Eli nqaku lenzelwe abaphuhlisi be-java abanesidingo sokupapasha ngokukhawuleza iimveliso zabo kwi-sonatype kunye/okanye iindawo zokugcina ezisembindini ze-maven usebenzisa i-GitLab. Kweli nqaku ndiza kuthetha ngokuseta i-gitlab-runner, i-gitlab-ci kunye ne-maven-plugin ukusombulula le ngxaki.
Izinto ezifunekayo kuqala:
- Ukugcinwa ngokukhuselekileyo kwemvn kunye nezitshixo zeGPG.
- Ukwenziwa ngokukhuselekileyo kwemisebenzi yeCI yoluntu.
- Ukulayisha izinto zakudala (ukukhutshwa/umfanekiso okhawulezayo) kwiindawo zokugcina zikawonke-wonke.
- Ukujonga ngokuzenzekelayo iinguqulelo ezikhutshwayo ukuze zipapashwe kumbindi we-maven.
- Isisombululo ngokubanzi sokulayisha izinto zakudala kwindawo yokugcina iiprojekthi ezininzi.
- Ukulula kunye nokulula ukusetyenziswa.
Iziqulatho
Ulwazi jikelele Ukuseta iprojekthi yokusasazwa kwi-GitLab Imbaleki yeGitLab IGitLab CI Uqwalaselo lwePom.xml Isiphumo isiphelo
Ulwazi jikelele
- Inkcazo eneenkcukacha yendlela yokupapasha izinto zakudala eMaven Central ngeSonatype OSS Repository Hosting Service sele ichaziwe
Oku kubhaliwe umsebenzisiI-Googolplex , ngoko ke ndiya kubhekisela kweli nqaku kwiindawo ezifanelekileyo. - Bhalisa kwangaphambili kwi
Sonatype JIRA kwaye uvule itikiti lokuvula indawo yokugcina (funda icandelo ngeenkcukacha ezithe vetsheYenza itikiti kwi-Sonatype JIRA ). Emva kokuvula indawo yokugcina, igama lokungena/legama lokugqitha elisuka kwi-JIRA (emva koku ekubhekiselwa kuyo njenge-akhawunti ye-Sonatype) iya kusetyenziselwa ukulayisha izinto zakudala kwi-Sonatype nexus. - Okulandelayo, inkqubo yokuvelisa isitshixo se-GPG ichazwa ngokomileyo kakhulu. Jonga icandelo ngeenkcukacha ezithe vetshe
Ukuqwalasela iGnuPG ukusayina izinto zakudala - Ukuba usebenzisa i Linux console ukwenza isitshixo se GPG (gnupg/gnupg2), ngoko kufuneka uyifake
zixhobo ukwenza i-entropy. Ngaphandle koko, ukuveliswa okuphambili kunokuthatha ixesha elide kakhulu. - Iinkonzo zokugcina uluntu GPG izitshixo
http://keys.gnupg.net http://pool.sks-keyservers.net http://keyserver.ubuntu.com
Ukuseta iprojekthi yokusasaza kwi-GitLab
- Okokuqala, kufuneka udale kwaye uqwalasele iprojekthi apho umbhobho uya kugcinwa ukuthunyelwa kwezinto zakudala. Ndiyibize iprojekthi yam ngokulula nangokungantsonkothanga-
ukuhambisa - Emva kokudala indawo yokugcina, kufuneka uthintele ukufikelela ekutshintsheni indawo yokugcina.
Yiya kwiprojekthi -> Useto -> Indawo yokugcina -> Amasebe aKhuselweyo. Sicima yonke imigaqo kwaye songeza umthetho omnye kunye ne-Wildcard * enelungelo lokutyhala kunye nokudibanisa kuphela kubasebenzisi abanendima yabaGcini. Lo mgaqo uya kusebenza kubo bonke abasebenzisi bayo bobabini le projekthi kunye neqela le projekthi.
- Ukuba kukho abagcini abaninzi, ke esona sisombululo siya kuba kukukhawulela ukufikelela kwiprojekthi ngokomgaqo.
