Nkan yii jẹ ipinnu fun awọn olupilẹṣẹ Java ti o nilo lati ṣe atẹjade awọn ọja wọn ni iyara ni sonatype ati/tabi awọn ibi ipamọ aarin maven ni lilo GitLab. Ninu nkan yii Emi yoo sọrọ nipa siseto gitlab-runner, gitlab-ci ati maven-plugin lati yanju iṣoro yii.
Awọn ibeere ṣaaju:
- Ibi ipamọ to ni aabo ti mvn ati awọn bọtini GPG.
- Ni aabo ipaniyan ti gbangba CI awọn iṣẹ-ṣiṣe.
- Ikojọpọ awọn ohun-ọṣọ (itusilẹ/fọto) si awọn ibi ipamọ ti gbogbo eniyan.
- Ṣiṣayẹwo aifọwọyi ti awọn ẹya itusilẹ fun titẹjade ni aringbungbun maven.
- Ojutu gbogbogbo fun ikojọpọ awọn ohun-ọṣọ si ibi ipamọ fun awọn iṣẹ akanṣe lọpọlọpọ.
- Irọrun ati irọrun ti lilo.
Awọn akoonu
Gbogbogbo alaye
- Apejuwe alaye ti ẹrọ fun titẹjade awọn ohun-ọṣọ ni Maven Central nipasẹ Sonatype OSS Iṣẹ alejo gbigba ibi ipamọ ti tẹlẹ ti ṣe apejuwe ninu olumulo , nitorina Emi yoo tọka si nkan yii ni awọn aaye to tọ.
- Kọkọ-forukọsilẹ fun ati ṣii tikẹti lati ṣii ibi ipamọ (ka apakan fun awọn alaye diẹ sii ). Lẹhin ṣiṣi ibi ipamọ naa, iwọle/ọrọ igbaniwọle bata lati JIRA (eyiti a tọka si bi akọọlẹ Sonatype) yoo ṣee lo lati gbe awọn ohun-ọṣọ si Sonatype nexus.
- Nigbamii ti, ilana ti ipilẹṣẹ bọtini GPG jẹ apejuwe pupọ ni gbigbẹ. Wo apakan fun alaye diẹ sii
- Ti o ba lo console Linux lati ṣe ina bọtini GPG kan (gnupg/gnupg2), lẹhinna o nilo lati fi sii lati se ina entropy. Bibẹẹkọ, iran bọtini le gba akoko pipẹ pupọ.
- Awọn iṣẹ ipamọ gbangba Awọn bọtini GPG
Ṣiṣeto iṣẹ akanṣe imuṣiṣẹ ni GitLab
- Ni akọkọ, o nilo lati ṣẹda ati tunto iṣẹ akanṣe ninu eyiti opo gigun ti epo yoo wa ni ipamọ fun gbigbe awọn ohun-ọṣọ. Mo pe iṣẹ akanṣe mi ni irọrun ati lainidi -
- Lẹhin ṣiṣẹda ibi ipamọ, o nilo lati ni ihamọ iwọle lati yi ibi-ipamọ pada.
Lọ si iṣẹ akanṣe -> Eto -> Ibi ipamọ -> Awọn ẹka aabo. A pa gbogbo awọn ofin rẹ ati ṣafikun ofin kan pẹlu Wildcard * pẹlu ẹtọ lati Titari ati dapọ nikan fun awọn olumulo pẹlu ipa Olutọju. Ofin yii yoo ṣiṣẹ fun gbogbo awọn olumulo ti iṣẹ akanṣe yii ati ẹgbẹ ti iṣẹ akanṣe yii jẹ.
- Ti ọpọlọpọ awọn olutọju ba wa, lẹhinna ojutu ti o dara julọ yoo jẹ lati ṣe idinwo wiwọle si iṣẹ naa ni opo.
Lọ si iṣẹ akanṣe -> Eto -> Gbogbogbo -> Hihan, awọn ẹya akanṣe, awọn igbanilaaye ati ṣeto hihan Project si ikọkọ.
