×ער ×֡ר×××§× ××× ×××˘× ×¤Öż×֡ר ×'××× ×ע××ע××ָפ֟ערץ ×××ָץ ××Öˇ×¨×¤Öż× ×Ś× ×ע׊×××× × ×֡ר××ץ×ע×× ×××ער פ֟ר×Ö¸××ק×× ×Ś× ×Ą×Ö¸× ×Öˇ××פ֟ע ××× / ×Ö¸×ער ××Öˇ×××˘× ××××¤× ×¨×פ֟×Öˇ××Öˇ××ָר×× × ××Ś× GitLab. ××× ××˘× ×֡ר××ק×, ××× ×××˘× ×¨×˘×× ××ע×× ××֡׊×ע×××§× ×××××Öˇ×-ר×Öˇ× ×˘×¨, ×××××Öˇ×-×Ą× ××× ××Öˇ××ע×-פ֟××××× ×Ś× ×Ą×Ö¸×××ע ××˘× ×¤Öź×¨×Ö¸××ע×.
פ֟ר×רעק×××Öˇ××֡׼:
- ×××ער ץ××ָר×××׊ פ×× mvn ××× GPG ׊××ץ×ע×.
- ×××ער ××ר×פ×ר×× × ×¤×× ×Ś×××ר ×Ą× ××֡ץקץ.
- ×פ֟××Ö¸×Öˇ××× × ×֡ר××֡פ×֡ק׼ (×ע×××× × / ××Ö¸××˘× ×××××) ×Ś× ×Ś×××ר ר×פ֟×Öˇ××Öˇ××ָר××.
- ×Ö¸××Öˇ××Öˇ××ק ×׊עק פ×× ×ע×××× × ××ערץ×עץ פֿ×֡ר ×ר××ץ×ע×× ××× ××Öˇ×××˘× ×Ą×˘× ×ר×Öˇ×.
- × ××˘× ×˘×¨×Öˇ× ×××××× × ×¤Öż×֡ר ×פ֟××Ö¸×Öˇ××× × ×֡ר××֡פ×֡ק׼ ×Ś× ×Öˇ ר×פ֟×Öˇ××Öˇ××Ö¸×¨× ×¤Öż×֡ר ק×××¤× ×¤Öź×¨×Öˇ××׊עקץ.
- פ֟×֡׊×עץ ××× ×× ×¤×× × ×׌×.
׌×פר×××
×Öˇ××ע×××× ×˘ ××× ×¤Öż×ָר××֡׌×ע ××֡׊×ע×××§× ×Öˇ ׌ע×××ק××˘× ×¤Öź×¨×××˘×§× ××× GitLab GitLab Runner ×××××Öˇ× ×Ą× ×¤Öź×Ö¸×.קץ×× ×§×Öˇ× ×¤×××ער××׊×Öˇ× ××Öˇ××עץ ץ×ָף
×Öˇ××ע×××× ×˘ ××× ×¤Öż×ָר××֡׌×ע
- × ××××××× ××֡׊ר××Öˇ××× × ×¤×× ×× ×עק×Öˇ× ×××Öˇ× ×¤Öż×֡ר ×ר××ץ×ע×× ×֡ר××֡פ×֡ק׼ ×Ś× Maven Central ×××¨× ×× Sonatype OSS ר×פ֟×Öˇ××Öˇ××Ö¸×¨× ××ָץ××× × ×Ą×˘×¨×××ץ ××× ×Š××× ××ץקר×××× ×××
×× ×ר×××§× ××Öˇ× ×׌ער××Ö¸×Ö¸××Ö¸×פ֟×עקץ , ×Öˇ××× ××× ×××˘× ×ָפ֟׊××§× ×Ś× ××˘× ×֡ר×××§× ××× ×× ×¨×˘×× ×˘×¨×ער. - פ×֡ר-רע××ץ×ר××¨× ×××Öˇ
ץ×Ö¸× ×Öˇ××פ֟ע JIRA ××× ×Ö¸× ×××× ×Öˇ ××××˘× ×Ś× ×˘×¤Öż×˘× ×˘× ×× ×¨×פ֟×Öˇ××Öˇ××Ö¸×¨× (פֿ×֡ר ×ער ×ע××Öˇ××ץ, ××××˘× ×˘× ××˘× ×ָפ֟×××××× ×׊×Öˇ×¤Öż× ×Öˇ Sonatype JIRA ××××˘× ). × ×Ö¸× ×˘×¤× ×× ×¨×פ֟×Öˇ××Öˇ××ָר×, ×× JIRA ××Ö¸××× / פ֟×֡ר×Ö¸× ×¤Öź×ָר (××˘×¨× ×Ö¸× ×¨××¤×˘×¨× ×Ś× ××× ×× ×Ą×Ö¸× ×Öˇ××פ֟ע ×׊×××) ×××˘× ×××× ×ע××××× × ×Ś× ×Ś×פֿע××קער ×֡ר××֡פ×֡ק׼ ×Ś× ×× ×Ą×Ö¸× ×Öˇ××פ֟ע × ×˘×§×Ą×ץ. - ×ער פ֟ר×ָ׌עץ פ×× ×××Š×˘× ×˘×¨××××× × ×Öˇ GPG ׊×××Ą× ××× ×××ער ×ר×××× ××ץקר××××. ××˘× ×× ×ָפ֟×××××× × ×¤Öż×֡ר ×ער ×ע××Öˇ××ץ.
ק×Öˇ× ×¤×××ער GnuPG ×Ś× ×Ś×××× ×֡ר××֡פ×֡ק׼ - ×××× ××ר × ××Ś× ×× ××× ×קץ ק×Öˇ× ×Ą×Ö¸×× ×Ś× ×××Š×˘× ×˘×¨××× ×Öˇ GPG ׊×××Ą× (gnupg/gnupg2), ××ר ××Öˇ×¨×¤Öż× ×Ś× ×× ×Ą××Öˇ××ר×
×¨× ×-××׊×ר×× ×Ś× ×¤Öź×¨×Ö¸××׌××¨× ×˘× ×ר×ָפ֟×. ×Öˇ× ×ער׊, ׊×××Ą× ××ר ×§×˘× ×˘× × ×˘××˘× ×Öˇ ×××ער ××Öˇ× × ×Ś×××. - ץ××ָר×××׊ ××Öˇ××× ×× ××˘× ×˘×¤× ×××˘× ××¤Öź× ×Š××ץ×ע×
http://keys.gnupg.net http://pool.sks-keyservers.net http://keyserver.ubuntu.com
××֡׊×ע×××§× ×Öˇ ׌ע×××ק××˘× ×¤Öź×¨×××˘×§× ××× GitLab
- ער׊×ער פ×× ×Öˇ×ע, ××ר ××Öˇ×¨×¤Öż× ×Ś× ×Š×Öˇ×¤Öż× ××× ×§×Öˇ× ×¤×××ער ×Öˇ פ֟ר×××˘×§× ××× ×××ָץ ×× ×¨×˘×¨× - ××× ×ע ×××˘× ×××× ×Ą××Ö¸×¨× ×¤Öż×֡ר ×× ××פ֟×××××Öˇ× × ×¤×× ×֡ר××֡פ×֡ק׼. ××× ×ער××¤× ×××× ×¤Öź×¨×××˘×§× ×¤×Š×× ××× ×Öˇ× ×§×Öˇ×פ֟××֡ק××××× -
׌ע×××ק××˘× - × ×Ö¸× ×§×¨×××××× × ×× ×¨×פ֟×Öˇ××Öˇ××ָר×, ××ר ××Öˇ×¨×¤Öż× ×Ś× ××Öˇ××¨×˘× ×˘×Ś× ×֡קץעץ ×Ś× ××××Š× ×× ×¨×פ֟×Öˇ××Öˇ××ָר×.
