Makala haya yanalenga wasanidi wa java ambao wanahitaji kuchapisha bidhaa zao kwa haraka kwa sonatype na/au hazina kuu za maven kwa kutumia GitLab. Katika nakala hii, nitazungumza juu ya kusanidi gitlab-runner, gitlab-ci na maven-plugin kutatua shida hii.
Mahitaji:
- Hifadhi salama ya funguo za mvn na GPG.
- Utekelezaji salama wa majukumu ya CI ya umma.
- Inapakia vizalia vya programu (kutolewa/picha) kwenye hazina za umma.
- Angalia kiotomatiki matoleo ya kuchapishwa kwa maven central.
- Suluhisho la jumla la kupakia vizalia vya programu kwenye hifadhi ya miradi mingi.
- Urahisi na urahisi wa matumizi.
yaliyomo
Mkuu wa habari
- Maelezo ya kina ya utaratibu wa kuchapisha vizalia vya programu hadi Maven Central kupitia Huduma ya Upangishi wa Hifadhi ya Sonatype OSS tayari imefafanuliwa katika mtumiaji , kwa hivyo nitarejelea nakala hii katika sehemu zinazofaa.
- Jisajili mapema saa na anza tikiti ya kufungua hazina (kwa maelezo zaidi, soma sehemu hiyo ) Baada ya kufungua hazina, jozi ya kuingia/nenosiri ya JIRA (hapa inajulikana kama akaunti ya Sonatype) itatumika kupakia vizalia vya programu kwenye uhusiano wa Sonatype.
- Zaidi ya hayo, mchakato wa kutengeneza ufunguo wa GPG unaelezewa kwa ukavu sana. Tazama sehemu kwa maelezo zaidi.
- Ikiwa unatumia koni ya Linux kutengeneza kitufe cha GPG (gnupg/gnupg2), basi unahitaji kusakinisha. kutengeneza entropy. Vinginevyo, kizazi muhimu kinaweza kuchukua muda mrefu sana.
- Huduma za Uhifadhi umma Vifunguo vya GPG
Kuanzisha mradi wa kupeleka katika GitLab
- Awali ya yote, unahitaji kuunda na kusanidi mradi ambao bomba litahifadhiwa kwa ajili ya kupelekwa kwa mabaki. Niliita mradi wangu kwa urahisi na sio ngumu -
- Baada ya kuunda hazina, unahitaji kuzuia ufikiaji wa kubadilisha hazina.
Nenda kwa mradi -> Mipangilio -> Hifadhi -> Matawi Yanayolindwa. Tunafuta sheria zote na kuongeza sheria moja na Wildcard * yenye haki ya kusukuma na kuunganisha kwa watumiaji walio na jukumu la Wasimamizi pekee. Sheria hii itafanya kazi kwa watumiaji wote wa mradi huu na kikundi ambacho mradi huu unamiliki.
- Ikiwa kuna watunzaji kadhaa, basi suluhisho bora itakuwa kuzuia upatikanaji wa mradi kwa kanuni.
Nenda kwa mradi -> Mipangilio -> Jumla -> Mwonekano, huduma za mradi, ruhusa na uweke mwonekano wa Mradi kuwa Binafsi.
Nina mradi katika ufikiaji wa umma, kwani mimi hutumia GitLab Runner yangu na ni mimi pekee ninaweza kupata kurekebisha hazina. Kweli, sio kwa faida yangu kuonyesha habari za kibinafsi kwenye kumbukumbu za bomba za umma. - Kuimarisha sheria za kubadilisha hazina
Nenda kwa mradi -> Mipangilio -> Hifadhi -> Kanuni za Kushinikiza na uweke kizuizi cha Mtoa huduma wa bendera, Angalia ikiwa mwandishi ni mtumiaji wa GitLab. Ninapendekeza pia kuweka , na uweke bendera ya Kataa ambayo haijasainiwa. - Ifuatayo, unahitaji kusanidi kichochezi ili kuendesha kazi
Nenda kwa mradi -> Mipangilio -> CI / CD -> Vichochezi vya bomba na uunda ishara mpya ya kichochezi.
Ishara hii inaweza kuongezwa mara moja kwa usanidi wa jumla wa vigezo kwa kundi la miradi.
Nenda kwa kikundi -> Mipangilio -> CI / CD -> Vigezo na uongeze tofautiDEPLOY_TOKENna ishara ya kichochezi katika thamani.
Mkimbiaji wa GitLab
Sehemu hii inaelezea usanidi wa kuendesha kazi kwenye kusambaza kwa kutumia kikimbiaji asili (Maalum) na cha umma (Iliyoshirikiwa).
