Lesi sihloko senzelwe onjiniyela be-java abanesidingo sokushicilela imikhiqizo yabo ngokushesha nge-sonatype kanye/noma amakhosombe amaphakathi e-maven basebenzisa i-GitLab. Kulesi sihloko ngizokhuluma ngokusetha i-gitlab-runner, i-gitlab-ci ne-maven-plugin ukuxazulula le nkinga.
Okudingeka kuqala:
- Isitoreji esivikelekile sokhiye be-mvn kanye ne-GPG.
- Ukwenziwa okuvikelekile kwemisebenzi ye-CI yomphakathi.
- Ilayisha ama-artifact (ukukhishwa/isifinyezo) kumakhosombe asesidlangalaleni.
- Ukuhlola okuzenzakalelayo kwezinguqulo zokukhishwa ukuze zishicilelwe enkabeni ye-maven.
- Isixazululo esijwayelekile sokulayisha ama-artifact endaweni yokugcina amaphrojekthi amaningi.
- Kulula futhi kulula ukuyisebenzisa.
Okuqukethwe
Ulwazi General Ukusetha ukuthunyelwa kwephrojekthi ku-GitLab I-GitLab Runner IGitLab CI Ukucushwa kwe-Pom.xml Umphumela isiphetho
Ulwazi General
- Incazelo enemininingwane yendlela yokushicilela ama-artifact e-Maven Central nge-Sonatype OSS Repository Hosting Service isivele ichazwe ku-
Lesi sihloko umsebenzisiI-Googolplex , ngakho ngizobhekisela kulesi sihloko ezindaweni ezifanele. - Bhalisa kusengaphambili
I-Sonatype JIRA bese uvule ithikithi lokuvula indawo yokugcina (funda isigaba ukuze uthole imininingwane eyengeziweDala ithikithi ku-Sonatype JIRA ). Ngemva kokuvula inqolobane, ukubhanqwa kokungena/kwephasiwedi kusuka ku-JIRA (ngemuva kwalokhu okubizwa ngokuthi i-akhawunti ye-Sonatype) kuzosetshenziselwa ukulayisha ama-artifact ku-Sonatype nexus. - Okulandelayo, inqubo yokukhiqiza ukhiye we-GPG ichazwa ngokome kakhulu. Bona isigaba ukuze uthole imininingwane eyengeziwe
Ilungiselela i-GnuPG ukuze isayine ama-artifact - Uma usebenzisa ikhonsoli ye-Linux ukuze ukhiqize ukhiye we-GPG (gnupg/gnupg2), udinga ukufaka
Ama-rng-amathuluzi ukwenza i-entropy. Uma kungenjalo, ukukhiqiza ukhiye kungase kuthathe isikhathi eside kakhulu. - Amasevisi esitoreji umphakathi GPG okhiye
http://keys.gnupg.net http://pool.sks-keyservers.net http://keyserver.ubuntu.com
Ukusetha iphrojekthi yokuphakela ku-GitLab
- Okokuqala, udinga ukudala futhi ulungiselele iphrojekthi lapho ipayipi lizogcinwa khona ukuze kusetshenziswe ama-artifact. Ngiqambe iphrojekthi yami kalula futhi kalula -
ukuhambisa - Ngemuva kokudala indawo yokugcina, udinga ukukhawulela ukufinyelela ukuze ushintshe indawo yokugcina.
Iya kuphrojekthi -> Izilungiselelo -> Indawo yokugcina -> Amagatsha Avikelwe. Sisusa yonke imithetho futhi sengeza umthetho owodwa nge-Wildcard * esinelungelo lokusunduza kanye nokuhlanganisa kuphela kubasebenzisi abanendima yabagcini. Lo mthetho uzosebenza kubo bonke abasebenzisi bayo bobabili le phrojekthi kanye neqembu le phrojekthi eyingxenye yalo.
- Uma kunabanakekeli abambalwa, khona-ke isisombululo esingcono kakhulu kungaba ukukhawulela ukufinyelela kuphrojekthi ngokomgomo.