Yiya kwiprojekthi-> Useto-> Ngokubanzi-> Ukubonakala, iimpawu zeprojekthi, iimvume kunye nokuseta ukubonakala kweProjekthi lwaBucala.
Ndineprojekthi efikelelekayo esidlangalaleni, kuba ndisebenzisa eyam i-GitLab Runner kwaye kuphela ndinokufikelela ekutshintsheni indawo yokugcina. Ewe, eneneni, akukho mdla wam ukubonisa ulwazi lwabucala kwiilogi zemibhobho yoluntu. - Ukuqinisa imithetho yokutshintsha indawo yokugcina
Yiya kwiprojekthi -> Useto -> Indawo yokugcina -> Push Rules kwaye usete uthintelo lweCommitter, Jonga ukuba ngaba umbhali ziiflegi zomsebenzisi weGitLab. Ndikwacebisa ukusetazibophelele utyikityo , kwaye usete iflegi ye Yala engatyikitywanga. - Okulandelayo kufuneka uqwalasele i-trigger ukuqalisa imisebenzi
Yiya kwiprojekthi -> Useto -> CI / CD -> Izitshizi zePipeline kwaye wenze ithokheni entsha yokuqalisa
Lo mqondiso unokongezwa ngokukhawuleza kuqwalaselo oluqhelekileyo lwezinto eziguquguqukayo kwiqela leeprojekthi.
Yiya kwiqela -> Useto -> CI / CD -> Iiguquguquko kwaye wongeze utshintshoDEPLOY_TOKEN
ngophawu lokuqalisa ngexabiso.
Imbaleki yeGitLab
Eli candelo lichaza uqwalaselo lokwenziwa kwemisebenzi ekusetyenzisweni usebenzisa eyakho (Eyodwa) kunye neyoluntu (Kwabelwana ngayo) imbaleki.
Imbaleki ethile
Ndisebenzisa iimbaleki zam kuba, okokuqala, ilungile, iyakhawuleza, kwaye inexabiso eliphantsi.
Kumbaleki, ndincoma i-Linux VDS ene-1 CPU, i-2 GB RAM, i-20 GB HDD. Ixabiso lomba yi ~3000₽ ngonyaka.
Imbaleki yam
Kubambaleki ndathatha VDS 4 CPU, 4 GB RAM, 50 GB SSD. Iindleko ~ 11000₽ kwaye andizange ndizisole.
Ndinoomatshini abasi-7 bebonke. 5 kwi-aruba kunye ne-2 kwi-ihor.
Ngoko sinembaleki. Ngoku siza kuyiqwalasela.
Siya kumatshini nge-SSH kwaye sifake i-java, i-git, i-maven, i-gnupg2.
Ukufakela umgijimi wegitlab
- Yenza iqela elitsha
runner
sudo groupadd runner
- Yenza uvimba weefayili we-maven cache kwaye unike iimvume zeqela
runner
Ungayitsiba le ngongoma ukuba awucwangcisi ukuqhuba iimbaleki ezininzi kumatshini omnye.mkdir -p /usr/cache/.m2/repository chown -R :runner /usr/cache chmod -R 770 /usr/cache
- Yenza umsebenzisi
gitlab-deployer
kwaye wongeze kwiqelarunner
useradd -m -d /home/gitlab-deployer gitlab-deployer usermod -a -G runner gitlab-deployer
- Yongeza kwifayile
/etc/ssh/sshd_config
umgca olandelayoAllowUsers root@* [email protected]
- Qalisa kwakhona
sshd
systemctl restart sshd
- Ukuseta igama lokugqithisa lomsebenzisi
gitlab-deployer
(inokuba lula, kuba kukho uthintelo kwinginginya yendawo)passwd gitlab-deployer
- Faka i-GitLab Runner (Linux x86-64)
sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner
- Yiya kwiwebhusayithi gitlab.com -> deploy-project -> Useto -> CI/CD -> Abagijimi -> Ababaleki abathile kwaye ukope ithokheni yokubhalisa
Ikhusi
- Ukubhalisa imbaleki
gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml
Inkqubo
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
- Sijonga ukuba imbaleki ibhalisiwe. Yiya kwiwebhusayithi gitlab.com -> deploy-project -> Useto -> CI/CD -> Iimbaleki -> Iimbaleki ezithile -> Iimbaleki zisebenze kule projekthi
Ikhusi
- Yongeza hlukanisa inkonzo
/etc/systemd/system/gitlab-deployer.service
[Unit] Description=GitLab Deploy Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/local/bin/gitlab-runner [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target
- Masiqale inkonzo.
systemctl enable gitlab-deployer.service systemctl start gitlab-deployer.service systemctl status gitlab-deployer.service
- Sijonga ukuba imbaleki iyasebenza.