Mo ni iṣẹ akanṣe ti o wa ni gbangba, nitori Mo lo GitLab Runner ti ara mi ati pe Mo nikan ni aye lati yi ibi ipamọ naa pada. O dara, ni otitọ, kii ṣe ninu awọn ifẹ mi lati ṣafihan alaye ikọkọ ni awọn iwe opo gigun ti epo gbogbogbo. - Tighting awọn ofin fun iyipada ibi ipamọ
Lọ si iṣẹ akanṣe naa -> Eto -> Ibi ipamọ -> Awọn ofin Titari ati ṣeto ihamọ olupilẹṣẹ, Ṣayẹwo boya onkọwe jẹ awọn asia olumulo GitLab. Mo tun ṣeduro iṣeto , ki o si ṣeto awọn Kọ unsigned dá asia. - Nigbamii o nilo lati tunto okunfa kan lati ṣe ifilọlẹ awọn iṣẹ-ṣiṣe
Lọ si ise agbese -> Eto -> CI / CD -> Pipeline okunfa ati ki o ṣẹda titun kan okunfa-àmi
Aami yii le ṣe afikun lẹsẹkẹsẹ si iṣeto gbogbogbo ti awọn oniyipada fun ẹgbẹ kan ti awọn iṣẹ akanṣe.
Lọ si ẹgbẹ -> Eto -> CI / CD -> Awọn oniyipada ati ṣafikun oniyipada kanDEPLOY_TOKENpẹlu okunfa-àmi ni iye.
GitLab Isare
Yi apakan apejuwe awọn iṣeto ni fun ṣiṣe awọn iṣẹ-ṣiṣe lori ran awọn lilo ti ara rẹ (Pato) ati gbangba (Pin) Isare.
Olusare pato
Mo lo awọn asare ti ara mi nitori, ni akọkọ, o rọrun, yara, ati olowo poku.
Fun olusare, Mo ṣeduro Linux VDS pẹlu 1 Sipiyu, 2 GB Ramu, 20 GB HDD. Iye idiyele jẹ ~ 3000 ₽ fun ọdun kan.
Isare mi
Fun olusare ni mo mu VDS 4 Sipiyu, 4 GB Ramu, 50 GB SSD. Iye owo ~ 11000₽ ati pe ko kabamọ rara.
Mo ni lapapọ 7 ero. 5 pa aruba og 2 pa ihor.
Nitorina a ni olusare. Bayi a yoo tunto rẹ.
A lọ si ẹrọ nipasẹ SSH ati fi Java, git, maven, gnupg2 sori ẹrọ.
Fifi gitlab asare
- Ṣẹda ẹgbẹ tuntun
runnersudo groupadd runner - Ṣẹda liana kan fun maven kaṣe ki o si fi awọn igbanilaaye ẹgbẹ
runner
O le foju aaye yii ti o ko ba gbero lati ṣiṣe awọn aṣaju pupọ lori ẹrọ kan.mkdir -p /usr/cache/.m2/repository chown -R :runner /usr/cache chmod -R 770 /usr/cache - Ṣẹda olumulo kan
gitlab-deployerki o si fi si ẹgbẹrunneruseradd -m -d /home/gitlab-deployer gitlab-deployer usermod -a -G runner gitlab-deployer - Fikun-un si faili
/etc/ssh/sshd_configtókàn ilaAllowUsers root@* [email protected] - Atunbere
sshdsystemctl restart sshd - Ṣiṣeto ọrọ igbaniwọle kan fun olumulo
gitlab-deployer(le rọrun, nitori ihamọ kan wa fun localhost)passwd gitlab-deployer - Fi GitLab Runner sori ẹrọ (Linux x86-64)
sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner - Lọ si oju opo wẹẹbu gitlab.com -> deploy-project -> Eto -> CI/CD -> Awọn asare -> Awọn asare kan pato ati daakọ aami iforukọsilẹ
Iboju
- Iforukọsilẹ olusare
gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml
Ilana
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!- A ṣayẹwo pe olusare ti forukọsilẹ. Lọ si oju opo wẹẹbu gitlab.com -> deploy-project -> Eto -> CI/CD -> Awọn asare -> Awọn asare pato -> Awọn asare ṣiṣẹ fun iṣẹ akanṣe yii
Iboju
- Fi kun lọtọ iṣẹ
/etc/systemd/system/gitlab-deployer.service[Unit] Description=GitLab Deploy Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/local/bin/gitlab-runner [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target - Jẹ ki a bẹrẹ iṣẹ naa.
systemctl enable gitlab-deployer.service systemctl start gitlab-deployer.service systemctl status gitlab-deployer.service - A ṣayẹwo pe olusare nṣiṣẹ.