Iya kuphrojekthi -> Izilungiselelo -> Okujwayelekile -> Ukubonakala, izici zephrojekthi, izimvume bese usetha ukubonakala kwephrojekthi kube Private.
Nginephrojekthi efinyeleleka esidlangalaleni, njengoba ngisebenzisa eyami i-GitLab Runner futhi yimina kuphela onokufinyelela ukushintsha inqolobane. Nokho, empeleni, akusikho ezintshisakalweni zami ukukhombisa ulwazi oluyimfihlo kulogi lwamapayipi omphakathi. - Ukuqinisa imithetho yokushintsha indawo yokugcina
Iya kuphrojekthi -> Izilungiselelo -> Indawo yokugcina -> Imithetho Yokusunduza bese usetha umkhawulo we-Committer, Hlola ukuthi umbhali ungamafulege omsebenzisi we-GitLab. Futhi ngincoma ukusethabophezela isiginesha , bese usetha ifulegi elithi Nqaba imisebenzi engasayiniwe. - Okulandelayo udinga ukumisa i-trigger ukuze uqalise imisebenzi
Iya kuphrojekthi -> Izilungiselelo -> CI / CD -> Izicuphi zepayipi bese udala ithokheni entsha yokuqalisa
Leli thokheni lingangezwa ngokushesha ekucushweni okujwayelekile kokuguquguquka kweqembu lamaphrojekthi.
Iya eqenjini -> Izilungiselelo -> CI / CD -> Okuguquguqukayo bese wengeza okuguquguqukayoDEPLOY_TOKEN
nge-trigger-token ngevelu.
I-GitLab Runner
Lesi sigaba sichaza ukucushwa kokuqalisa imisebenzi ekusetshenzisweni usebenzisa umgijimi wakho (Okucacisiwe) kanye nowomphakathi (Okwabiwe).
Umgijimi othize
Ngisebenzisa abagijimi bami ngoba, okokuqala, kuyafaneleka, kuyashesha, futhi kushibhile.
Kumgijimi, ngincoma i-Linux VDS ene-1 CPU, 2 GB RAM, 20 GB HDD. Intengo yokukhishwa ingu-~3000₽ ngonyaka.
Umgijimi wami
Kumgijimi ngithathe i-VDS 4 CPU, 4 GB RAM, 50 GB SSD. Izindleko ~11000₽ futhi angikaze ngizisole ngakho.
Nginemishini engu-7 isiyonke. 5 e-aruba no-2 ku-ihor.
Ngakho sinomgijimi. Manje sizoyilungisa.
Siya emshinini nge-SSH bese sifaka i-java, git, maven, gnupg2.
Ifaka umgijimi we-gitlab
- Dala iqembu elisha
runner
sudo groupadd runner
- Dala uhla lwemibhalo lwenqolobane ye-maven futhi unikeze izimvume zeqembu
runner
Ungeqa leli phuzu uma ungahlelile ukugijima abagijimi abambalwa emshinini owodwa.mkdir -p /usr/cache/.m2/repository chown -R :runner /usr/cache chmod -R 770 /usr/cache
- Dala umsebenzisi
gitlab-deployer
bese wengeza eqenjinirunner
useradd -m -d /home/gitlab-deployer gitlab-deployer usermod -a -G runner gitlab-deployer
- Engeza kufayela
/etc/ssh/sshd_config
umugqa olandelayoAllowUsers root@* [email protected]
- Qalisa kabusha
sshd
systemctl restart sshd
- Ukusetha iphasiwedi yomsebenzisi
gitlab-deployer
(kungaba lula, njengoba kunomkhawulo we-localhost)passwd gitlab-deployer
- Faka i-GitLab Runner (Linux x86-64)
sudo wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 sudo chmod +x /usr/local/bin/gitlab-runner ln -s /usr/local/bin/gitlab-runner /etc/alternatives/gitlab-runner ln -s /etc/alternatives/gitlab-runner /usr/bin/gitlab-runner
- Iya kuwebhusayithi gitlab.com -> deploy-project -> Izilungiselelo -> CI/CD -> Runners -> Specific Runners bese ukopisha ithokheni yokubhalisa
Isikrini
- Ukubhalisa umgijimi
gitlab-runner register --config /etc/gitlab-runner/gitlab-deployer-config.toml
Inqubo
Runtime platform arch=amd64 os=linux pid=17594 revision=3001a600 version=11.10.0
Running in system-mode.