Umzekelo:
Ukuvelisa amaqhosha e-GPG
-
Ukusuka kumatshini ofanayo singena nge-ssh phantsi komsebenzisi
gitlab-deployer
(oku kubalulekile ekuveliseni isitshixo se-GPG)ssh [email protected]
-
Senza isitshixo ngokuphendula imibuzo. Ndisebenzise igama lam kunye ne-imeyile.
Qinisekisa ukuba ukhankanya igama lokugqitha leqhosha. I-Artifacts iya kusayinwa ngeli qhosha.gpg --gen-key
-
Jonga
gpg --list-keys -a /home/gitlab-deployer/.gnupg/pubring.gpg ---------------------------------------- pub 4096R/00000000 2019-04-19 uid Petruha Petrov <[email protected]> sub 4096R/11111111 2019-04-19
-
Ukulayisha isitshixo sethu sikawonke-wonke kwiseva engundoqo
gpg --keyserver keys.gnupg.net --send-key 00000000 gpg: sending key 00000000 to hkp server keys.gnupg.net
Ukumisela iMaven
- Ngena njengomsebenzisi
gitlab-deployer
su gitlab-deployer
- Yenza uluhlu lwe-maven yokugcina kunye nekhonkco kwi-cache (musa impazamo)
Ungayitsiba le ngongoma ukuba awucwangcisi ukuqhuba iimbaleki ezininzi kumatshini omnye.mkdir -p ~/.m2/repository ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository
- Yenza iqhosha eliphambili
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}
- Yenza ifayile ~/.m2/settings-security.xml
<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity>
- Uguqulela ngokuntsonkothileyo igama lokugqitha le akhawunti ye Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}
- Yenza ifayile ~/.m2/settings.xml
<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>SONATYPE_USERNAME</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
phi,
GPG_SECRET_KEY_PASSPHRASE - igama lokugqitha leqhosha le GPG
SONATYPE_USERNAME - ukungena kwiakhawunti ye-sonatype
Oku kugqiba ukuseta kwembaleki, ungaqhubekeka kwicandelo
Imbaleki ekwabelwanayo ngayo
Ukuvelisa amaqhosha e-GPG
-
Okokuqala, kufuneka wenze iqhosha le-GPG. Ukwenza oku, faka i-gnupg.
yum install -y gnupg
-
Senza isitshixo ngokuphendula imibuzo. Ndisebenzise igama lam kunye ne-imeyile. Qinisekisa ukuba ukhankanya igama eligqithisiweyo leqhosha.
gpg --gen-key
-
Ukubonisa ulwazi kwiqhosha
gpg --list-keys -a pub rsa3072 2019-04-24 [SC] [expires: 2021-04-23] 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 uid [ultimate] tttemp <[email protected]> sub rsa3072 2019-04-24 [E] [expires: none]
-
Ukulayisha isitshixo sethu sikawonke-wonke kwiseva engundoqo
gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net
-
Sifumana isitshixo sabucala
gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 -----BEGIN PGP PRIVATE KEY BLOCK----- lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5 ... =2Wd2 -----END PGP PRIVATE KEY BLOCK-----
-
Yiya kuseto lweprojekthi -> Useto -> CI / CD -> Izinto eziguquguqukayo kwaye ugcine isitshixo sabucala kwinto eguquguqukayo.