×××× ×Ś× ×× ×¤Öź×¨×××˘×§× -> ץע×××× ×ץ -> ר×פ֟×Öˇ××Öˇ××Ö¸×¨× -> פ֟ר×Ö¸×עק××˘× ×ר×Öˇ× ×׊עץ. ××ר ××ץ××˘×§× ×Öˇ×ע ×Öź×××× ××× ××××× ×Öˇ ×××× ××˘×¨×Š× ××× ×××××ק×Öˇ×¨× * ××× ×× ×¨×˘×× ×Ś× ×Š×××¤Öź× ××× ×Ś×× ××פ×××Ą× ××××× ×¤Öż×֡ר × ×׌ערץ ××× ×× ××Öˇ×× ××Öˇ×× ×˘×¨ ר×Ö¸×ע. ×ער ××˘×¨×Š× ×××˘× ×֡ר×ע×× ×¤Öż×֡ר ×Öˇ×ע ××××˘×¨× ×¤×× ××××ע ××˘× ×¤Öź×¨×××˘×§× ××× ×× ×ר×פ֟ע ×Ś× ×××ָץ ×× ×¤Öź×¨×××˘×§× ×ע×ער×.
- ×××× ×˘×Ą ××˘× ×˘× ×˘××ע×ע ××Öˇ×× ×ער×××ער×, ×ער ×עץ×ער ×××××× × ××× ×Ś× ××Öˇ××¨×˘× ×˘×Ś× ×֡קץעץ ×Ś× ×× ×¤Öź×¨×××˘×§× ××× ×¤Öź×¨×× ×Ś×פ֟.
×××× ×Ś× ×× ×¤Öź×¨×××˘×§× -> ץע×××× ×ץ -> ×Öˇ××ע×××× ×˘ -> ×××××Öˇ××××××, פ֟ר×××˘×§× ×¤Öż×˘×ִק××××, פ֟ער××׊×Öˇ× × ××× ×Š×ע×× ×¤Öź×¨×Ö¸××˘×§× ×××××Öˇ×××××× ×Ś× ×¤Öź×¨××××Öˇ×.
××× ××Ö¸×× ×Öˇ פ֟ר×××˘×§× ××× ×Ś×××ר ×֡קץעץ, ××××Öˇ× ××× × ××Ś× ×××× ×××××˘× ×˘ GitLab Runner ××× ××××× ××× ××Ö¸×× ×֡קץעץ ×Ś× ××Ö¸××פ×׌××¨× ×× ×¨×פ֟×Öˇ××Öˇ××ָר×. × ×, עץ ××× × ××Š× ××× ×××× ××× ××˘×¨×˘×Ą× ×Ś× ××××Öˇ×× ×¤Öź×¨××××Öˇ× ××× ×¤Öż×ָר××֡׌×ע ××× ×Ś×××ר ×¨×˘×¨× - ××× ×ע ××Ö¸×ץ. - ××××× ×× × ×× ×Öź×××× ×¤Öż×֡ר ×׊×Öˇ× ××× × ×× ×¨×פ֟×Öˇ××Öˇ××ָר×
×××× ×Ś× ×× ×¤Öź×¨×××˘×§× -> ץע×××× ×ץ -> ר×פ֟×Öˇ××Öˇ××Ö¸×¨× -> פ֟×׊ ×Öź×××× ××× ×Š×ע×× ×× ×¤××Öˇ×ץ ק×Öˇ×××ער ר×ץ×ר×ק׊×Öˇ×, ק×ק ×Ś× ×ער ×××ר ××× ×Öˇ ×××××Öˇ× ××Öˇ× ×׌ער. ××× ×××× ×¨×˘×§×Ö¸××˘× ×××¨× ××֡׊×ע××ק××××˘× ×Ą××× ×× × , ××× ×Š×ע×× ×× ×ָפ֟×××Öˇ×¨×¤× ×Öˇ× ×Ą××× × ×§×Öˇ××׼ פ×Ö¸×. - ××××Öˇ×ער, ××ר ××Öˇ×¨×¤Öż× ×Ś× ×§×Öˇ× ×¤×××ער ×Öˇ ׌×× ×× ×Ś× ××××¤× ××֡ץקץ
×××× ×Ś× ×¤Öź×¨×××˘×§× -> ץע×××× ×ץ -> ×Ą× / ×Ą× -> ×¨×˘×¨× - ××× ×ע ×ר×××˘×¨× ××× ×Š×Öˇ×¤Öż× ×Öˇ × ××Öˇ ׌×× ××-ץ××ע×
××˘× ×Ą×××˘× ×§×˘× ×˘× ×××× ××××× ××ץ×ף ×Ś× ×× ×Öˇ××ע×××× ×˘ ק×Öˇ× ×¤×××ער××׊×Öˇ× ×¤×× ××ער××Öˇ××Öˇ×× ×¤Öż×֡ר ×Öˇ ×ר×פ֟ע פ×× ââפ֟ר×Öˇ××׊עקץ.
×××× ×Ś× ×× ×ר×פ֟ע -> ץע×××× ×ץ -> ×Ą× / ×Ą× -> ××ער××Öˇ××Öˇ×× ××× ××××× ×Öˇ ×××Öˇ×ע××××קDEPLOY_TOKEN
××× ×Ś×× ××-ץ×××˘× ××× ×× ××ער×.
