Kulesi sihloko, ngifuna ukubhekisisa inqubo yokushicilela i-artifact ye-Java kusukela ekuqaleni ngokusebenzisa Izenzo ze-Github kuya ku-Sonatype Maven Central Repository usebenzisa umakhi we-Gradle.
Nginqume ukubhala lesi sihloko ngenxa yokuntuleka kokufundisa okujwayelekile endaweni eyodwa. Lonke ulwazi bekufanele luqoqwe iziqephu ngezingxenye emithonjeni ehlukahlukene, ngaphezu kwalokho, hhayi olusha ngokuphelele. Ubani onendaba, wamukelekile ngaphansi kwekati.
Ukudala indawo yokugcina ku-Sonatype
Isinyathelo sokuqala ukwakha indawo yokugcina e-Sonatype Maven Central. Ngenxa yalokhu siyahamba
Esikhathini esithile ngemva kokuqinisekiswa, i-GroupId yakho izokwakhiwa futhi singadlulela esinyathelweni esilandelayo, ukucushwa kwe-Gradle.
Ilungiselela i-Gradle
Ngesikhathi sokubhala, angizange ngithole ama-plugin we-Gradle angasiza ngokushicilela i-artifact.
Into yokuqala okufanele uyithole yizimfuneko ze-Sonatype zokushicilela. Lawa alandelayo:
- Ukutholakala kwamakhodi omthombo kanye ne-JavaDoc, isb. kumele babekhona
-sources.jar
ΠΈ-javadoc.jar
amafayela. Njengoba kushiwo kumadokhumenti, uma kungenakwenzeka ukunikeza amakhodi omthombo noma imibhalo, ungenza i-dummy-sources.jar
noma-javadoc.jar
nge-README elula ngaphakathi ukuze uphumelele ukuhlolwa. - Wonke amafayela kufanele asayinwe ngawo
GPG/PGP
futhi.asc
ifayela eliqukethe isiginesha kufanele lifakwe kufayela ngalinye. - Ukutholakala
pom
ifayela - Amanani alungile
groupId
,artifactId
ΠΈversion
. Inguqulo ingaba iyunithi yezinhlamvu engafanele futhi ayikwazi ukugcina ngayo-SNAPSHOT
- Ubukhona buyadingeka
name
,description
ΠΈurl
- Ukuba khona kolwazi mayelana nelayisensi, abathuthukisi kanye nesistimu yokulawula inguqulo
Lena imithetho eyisisekelo okufanele ilandelwe lapho kushicilelwa. Ulwazi olugcwele luyatholakala
Senza lezi zidingo ku build.gradle
ifayela. Okokuqala, ake sengeze lonke ulwazi oludingekayo mayelana nonjiniyela, amalayisense, isistimu yokulawula inguqulo, futhi sisethe i-url, igama nencazelo yephrojekthi. Ake sibhale indlela elula yalokhu:
def customizePom(pom) {
pom.withXml {
def root = asNode()
root.dependencies.removeAll { dep ->
dep.scope == "test"
}
root.children().last() + {
resolveStrategy = DELEGATE_FIRST
description 'Some description of artifact'
name 'Artifct name'
url 'https://github.com/login/projectname'
organization {
name 'com.github.login'
url 'https://github.com/login'
}
issueManagement {
system 'GitHub'
url 'https://github.com/login/projectname/issues'
}
licenses {
license {
name 'The Apache License, Version 2.0'
url 'http://www.apache.org/licenses/LICENSE-2.0.txt'
}
}
scm {
url 'https://github.com/login/projectname'
connection 'scm:https://github.com/login/projectname.git'
developerConnection 'scm:git://github.com/login/projectname.git'
}
developers {
developer {
id 'dev'
name 'DevName'
email '[email protected]'
}
}
}
}
}
Okulandelayo, udinga ukucacisa lokho ngesikhathi somhlangano owenziwe -sources.jar
ΠΈ-javadoc.jar
amafayela. Okwalesi sigaba java
udinga ukwengeza okulandelayo:
java {
withJavadocJar()
withSourcesJar()
}
Masiqhubekele esimisweni sokugcina, simise isiginesha ye-GPG/PGP. Ukuze wenze lokhu, xhuma i-plugin signing
:
plugins {
id 'signing'
}
Bese wengeza isigaba:
signing {
sign publishing.publications
}
Ekugcineni, ake sengeze isigaba publishing
:
publishing {