GPG_SECRET_KEY
Ukumisela iMaven
- Yenza iqhosha eliphambili
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}
- Yiya kuseto lweprojekthi -> Useto -> CI / CD -> Iiguquguquko kwaye ugcine kwinto eguquguqukayo
SETTINGS_SECURITY_XML
le migca ilandelayo:<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity>
- Uguqulela ngokuntsonkothileyo igama lokugqitha le akhawunti ye Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}
- Yiya kuseto lweprojekthi -> Useto -> CI / CD -> Iiguquguquko kwaye ugcine kwinto eguquguqukayo
SETTINGS_XML
le migca ilandelayo:<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>sonatype_username</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
phi,
GPG_SECRET_KEY_PASSPHRASE - igama lokugqitha leqhosha le GPG
SONATYPE_USERNAME - ukungena kwiakhawunti ye-sonatype
Beka umfanekiso wedocker
-
Senza i-Dockerfile elula ngokufanelekileyo ukuqhuba imisebenzi yokusasaza ngoguqulelo olufunekayo lweJava. Ngezantsi ngumzekelo we-alpine.
FROM java:8u111-jdk-alpine RUN apk add gnupg maven git --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && mkdir ~/.m2/
-
Ukudibanisa isitya seprojekthi yakho
docker build -t registry.gitlab.com/group/deploy .
-
Siqinisekisa kwaye silayishe isitya kwirejista.
docker login -u USER -p PASSWORD registry.gitlab.com docker push registry.gitlab.com/group/deploy
IGitLab CI
Ukusasaza iprojekthi
Yongeza ifayile ye-.gitlab-ci.yml kwingcambu yeprojekthi yokusasaza
Isikripthi sinikezela ngemisebenzi emibini edibeneyo yokusasazwa. Imbaleki ethile okanye uMbaleki eKwabelwana ngawo ngokulandelelana.
.gitlab-ci.yml
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# Задача будет выполняться на вашем shell-раннере
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# Задача будет выполняться на публичном docker-раннере
tags:
- docker
# Образ из раздела GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# Импортируем GPG ключ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# Сохраняем maven конфигурацию
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# Задача сработает по триггеру, если передана переменная DEPLOY со значением java
only:
variables:
- $DEPLOY == "java"
variables:
# отключаем клонирование текущего проекта
GIT_STRATEGY: none
script:
# Предоставляем возможность хранения пароля в незашифрованном виде
- git config --global credential.helper store
# Сохраняем временные креды пользователя gitlab-ci-token
# Токен работает для всех публичных проектов gitlab.com и для проектов группы
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# Полностью чистим текущую директорию
- rm -rf .* *
# Клонируем проект который, будем деплоить в Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# Переключаемся на нужный коммит
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
# В противном случае есть риск залить сырые артефакты в maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# Запускаем задачу на сборку и деплой артефактов
- mvn clean deploy -DskipTests=true
Iprojekthi yeJava
Kwiiprojekthi ze-java ekumele ukuba zilayishwe kwiindawo zokugcina zikawonke-wonke, kufuneka udibanise amanyathelo ama-2 ukukhuphela uKhupho kunye neenguqulelo ze-Snapshot.
.gitlab-ci.yml
stages:
- build
- test
- verify
- deploy
<...>
Release:
extends: .trigger_deploy
# Запускать задачу только пo тегу.
only:
- tags
Snapshot:
extends: .trigger_deploy
# Запускаем задачу на публикацию SNAPSHOT версии вручную
when: manual
# Не запускать задачу, если проставлен тег.
except:
- tags
.trigger_deploy:
stage: deploy
variables:
# Отключаем клонирование текущего проекта
GIT_STRATEGY: none
# Ссылка на триггер deploy-задачи
URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
# Переменные deploy-задачи
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
# Не использую cURL, так как с флагами --fail --show-error
# он не выводит тело ответа, если HTTP код 400 и более
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
Kwesi sisombululo, ndiye ndahamba kancinci kwaye ndagqiba ekubeni ndisebenzise itemplate enye yeCI yeeprojekthi zejava.
Iinkcukacha ezingakumbi
Ndenze iprojekthi eyahlukileyo
eqhelekileyo.yml
stages:
- build
- test
- verify
- deploy
variables:
SONAR_ARGS: "
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
"
.build_java_project:
stage: build
tags:
- touchbit-shell
variables:
SKIP_TEST: "false"
script:
- mvn clean
- mvn package -DskipTests=${SKIP_TEST}
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.build_sphinx_doc:
stage: build
tags:
- touchbit-shell
variables:
DOCKERFILE: .indirect/docs/Dockerfile
script:
- docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .