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
REGISTRATION_TOKEN
Please enter the gitlab-ci description for this runner:
[ih1174328.vds.myihor.ru]: Deploy Runner
Please enter the gitlab-ci tags for this runner (comma separated):
deploy
Registering runner... succeeded runner=ZvKdjJhx
Please enter the executor: docker-ssh, parallels, virtualbox, docker-ssh+machine, kubernetes, docker, ssh, docker+machine, shell:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
- Siyahlola ukuthi umgijimi ubhalisiwe. Iya kuwebhusayithi ethi gitlab.com -> deploy-project -> Izilungiselelo -> CI/CD -> Runners -> Specific Runner -> Abagijimi abacushiwe kule phrojekthi
Isikrini
- Engeza hlukanani inkonzo
/etc/systemd/system/gitlab-deployer.service
[Unit] Description=GitLab Deploy Runner After=syslog.target network.target ConditionFileIsExecutable=/usr/local/bin/gitlab-runner [Service] StartLimitInterval=5 StartLimitBurst=10 ExecStart=/usr/local/bin/gitlab-runner "run" "--working-directory" "/home/gitlab-deployer" "--config" "/etc/gitlab-runner/gitlab-deployer-config.toml" "--service" "gitlab-deployer" "--syslog" "--user" "gitlab-deployer" Restart=always RestartSec=120 [Install] WantedBy=multi-user.target
- Asiqale inkonzo.
systemctl enable gitlab-deployer.service systemctl start gitlab-deployer.service systemctl status gitlab-deployer.service
- Siyahlola ukuthi umgijimi uyasebenza yini.
Isibonelo:
Ikhiqiza okhiye be-GPG
-
Kusuka kumshini ofanayo singena nge-ssh ngaphansi komsebenzisi
gitlab-deployer
(lokhu kubalulekile ekukhiqizeni ukhiye we-GPG)ssh [email protected]
-
Senza ukhiye ngokuphendula imibuzo. Ngisebenzise igama lami ne-imeyili.
Qiniseka ukuthi ucacise iphasiwedi yokhiye. Ama-Artifact azosayinwa ngalo khiye.gpg --gen-key
-
Bheka
gpg --list-keys -a /home/gitlab-deployer/.gnupg/pubring.gpg ---------------------------------------- pub 4096R/00000000 2019-04-19 uid Petruha Petrov <[email protected]> sub 4096R/11111111 2019-04-19
-
Ilayisha ukhiye wethu osesidlangalaleni kuseva engukhiye
gpg --keyserver keys.gnupg.net --send-key 00000000 gpg: sending key 00000000 to hkp server keys.gnupg.net
Isetha uMaven
- Ngena ngemvume njengomsebenzisi
gitlab-deployer
su gitlab-deployer
- Dala inkomba ye-maven indawo yokugcina futhi uxhume kunqolobane (ungalenzi iphutha)
Ungeqa leli phuzu uma ungahlelile ukugijima abagijimi abambalwa emshinini owodwa.mkdir -p ~/.m2/repository ln -s /usr/cache/.m2/repository /home/gitlab-deployer/.m2/repository
- Dala ukhiye oyinhloko
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}
- Dala ifayela ~/.m2/settings-security.xml
<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity>
- Ibethela iphasiwedi ye-akhawunti ye-Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}
- Dala ifayela ~/.m2/settings.xml
<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>SONATYPE_USERNAME</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
kuphi,
GPG_SECRET_KEY_PASSPHRASE - iphasiwedi yokhiye we-GPG
SONATYPE_USERNAME - ukungena kwe-akhawunti ye-sonatype
Lokhu kuqeda ukusetha komgijimi, ungaqhubekela esigabeni
Umgijimi Ohlanganyelwe
Ikhiqiza okhiye be-GPG
-
Okokuqala, udinga ukudala ukhiye we-GPG. Ukuze wenze lokhu, faka i-gnupg.