Mkimbiaji Maalum
Ninatumia wakimbiaji wangu mwenyewe, kwa sababu kwanza kabisa ni rahisi, haraka, nafuu.
Kwa mkimbiaji ninapendekeza Linux VDS yenye CPU 1, RAM ya GB 2, HDD ya GB 20. Bei ya toleo ~ 3000₽ kwa mwaka.
Mkimbiaji wangu
Kwa mkimbiaji nilichukua VDS 4 CPU, 4 GB RAM, 50 GB SSD. Iligharimu ~11000₽ na sikujuta kamwe.
Nina jumla ya mashine 7. 5 kwenye aruba na 2 kwenye ihor.
Kwa hivyo, tuna mkimbiaji. Sasa tutaiweka.
Tunaenda kwa mashine kupitia SSH na kusakinisha java, git, maven, gnupg2.
Inasakinisha kikimbiaji cha gitlab
- Unda kikundi kipya
runnersudo groupadd runner - Unda saraka ya kashe ya maven na upe haki za kikundi
runner
Unaweza kuruka hatua hii ikiwa huna mpango wa kukimbia wakimbiaji wengi kwenye mashine moja.mkdir -p /usr/cache/.m2/repository chown -R :runner /usr/cache chmod -R 770 /usr/cache - Unda mtumiaji
gitlab-deployerna ongeza kwenye kikundirunneruseradd -m -d /home/gitlab-deployer gitlab-deployer usermod -a -G runner gitlab-deployer - Ongeza kwenye faili
/etc/ssh/sshd_configmstari unaofuataAllowUsers root@* [email protected] - Washa upya
sshdsystemctl restart sshd - Weka nenosiri kwa mtumiaji
gitlab-deployer(inaweza kuwa rahisi, kwani kuna kizuizi kwa localhost)passwd gitlab-deployer - Sakinisha GitLab Runner (Linux x86-64)
sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner - Nenda kwa gitlab.com -> deploy-project -> Settings -> CI/CD -> Runners -> Specific Runners na unakili tokeni ya usajili.
Skrini
- Kusajili mwanariadha
gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml
mchakato
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!- Angalia ikiwa mkimbiaji amesajiliwa. Nenda kwa gitlab.com -> deploy-project -> Settings -> CI/CD -> Runners -> Specific Runners -> Runners iliyoamilishwa kwa mradi huu
Skrini
- Ongeza kujitenga huduma
/etc/systemd/system/gitlab-deployer.service[Unit] Description=GitLab Deploy Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/local/bin/gitlab-runner [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target - Tunaanza huduma.
systemctl enable gitlab-deployer.service systemctl start gitlab-deployer.service systemctl status gitlab-deployer.service - Angalia kuwa mkimbiaji anaendesha.
Mfano
Uzalishaji wa ufunguo wa GPG
-
Kutoka kwa mashine hiyo hiyo tunapitia ssh chini ya mtumiaji
gitlab-deployer(hii ni muhimu kwa utengenezaji wa ufunguo wa GPG)ssh [email protected] -
Tunatengeneza ufunguo kwa kujibu maswali. Nilitumia jina langu na barua pepe.
Hakikisha kutaja nenosiri kwa ufunguo. Vizalia vya programu vitatiwa saini kwa ufunguo huu.gpg --gen-key -
Angalia
gpg --list-keys -a /home/gitlab-deployer/.gnupg/pubring.gpg ---------------------------------------- pub 4096R/00000000 2019-04-19 uid Petruha Petrov <[email protected]> sub 4096R/11111111 2019-04-19 -
Inapakia ufunguo wetu wa umma kwa keyserver
gpg --keyserver keys.gnupg.net --send-key 00000000 gpg: sending key 00000000 to hkp server keys.gnupg.net
Mpangilio wa Maven
- Tunaenda chini ya mtumiaji
gitlab-deployersu gitlab-deployer - Unda saraka ya maven there na unganisha na kashe (usifanye makosa)
Hatua hii inaweza kuruka ikiwa huna mpango wa kukimbia wakimbiaji kadhaa kwenye mashine moja.mkdir -p ~/.m2/repository ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository - Unda ufunguo mkuu
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Unda faili ~/.m2/settings-security.xml
<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Inasimba nenosiri kutoka kwa akaunti ya Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Unda faili ~/.m2/settings.xml
<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>SONATYPE_USERNAME</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
wapi,
GPG_SECRET_KEY_PASSPHRASE - Nenosiri la ufunguo wa GPG
SONATYPE_USERNAME - kuingia kwa akaunti ya sonatype
Hii inakamilisha usanidi wa mkimbiaji, unaweza kuendelea na sehemu
Mkimbiaji Aliyeshirikiwa
Uzalishaji wa ufunguo wa GPG
-
Kwanza kabisa, unahitaji kuunda ufunguo wa GPG. Ili kufanya hivyo, sasisha gnupg.
