Kulesi sihloko, ngifuna ukubhekisisa inqubo yokushicilela i-artifact ye-Java kusukela ekuqaleni ngokusebenzisa Izenzo ze-Github kuya ku-Sonatype Maven Central Repository usebenzisa umakhi we-Gradle.
Nginqume ukubhala lesi sihloko ngenxa yokuntuleka kokufundisa okujwayelekile endaweni eyodwa. Lonke ulwazi bekufanele luqoqwe iziqephu ngezingxenye emithonjeni ehlukahlukene, ngaphezu kwalokho, hhayi olusha ngokuphelele. Ubani onendaba, wamukelekile ngaphansi kwekati.
Ukudala indawo yokugcina ku-Sonatype
Isinyathelo sokuqala ukwakha indawo yokugcina e-Sonatype Maven Central. Ngenxa yalokhu siyahamba , bhalisa futhi udale umsebenzi omusha, usicela ukuthi sakhe indawo yokugcina. Sihamba ngemoto yethu I-GroupId iphrojekthi, I-URL yephrojekthi isixhumanisi sephrojekthi kanye I-url ye-SCM isixhumanisi sesistimu yokulawula inguqulo lapho iphrojekthi itholakala khona. I-GroupId lapha kufanele kube yifomu elithi com.example, com.example.domain, com.example.testsupport, futhi kungaba ngendlela yesixhumanisi esiya ku-github yakho: -> io.github.igama lakho lomsebenzisi. Kunoma ikuphi, uzodinga ukuthi uqinisekise ubunikazi balesi sizinda noma iphrofayela. Uma ucacise iphrofayela ye-github, uzocelwa ukuthi udale indawo yokugcina yomphakathi enegama olifunayo.
Esikhathini esithile ngemva kokuqinisekiswa, i-GroupId yakho izokwakhiwa futhi singadlulela esinyathelweni esilandelayo, ukucushwa kwe-Gradle.
Ilungiselela i-Gradle
Ngesikhathi sokubhala, angizange ngithole ama-plugin we-Gradle angasiza ngokushicilela i-artifact. okuwukuphela kwe-plugin engiyitholile, nokho, umbhali wenqabile ukuqhubeka nokuyisekela. Ngakho-ke, nganquma ukwenza konke ngokwami, ngoba akunzima kakhulu ukwenza lokhu.
Into yokuqala okufanele uyithole yizimfuneko ze-Sonatype zokushicilela. Lawa alandelayo:
- Ukutholakala kwamakhodi omthombo kanye ne-JavaDoc, isb. kumele babekhona
-sources.jarи-javadoc.jaramafayela. Njengoba kushiwo kumadokhumenti, uma kungenakwenzeka ukunikeza amakhodi omthombo noma imibhalo, ungenza i-dummy-sources.jarnoma-javadoc.jarnge-README elula ngaphakathi ukuze uphumelele ukuhlolwa. - Wonke amafayela kufanele asayinwe ngawo
GPG/PGPfuthi.ascifayela eliqukethe isiginesha kufanele lifakwe kufayela ngalinye. - Ukutholakala
pomifayela - Amanani alungile
groupId,artifactIdиversion. Inguqulo ingaba iyunithi yezinhlamvu engafanele futhi ayikwazi ukugcina ngayo-SNAPSHOT - Ubukhona buyadingeka
name,descriptionиurl - Ukuba khona kolwazi mayelana nelayisensi, abathuthukisi kanye nesistimu yokulawula inguqulo
Lena imithetho eyisisekelo okufanele ilandelwe lapho kushicilelwa. Ulwazi olugcwele luyatholakala .