GitLab Runner
×ער ×ָפ֟×××××× × ××׊ר×××× ×× ×§×Öˇ× ×¤×××ער××׊×Öˇ× ×¤Öż×֡ר פ×××Ą× ××ק ××֡ץקץ ××× ×× ×ע××××¨×˘× ×˘×¨ (ץפ֟ע׌×פ×׊) ××× ×˘×¤× ×××˘× (׊×֡רע×) ר×Öˇ× ×˘×¨.
ץפ֟ע׌×פ×׊ ר×Öˇ× ×˘×¨
××× × ××Ś× ×××× ×××××˘× ×˘ ר×Öˇ× ×˘×¨×, ××××Öˇ× ×˘×¨×Š×ער פ×× ×Öˇ×ע עץ ××× ××֡ק××ע×, ×Š× ×˘×, ××××ק.
פֿ×֡ר ×××פער ××× ×¨×˘×§×Ö¸××˘× ×××¨× ××× ×קץ ×××ץ ××× 1 קפ֟×, 2 ×××××××× ××֡ר×Öˇ×, 20 ×××××××× ×××. ×֡ר××ץ×ע×× ×¤Öź×¨××Öˇ× ~ 3000⽠פ֟ער ××ָר.
×××× ×××פער
פֿ×֡ר ×× ×××פער ××× ××˘× ×××˘× VDS 4 קפ֟×, 4 ×××××××× ××֡ר×Öˇ×, 50 ×××××××× ×Ą×Ą×. עץ ק×ָץ ~ 11000â˝ ××× ×§××× ××Ö¸× ×¨××רע××× ×˘×Ą.
××× ××Ö¸×× ×Öˇ ××Öˇ× ×Ľ פ×× 7 ××׊×× ×˘×. 5 ×××ף ×֡ר×××Öˇ ××× 2 ×××ף ××××ָר.
×Öˇ×××, ××ר ××Ö¸×× ×Öˇ ×××פער. ×××Ś× ××ר ××ע×× ×Š×ע×× ×˘×Ą ×֡ר××ף.
××ר ×××× ×Ś× ×× ××֡׊×× ×××¨× SSH ××× ×× ×Ą××Öˇ×××¨× Java, Git, Maven, Gnupg2.
×× ×Ą××Ö¸××× × ×××××Öˇ× ×¨×Öˇ× ×˘×¨
- ׊×Öˇ×¤Öż× ×Öˇ × ××֡ע ×ר×פ֟ע
runner
sudo groupadd runner
- ׊×Öˇ×¤Öż× ×Öˇ ××ע×××××Öˇ×ער פֿ×֡ר ×× ××Öˇ×××˘× ×§×֡׊ ××× ××֡׊××××˘× ×ר×פ֟ע רע××
runner
××ר ×§×˘× ×˘× ××Ö¸×¤Öź×§×˘× ××˘× ×Š×¨×× ×××× ××ר ××Ö¸× × ×× ×¤Öź××Öˇ× ×Ś× ××××¤× ×§×××¤× ×¨×Öˇ× ×˘×¨× ×××ף ×ער ×ע×××קער ××֡׊××.mkdir -p /usr/cache/.m2/repository chown -R :runner /usr/cache chmod -R 770 /usr/cache
- ׊×Öˇ×¤Öż× ×Öˇ ××Öˇ× ×׌ער
gitlab-deployer
××× ×××× ×Ś× ×× ×ר×פ֟עrunner
useradd -m -d /home/gitlab-deployer gitlab-deployer usermod -a -G runner gitlab-deployer
- ×××× ×Ś× ×עקע
/etc/ssh/sshd_config
××××Öˇ×ער ׊×ר×AllowUsers root@* [email protected]
- רע××Ö¸×Ö¸×
sshd
systemctl restart sshd
- ׊×ע×× ×Öˇ פ֟×֡ר×Ö¸× ×¤Öż×֡ר ×× ××Öˇ× ×׌ער
gitlab-deployer
(עץ ×§×˘× ×××× ×¤Öź×Š××, ××××Öˇ× ×˘×Ą ××× ×Öˇ ר×ץ×ר×ק׊×Öˇ× ×¤Öż×֡ר ××ָק×Öˇ×××ָץ×)passwd gitlab-deployer
- ×× ×Ą××Öˇ×××¨× GitLab Runner (Linux x86-64)
sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner
- ×××× ×Ś× gitlab.com -> ××פ֟×××-פ֟ר×Ö¸××˘×§× -> ץע×××× ×ץ -> ×Ą× / ×Ą× -> ר×Öˇ× ×˘×¨× -> ץפ֟ע׌×פ×׊ ר×Öˇ× ×˘×¨× ××× × ×Ö¸×××Öˇ×× ×× ×¨×˘××ץ×ר×֡׌×ע ץ××ע×
ץקר××
- רע××׊×ץ×ער×× × ×× ×××פער
gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml
פ֟ר×ָ׌עץ
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
- ×׊עק ×Öˇ× ×ער ×××פער ××× ×¨×˘××ץ×ר×ר×. ×××× ×Ś× gitlab.com -> ××פ֟×××-פ֟ר×Ö¸××˘×§× -> ץע×××× ×ץ -> ×Ą× / ×Ą× -> ר×Öˇ× ×˘×¨× -> ץפ֟ע׌×פ×׊ ר×Öˇ× ×˘×¨× -> ר×Öˇ× ×˘×¨× ×֡ק××××××××× ×¤Öż×֡ר ××˘× ×¤Öź×¨××עק×
ץקר××
- ×××× ××Öˇ××× ×ער ××× ×Ą×
/etc/systemd/system/gitlab-deployer.service
[Unit] Description=GitLab Deploy Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/local/bin/gitlab-runner [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target
- ××ר ×Ö¸× ××××× ×× ××× ×Ą×.
systemctl enable gitlab-deployer.service systemctl start gitlab-deployer.service systemctl status gitlab-deployer.service
- ק×ק ×Öˇ× ×ער ×××פער ××× ×¤×××Ą× ××ק.
×××֡׊פ֟××
××ר פ×× ××¤Öź× ×Š××ץ×ע×
- פֿ×× ×ער ×ע×××קער ××֡׊×× ××ר ×××× ×××¨× ssh ××× ×ער ×ער ××Öˇ× ×׌ער
gitlab-deployer
(××ָץ ××× ××××××ק פֿ×֡ר GPG ׊×××Ą× ××ר)ssh [email protected]
- ××ר ×××Š×˘× ×˘×¨××× ×Öˇ ׊×××Ą× ×××¨× ×˘× ××¤Öż×˘×¨× ×Š×××ת. ××× ×ע××××× × ×××× ××××× × ×Ö¸××˘× ××× ×××׌פ֟×ָץ×.