yum install -y gnupg -
Tunatengeneza ufunguo kwa kujibu maswali. Nilitumia jina langu na barua pepe. Hakikisha kutaja nenosiri kwa ufunguo.
gpg --gen-key -
Rejesha habari muhimu
gpg --list-keys -a pub rsa3072 2019-04-24 [SC] [expires: 2021-04-23] 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 uid [ultimate] tttemp <[email protected]> sub rsa3072 2019-04-24 [E] [expires: none] -
Inapakia ufunguo wetu wa umma kwa keyserver
gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net -
Kupata ufunguo wa faragha
gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 -----BEGIN PGP PRIVATE KEY BLOCK----- lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5 ... =2Wd2 -----END PGP PRIVATE KEY BLOCK----- -
Nenda kwa mipangilio ya mradi -> Mipangilio -> CI / CD -> Vigezo na uhifadhi kitufe cha kibinafsi kwa kutofautisha.
GPG_SECRET_KEY
Mpangilio wa Maven
- Unda ufunguo mkuu
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Nenda kwa mipangilio ya mradi -> Mipangilio -> CI / CD -> Vigezo na uhifadhi kwa kutofautisha
SETTINGS_SECURITY_XMLmistari ifuatayo:<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Inasimba nenosiri kutoka kwa akaunti ya Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Nenda kwa mipangilio ya mradi -> Mipangilio -> CI / CD -> Vigezo na uhifadhi kwa kutofautisha
SETTINGS_XMLmistari ifuatayo:<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>sonatype_username</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
wapi,
GPG_SECRET_KEY_PASSPHRASE - Nenosiri la ufunguo wa GPG
SONATYPE_USERNAME - kuingia kwa akaunti ya sonatype
Tumia picha ya docker
-
Tunaunda faili rahisi ya Docker ili kutekeleza majukumu ya kusambaza na toleo linalohitajika la Java. Chini ni mfano wa alpine.
FROM java:8u111-jdk-alpine RUN apk add gnupg maven git --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && mkdir ~/.m2/ -
Kujenga chombo kwa ajili ya mradi wako
docker build -t registry.gitlab.com/group/deploy . -
Tunathibitisha na kupakia chombo kwenye Usajili.
docker login -u USER -p PASSWORD registry.gitlab.com docker push registry.gitlab.com/group/deploy
GitLab CI
Sambaza mradi
Ongeza faili .gitlab-ci.yml kwenye mzizi wa mradi wa kupeleka
Hati inawasilisha kazi mbili za kipekee za kusambaza. Mkimbiaji Maalum au Mkimbiaji Aliyeshirikiwa kwa mtiririko huo.
.gitlab-ci.yml
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# Задача будет выполняться на вашем shell-раннере
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# Задача будет выполняться на публичном docker-раннере
tags:
- docker
# Образ из раздела GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# Импортируем GPG ключ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# Сохраняем maven конфигурацию
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# Задача сработает по триггеру, если передана переменная DEPLOY со значением java
only:
variables:
- $DEPLOY == "java"
variables:
# отключаем клонирование текущего проекта
GIT_STRATEGY: none
script:
# Предоставляем возможность хранения пароля в незашифрованном виде
- git config --global credential.helper store
# Сохраняем временные креды пользователя gitlab-ci-token
# Токен работает для всех публичных проектов gitlab.com и для проектов группы
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# Полностью чистим текущую директорию
- rm -rf .* *
# Клонируем проект который, будем деплоить в Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# Переключаемся на нужный коммит
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
# В противном случае есть риск залить сырые артефакты в maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# Запускаем задачу на сборку и деплой артефактов
- mvn clean deploy -DskipTests=true
Mradi wa Java
Katika miradi ya java ambayo inapaswa kupakiwa kwenye hazina za umma, unahitaji kuongeza hatua 2 ili kupakua matoleo ya Toleo na Picha.