Senza lezi zidingo ku build.gradle ifayela. Okokuqala, ake sengeze lonke ulwazi oludingekayo mayelana nonjiniyela, amalayisense, isistimu yokulawula inguqulo, futhi sisethe i-url, igama nencazelo yephrojekthi. Ake sibhale indlela elula yalokhu:
def customizePom(pom) {
pom.withXml {
def root = asNode()
root.dependencies.removeAll { dep ->
dep.scope == "test"
}
root.children().last() + {
resolveStrategy = DELEGATE_FIRST
description 'Some description of artifact'
name 'Artifct name'
url 'https://github.com/login/projectname'
organization {
name 'com.github.login'
url 'https://github.com/login'
}
issueManagement {
system 'GitHub'
url 'https://github.com/login/projectname/issues'
}
licenses {
license {
name 'The Apache License, Version 2.0'
url 'http://www.apache.org/licenses/LICENSE-2.0.txt'
}
}
scm {
url 'https://github.com/login/projectname'
connection 'scm:https://github.com/login/projectname.git'
developerConnection 'scm:git://github.com/login/projectname.git'
}
developers {
developer {
id 'dev'
name 'DevName'
email 'email@dev.ru'
}
}
}
}
}Okulandelayo, udinga ukucacisa lokho ngesikhathi somhlangano owenziwe -sources.jar и-javadoc.jar amafayela. Okwalesi sigaba java udinga ukwengeza okulandelayo:
java {
withJavadocJar()
withSourcesJar()
}Masiqhubekele esimisweni sokugcina, simise isiginesha ye-GPG/PGP. Ukuze wenze lokhu, xhuma i-plugin signing:
plugins {
id 'signing'
}Bese wengeza isigaba:
signing {
sign publishing.publications
}Ekugcineni, ake sengeze isigaba publishing:
publishing {
publications {
mavenJava(MavenPublication) {
customizePom(pom)
groupId group
artifactId archivesBaseName
version version
from components.java
}
}
repositories {
maven {
url "https://oss.sonatype.org/service/local/staging/deploy/maven2"
credentials {
username sonatypeUsername
password sonatypePassword
}
}
}
}kuyinto sonatypeIgama lomsebenzisi и sonatypePassword okuguquguqukayo okuqukethe ukungena ngemvume nephasiwedi okudalwe ngesikhathi sokubhalisa .
Kanjalo kowamanqamu build.gradle izobukeka kanje:
Ikhodi egcwele ye-build.gradle
plugins {
id 'java'
id 'maven-publish'
id 'signing'
}
java {
sourceCompatibility = JavaVersion.VERSION_1_8
targetCompatibility = JavaVersion.VERSION_1_8
withJavadocJar()
withSourcesJar()
}
group 'io.github.githublogin'
archivesBaseName = 'projectname'
version = System.getenv('RELEASE_VERSION') ?: "0.0.1"
repositories {
mavenCentral()
}
dependencies {
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.5.2'
testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.5.2'
}
test {
useJUnitPlatform()
}
jar {
from sourceSets.main.output
from sourceSets.main.allJava
}
signing {
sign publishing.publications
}
publishing {
publications {
mavenJava(MavenPublication) {
customizePom(pom)
groupId group
artifactId archivesBaseName
version version
from components.java
}
}
repositories {
maven {
url "https://oss.sonatype.org/service/local/staging/deploy/maven2"
credentials {
username sonatypeUsername
password sonatypePassword
}
}
}
}
def customizePom(pom) {
pom.withXml {
def root = asNode()
root.dependencies.removeAll { dep ->
dep.scope == "test"
}
root.children().last() + {
resolveStrategy = DELEGATE_FIRST
description 'Some description of artifact'
name 'Artifct name'
url 'https://github.com/login/projectname'
organization {
name 'com.github.login'
url 'https://github.com/githublogin'
}
issueManagement {
system 'GitHub'
url 'https://github.com/githublogin/projectname/issues'
}
licenses {
license {
name 'The Apache License, Version 2.0'
url 'http://www.apache.org/licenses/LICENSE-2.0.txt'
}
}
scm {
url 'https://github.com/githublogin/projectname'
connection 'scm:https://github.com/githublogin/projectname.git'
developerConnection 'scm:git://github.com/githublogin/projectname.git'
}
developers {
developer {
id 'dev'
name 'DevName'
email 'email@dev.ru'
}
}
}
}
}Ngifuna ukuqaphela ukuthi sithola inguqulo kusuka kokuguquguquka kwemvelo: System.getenv('RELEASE_VERSION'). Sizoyidalula ngesikhathi sokuhlanganisa futhi siyisuse egameni lethegi.
Ukukhiqiza ukhiye we-PGP
Enye yezimfuneko ze-Sonatype ukuthi wonke amafayela kufanele asayinwe ngokhiye we-GPG/PGP. Ngenxa yalokhu siyahamba bese ulanda insiza ye-GnuPG yesistimu yakho yokusebenza.
- Senza ipheya yokhiye:
gpg --gen-key, faka igama lomsebenzisi, i-imeyili, bese usetha nephasiwedi. - Siyathola
idukhiye wethu ngomyalo:gpg --list-secret-keys --keyid-format short. I-id izocaciswa ngemuva kwe-slash, isibonelo: rsa2048/9B695056 - Ukushicilela ukhiye osesidlangalaleni kuseva umyalo:
gpg --keyserver [https://keys.openpgp.org](https://keys.openpgp.org/) --send-keys 9B695056 - Sithekelisa ukhiye oyimfihlo endaweni engafanele, sizoyidinga ngokuzayo:
gpg --export-secret-key 9B695056 > D:\gpg\9B695056.gpg
Isetha Izenzo ze-Github
Asiqhubekele esigabeni sokugcina, simise ukwakha futhi sishicilele ngokuzenzakalela usebenzisa Izenzo ze-Github.