×××× ×××ער ×Ś× ×Ą×¤Öź×˘×Ś×פ×׌××¨× ×× ×¤Öź×֡ר×Ö¸× ×¤Öż×֡ר ×× ×Š××ץ×. ×֡ר××֡פ×֡ק׼ ×××˘× ×××× ×ע×ת××˘× ××× ××˘× ×Š××ץ×.gpg --gen-key
- ×׊עק
gpg --list-keys -a /home/gitlab-deployer/.gnupg/pubring.gpg ---------------------------------------- pub 4096R/00000000 2019-04-19 uid Petruha Petrov <[email protected]> sub 4096R/11111111 2019-04-19
- ×פ֟××Ö¸×Öˇ××× × ××× ××ער ׌×××ר ׊×××Ą× ×Ś× ×× ×Š×××Ą× ×Ą×˘×¨××ער
gpg --keyserver keys.gnupg.net --send-key 00000000 gpg: sending key 00000000 to hkp server keys.gnupg.net
××Öˇ×××˘× ×Ą×˘××֡פ֟
- ××ר ×××× ××× ×ער ×× ××Öˇ× ×׌ער
gitlab-deployer
su gitlab-deployer
- ׊×Öˇ×¤Öż× ×Öˇ ××Öˇ×××˘× ××ע×××××Öˇ×ער repository ××× ××× ×§ ××× ×× ×§×֡׊ (××Öˇ×× ×§××× ×ר××Öˇ×)
××˘× ×Š×¨×× ×§×˘× ×˘× ×××× ×Ą×§××¤Öź× ×××× ××ר ××Ö¸× × ×× ×¤Öź××Öˇ× ×Ś× ××××¤× ×˘××ע×ע ר×Öˇ× ×˘×¨× ×××ף ×ער ×ע×××קער ××֡׊××.mkdir -p ~/.m2/repository ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository
- ׊×Öˇ×¤Öż× ×Öˇ ××˘× ×Š××ץ×
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}
- ׊×Öˇ×¤Öż× ×עקע ~/.×2/ץע×××× ×ץ-ץעק×ר×××.קץ××
<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity>
- ×˘× ×§×¨×פ֟××× × ×× ×¤Öź×֡ר×Ö¸× ×¤Öż×× ×× ×Ą×Ö¸× ×Öˇ××פ֟ע ×׊×××
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}
- ׊×Öˇ×¤Öż× ×עקע ~/.×2/ץע×××× ×ץ.קץ××
<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>SONATYPE_USERNAME</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
××××,
GPG_SECRET_KEY_PASSPHRASE - ××¤Öź× ×Š×××Ą× ×¤Öź×֡ר×Ö¸×
SONATYPE_USERNAME - ץ×Ö¸× ×Öˇ××פ֟ע ×׊××× ××Ö¸×××
××˘× ×§×Öˇ×פ֟××׼ ×× ×¨×Öˇ× ×˘×¨ ץע××֡פ֟, ××ר ×§×˘× ×˘× ×××× ××××Öˇ×ער ×Ś× ×× ×ָפ֟×××××× ×
×Š×˘×¨× ×¨×Öˇ× ×˘×¨
××ר פ×× ××¤Öź× ×Š××ץ×ע×
- ער׊×ער פ×× ×Öˇ×ע, ××ר ××Öˇ×¨×¤Öż× ×Ś× ×Š×Öˇ×¤Öż× ×Öˇ ××¤Öź× ×Š××ץ×. ×Ś× ××Ö¸× ××ָץ, ×× ×Ą××Öˇ×××¨× gnupg.
yum install -y gnupg
- ××ר ×××Š×˘× ×˘×¨××× ×Öˇ ׊×××Ą× ×××¨× ×˘× ××¤Öż×˘×¨× ×Š×××ת. ××× ×ע××××× × ×××× ××××× × ×Ö¸××˘× ××× ×××׌פ֟×ָץ×. ×××× ×××ער ×Ś× ×Ą×¤Öź×˘×Ś×פ×׌××¨× ×× ×¤Öź×֡ר×Ö¸× ×¤Öż×֡ר ×× ×Š××ץ×.
gpg --gen-key
- ׌×ר×קקר××× ×Š×××Ą× ××× ×¤Öż×ָר××֡׌×ע
gpg --list-keys -a pub rsa3072 2019-04-24 [SC] [expires: 2021-04-23] 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 uid [ultimate] tttemp <[email protected]> sub rsa3072 2019-04-24 [E] [expires: none]
- ×פ֟××Ö¸×Öˇ××× × ××× ××ער ׌×××ר ׊×××Ą× ×Ś× ×× ×Š×××Ą× ×Ą×˘×¨××ער
gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net
- ××֡ק×××˘× ×Öˇ פ֟ר××××Öˇ× ×Š××ץ×
gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 -----BEGIN PGP PRIVATE KEY BLOCK----- lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5 ... =2Wd2 -----END PGP PRIVATE KEY BLOCK-----
- ×××× ×Ś× ×¤Öź×¨×××˘×§× ×Ą×˘×××× ×ץ -> ץע×××× ×ץ -> ×Ą× / ×Ą× -> ××ער××Öˇ××Öˇ×× ××× ×¨×Öˇ×ע×××˘× ×× ×¤Öź×¨××××Öˇ× ×Š×××Ą× ××× ×Öˇ ×××Öˇ×ע××××ק
GPG_SECRET_KEY
××Öˇ×××˘× ×Ą×˘××֡פ֟
- ׊×Öˇ×¤Öż× ×Öˇ ××˘× ×Š××ץ×
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}
- ×××× ×Ś× ×¤Öź×¨×××˘×§× ×Ą×˘×××× ×ץ -> ץע×××× ×ץ -> ×Ą× / ק×Ö¸×פ֟×֡ק×××ץק -> ××ער××Öˇ××Öˇ×× ××× ×¨×Öˇ×ע×××˘× ××× ×Öˇ ×××Öˇ×ע××××ק
SETTINGS_SECURITY_XML
×× ×¤××××˘× ×ע ׊×ר×ת:<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity>
- ×˘× ×§×¨×פ֟××× × ×× ×¤Öź×֡ר×Ö¸× ×¤Öż×× ×× ×Ą×Ö¸× ×Öˇ××פ֟ע ×׊×××
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}
- ×××× ×Ś× ×¤Öź×¨×××˘×§× ×Ą×˘×××× ×ץ -> ץע×××× ×ץ -> ×Ą× / ק×Ö¸×פ֟×֡ק×××ץק -> ××ער××Öˇ××Öˇ×× ××× ×¨×Öˇ×ע×××˘× ××× ×Öˇ ×××Öˇ×ע××××ק
SETTINGS_XML
×× ×¤××××˘× ×ע ׊×ר×ת:<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>sonatype_username</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
××××,
GPG_SECRET_KEY_PASSPHRASE - ××¤Öź× ×Š×××Ą× ×¤Öź×֡ר×Ö¸×
SONATYPE_USERNAME - ץ×Ö¸× ×Öˇ××פ֟ע ×׊××× ××Ö¸×××
׌ע×××ק××˘× ××ָקקער ××××
- ××ר ××Öˇ×× ×Öˇ פער×× ×¤Öź×Š×× Dockerfile ×Ś× ××××¤× ××֡ץקץ ××× ×× ×ע×ע×× ××ערץ×ע פ×× ââ×'×××. ×× ×ער ××× ×Öˇ ×××֡׊פ֟×× ×¤Öż×֡ר ×Öˇ×פ֟×××.