Apeere:
Ṣiṣẹda awọn bọtini GPG
-
Lati ẹrọ kanna a wọle nipasẹ ssh labẹ olumulo
gitlab-deployer(Eyi ṣe pataki fun ṣiṣẹda bọtini GPG)ssh [email protected] -
A ṣe ipilẹṣẹ bọtini kan nipa didahun awọn ibeere. Mo lo orukọ ti ara mi ati imeeli.
Rii daju lati pato ọrọ igbaniwọle fun bọtini naa. Awọn ohun-ọṣọ yoo wa ni fowo si pẹlu bọtini yii.gpg --gen-key -
Ṣiṣayẹwo
gpg --list-keys -a /home/gitlab-deployer/.gnupg/pubring.gpg ---------------------------------------- pub 4096R/00000000 2019-04-19 uid Petruha Petrov <[email protected]> sub 4096R/11111111 2019-04-19 -
Ikojọpọ bọtini gbogbo eniyan si olupin bọtini
gpg --keyserver keys.gnupg.net --send-key 00000000 gpg: sending key 00000000 to hkp server keys.gnupg.net
Eto soke Maven
- Buwolu wọle bi olumulo
gitlab-deployersu gitlab-deployer - Ṣẹda a maven liana ibi ipamọ ati ọna asopọ si kaṣe (ma ṣe aṣiṣe)
O le foju aaye yii ti o ko ba gbero lati ṣiṣe awọn aṣaju pupọ lori ẹrọ kan.mkdir -p ~/.m2/repository ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository - Ṣẹda titunto si bọtini
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Ṣẹda faili ~/.m2/settings-security.xml
<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Fifipamọ ọrọ igbaniwọle fun akọọlẹ Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Ṣẹda faili ~/.m2/settings.xml
<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>SONATYPE_USERNAME</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
nibo,
GPG_SECRET_KEY_PASSPRASE - ọrọigbaniwọle fun bọtini GPG
SONATYPE_USERNAME — sonatype iroyin wiwọle
Eyi pari iṣeto ti olusare, o le tẹsiwaju si apakan
Pipin Isare
Ṣiṣẹda awọn bọtini GPG
-
Ni akọkọ, o nilo lati ṣẹda bọtini GPG kan. Lati ṣe eyi, fi gnupg sori ẹrọ.
yum install -y gnupg -
A ṣe ipilẹṣẹ bọtini kan nipa didahun awọn ibeere. Mo lo orukọ ti ara mi ati imeeli. Rii daju lati pato ọrọ igbaniwọle fun bọtini naa.
gpg --gen-key -
Ifihan alaye lori bọtini
gpg --list-keys -a pub rsa3072 2019-04-24 [SC] [expires: 2021-04-23] 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 uid [ultimate] tttemp <[email protected]> sub rsa3072 2019-04-24 [E] [expires: none] -
Ikojọpọ bọtini gbogbo eniyan si olupin bọtini
gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net -
A gba bọtini ikọkọ
gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 -----BEGIN PGP PRIVATE KEY BLOCK----- lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5 ... =2Wd2 -----END PGP PRIVATE KEY BLOCK----- -
Lọ si awọn eto ise agbese -> Eto -> CI / CD -> Awọn oniyipada ati fi bọtini ikọkọ pamọ sinu oniyipada kan
GPG_SECRET_KEY
Eto soke Maven
- Ṣẹda titunto si bọtini
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=} - Lọ si awọn eto ise agbese -> Eto -> CI / CD -> Awọn oniyipada ati fipamọ sinu oniyipada kan
SETTINGS_SECURITY_XMLawọn ila wọnyi:<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity> - Fifipamọ ọrọ igbaniwọle fun akọọlẹ Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J} - Lọ si awọn eto ise agbese -> Eto -> CI / CD -> Awọn oniyipada ati fipamọ sinu oniyipada kan
SETTINGS_XMLawọn ila wọnyi:<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>sonatype_username</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
nibo,
GPG_SECRET_KEY_PASSPRASE - ọrọigbaniwọle fun bọtini GPG
SONATYPE_USERNAME — sonatype iroyin wiwọle
Ran awọn docker aworan
-
A ṣẹda Dockerfile ti o rọrun lati mu awọn iṣẹ ṣiṣe ṣiṣẹ pẹlu ẹya Java ti o nilo. Ni isalẹ jẹ apẹẹrẹ fun alpine.