publications {
mavenJava(MavenPublication) {
customizePom(pom)
groupId group
artifactId archivesBaseName
version version
from components.java
}
}
repositories {
maven {
url "https://oss.sonatype.org/service/local/staging/deploy/maven2"
credentials {
username sonatypeUsername
password sonatypePassword
}
}
}
}
kuyinto sonatypeIgama lomsebenzisi ΠΈ sonatypePassword okuguquguqukayo okuqukethe ukungena ngemvume nephasiwedi okudalwe ngesikhathi sokubhalisa
Kanjalo kowamanqamu build.gradle
izobukeka kanje:
Ikhodi egcwele ye-build.gradle
plugins {
id 'java'
id 'maven-publish'
id 'signing'
}
java {
sourceCompatibility = JavaVersion.VERSION_1_8
targetCompatibility = JavaVersion.VERSION_1_8
withJavadocJar()
withSourcesJar()
}
group 'io.github.githublogin'
archivesBaseName = 'projectname'
version = System.getenv('RELEASE_VERSION') ?: "0.0.1"
repositories {
mavenCentral()
}
dependencies {
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.5.2'
testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.5.2'
}
test {
useJUnitPlatform()
}
jar {
from sourceSets.main.output
from sourceSets.main.allJava
}
signing {
sign publishing.publications
}
publishing {
publications {
mavenJava(MavenPublication) {
customizePom(pom)
groupId group
artifactId archivesBaseName
version version
from components.java
}
}
repositories {
maven {
url "https://oss.sonatype.org/service/local/staging/deploy/maven2"
credentials {
username sonatypeUsername
password sonatypePassword
}
}
}
}
def customizePom(pom) {
pom.withXml {
def root = asNode()
root.dependencies.removeAll { dep ->
dep.scope == "test"
}
root.children().last() + {
resolveStrategy = DELEGATE_FIRST
description 'Some description of artifact'
name 'Artifct name'
url 'https://github.com/login/projectname'
organization {
name 'com.github.login'
url 'https://github.com/githublogin'
}
issueManagement {
system 'GitHub'
url 'https://github.com/githublogin/projectname/issues'
}
licenses {
license {
name 'The Apache License, Version 2.0'
url 'http://www.apache.org/licenses/LICENSE-2.0.txt'
}
}
scm {
url 'https://github.com/githublogin/projectname'
connection 'scm:https://github.com/githublogin/projectname.git'
developerConnection 'scm:git://github.com/githublogin/projectname.git'
}
developers {
developer {
id 'dev'
name 'DevName'
email '[email protected]'
}
}
}
}
}
Ngifuna ukuqaphela ukuthi sithola inguqulo kusuka kokuguquguquka kwemvelo: System.getenv('RELEASE_VERSION')
. Sizoyidalula ngesikhathi sokuhlanganisa futhi siyisuse egameni lethegi.
Ukukhiqiza ukhiye we-PGP
Enye yezimfuneko ze-Sonatype ukuthi wonke amafayela kufanele asayinwe ngokhiye we-GPG/PGP. Ngenxa yalokhu siyahamba
- Senza ipheya yokhiye:
gpg --gen-key
, faka igama lomsebenzisi, i-imeyili, bese usetha nephasiwedi. - Siyathola
id
ukhiye wethu ngomyalo:gpg --list-secret-keys --keyid-format short
. I-id izocaciswa ngemuva kwe-slash, isibonelo: rsa2048/9B695056 - Ukushicilela ukhiye osesidlangalaleni kuseva
https://keys.openpgp.org umyalo:gpg --keyserver [https://keys.openpgp.org](https://keys.openpgp.org/) --send-keys 9B695056
- Sithekelisa ukhiye oyimfihlo endaweni engafanele, sizoyidinga ngokuzayo:
gpg --export-secret-key 9B695056 > D:\gpg\9B695056.gpg
Isetha Izenzo ze-Github
Asiqhubekele esigabeni sokugcina, simise ukwakha futhi sishicilele ngokuzenzakalela usebenzisa Izenzo ze-Github.