FROM java:8u111-jdk-alpine RUN apk add gnupg maven git --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && mkdir ~/.m2/
- ××××˘× ×Öˇ ק×Öˇ× ×××× ×˘×¨ פֿ×֡ר ×××× ×¤Öź×¨××עק×
docker build -t registry.gitlab.com/group/deploy .
- ××ר ×Ö¸××˘× ××֡ק××× ××× ××Ö¸×× ××˘× ×§×Öˇ× ×××× ×˘×¨ ××× ×× ×¨×˘××ץ×ר×.
docker login -u USER -p PASSWORD registry.gitlab.com docker push registry.gitlab.com/group/deploy
×××××Öˇ× ×Ą×
׌ע×××ק××˘× ×¤Öź×¨××עק×
×××× ×× ×עקע .gitlab-ci.yml ×Ś× ×ער ×××Ö¸×¨×Ś× ×¤×× ×× ×Ś×˘×××ק××˘× ×¤Öź×¨××עק×
×ער ׊ר××¤× ××× ×Ś×××× ××××׊××Öˇ×× ××ץ׊××ץ×ק ××פ֟×××××Öˇ× × ××֡ץקץ. ץפ֟ע׌×פ×׊ ר×Öˇ× ×˘×¨ ×Ö¸×ער ×Š×˘×¨× ×¨×Öˇ× ×˘×¨ ר×ץפ֟עק××××××.
.××××××-ץ×.×××
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# ĐĐ°Đ´Đ°ŃĐ° ĐąŃĐ´ĐľŃ Đ˛ŃпОНнŃŃŃŃŃ Đ˝Đ° ваŃоП shell-ŃанноŃĐľ
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# ĐĐ°Đ´Đ°ŃĐ° ĐąŃĐ´ĐľŃ Đ˛ŃпОНнŃŃŃŃŃ Đ˝Đ° ĐżŃйНиŃнОП docker-ŃанноŃĐľ
tags:
- docker
# ĐĐąŃаС иС ŃаСдоНа GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# ĐПпОŃŃиŃŃоП GPG кНŃŃ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# ĐĄĐžŃ
ŃĐ°Đ˝ŃоП maven кОнŃигŃŃĐ°ŃиŃ
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# ĐĐ°Đ´Đ°ŃĐ° ŃŃайОŃĐ°ĐľŃ ĐżĐž ŃŃиггоŃŃ, ĐľŃНи поŃодана поŃĐľĐźĐľĐ˝Đ˝Đ°Ń DEPLOY ŃĐž СнаŃониоП java
only:
variables:
- $DEPLOY == "java"
variables:
# ĐžŃкНŃŃаоП кНОниŃОванио ŃокŃŃогО ĐżŃОокŃĐ°
GIT_STRATEGY: none
script:
# ĐŃодОŃŃавНŃоП вОСПОМнОŃŃŃ Ń
ŃĐ°Đ˝ĐľĐ˝Đ¸Ń ĐżĐ°ŃĐžĐťŃ Đ˛ ноСаŃиŃŃОваннОП видо
- git config --global credential.helper store
# ĐĄĐžŃ
ŃĐ°Đ˝ŃоП вŃоПоннŃĐľ ĐşŃĐľĐ´Ń ĐżĐžĐťŃСОваŃĐľĐťŃ gitlab-ci-token
# ТОкон ŃайОŃĐ°ĐľŃ Đ´ĐťŃ Đ˛ŃĐľŃ
ĐżŃйНиŃĐ˝ŃŃ
ĐżŃОокŃОв gitlab.com и Đ´ĐťŃ ĐżŃОокŃОв ĐłŃŃппŃ
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# ĐОНнОŃŃŃŃ ŃиŃŃиП ŃокŃŃŃŃ Đ´Đ¸ŃокŃĐžŃиŃ
- rm -rf .* *
# ĐНОниŃŃоП ĐżŃĐžĐľĐşŃ ĐşĐžŃĐžŃŃĐš, ĐąŃдоП допНОиŃŃ Đ˛ Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# ĐĐľŃокНŃŃаоПŃŃ Đ˝Đ° Đ˝ŃМнŃĐš кОППиŃ
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# ĐŃНи Ń
ĐžŃŃ ĐžĐ´Đ¸Đ˝ pom.xml ŃОдоŃĐśĐ¸Ń ĐżĐ°ŃаПоŃŃ autoReleaseAfterClose ваНиП ŃйОŃĐşŃ.
# Đ ĐżŃĐžŃивнОП ŃĐťŃŃĐ°Đľ ĐľŃŃŃ ŃиŃĐş СаНиŃŃ ŃŃŃŃĐľ Đ°ŃŃĐľŃĐ°ĐşŃŃ Đ˛ maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# ĐŃНи паŃаПоŃŃ DEPLOY_CI_COMMIT_TAG ĐżŃŃŃОК, ŃĐž ĐżŃинŃдиŃоНŃнО ŃŃавиП SNAPSHOT-воŃŃиŃ
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# ĐĐ°ĐżŃŃкаоП СадаŃŃ Đ˝Đ° ŃйОŃĐşŃ Đ¸ допНОК Đ°ŃŃĐľŃĐ°ĐşŃОв
- mvn clean deploy -DskipTests=true
Java פ֟ר××עק×
××× ××׊×Öˇ×××Öˇ פ֟ר×Öˇ××׊עקץ ×××ָץ ××˘× ×˘× ×ע×××× × ×Ś× ×××× ×פ֟××Ö¸×Öˇ××˘× ×Ś× ×Ś×××ר ר×פ֟×Öˇ××Öˇ××ָר××, ××ר ××Öˇ×¨×¤Öż× ×Ś× ××××× 2 ץ×עפ֟ץ ×Ś× ×ָפ֟××Ö¸×××¨× ×× ×ע×××× × ××× ×Ą× ×֡פ֟׊×Ö¸× ××ערץ×עץ.