.gitlab-ci.yml
stages:
- build
- test
- verify
- deploy
<...>
Release:
extends: .trigger_deploy
# Запускать задачу только пo тегу.
only:
- tags
Snapshot:
extends: .trigger_deploy
# Запускаем задачу на публикацию SNAPSHOT версии вручную
when: manual
# Не запускать задачу, если проставлен тег.
except:
- tags
.trigger_deploy:
stage: deploy
variables:
# Отключаем клонирование текущего проекта
GIT_STRATEGY: none
# Ссылка на триггер deploy-задачи
URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
# Переменные deploy-задачи
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
# Не использую cURL, так как с флагами --fail --show-error
# он не выводит тело ответа, если HTTP код 400 и более
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}Katika suluhisho hili, nilienda mbele kidogo na niliamua kutumia kiolezo kimoja cha CI kwa miradi ya java.
Maelezo zaidi
Niliunda mradi tofauti ambamo aliweka kiolezo cha CI kwa miradi ya java .
kawaida.yml
stages:
- build
- test
- verify
- deploy
variables:
SONAR_ARGS: "
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
"
.build_java_project:
stage: build
tags:
- touchbit-shell
variables:
SKIP_TEST: "false"
script:
- mvn clean
- mvn package -DskipTests=${SKIP_TEST}
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.build_sphinx_doc:
stage: build
tags:
- touchbit-shell
variables:
DOCKERFILE: .indirect/docs/Dockerfile
script:
- docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .
.junit_module_test_run:
stage: test
tags:
- touchbit-shell
variables:
MODULE: ""
script:
- cd ${MODULE}
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.junit_test_run:
stage: test
tags:
- touchbit-shell
script:
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.sonar_review:
stage: verify
tags:
- touchbit-shell
dependencies: []
script:
- >
if [ "$CI_BUILD_REF_NAME" == "master" ]; then
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
else
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
fi
.trigger_deploy:
stage: deploy
tags:
- touchbit-shell
variables:
URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
.trigger_release_deploy:
extends: .trigger_deploy
only:
- tags
.trigger_snapshot_deploy:
extends: .trigger_deploy
when: manual
except:
- tags
Kwa hivyo, katika miradi ya java yenyewe, .gitlab-ci.yml inaonekana kama kifupi sana na si ya kitenzi.
.gitlab-ci.yml
include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml
Shields4J:
extends: .build_java_project
Sphinx doc:
extends: .build_sphinx_doc
variables:
DOCKERFILE: .docs/Dockerfile
Sonar review:
extends: .sonar_review
dependencies:
- Shields4J
Release:
extends: .trigger_release_deploy
Snapshot:
extends: .trigger_snapshot_deploy
usanidi wa pom.xml
Mada hii imeelezewa kwa kina sana. в , kwa hivyo nitaelezea baadhi ya nuances ya kutumia programu-jalizi. Pia nitaelezea jinsi unavyoweza kutumia kwa urahisi na kwa kawaida nexus-staging-maven-pluginikiwa hutaki au huwezi kutumia org.sonatype.oss:oss-parent kama mzazi wa mradi wako.
maven-install-plugin
Husakinisha moduli kwenye hazina ya ndani.
Muhimu sana kwa uthibitishaji wa ndani wa suluhisho katika miradi mingine, pamoja na ukaguzi.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- Если у вас многомодульный проект с деплоем родительского помика -->
<phase>install</phase>
<!-- Явно указываем файлы для локальной установки -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- Принудительное обновление метаданных проекта -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- Контрольные суммы для проверки целостности -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
programu-jalizi ya maven-javadoc
Inazalisha javadoc kwa mradi huo.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
<phase>prepare-package</phase>
<configuration>
<!-- Очень помогает в публичных проектах -->
<failOnError>true</failOnError>
<failOnWarnings>true</failOnWarnings>
<!-- Убирает ошибку поиска документации в target директории -->
<detectOfflineLinks>false</detectOfflineLinks>
</configuration>
</execution>
</executions>
</plugin>Ikiwa unayo moduli ambayo haina java (kwa mfano rasilimali tu)
Au hutaki kutoa javadoc kimsingi, basi kusaidia maven-jar-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>empty-javadoc-jar</id>
<phase>generate-resources</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>javadoc</classifier>
<classesDirectory>${basedir}/javadoc</classesDirectory>
</configuration>
</execution>
</executions>
</plugin>
programu-jalizi ya maven-gpg
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<!-- Сборка будет падать, если отсутствует GPG ключ -->
<!-- Подписываем артефакты только на фазе deploy -->
<phase>deploy</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
nexus-staging-maven-plugin
Usanidi:
<project>
<!-- ... -->
<build>
<plugins>
<!-- ... -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- Обновляем метаданные, чтобы пометить артефакт как release -->
<!-- Не влияет на snapshot версии -->
<updateReleaseInfo>true</updateReleaseInfo>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<!-- Отключаем плагин -->
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype</id>
<name>Nexus Snapshot Repository</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>Ikiwa una mradi wa moduli nyingi, na hauitaji kupakia moduli maalum kwenye hazina, basi unahitaji kuongeza kwenye pom.xml ya moduli hii nexus-staging-maven-plugin na bendera skipNexusStagingDeployMojo
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
</plugin>
</plugins>
</build>Baada ya kupakia matoleo ya muhtasari/toleo yanapatikana ndani
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- Не надо указывать флаги snapshot/release для репозитория -->
</repository>
</repositories>Faida zaidi
- Orodha tajiri sana ya malengo ya kufanya kazi na hazina ya uhusiano (
mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin). - Angalia kutolewa kiotomatiki kwa upakuaji katika maven central
Matokeo
Kuchapisha Toleo la SNAPSHOT
Wakati wa kujenga mradi, inawezekana kuanza kazi kwa mikono ili kupakua toleo la SNAPSHOT kwa nexus
Wakati kazi hii inapozinduliwa, kazi inayolingana katika mradi wa kupeleka inasababishwa ().