I-Github Actions iyisici esikuvumela ukuthi wenze ngokuzenzakalelayo ukuhamba komsebenzi ngokusebenzisa umjikelezo ogcwele we-CI/CD. Ukwakha, ukuhlola, nokusebenzisa kungaqalwa imicimbi eyahlukene: ukuphusha ikhodi, ukudalwa kokukhishwa, noma izinkinga. Lokhu kusebenza kumahhala ngokuphelele kumaqoqo omphakathi.
Kulesi sigaba, ngizokukhombisa ukuthi ungamisa kanjani ikhodi yokwakha neyophusha futhi uyithumele endaweni ye-Sonatype lapho ikhululwa, kanye nokusetha izimfihlo.
Sibeka izimfihlo
Ngokuhlanganisa nokusetshenziswa okuzenzakalelayo, sidinga inani lamanani ayimfihlo, njenge-id yokhiye, igama-mfihlo esilifakile lapho sikhiqiza ukhiye, ukhiye we-PGP ngokwawo, kanye ne-Sonatype yokungena/iphasiwedi. Ungawabeka esigabeni esikhethekile kuzilungiselelo zendawo yokugcina:
Setha okuguquguqukayo okulandelayo:
- SONATYPE_USERNAME / SONATYPE_PASSWORD - ukungena ngemvume / iphasiwedi esiyifakile lapho sibhalisa nge-Sonatype
- SIGNING_KEYID/SIGNING_PASSWORD β Umazisi wokhiye we-PGP nephasiwedi isethwe ngesikhathi sokukhiqiza.
Ngifuna ukuhlala kokuhlukile kwe-GPG_KEY_CONTENTS ngemininingwane eyengeziwe. Iqiniso liwukuthi ukuze sishicilelwe sidinga ukhiye oyimfihlo we-PGP. Ukuze ngikuthumele ezimfihlo, ngasebenzisa
- Masibethele ukhiye wethu nge-gpg:
gpg --symmetric --cipher-algo AES256 9B695056.gpg
ngokufaka iphasiwedi. Kufanele ibekwe kokuguquguqukayo: SECRET_PASSPHRASE - Ake sihumushe ukhiye obethelwe owamukelwe efomini lombhalo sisebenzisa i-base64:
base64 9B695056.gpg.gpg > 9B695056.txt
. Okuqukethwe kuzofakwa kokuguquguqukayo: GPG_KEY_CONTENTS.
Yakha ukusetha lapho uphusha ikhodi futhi udala i-PR
Okokuqala udinga ukudala ifolda empandeni yephrojekthi yakho: .github/workflows
.
Kuyo, maka ifayela, isibonelo, gradle-ci-build.yml
nokuqukethwe okulandelayo:
name: build
on:
push:
branches:
- master
- dev
- testing
pull_request:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Set up JDK 8
uses: actions/setup-java@v1
with:
java-version: 8
- name: Build with Gradle
uses: eskatos/gradle-command-action@v1
with:
gradle-version: current
arguments: build -PsonatypeUsername=${{secrets.SONATYPE_USERNAME}} -PsonatypePassword=${{secrets.SONATYPE_PASSWORD}}
Lolu hlelo lokusebenza luzokwenziwa lapho kufakwa amagatsha master
, dev
ΠΈ testing
, futhi lapho udala izicelo zokudonsa.
Isigaba semisebenzi sicacisa izinyathelo okufanele zisetshenziswe ezenzakalweni ezishiwo. Kulokhu, sizokwakhela enguqulweni yakamuva yobuntu, sebenzisa i-Java 8, futhi sisebenzise i-plugin ye-Gradle. eskatos/gradle-command-action@v1
okuthi, kusetshenziswa inguqulo yakamuva yomakhi, izosebenzisa imiyalo ecaciswe kuyo arguments
. Okuguquguqukayo secrets.SONATYPE_USERNAME
ΠΈ secrets.SONATYPE_PASSWORD
yizimfihlo esizibuzile ekuqaleni.