.××××××-ץ×.×××
stages:
- build
- test
- verify
- deploy
<...>
Release:
extends: .trigger_deploy
# ĐĐ°ĐżŃŃкаŃŃ ĐˇĐ°Đ´Đ°ŃŃ ŃОНŃкО Đżo ŃогŃ.
only:
- tags
Snapshot:
extends: .trigger_deploy
# ĐĐ°ĐżŃŃкаоП СадаŃŃ Đ˝Đ° ĐżŃйНикаŃĐ¸Ń SNAPSHOT воŃŃии вŃŃŃĐ˝ŃŃ
when: manual
# ĐĐľ СапŃŃкаŃŃ ĐˇĐ°Đ´Đ°ŃŃ, ĐľŃНи ĐżŃĐžŃŃавНон Ńог.
except:
- tags
.trigger_deploy:
stage: deploy
variables:
# ĐŃкНŃŃаоП кНОниŃОванио ŃокŃŃогО ĐżŃОокŃĐ°
GIT_STRATEGY: none
# ĐĄŃŃНка на ŃŃĐ¸ĐłĐłĐľŃ deploy-СадаŃи
URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
# ĐĐľŃоПоннŃĐľ deploy-СадаŃи
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
# ĐĐľ иŃпОНŃСŃŃ cURL, ŃĐ°Đş как Ń ŃНагаПи --fail --show-error
# Он но вŃĐ˛ĐžĐ´Đ¸Ń ŃоНО ĐžŃвоŃĐ°, ĐľŃНи HTTP кОд 400 и йОНоо
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
××× ××˘× ×××××× ×, ××× ×ע××× ××˘× ×Öˇ ×××Ą× ××××Öˇ×ער ××× ××֡׊××Ö¸×Ą× ×Ś× × ××Ś× ×××× ×Ą× ××ץ×ער פֿ×֡ר ×'××× ×¤×¨××עק××.
×ער פר×××
××× ××׊××¤× ×Öˇ ××Öˇ××× ×ער פ֟ר××עק×
common.yml
stages:
- build
- test
- verify
- deploy
variables:
SONAR_ARGS: "
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
"
.build_java_project:
stage: build
tags:
- touchbit-shell
variables:
SKIP_TEST: "false"
script:
- mvn clean
- mvn package -DskipTests=${SKIP_TEST}
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.build_sphinx_doc:
stage: build
tags:
- touchbit-shell
variables:
DOCKERFILE: .indirect/docs/Dockerfile
script:
- docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .
.junit_module_test_run:
stage: test
tags:
- touchbit-shell
variables:
MODULE: ""
script:
- cd ${MODULE}
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.junit_test_run:
stage: test
tags:
- touchbit-shell
script:
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.sonar_review:
stage: verify
tags:
- touchbit-shell
dependencies: []
script:
- >
if [ "$CI_BUILD_REF_NAME" == "master" ]; then
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
else
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
fi
.trigger_deploy:
stage: deploy
tags:
- touchbit-shell
variables:
URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
.trigger_release_deploy:
extends: .trigger_deploy
only:
- tags
.trigger_snapshot_deploy:
extends: .trigger_deploy
when: manual
except:
- tags
××× ×Öˇ רע×××××Öˇ×, ××× ×× ××׊×Öˇ×××Öˇ פ֟ר×Öˇ××׊עקץ ×××, .gitlab-ci.yml ק××§× ×××ער ץ×Ö¸××× ××× × ××Š× ××ער××Ö¸×ץ
.××××××-ץ×.×××
include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml
Shields4J:
extends: .build_java_project
Sphinx doc:
extends: .build_sphinx_doc
variables:
DOCKERFILE: .docs/Dockerfile
Sonar review:
extends: .sonar_review
dependencies:
- Shields4J
Release:
extends: .trigger_release_deploy
Snapshot:
extends: .trigger_snapshot_deploy
פ֟×Ö¸×.קץ×× ×§×Öˇ× ×¤×××ער××׊×Öˇ×
×× ×ע×ע ××× ××ץקר×××× ××× ×ר××ץ ×ע××Öˇ×. nexus-staging-maven-plugin
×××× ××ר ××Ö¸× × ×× ××ע×× ×Ö¸×ער ×§×˘× ×˘× × ××Š× × ××Ś× org.sonatype.oss:oss-parent ××× ×ער פ×Ö¸×ער פֿ×֡ר ×××× ×¤Öź×¨××עק×.
maven-install-plugin
×× ×Ą××Ö¸×× ××Öˇ××׊××× ××× ×× ×××ע ר×פ֟×Öˇ××Öˇ××ָר×.
×××ער × ×׌×ק פֿ×֡ר ×××ע ××ער×֡פ×֡ק××׊×Öˇ× ×¤×× ×Ą×Öˇ××׊×Öˇ× × ××× ×× ×ערע פ֟ר×Öˇ××׊עקץ, ××× ×ע××× × ××× ×Öˇ ×׊עקקץ××.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- ĐŃНи Ń Đ˛Đ°Ń ĐźĐ˝ĐžĐłĐžĐźĐžĐ´ŃĐťŃĐ˝ŃĐš ĐżŃĐžĐľĐşŃ Ń Đ´ĐľĐżĐťĐžĐľĐź ŃОдиŃоНŃŃкОгО пОПика -->
<phase>install</phase>
<!-- ЯвнО ŃкаСŃваоП ŃĐ°ĐšĐťŃ Đ´ĐťŃ ĐťĐžĐşĐ°ĐťŃнОК ŃŃŃанОвки -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- ĐŃинŃдиŃоНŃнОо ОйнОвНонио ПоŃаданнŃŃ
ĐżŃОокŃĐ° -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- ĐОнŃŃОНŃĐ˝ŃĐľ ŃŃĐźĐźŃ Đ´ĐťŃ ĐżŃОвоŃки ŃоНОŃŃнОŃŃи -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
××Öˇ××ע×-××׊×Öˇ×××Öˇ××ָק-פ֟×××××
×××Š×˘× ×˘×¨××××× × ××׊×Öˇ×××Öˇ××ָק פֿ×֡ר ×× ×¤Öź×¨××עק×.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<!-- ĐоноŃĐ°ŃĐ¸Ń javadoc дОНМна ĐąŃŃŃ ĐżĐžŃНо ŃĐ°ĐˇŃ ĐłĐľĐ˝ĐľŃĐ°Ńии ŃĐľŃŃŃŃОв -->
<phase>prepare-package</phase>
<configuration>