yum install -y gnupg
-
Senza ukhiye ngokuphendula imibuzo. Ngisebenzise igama lami ne-imeyili. Qiniseka ukuthi ucacise iphasiwedi yokhiye.
gpg --gen-key
-
Ibonisa ulwazi kukhiye
gpg --list-keys -a pub rsa3072 2019-04-24 [SC] [expires: 2021-04-23] 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 uid [ultimate] tttemp <[email protected]> sub rsa3072 2019-04-24 [E] [expires: none]
-
Ilayisha ukhiye wethu osesidlangalaleni kuseva engukhiye
gpg --keyserver keys.gnupg.net --send-key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 gpg: sending key 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 to hkp server keys.gnupg.net
-
Sithola ukhiye oyimfihlo
gpg --export-secret-keys --armor 2D0D1706366FC4AEF79669E24D09C55BBA3FD728 -----BEGIN PGP PRIVATE KEY BLOCK----- lQWGBFzAqp8BDADN41CPwJ/gQwiKEbyA902DKw/WSB1AvZQvV/ZFV77xGeG4K7k5 ... =2Wd2 -----END PGP PRIVATE KEY BLOCK-----
-
Iya kuzilungiselelo zephrojekthi -> Izilungiselelo -> CI / CD -> Okuguquguqukayo bese ugcina ukhiye oyimfihlo kokuguquguqukayo
GPG_SECRET_KEY
Isetha uMaven
- Dala ukhiye oyinhloko
mvn --encrypt-master-password password {hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}
- Iya kuzilungiselelo zephrojekthi -> Izilungiselelo -> CI / CD -> Okuguquguqukayo bese ugcina kokuguquguqukayo
SETTINGS_SECURITY_XML
imigqa elandelayo:<settingsSecurity> <master>{hnkle5BJ9HUHUMP+CXfGBl8dScfFci/mpsur/73tR2I=}</master> </settingsSecurity>
- Ibethela iphasiwedi ye-akhawunti ye-Sonatype
mvn --encrypt-password SONATYPE_PASSWORD {98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}
- Iya kuzilungiselelo zephrojekthi -> Izilungiselelo -> CI / CD -> Okuguquguqukayo bese ugcina kokuguquguqukayo
SETTINGS_XML
imigqa elandelayo:<settings> <profiles> <profile> <id>env</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>GPG_SECRET_KEY_PASSPHRASE</gpg.passphrase> </properties> </profile> </profiles> <servers> <server> <id>sonatype</id> <username>sonatype_username</username> <password>{98Wv5+u+Tn0HX2z5G/kR4R8Z0WBgcDBgi7d12S/un+SCU7uxzaZGGmJ8Cu9pAZ2J}</password> </server> </servers> </settings>
kuphi,
GPG_SECRET_KEY_PASSPHRASE - iphasiwedi yokhiye we-GPG
SONATYPE_USERNAME - ukungena kwe-akhawunti ye-sonatype
Khipha isithombe sedokhu
-
Sakha i-Dockerfile elula ukuze senze imisebenzi yokuphakela ngenguqulo edingekayo ye-Java. Ngezansi isibonelo se-alpine.
FROM java:8u111-jdk-alpine RUN apk add gnupg maven git --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community/ --allow-untrusted && mkdir ~/.m2/
-
Ukuhlanganisa isitsha sephrojekthi yakho
docker build -t registry.gitlab.com/group/deploy .
-
Sifakazela ubuqiniso futhi silayisha isitsha kurejista.
docker login -u USER -p PASSWORD registry.gitlab.com docker push registry.gitlab.com/group/deploy
IGitLab CI
Hambisa iphrojekthi
Engeza ifayela elithi .gitlab-ci.yml kumsuka wephrojekthi yokuphakelwa
Umbhalo wethula imisebenzi emibili ehlukene yokuthunyelwa. Umgijimi Okhethekile noma Umgijimi Owabiwe ngokulandelana.