Imiphumela yokwakha izoboniswa kuthebhu ethi Izenzo:
Sebenzisa ngokuzenzakalelayo lapho kukhishwa okusha
Ake sakhe ifayela elihlukile lokugeleza komsebenzi ukuze lisetshenziswe ngokuzenzakalelayo gradle-ci-publish.yml
:
name: publish
on:
push:
tags:
- 'v*'
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Set up JDK 8
uses: actions/setup-java@v1
with:
java-version: 8
- name: Prepare to publish
run: |
echo '${{secrets.GPG_KEY_CONTENTS}}' | base64 -d > publish_key.gpg
gpg --quiet --batch --yes --decrypt --passphrase="${{secrets.SECRET_PASSPHRASE}}"
--output secret.gpg publish_key.gpg
echo "::set-env name=RELEASE_VERSION::${GITHUB_REF:11}"
- name: Publish with Gradle
uses: eskatos/gradle-command-action@v1
with:
gradle-version: current
arguments: test publish -Psigning.secretKeyRingFile=secret.gpg -Psigning.keyId=${{secrets.SIGNING_KEYID}} -Psigning.password=${{secrets.SIGNING_PASSWORD}} -PsonatypeUsername=${{secrets.SONATYPE_USERNAME}} -PsonatypePassword=${{secrets.SONATYPE_PASSWORD}}
Ifayela licishe lifane nelangaphambili, ngaphandle komcimbi lapho lizocushwa khona. Kulesi simo, lesi yisenzakalo sokudala ithegi enegama eliqala ngo-v.
Ngaphambi kokusebenzisa, sidinga ukukhipha ukhiye we-PGP kuzimfihlo futhi siwubeke empandeni yephrojekthi, futhi siwususe ukubethela. Okulandelayo, sidinga ukusetha okuguquguqukayo kwemvelo okukhethekile RELEASE_VERSION
esibhekisela kukho gradle.build
ifayela. Konke lokhu kwenziwa esigabeni Prepare to publish
. Sithola ukhiye wethu kokuguquguqukayo kwe-GPG_KEY_CONTENTS, siwuhumushele kufayela le-gpg, bese sisusa ukubethela ngokusifaka efayelini. secret.gpg
.
Okulandelayo, siphendukela kokuguquguquka okukhethekile GITHUB_REF
, lapho singathola khona inguqulo esiyibeka lapho sidala ithegi. Lokhu okuguquguqukayo kuyafaneleka kuleli cala. refs/tags/v0.0.2
lapho sinqamule khona izinhlamvu zokuqala eziyi-11 ukuze sithole inguqulo ethile. Okulandelayo, sisebenzisa imiyalo ejwayelekile ye-Gradle yokushicilela: test publish
Ihlola imiphumela yokuthunyelwa endaweni ye-Sonatype
Uma ukukhishwa sekudaliwe, ukugeleza komsebenzi okuchazwe esigabeni sangaphambilini kufanele kuqale. Ukuze wenze lokhu, dala ukukhishwa:
igama lethegi kufanele liqale ngo-v. Uma, ngemva kokuchofoza Shicilela ukukhishwa, ukuhamba komsebenzi kuqeda ngempumelelo, singaya ku
I-artifact ivele endaweni yokugcina ye-Staging. Ivele ngokushesha ku-Open status, bese kufanele idluliselwe mathupha ku-Vala isimo ngokucindezela inkinobho efanelekile. Ngemva kokuhlola ukuthi zonke izimfuneko ziyahlangatshezwa yini, i-artifact ingena kokuthi Vala futhi ayisatholakali ukuze ilungiswe. Kuleli fomu, izophelela eMavenCentral. Uma konke kuhamba kahle, ungacindezela inkinobho release, futhi i-artifact izogcina isendaweni ye-Sonatype.
Ukuze i-artifact ingene ku-MavenCentral, udinga ukuyicela emsebenzini esiwudale ekuqaleni. Udinga ukwenza lokhu kanye kuphela, ngakho-ke sishicilela okokuqala ngqa. Ezikhathini ezilandelayo, lokhu akudingekile, yonke into izovumelaniswa ngokuzenzakalelayo. Bangivulele ukuvumelanisa ngokushesha, kodwa kuthathe cishe izinsuku ezi-5 ukuthi i-artifact itholakale e-MavenCentral.
Yilokho kuphela, sishicilele i-artifact yethu e-MavenCentral.
Izixhumanisi eziwusizo
- Okufanayo
indatshana , shicilela kuphela nge-maven - Isiteji
inqolobane I-Sonatype Jira I-Sonatype lapho uzodala khona umsebenziIsibonelo: indawo yokugcina lapho konke kusethiwe
Source: www.habr.com