<!-- ĐŃĐľĐ˝Ń ĐżĐžĐźĐžĐłĐ°ĐľŃ Đ˛ ĐżŃйНиŃĐ˝ŃŃ
ĐżŃОокŃĐ°Ń
-->
<failOnError>true</failOnError>
<failOnWarnings>true</failOnWarnings>
<!-- УйиŃĐ°ĐľŃ ĐžŃĐ¸ĐąĐşŃ ĐżĐžĐ¸Ńка дОкŃПонŃĐ°Ńии в target диŃокŃĐžŃии -->
<detectOfflineLinks>false</detectOfflineLinks>
</configuration>
</execution>
</executions>
</plugin>
×××× ××ר ××Ö¸×× ×Öˇ ××Ö¸×××ע ×××ָץ ××× × ××Š× ×Öˇ× ×××Öˇ××× ××׊×Öˇ×××Öˇ (פֿ×֡ר ×××֡׊פ֟×× ××××× ×¨×˘×Ą×רץ×)
×Ö¸×ער ××ר ××Ö¸× × ××Š× ××ע×× ×Ś× ×××Š×˘× ×˘×¨××× ××׊×Öˇ×××Öˇ××ָק ××× ×¤Öź×¨×× ×Ś×פ֟, ×ער××ער ×Ś× ×ע××¤× maven-jar-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>empty-javadoc-jar</id>
<phase>generate-resources</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>javadoc</classifier>
<classesDirectory>${basedir}/javadoc</classesDirectory>
</configuration>
</execution>
</executions>
</plugin>
××Öˇ××ע×-gpg-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<!-- ХйОŃка ĐąŃĐ´ĐľŃ ĐżĐ°Đ´Đ°ŃŃ, ĐľŃНи ĐžŃŃŃŃŃŃвŃĐľŃ GPG кНŃŃ -->
<!-- ĐОдпиŃŃваоП Đ°ŃŃĐľŃĐ°ĐşŃŃ ŃОНŃкО на ŃаСо deploy -->
<phase>deploy</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
nexus-staging-maven-plugin
ק×Öˇ× ×¤×××ער××׊×Öˇ×:
<project>
<!-- ... -->
<build>
<plugins>
<!-- ... -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- ĐйнОвНŃоП ПоŃаданнŃĐľ, ŃŃĐžĐąŃ ĐżĐžĐźĐľŃиŃŃ Đ°ŃŃĐľŃĐ°ĐşŃ ĐşĐ°Đş release -->
<!-- ĐĐľ вНиŃĐľŃ Đ˝Đ° snapshot воŃŃии -->
<updateReleaseInfo>true</updateReleaseInfo>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<!-- ĐŃкНŃŃаоП пНагин -->
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype</id>
<name>Nexus Snapshot Repository</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>
×××× ××ר ××Ö¸×× ×Öˇ ××Öˇ×××-××Ö¸×××ע פ֟ר××עק×, ××× ××ר ××Ö¸× × ×× ××Öˇ×¨×¤Öż× ×Ś× ×Ś×פֿע××קער ×Öˇ ץפ֟ע׌×פ×׊ ××Ö¸×××ע ×Ś× ×× ×¨×פ֟×Öˇ××Öˇ××ָר×, ××ר ××Öˇ×¨×¤Öż× ×Ś× ××××× ×Ś× ×× pom.xml פ×× ××˘× ××Ö¸×××ע. nexus-staging-maven-plugin
××× ×¤×Ö¸× skipNexusStagingDeployMojo
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
</plugin>
</plugins>
</build>
× ×Ö¸× ×פ֟××Ö¸×Öˇ××× × ××Ö¸××˘× ××××× / ×ע×××× × ××ערץ×עץ ××˘× ×˘× ×× ×××Ś× ×××
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- ĐĐľ надО ŃкаСŃваŃŃ ŃНаги snapshot/release Đ´ĐťŃ ŃопОСиŃĐžŃĐ¸Ń -->
</repository>
</repositories>
×ער פ֟××ץעץ
- × ×××ער ר××Öˇ× ×¨×Š××× ×¤×× ××֡ר××֡׼ פֿ×֡ר ×ר×ע×× ××× ×× × ×˘×§×Ą×ץ ר×פ֟×Öˇ××Öˇ××Ö¸×¨× (
mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin
). - ×Ö¸××Öˇ××Öˇ××ק ×ע×××× × ×׊עק פֿ×֡ר ××Ö¸××× ××Ö¸×Öˇ××Öˇ×××××× ××× ××Öˇ×××˘× ×Ą×˘× ×ר×Öˇ×
××Öˇ××עץ
×ר××ץ×ע×× ×Öˇ SNAPSHOT ××ערץ×ע
×××˘× ××ר ××××˘× ×Öˇ פ֟ר××עק×, עץ ××× ×ע×××˘× ×Ś× ××Öˇ× ×××Öˇ×× ×Ö¸× ××××× ×Öˇ ×֡ר××˘× ×Ś× ×ָפ֟××Ö¸×××¨× ×× SNAPSHOT ××ערץ×ע ×Ś× × ×˘×§×Ą×ץ
×××˘× ×× ×֡ר××˘× ××× ××Ö¸× ×׊×, ×× ×§×ָר×֡ץפ֟×Öˇ× ××× × ×֡ר××˘× ××× ×× ×Ś×˘×××ק××˘× ×¤Öź×¨×××˘×§× ××× ×ר×××˘×¨× (
קר×Öˇ×¤Öź× ×§××ָ׼
Running with gitlab-runner 11.10.0 (3001a600)
on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0 [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO] Updating project org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:client
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:test-core
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:testng
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:client
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO] * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [ 2.375 s]
[INFO] test-core .......................................... SUCCESS [ 3.929 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------
××× ×Öˇ רע×××××Öˇ×, ×× × ×˘×§×Ą×ץ ××ערץ×ע ××× ××Ö¸××××
×× ××Ö¸××˘× ××××× ××ערץ×עץ ×§×˘× ×˘× ×××× ×Öˇ××עק××˘× ×××˘× ×¤×× ×× ×¨×פ֟×Öˇ××Öˇ××Ö¸×¨× ×××ף ××˘× ×¤Öź××֡׼
××ץ××Öˇ×ע פ×× ââ×× ×ע×××× × ××ערץ×ע
×××˘× ×× ×§××××× ××× ××֡׊××××, ×× ×§×ָר×֡ץפ֟×Öˇ× ××× × ×֡ר××˘× ××× ×× ×Ś×˘×××ק××˘× ×¤Öź×¨×××˘×§× ××× ×××××Ö¸××Öˇ××׊ ×ר×××˘×¨× ×Ś× ×Ś×פֿע××קער ×× ×ע×××× × ××ערץ×ע ×Ś× × ×˘×§×Ą×ץ (
×ער ×עץ×ער ×××× ××× ×Öˇ× × ×Ö¸×˘× × ×ע×××× × ×××××Ö¸××Öˇ××׊ ×ר×××˘×¨× ××× × ×˘×§×Ą×ץ.