FROM java:8u111-jdk-alpine RUN apk add gnupg maven git --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && mkdir ~/.m2/ -
Nto a eiyan fun ise agbese rẹ
docker build -t registry.gitlab.com/group/deploy . -
A jẹri ati fifuye eiyan naa sinu iforukọsilẹ.
docker login -u USER -p PASSWORD registry.gitlab.com docker push registry.gitlab.com/group/deploy
GitLab CI
Ran awọn ise agbese
Ṣafikun faili .gitlab-ci.yml si gbongbo iṣẹ akanṣe naa
Awọn iwe afọwọkọ iloju meji iyasoto imuṣiṣẹ awọn iṣẹ-ṣiṣe. Olusare pato tabi Pipin Isare lẹsẹsẹ.
.gitlab-ci.yml
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# Задача будет выполняться на вашем shell-раннере
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# Задача будет выполняться на публичном docker-раннере
tags:
- docker
# Образ из раздела GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# Импортируем GPG ключ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# Сохраняем maven конфигурацию
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# Задача сработает по триггеру, если передана переменная DEPLOY со значением java
only:
variables:
- $DEPLOY == "java"
variables:
# отключаем клонирование текущего проекта
GIT_STRATEGY: none
script:
# Предоставляем возможность хранения пароля в незашифрованном виде
- git config --global credential.helper store
# Сохраняем временные креды пользователя gitlab-ci-token
# Токен работает для всех публичных проектов gitlab.com и для проектов группы
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# Полностью чистим текущую директорию
- rm -rf .* *
# Клонируем проект который, будем деплоить в Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# Переключаемся на нужный коммит
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
# В противном случае есть риск залить сырые артефакты в maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# Запускаем задачу на сборку и деплой артефактов
- mvn clean deploy -DskipTests=true
Java ise agbese
Ninu awọn iṣẹ akanṣe Java ti o yẹ ki o gbejade si awọn ibi ipamọ gbogbo eniyan, o nilo lati ṣafikun awọn igbesẹ meji lati ṣe igbasilẹ awọn ẹya Tu silẹ ati fọtoyiya.
.gitlab-ci.yml
stages:
- build
- test
- verify
- deploy
<...>
Release:
extends: .trigger_deploy
# Запускать задачу только пo тегу.
only:
- tags
Snapshot:
extends: .trigger_deploy
# Запускаем задачу на публикацию SNAPSHOT версии вручную
when: manual
# Не запускать задачу, если проставлен тег.
except:
- tags
.trigger_deploy:
stage: deploy
variables:
# Отключаем клонирование текущего проекта
GIT_STRATEGY: none
# Ссылка на триггер deploy-задачи
URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
# Переменные deploy-задачи
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
# Не использую cURL, так как с флагами --fail --show-error
# он не выводит тело ответа, если HTTP код 400 и более
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}Ni ojutu yii, Mo lọ siwaju diẹ ati pinnu lati lo awoṣe CI kan fun awọn iṣẹ akanṣe Java.
Alaye diẹ sii
Mo ti ṣẹda lọtọ ise agbese ninu eyiti Mo gbe awoṣe CI kan fun awọn iṣẹ akanṣe Java .
wọpọ.yml
stages:
- build
- test
- verify
- deploy
variables:
SONAR_ARGS: "
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
"
.build_java_project:
stage: build
tags:
- touchbit-shell
variables:
SKIP_TEST: "false"
script:
- mvn clean
- mvn package -DskipTests=${SKIP_TEST}
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.build_sphinx_doc:
stage: build
tags:
- touchbit-shell
variables:
DOCKERFILE: .indirect/docs/Dockerfile
script:
- docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .
.junit_module_test_run:
stage: test
tags:
- touchbit-shell
variables:
MODULE: ""
script:
- cd ${MODULE}
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.junit_test_run:
stage: test
tags:
- touchbit-shell
script:
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.sonar_review:
stage: verify
tags:
- touchbit-shell
dependencies: []
script:
- >
if [ "$CI_BUILD_REF_NAME" == "master" ]; then
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
else
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
fi
.trigger_deploy:
stage: deploy
tags:
- touchbit-shell
variables:
URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
.trigger_release_deploy:
extends: .trigger_deploy
only:
- tags
.trigger_snapshot_deploy:
extends: .trigger_deploy
when: manual
except:
- tags
Bi abajade, ninu awọn iṣẹ Java funrararẹ, .gitlab-ci.yml dabi iwapọ pupọ ati kii ṣe ọrọ-ọrọ.