.gitlab-ci.yml
stages:
- deploy
Specific Runner:
extends: .java_deploy_template
# Задача будет выполняться на вашем shell-раннере
tags:
- deploy
Shared Runner:
extends: .java_deploy_template
# Задача будет выполняться на публичном docker-раннере
tags:
- docker
# Образ из раздела GitLab Runner -> Shared Runner -> Docker
image: registry.gitlab.com/group/deploy-project:latest
before_script:
# Импортируем GPG ключ
- printf "${GPG_SECRET_KEY}" | gpg --batch --import
# Сохраняем maven конфигурацию
- printf "${SETTINGS_SECURITY_XML}" > ~/.m2/settings-security.xml
- printf "${SETTINGS_XML}" > ~/.m2/settings.xml
.java_deploy_template:
stage: deploy
# Задача сработает по триггеру, если передана переменная DEPLOY со значением java
only:
variables:
- $DEPLOY == "java"
variables:
# отключаем клонирование текущего проекта
GIT_STRATEGY: none
script:
# Предоставляем возможность хранения пароля в незашифрованном виде
- git config --global credential.helper store
# Сохраняем временные креды пользователя gitlab-ci-token
# Токен работает для всех публичных проектов gitlab.com и для проектов группы
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
# Полностью чистим текущую директорию
- rm -rf .* *
# Клонируем проект который, будем деплоить в Sonatype Nexus
- git clone ${DEPLOY_CI_REPOSITORY_URL} .
# Переключаемся на нужный коммит
- git checkout ${DEPLOY_CI_COMMIT_SHA} -f
# Если хоть один pom.xml содержит параметр autoReleaseAfterClose валим сборку.
# В противном случае есть риск залить сырые артефакты в maven central
- >
for pom in $(find . -name pom.xml); do
if [[ $(grep -q autoReleaseAfterClose "$pom" && echo $?) == 0 ]]; then
echo "File $pom contains prohibited setting: <autoReleaseAfterClose>";
exit 1;
fi;
done
# Если параметр DEPLOY_CI_COMMIT_TAG пустой, то принудительно ставим SNAPSHOT-версию
- >
if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then
mvn versions:set -DnewVersion=${DEPLOY_CI_COMMIT_TAG}
else
VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
if [[ "${VERSION}" == *-SNAPSHOT ]]; then
mvn versions:set -DnewVersion=${VERSION}
else
mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT
fi
fi
# Запускаем задачу на сборку и деплой артефактов
- mvn clean deploy -DskipTests=true
Iphrojekthi ye-Java
Kumaphrojekthi we-java okufanele alayishwe kumakhosombe asesidlangalaleni, udinga ukungeza izinyathelo ezi-2 ukuze ulande izinguqulo ezikhishiwe kanye nezifinyezo.
.gitlab-ci.yml
stages:
- build
- test
- verify
- deploy
<...>
Release:
extends: .trigger_deploy
# Запускать задачу только пo тегу.
only:
- tags
Snapshot:
extends: .trigger_deploy
# Запускаем задачу на публикацию SNAPSHOT версии вручную
when: manual
# Не запускать задачу, если проставлен тег.
except:
- tags
.trigger_deploy:
stage: deploy
variables:
# Отключаем клонирование текущего проекта
GIT_STRATEGY: none
# Ссылка на триггер deploy-задачи
URL: "https://gitlab.com/api/v4/projects/<deploy project ID>/trigger/pipeline"
# Переменные deploy-задачи
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
# Не использую cURL, так как с флагами --fail --show-error
# он не выводит тело ответа, если HTTP код 400 и более
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
Kulesi sixazululo, ngiqhubekele phambili futhi nganquma ukusebenzisa ithempulethi eyodwa ye-CI kumaphrojekthi we-java.
