очень помогает в публичных проектах -->
<failOnError>true</failOnError>
<failOnWarnings>true</failOnWarnings>
<!-- Убирает ошибку поиска документации в target директории -->
<detectOfflineLinks>false</detectOfflineLinks>
</configuration>
</execution>
</executions>
</plugin>Upami anjeun gaduh modul anu henteu ngandung java (upamana ngan ukur sumber daya)
Atanapi anjeun henteu hoyong ngahasilkeun javadoc prinsipna, teras ngabantosan maven-jar-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>empty-javadoc-jar</id>
<phase>generate-resources</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>javadoc</classifier>
<classesDirectory>${basedir}/javadoc</classesDirectory>
</configuration>
</execution>
</executions>
</plugin>
maven-gpg-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<!-- Сборка будет падать, если отсутствует GPG ключ -->
<!-- Подписываем артефакты только на фазе deploy -->
<phase>deploy</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
nexus-pementasan-maven-plugin
Konfigurasi:
<project>
<!-- ... -->
<build>
<plugins>
<!-- ... -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- Обновляем метаданные, чтобы пометить артефакт как release -->
<!-- Не влияет на snapshot версии -->
<updateReleaseInfo>true</updateReleaseInfo>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<!-- Отключаем плагин -->
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype</id>
<name>Nexus Snapshot Repository</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>Upami anjeun gaduh proyék multi-modul, sareng anjeun henteu kedah unggah modul khusus kana gudang, teras anjeun kedah nambihan kana pom.xml modul ieu. nexus-staging-maven-plugin kalawan bandéra skipNexusStagingDeployMojo
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
</plugin>
</plugins>
</build>Saatos unggah snapshot/rilis versi sadia dina
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- Не надо указывать флаги snapshot/release для репозитория -->
</repository>
</repositories>Langkung pluss
- Daptar udagan anu beunghar pikeun damel sareng gudang nexus (
mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin). - Pariksa release otomatis pikeun downloadability di maven sentral
hasil
Nerbitkeun Vérsi SNAPSHOT
Nalika ngawangun proyek, kasebut nyaéta dimungkinkeun pikeun sacara manual ngamimitian tugas pikeun ngundeur versi SNAPSHOT mun nexus
Nalika tugas ieu diluncurkeun, tugas anu saluyu dina proyék penyebaran dipicu ().
log dipotong
Running with gitlab-runner 11.10.0 (3001a600)
on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0 [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO] Updating project org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:client
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:test-core
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:testng
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:client
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO] * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [ 2.375 s]
[INFO] test-core .......................................... SUCCESS [ 3.929 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------Hasilna, versi nexus dimuat .
Sadaya vérsi snapshot tiasa dipiceun tina gudang dina situs handapeun akun anjeun.
Publikasi versi release
Nalika tag disetel, tugas anu saluyu dina proyék panyebaran otomatis dipicu pikeun unggah versi pelepasan ka Nexus ().
Bagian anu pangsaéna nyaéta sékrési nutup sacara otomatis micu dina nexus.
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------Sareng upami aya anu salah, maka tugasna bakal gagal
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------Hasilna, urang tinggaleun ngan hiji pilihan. Atawa pupus versi ieu atawa nyebarkeun.
Saatos dileupaskeun, saatos sababaraha waktos, artefak bakal aya
offtopic
Ieu wahyu ka abdi nu maven indexes repositories publik lianna.
Kuring kungsi unggah robots.txt sabab saestuna Repository heubeul kuring.
kacindekan
Naon anu urang gaduh
- Proyék panyebaran anu kapisah dimana anjeun tiasa ngalaksanakeun sababaraha tugas CI pikeun unggah artefak ka repositori umum pikeun sababaraha basa pangembangan.
- Proyék panyebaran diisolasi tina gangguan luar sareng ngan ukur tiasa dirobih ku pangguna anu ngagaduhan peran Pamilik sareng Pangurus.
- Runner spésifik anu misah sareng cache "panas" pikeun ngajalankeun ngan ukur nyebarkeun tugas.
- Publikasi vérsi snapshot/release dina gudang umum.
- Pariksa otomatis versi release pikeun kesiapan pikeun publikasi dina maven sentral.
- Perlindungan ngalawan publikasi otomatis tina versi "atah" dina maven sentral.
- Ngawangun sareng nyebarkeun versi snapshot "dina klik".
- Repositori tunggal pikeun kéngingkeun vérsi snapshot/release.
- Pipa umum pikeun ngawangun / nguji / nyebarkeun proyék java.
Nyetél GitLab CI sanés pajeulit topik sapertos anu sigana di glance kahiji. Cukup pikeun nyetél CI dina dasar turnkey sababaraha kali, sareng ayeuna anjeun jauh ti amatir dina masalah ieu. Leuwih ti éta, dokuméntasi GitLab pisan kaleuleuwihan. Tong sieun nyandak léngkah munggaran. Jalan némbongan handapeun undak-usuk jalma anu leumpang (kuring henteu émut saha anu nyariosna :)
Kuring bakal bungah eupan balik.
Dina artikel salajengna, kuring bakal nunjukkeun anjeun kumaha nyetél GitLab CI pikeun ngajalankeun tugas uji integrasi sacara kompetitif (ngajalankeun jasa uji sareng docker-compose) upami anjeun ngan ukur gaduh hiji cangkang runner.
sumber: www.habr.com