.gitlab-ci.yml
include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml
Shields4J:
extends: .build_java_project
Sphinx doc:
extends: .build_sphinx_doc
variables:
DOCKERFILE: .docs/Dockerfile
Sonar review:
extends: .sonar_review
dependencies:
- Shields4J
Release:
extends: .trigger_release_deploy
Snapshot:
extends: .trigger_snapshot_deploy
Pom.xml iṣeto ni
A ṣe apejuwe koko yii ni awọn alaye nla. в , nitorina Emi yoo ṣe apejuwe diẹ ninu awọn nuances ti lilo awọn afikun. Emi yoo tun ṣe apejuwe bi o ṣe rọrun ati isinmi ti o le lo nexus-staging-maven-pluginti o ko ba fẹ tabi ko le lo org.sonatype.oss:oss-parent bi obi fun iṣẹ akanṣe rẹ.
maven-fi sori ẹrọ-afikun
Fi awọn modulu sori ibi ipamọ agbegbe.
Wulo pupọ fun iṣeduro agbegbe ti awọn solusan ni awọn iṣẹ akanṣe miiran, bakanna bi checksum kan.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- Если у вас многомодульный проект с деплоем родительского помика -->
<phase>install</phase>
<!-- Явно указываем файлы для локальной установки -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- Принудительное обновление метаданных проекта -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- Контрольные суммы для проверки целостности -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
maven-javadoc-afikun
Ṣiṣẹda Javadoc fun iṣẹ akanṣe naa.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
<phase>prepare-package</phase>
<configuration>
<!-- Очень помогает в публичных проектах -->
<failOnError>true</failOnError>
<failOnWarnings>true</failOnWarnings>
<!-- Убирает ошибку поиска документации в target директории -->
<detectOfflineLinks>false</detectOfflineLinks>
</configuration>
</execution>
</executions>
</plugin>Ti o ba ni module ti ko ni java ninu (fun apẹẹrẹ awọn orisun nikan)
Tabi o ko fẹ lati ṣe ipilẹṣẹ javadoc ni ipilẹ, lẹhinna ṣe iranlọwọ maven-jar-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>empty-javadoc-jar</id>
<phase>generate-resources</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>javadoc</classifier>
<classesDirectory>${basedir}/javadoc</classesDirectory>
</configuration>
</execution>
</executions>
</plugin>
maven-gpg-afikun
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<!-- Сборка будет падать, если отсутствует GPG ключ -->
<!-- Подписываем артефакты только на фазе deploy -->
<phase>deploy</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
nexus-staging-maven-afikun
Iṣeto:
<project>
<!-- ... -->
<build>
<plugins>
<!-- ... -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- Обновляем метаданные, чтобы пометить артефакт как release -->
<!-- Не влияет на snapshot версии -->
<updateReleaseInfo>true</updateReleaseInfo>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<!-- Отключаем плагин -->
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype</id>
<name>Nexus Snapshot Repository</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>Ti o ba ni iṣẹ akanṣe pupọ-module ati pe o ko nilo lati po si module kan pato si ibi ipamọ, lẹhinna o nilo lati ṣafikun nexus-staging-maven-plugin pelu asia skipNexusStagingDeployMojo
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
</plugin>
</plugins>
</build>Lẹhin igbasilẹ, aworan aworan/awọn ẹya itusilẹ wa ninu
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- Не надо указывать флаги snapshot/release для репозитория -->
</repository>
</repositories>Awọn afikun diẹ sii
- Atokọ ọlọrọ pupọ ti awọn ibi-afẹde fun ṣiṣẹ pẹlu ibi ipamọ nexus (
mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin). - Ayẹwo idasilẹ aifọwọyi fun ikojọpọ si aringbungbun maven
Esi
Titẹjade ẹya SNAPSHOT
Nigbati o ba n kọ iṣẹ akanṣe kan, o ṣee ṣe lati ṣe ifilọlẹ iṣẹ-ṣiṣe pẹlu ọwọ lati ṣe igbasilẹ ẹya SNAPSHOT si nexus
Nigbati a ba ṣe ifilọlẹ iṣẹ-ṣiṣe yii, iṣẹ-ṣiṣe ti o baamu ninu iṣẹ imuṣiṣẹ naa yoo fa ().