logi iliyopunguzwa
Running with gitlab-runner 11.10.0 (3001a600)
on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0 [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO] Updating project org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:client
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:test-core
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:testng
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:client
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO] * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [ 2.375 s]
[INFO] test-core .......................................... SUCCESS [ 3.929 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------Matokeo yake, toleo la nexus linapakiwa .
Matoleo yote ya muhtasari yanaweza kuondolewa kutoka kwa hazina kwenye tovuti chini ya akaunti yako.
Uchapishaji wa toleo la toleo
Lebo inapowekwa, kazi inayolingana katika mradi wa kusambaza inachochewa kiotomatiki kupakia toleo la toleo kwenye nexus ().
Sehemu bora ni kwamba kutolewa kwa karibu kunasababisha kiotomatiki kwenye nexus.
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------Na ikiwa kitu kilikwenda vibaya, basi kazi itashindwa
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------Matokeo yake, tumebakiwa na chaguo moja tu. Au futa toleo hili au uchapishe.
Baada ya kutolewa, baada ya muda, mabaki yatakuwa ndani
nje ya mada
Ilikuwa ufunuo kwangu kwamba maven inaashiria hazina zingine za umma.
Ilinibidi kupakia robots.txt kwa sababu iliorodhesha hazina yangu ya zamani.
Hitimisho
Tulicho nacho
- Mradi tofauti wa kupeleka ambao unaweza kutekeleza majukumu kadhaa ya CI kwa kupakia vizalia vya programu kwenye hazina za umma kwa lugha mbalimbali za maendeleo.
- Mradi wa usambazaji umetengwa kutokana na kuingiliwa na nje na unaweza kurekebishwa tu na watumiaji walio na majukumu ya Mmiliki na Msimamizi.
- Kikimbiaji Maalum kilicho na akiba "moto" ili kutekeleza majukumu ya kusambaza pekee.
- Uchapishaji wa matoleo ya muhtasari/toleo katika hazina ya umma.
- Angalia kiotomatiki toleo la toleo kwa utayari wa kuchapishwa katika maven central.
- Ulinzi dhidi ya uchapishaji otomatiki wa matoleo "mbichi" katikati mwa maven.
- Unda na uchapishe matoleo ya muhtasari "kwa kubofya".
- Hazina moja ya kupata matoleo ya muhtasari/toleo.
- Bomba la jumla la kujenga / kupima / kuchapisha mradi wa java.
Kusanidi GitLab CI sio mada ngumu kama inavyoonekana mwanzoni. Inatosha kusanidi CI kwa msingi wa turnkey mara kadhaa, na sasa uko mbali na amateur katika suala hili. Kwa kuongezea, nyaraka za GitLab ni za ziada sana. Usiogope kuchukua hatua ya kwanza. Barabara inaonekana chini ya hatua za mtu anayetembea (sikumbuki ni nani alisema :)
Nitafurahi kutoa maoni.
Katika makala inayofuata, nitakuonyesha jinsi ya kusanidi GitLab CI ili kuendesha kazi za mtihani wa ujumuishaji kwa ushindani (kuendesha huduma za majaribio na docker-compose) ikiwa una mkimbiaji mmoja tu.
Chanzo: mapenzi.com