.junit_module_test_run:
stage: test
tags:
- touchbit-shell
variables:
MODULE: ""
script:
- cd ${MODULE}
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.junit_test_run:
stage: test
tags:
- touchbit-shell
script:
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.sonar_review:
stage: verify
tags:
- touchbit-shell
dependencies: []
script:
- >
if [ "$CI_BUILD_REF_NAME" == "master" ]; then
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
else
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
fi
.trigger_deploy:
stage: deploy
tags:
- touchbit-shell
variables:
URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
.trigger_release_deploy:
extends: .trigger_deploy
only:
- tags
.trigger_snapshot_deploy:
extends: .trigger_deploy
when: manual
except:
- tags
Ngenxa yoko, kwiiprojekthi ze-java ngokwazo, i-.gitlab-ci.yml ibonakala ihlangene kwaye ingabi namazwi
.gitlab-ci.yml
include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml
Shields4J:
extends: .build_java_project
Sphinx doc:
extends: .build_sphinx_doc
variables:
DOCKERFILE: .docs/Dockerfile
Sonar review:
extends: .sonar_review
dependencies:
- Shields4J
Release:
extends: .trigger_release_deploy
Snapshot:
extends: .trigger_snapshot_deploy
Uqwalaselo lwePom.xml
Lo mxholo uchazwe ngokweenkcukacha ezinkulu. nexus-staging-maven-plugin
ukuba awufuni okanye awukwazi ukusebenzisa i-org.sonatype.oss:oss-umzali njengomzali kwiprojekthi yakho.
maven-fake-plugin
Ifakela iimodyuli kwindawo yokugcina.
Iluncedo kakhulu ekuqinisekisweni kwendawo yezisombululo kwezinye iiprojekthi, kunye ne-checksum.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- Если у вас многомодульный проект с деплоем родительского помика -->
<phase>install</phase>
<!-- Явно указываем файлы для локальной установки -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- Принудительное обновление метаданных проекта -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- Контрольные суммы для проверки целостности -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
maven-javadoc-plugin
Ukuvelisa i-javadoc yeprojekthi.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
<phase>prepare-package</phase>
<configuration>
<!-- Очень помогает в публичных проектах -->
<failOnError>true</failOnError>
<failOnWarnings>true</failOnWarnings>
<!-- Убирает ошибку поиска документации в target директории -->
<detectOfflineLinks>false</detectOfflineLinks>
</configuration>
</execution>
</executions>
</plugin>
Ukuba unemodyuli engaqulathanga java (umzekelo izibonelelo kuphela)
Okanye awufuni ukwenza i-javadoc ngokomgaqo, emva koko uncede maven-jar-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>empty-javadoc-jar</id>
<phase>generate-resources</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>javadoc</classifier>
<classesDirectory>${basedir}/javadoc</classesDirectory>
</configuration>
</execution>
</executions>
</plugin>
maven-gpg-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<!-- Сборка будет падать, если отсутствует GPG ключ -->
<!-- Подписываем артефакты только на фазе deploy -->
<phase>deploy</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
I-nexus-staging-maven-plugin
Ubumbeko:
<project>
<!-- ... -->
<build>
<plugins>
<!-- ... -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- Обновляем метаданные, чтобы пометить артефакт как release -->
<!-- Не влияет на snapshot версии -->
<updateReleaseInfo>true</updateReleaseInfo>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<!-- Отключаем плагин -->
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype</id>
<name>Nexus Snapshot Repository</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>
Ukuba uneprojekthi yeemodyuli ezininzi kwaye awudingi kulayisha imodyuli ethile kwindawo yokugcina, kufuneka udibanise nexus-staging-maven-plugin
ngeflegi skipNexusStagingDeployMojo