I-Github Actions iyisici esikuvumela ukuthi wenze ngokuzenzakalelayo ukuhamba komsebenzi ngokusebenzisa umjikelezo ogcwele we-CI/CD. Ukwakha, ukuhlola, nokusebenzisa kungaqalwa imicimbi eyahlukene: ukuphusha ikhodi, ukudalwa kokukhishwa, noma izinkinga. Lokhu kusebenza kumahhala ngokuphelele kumaqoqo omphakathi.
Kulesi sigaba, ngizokukhombisa ukuthi ungamisa kanjani ikhodi yokwakha neyophusha futhi uyithumele endaweni ye-Sonatype lapho ikhululwa, kanye nokusetha izimfihlo.
Sibeka izimfihlo
Ngokuhlanganisa nokusetshenziswa okuzenzakalelayo, sidinga inani lamanani ayimfihlo, njenge-id yokhiye, igama-mfihlo esilifakile lapho sikhiqiza ukhiye, ukhiye we-PGP ngokwawo, kanye ne-Sonatype yokungena/iphasiwedi. Ungawabeka esigabeni esikhethekile kuzilungiselelo zendawo yokugcina:
Setha okuguquguqukayo okulandelayo:
- SONATYPE_USERNAME / SONATYPE_PASSWORD - ukungena ngemvume / iphasiwedi esiyifakile lapho sibhalisa nge-Sonatype
- SIGNING_KEYID/SIGNING_PASSWORD — Umazisi wokhiye we-PGP nephasiwedi isethwe ngesikhathi sokukhiqiza.
Ngifuna ukuhlala kokuhlukile kwe-GPG_KEY_CONTENTS ngemininingwane eyengeziwe. Iqiniso liwukuthi ukuze sishicilelwe sidinga ukhiye oyimfihlo we-PGP. Ukuze ngikuthumele ezimfihlo, ngasebenzisa futhi ngaphezu kwalokho wenza izenzo eziningi.
- Masibethele ukhiye wethu nge-gpg:
gpg --symmetric --cipher-algo AES256 9B695056.gpgngokufaka iphasiwedi. Kufanele ibekwe kokuguquguqukayo: SECRET_PASSPHRASE - Ake sihumushe ukhiye obethelwe owamukelwe efomini lombhalo sisebenzisa i-base64:
base64 9B695056.gpg.gpg > 9B695056.txt. Okuqukethwe kuzofakwa kokuguquguqukayo: GPG_KEY_CONTENTS.
Yakha ukusetha lapho uphusha ikhodi futhi udala i-PR
Okokuqala udinga ukudala ifolda empandeni yephrojekthi yakho: .github/workflows.
Kuyo, maka ifayela, isibonelo, gradle-ci-build.yml nokuqukethwe okulandelayo:
name: build
on:
push:
branches:
- master
- dev
- testing
pull_request:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Set up JDK 8
uses: actions/setup-java@v1
with:
java-version: 8
- name: Build with Gradle
uses: eskatos/gradle-command-action@v1
with:
gradle-version: current
arguments: build -PsonatypeUsername=${{secrets.SONATYPE_USERNAME}} -PsonatypePassword=${{secrets.SONATYPE_PASSWORD}}Lolu hlelo lokusebenza luzokwenziwa lapho kufakwa amagatsha master, dev и testing, futhi lapho udala izicelo zokudonsa.
Isigaba semisebenzi sichaza izinyathelo okufanele zenziwe ngokusekelwe ezenzakalweni ezichaziwe. Kulesi simo, sizokwakha phezu kwenguqulo yakamuva. ubuntu, sebenzisa iJava 8, futhi usebenzise i-plugin yeGradle eskatos/gradle-command-action@v1okuthi, kusetshenziswa inguqulo yakamuva yomakhi, izosebenzisa imiyalo ecaciswe kuyo arguments. Okuguquguqukayo secrets.SONATYPE_USERNAME и secrets.SONATYPE_PASSWORD yizimfihlo esizibuzile ekuqaleni.