Akọsilẹ gige
Running with gitlab-runner 11.10.0 (3001a600)
on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0 [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO] Updating project org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:client
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:test-core
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:testng
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:client
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO] * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [ 2.375 s]
[INFO] test-core .......................................... SUCCESS [ 3.929 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------Bi abajade, a ti gbe ẹya naa sinu nexus .
Gbogbo awọn ẹya aworan le paarẹ lati ibi ipamọ lori oju opo wẹẹbu labẹ àkọọlẹ rẹ.
Titẹjade ẹya idasilẹ
Nigbati aami kan ba ti fi sii, iṣẹ-ṣiṣe ti o baamu ninu iṣẹ imuṣiṣẹ naa yoo jẹ okunfa laifọwọyi lati ṣe igbasilẹ ẹya idasilẹ si nexus ().
Apakan ti o dara julọ ni pe itusilẹ isunmọ ti nfa laifọwọyi ni nexus.
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------Ati pe ti nkan kan ba jẹ aṣiṣe, iṣẹ-ṣiṣe yoo dajudaju kuna
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------Bi abajade, a fi wa silẹ pẹlu yiyan nikan. Boya pa ẹya yii rẹ tabi ṣe atẹjade.
Lẹhin igbasilẹ, lẹhin igba diẹ awọn ohun-ọṣọ yoo wa
offtopic
O jẹ wiwa fun mi pe maven ṣe atọka awọn ibi ipamọ gbogbo eniyan miiran.
Mo ni lati ṣafikun robots.txt nitori pe o ṣe atọka ibi ipamọ atijọ mi.
ipari
Ohun ti a ni
- Ise agbese imuṣiṣẹ lọtọ ninu eyiti o le ṣe ọpọlọpọ awọn iṣẹ ṣiṣe CI fun ikojọpọ awọn ohun-iṣere si awọn ibi ipamọ ti gbogbo eniyan fun ọpọlọpọ awọn ede idagbasoke.
- Ise agbese Deploy jẹ iyasọtọ lati kikọlu ita ati pe o le yipada nipasẹ awọn olumulo nikan pẹlu awọn ipa Olutọju ati Olutọju.
- Isare Specific lọtọ pẹlu kaṣe “gbona” lati mu awọn iṣẹ ṣiṣe nikan ṣiṣẹ.
- Titẹjade aworan aworan/awọn ẹya itusilẹ ni ibi ipamọ gbogbo eniyan.
- Ayẹwo aifọwọyi ti ẹya idasilẹ fun imurasilẹ fun titẹjade ni aringbungbun maven.
- Idaabobo lodi si atẹjade laifọwọyi ti awọn ẹya “aise” ni aringbungbun maven.
- Kọ ati ṣe atẹjade awọn ẹya aworan “lori tẹ”.
- Ibi ipamọ ẹyọkan fun gbigba awọn ẹya fọto fọto/itusilẹ.
- Pipeline gbogbogbo fun kikọ / idanwo / titẹjade iṣẹ akanṣe Java kan.
Ṣiṣeto GitLab CI kii ṣe idiju koko-ọrọ bi o ṣe dabi ni iwo akọkọ. O to lati ṣeto CI lori ipilẹ turnkey ni igba meji, ati ni bayi o ti jinna si magbowo ninu ọran yii. Pẹlupẹlu, iwe GitLab jẹ apọju pupọ. Maṣe bẹru lati ṣe igbesẹ akọkọ. Ọna naa han labẹ awọn igbesẹ ti eniyan ti nrin (Emi ko ranti ẹniti o sọ :)
Emi yoo dun lati gba esi.
Ninu nkan ti o tẹle Emi yoo sọrọ nipa bii o ṣe le tunto GitLab CI lati ṣiṣẹ awọn iṣẹ ṣiṣe pẹlu awọn idanwo isọpọ ni idije (nṣiṣẹ awọn iṣẹ labẹ idanwo nipa lilo docker-compose) ti o ba ni olusare ikarahun kan nikan.
orisun: www.habr.com