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
</plugin>
</plugins>
</build>
Emva kokukhuphela, iinguqulelo ze-snapshot/ukukhupha ziyafumaneka
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- Не надо указывать флаги snapshot/release для репозитория -->
</repository>
</repositories>
Iinzuzo ezingakumbi
- Uluhlu olutyebileyo kakhulu lweenjongo zokusebenza kunye novimba we-nexus (
mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin
). - Itshekhi yokukhupha ngokuzenzekelayo ukuze ifakwe kwi-maven central
Isiphumo
Ukupapasha inguqulelo yeSNAPSHOT
Xa usakha iprojekthi, kunokwenzeka ukuba uqalise umsebenzi ngokukhuphela i-SNAPSHOT version kwi-nexus
Xa lo msebenzi uqaliswa, umsebenzi ohambelanayo kwiprojekthi yokusasaza uyaqhutywa (
Ilog elungisiweyo
Running with gitlab-runner 11.10.0 (3001a600)
on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0 [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO] Updating project org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:client
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:test-core
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:testng
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:client
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO] * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [ 2.375 s]
[INFO] test-core .......................................... SUCCESS [ 3.929 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------
Ngenxa yoko, inguqulelo ilayishwe kwi-nexus
Zonke iinguqulelo zesnapshot zinokucinywa kwindawo yokugcina kwiwebhusayithi
Ukupapasha inguqulelo yokukhululwa
Xa ithegi ifakiwe, umsebenzi ohambelanayo kwiprojekthi yokusasaza uyavuswa ngokuzenzekelayo ukukhuphela uguqulelo lokukhululwa kwi-nexus (
Elona candelo lihle kukuba ukukhululwa okusondeleyo kubangelwa ngokuzenzekelayo kwi-nexus.
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------
Kwaye ukuba kukho into engahambi kakuhle, umsebenzi uya kusilela ngokuqinisekileyo
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
Ngenxa yoko, sisele sinokhetho olunye kuphela. Lucime olu guqulelo okanye ulupapashe.
Emva kokukhululwa, emva kwexesha elithile i-artifacts iya kungena
ngaphandle kwesihloko
Yayikukufumanisa kum ukuba i-maven izalathisa ezinye iindawo zokugcina zikawonke-wonke.
Kuye kwafuneka ndongeze i-robots.txt kuba ibonise indawo yam endala.
isiphelo
Into esinayo
- Iprojekthi eyahlukileyo yokusasaza apho unokuphumeza imisebenzi emininzi yeCI yokufaka izinto zakudala kwiindawo zokugcina zikawonke-wonke kwiilwimi ezahlukeneyo zophuhliso.
- Iprojekthi yokusasaza ibekwe yodwa kuphazamiso lwangaphandle kwaye inokutshintshwa kuphela ngabasebenzisi abanoMnini kunye neendima zoMgcini.
- Отдельный Specific Runner с "горячим" кэшем для запуска только deploy задач.
- Ukupapasha umfanekiso okhawulezayo/ukukhutshwa kweenguqulelo kwindawo yokugcina uluntu.
- Ukukhangela okuzenzekelayo koguqulelo lokukhululwa ukulungela ukupapashwa kumbindi we-maven.
- Защита от автоматической публикации "сырых" версий в maven central.
- Сборка и публикация snapshot версий "по клику".
- Uvimba omnye wokufumana umfanekiso okhawulezayo/ukhuphe iinguqulelo.
- Umbhobho jikelele wokwakha/ukuvavanya/upapasho lweprojekthi ye-java.
Настройка GitLab CI не такая сложная тема как кажется на первый взгляд. Достаточно пару раз настроить CI "под ключ" и вот, ты уже далеко не дилетант в этом деле. Тем более GitLab документация весьма избыточна. Не бойтесь делать первый шаг. Дорога возникает под шагами идущего (не помню кто сказал 🙂 ).
Ndingavuya ukufumana impendulo.
Kwinqaku elilandelayo ndiza kuthetha malunga nendlela yokuqwalasela i-GitLab CI ukuqhuba imisebenzi kunye novavanyo lokudibanisa ngokhuphiswano (ukuqhuba iinkonzo phantsi kovavanyo usebenzisa i-docker-compose) ukuba unembaleki enye kuphela.
umthombo: www.habr.com