Imiphumela yokwakha izoboniswa kuthebhu ethi Izenzo:
Sebenzisa ngokuzenzakalelayo lapho kukhishwa okusha
Ake sakhe ifayela elihlukile lokugeleza komsebenzi ukuze lisetshenziswe ngokuzenzakalelayo gradle-ci-publish.yml:
name: publish
on:
push:
tags:
- 'v*'
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Set up JDK 8
uses: actions/setup-java@v1
with:
java-version: 8
- name: Prepare to publish
run: |
echo '${{secrets.GPG_KEY_CONTENTS}}' | base64 -d > publish_key.gpg
gpg --quiet --batch --yes --decrypt --passphrase="${{secrets.SECRET_PASSPHRASE}}"
--output secret.gpg publish_key.gpg
echo "::set-env name=RELEASE_VERSION::${GITHUB_REF:11}"
- name: Publish with Gradle
uses: eskatos/gradle-command-action@v1
with:
gradle-version: current
arguments: test publish -Psigning.secretKeyRingFile=secret.gpg -Psigning.keyId=${{secrets.SIGNING_KEYID}} -Psigning.password=${{secrets.SIGNING_PASSWORD}} -PsonatypeUsername=${{secrets.SONATYPE_USERNAME}} -PsonatypePassword=${{secrets.SONATYPE_PASSWORD}}Ifayela licishe lifane nelangaphambili, ngaphandle komcimbi lapho lizocushwa khona. Kulesi simo, lesi yisenzakalo sokudala ithegi enegama eliqala ngo-v.
Ngaphambi kokusebenzisa, sidinga ukukhipha ukhiye we-PGP kuzimfihlo futhi siwubeke empandeni yephrojekthi, futhi siwususe ukubethela. Okulandelayo, sidinga ukusetha okuguquguqukayo kwemvelo okukhethekile RELEASE_VERSION esibhekisela kukho gradle.build ifayela. Konke lokhu kwenziwa esigabeni Prepare to publish. Sithola ukhiye wethu kokuguquguqukayo kwe-GPG_KEY_CONTENTS, siwuhumushele kufayela le-gpg, bese sisusa ukubethela ngokusifaka efayelini. secret.gpg.
Okulandelayo, siphendukela kokuguquguquka okukhethekile GITHUB_REF, lapho singathola khona inguqulo esiyibeka lapho sidala ithegi. Lokhu okuguquguqukayo kuyafaneleka kuleli cala. refs/tags/v0.0.2 lapho sinqamule khona izinhlamvu zokuqala eziyi-11 ukuze sithole inguqulo ethile. Okulandelayo, sisebenzisa imiyalo ejwayelekile ye-Gradle yokushicilela: test publish
Ihlola imiphumela yokuthunyelwa endaweni ye-Sonatype
Uma ukukhishwa sekudaliwe, ukugeleza komsebenzi okuchazwe esigabeni sangaphambilini kufanele kuqale. Ukuze wenze lokhu, dala ukukhishwa:
igama lethegi kufanele liqale ngo-v. Uma, ngemva kokuchofoza Shicilela ukukhishwa, ukuhamba komsebenzi kuqeda ngempumelelo, singaya ku ukuze uqinisekise:
I-artifact ivele endaweni yokugcina ye-Staging. Ivele ngokushesha ku-Open status, bese kufanele idluliselwe mathupha ku-Vala isimo ngokucindezela inkinobho efanelekile. Ngemva kokuhlola ukuthi zonke izimfuneko ziyahlangatshezwa yini, i-artifact ingena kokuthi Vala futhi ayisatholakali ukuze ilungiswe. Kuleli fomu, izophelela eMavenCentral. Uma konke kuhamba kahle, ungacindezela inkinobho release, futhi i-artifact izogcina isendaweni ye-Sonatype.
Ukuze i-artifact ingene ku-MavenCentral, udinga ukuyicela emsebenzini esiwudale ekuqaleni. Udinga ukwenza lokhu kanye kuphela, ngakho-ke sishicilela okokuqala ngqa. Ezikhathini ezilandelayo, lokhu akudingekile, yonke into izovumelaniswa ngokuzenzakalelayo. Bangivulele ukuvumelanisa ngokushesha, kodwa kuthathe cishe izinsuku ezi-5 ukuthi i-artifact itholakale e-MavenCentral.
Yilokho kuphela, sishicilele i-artifact yethu e-MavenCentral.
Izixhumanisi eziwusizo
- Okufanayo , shicilela kuphela nge-maven
- Isiteji I-Sonatype
- I-Sonatype lapho uzodala khona umsebenzi
- indawo yokugcina lapho konke kusethiwe
Source: www.habr.com