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------
××× ×××× ×˘×¤Öź×˘×Ą ××× ×¤×Öˇ×׊, ×× ×֡ר××˘× ×××˘× ×¤×֡ר××Ö¸××
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
××× ×Öˇ רע×××××Öˇ×, ××ר ××˘× ×˘× ××× ×§×Ą ××× ××××× ×××× ×ר×ר×. ×Ö¸×ער ××ץ××˘×§× ××˘× ××ערץ×ע ×Ö¸×ער ×֡ר××ץ×ע××.
× ×Ö¸× ×× ×ע×××× ×, × ×Ö¸× ×˘××ע×ע ××Ö¸×, ×× ×֡ר××֡פ×֡ק׼ ×××˘× ×××× ×××
×ָפ××ָפ֟×ק
עץ ××× ×ע×××˘× ×Öˇ ×ת×××ת ×Ś× ××ר ×Öˇ× ××Öˇ×××˘× ×× ×עקץ×× ×× ×ערע ׌×××ר ר×פ֟×Öˇ××Öˇ××ָר××.
××× ××× ×Ś× ×פ֟××Ö¸×Öˇ× ×¨×Ö¸×××֡׼.××§×Ą× ××××Öˇ× ×˘×Ą ×× ××˘×§×Ą× ×××× ×Öˇ×× ×¨×פ֟×Öˇ××Öˇ××ָר×.
ץ×ָף
×××ָץ ××ר ××Ö¸××
- × ××Öˇ××× ×ער ׌ע×××ק××× × ×¤Öź×¨×××˘×§× ××× ×××ָץ ××ר ×§×˘× ×˘× ×× ×Ą×ר×××˘× × ×˘××ע×ע ×Ą× ××֡ץקץ פֿ×֡ר ×פ֟××Ö¸×Öˇ××× × ×֡ר××֡פ×֡ק׼ ×Ś× ×Ś×××ר ר×פ֟×Öˇ××Öˇ××ָר×× ×¤Öż×֡ר פ×֡ר׊××× ×Öˇ× ××××ק××× × ×Š×¤Öź×¨×Öˇ××.
- ×× ××פ֟×××××Öˇ× × ×¤Öź×¨×××˘×§× ××× ×פ×ע××× ××˘×¨× ×¤×× ×֡ר××ץ ×× ×ערפ×ר×Öˇ× ×Ą ××× ×§×˘× ×˘× ×××× ××Öˇ××֡פ××× ××××× ×××¨× × ×׌ערץ ××× ×× ×Ö¸×× ×˘×¨× ××× ××Öˇ×× ××Öˇ×× ×˘×¨ ר×Ö¸×עץ.
- × ××Öˇ××× ×ער ץפ֟ע׌×פ×׊ ר×Öˇ× ×˘×¨ ××× ×Öˇ "×××ץ" ק×֡׊ ×Ś× ××××¤× ××××× ×Ś×˘×××ק××˘× ××֡ץקץ.
- ××ץ××Öˇ×ע פ×× ââ××Ö¸××˘× ××××× / ×ע×××× × ××ערץ×עץ ××× ×Öˇ ׌×××ר ר×פ֟×Öˇ××Öˇ××ָר×.
- ×Ö¸××Öˇ××Öˇ××ק ×׊עק פ×× ×× ×ע×××× × ××ערץ×ע פֿ×֡ר ×ר×××ק××Öˇ× ×¤Öż×֡ר ×ר××ץ×ע×× ××× ××Öˇ×××˘× ×Ą×˘× ×ר×Öˇ×.
- ׊×׼ קע×× ×Ö¸××Öˇ××Öˇ××ק ×ר××ץ×ע×× ×¤×× "ר××" ××ערץ×עץ ××× ××Öˇ×××˘× ×Ą×˘× ×ר×Öˇ×.
- ××××˘× ××× ×֡ר××ץ×ע×× ××Ö¸××˘× ××××× ××ערץ×עץ ××× ×§××ק×× ×.
- ×××× ×¨×פ֟×Öˇ××Öˇ××Ö¸×¨× ×¤Öż×֡ר ××֡ק×××˘× ××Ö¸××˘× ××××× / ×ע×××× × ××ערץ×עץ.
- ×Öˇ××ע×××× ×˘ ×¨×˘×¨× - ××× ×ע פֿ×֡ר ×× ×× / ×עץ××× × / ×ר××ץ×ע×× ×Öˇ ××׊×Öˇ×××Öˇ פ֟ר××עק×.
××֡׊×ע×××§× GitLab CI ××× × ××Š× ×Öˇ××× ×§×Ö¸×פ֟××׌××¨× ××× ×˘×Ą ×××× × ××× ×˘×¨×Š×ער ×××ק. עץ ××× ××˘× ×× ×Ś× ×Š×ע×× CI ×××ף ×Öˇ ××˘×¨× ×§× ×קער ע××ע×ע ××Ö¸×, ××× ×××Ś× ××ר ××˘× × ××××Öˇ× ×¤×× ×××× ×Öˇ ×××××Ö¸×ער ××× ××˘× ×˘× ××. ×ער׌×, GitLab ××֡ק××××˘× ×××׊×Öˇ× ××× ×××ער ××ער×ק. ×× ××××Ą× × ××Š× ×××× ×ער׊ר×Ö¸×§× ×Ś× × ×˘××˘× ×× ×˘×¨×Š×ער ׊ר××. ×ער ×××˘× ×××ץ ××× ×ער ×× ×רעפ֟ פ×× ×× ×××ָקער (××× ××Ö¸× × ×× ×ע××˘× ×§×˘× ××ער ××× ×ע×××× đ).
××× ×××˘× ×××× ×Ś×פר××× ×Ś× ×ע×× ××Öˇ×ערק×× ×ע×.
××× ×ער ××××Öˇ×ער ×֡ר××ק×, ××× ×××˘× ××××Öˇ×× ××ר ××× ×Ś× ×Š×ע×× GitLab CI ×Ś× ××××¤× ×§×Öˇ×פ֟ע×××××× ×× ××Öˇ×ר××׊×Öˇ× ×¤Öź×¨××××¨× ××֡ץקץ (פ×××Ą× ××ק פ֟ר××××¨× ××Öˇ××× ×× ×ץ ××× ××ָקער-ק×Ö¸×פ֟×ָץע) ×××× ××ר × ×ָר ××Ö¸×× ×××× ×Š×Ö¸× ×¨×Öˇ× ×˘×¨.
×ק×ר: www.habr.com