Imininingwane eminingi
Ngidale iphrojekthi ehlukile
common.yml
stages:
- build
- test
- verify
- deploy
variables:
SONAR_ARGS: "
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
"
.build_java_project:
stage: build
tags:
- touchbit-shell
variables:
SKIP_TEST: "false"
script:
- mvn clean
- mvn package -DskipTests=${SKIP_TEST}
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.build_sphinx_doc:
stage: build
tags:
- touchbit-shell
variables:
DOCKERFILE: .indirect/docs/Dockerfile
script:
- docker build --no-cache -t ${CI_PROJECT_NAME}/doc -f ${DOCKERFILE} .
.junit_module_test_run:
stage: test
tags:
- touchbit-shell
variables:
MODULE: ""
script:
- cd ${MODULE}
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.junit_test_run:
stage: test
tags:
- touchbit-shell
script:
- mvn test
artifacts:
when: always
expire_in: 30 day
paths:
- "*/target/reports"
.sonar_review:
stage: verify
tags:
- touchbit-shell
dependencies: []
script:
- >
if [ "$CI_BUILD_REF_NAME" == "master" ]; then
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS
else
mvn compile sonar:sonar -Dsonar.login=$SONAR_LOGIN $SONAR_ARGS -Dsonar.analysis.mode=preview
fi
.trigger_deploy:
stage: deploy
tags:
- touchbit-shell
variables:
URL: "https://gitlab.com/api/v4/projects/10345765/trigger/pipeline"
POST_DATA: "
token=${DEPLOY_TOKEN}&
ref=master&
variables[DEPLOY]=${DEPLOY}&
variables[DEPLOY_CI_REPOSITORY_URL]=${CI_REPOSITORY_URL}&
variables[DEPLOY_CI_PROJECT_NAME]=${CI_PROJECT_NAME}&
variables[DEPLOY_CI_COMMIT_SHA]=${CI_COMMIT_SHA}&
variables[DEPLOY_CI_COMMIT_TAG]=${CI_COMMIT_TAG}
"
script:
- wget --content-on-error -qO- ${URL} --post-data ${POST_DATA}
.trigger_release_deploy:
extends: .trigger_deploy
only:
- tags
.trigger_snapshot_deploy:
extends: .trigger_deploy
when: manual
except:
- tags
Njengomphumela, kumaphrojekthi we-java ngokwawo, i-.gitlab-ci.yml ibukeka ihlangene kakhulu futhi ingeyona i-verbose
.gitlab-ci.yml
include: https://gitlab.com/TouchBIT/gitlab-ci/raw/master/common.yml
Shields4J:
extends: .build_java_project
Sphinx doc:
extends: .build_sphinx_doc
variables:
DOCKERFILE: .docs/Dockerfile
Sonar review:
extends: .sonar_review
dependencies:
- Shields4J
Release:
extends: .trigger_release_deploy
Snapshot:
extends: .trigger_snapshot_deploy
Ukucushwa kwe-Pom.xml
Lesi sihloko sichazwa ngokuningiliziwe. nexus-staging-maven-plugin
uma ungafuni noma ungakwazi ukusebenzisa i-org.sonatype.oss:oss-parent njengomzali kuphrojekthi yakho.
i-maven-install-plugin
Ifaka amamojula endaweni yokugcina yasendaweni.
Iwusizo kakhulu ekuqinisekisweni kwendawo kwezixazululo kwamanye amaphrojekthi, kanye nesheke.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<executions>
<execution>
<id>install-project</id>
<!-- Если у вас многомодульный проект с деплоем родительского помика -->
<phase>install</phase>
<!-- Явно указываем файлы для локальной установки -->
<configuration>
<file>target/${project.artifactId}-${project.version}.jar</file>
```target/${project.artifactId}-${project.version}-sources.jar</sources>
<pomFile>dependency-reduced-pom.xml</pomFile>
<!-- Принудительное обновление метаданных проекта -->
<updateReleaseInfo>true</updateReleaseInfo>
<!-- Контрольные суммы для проверки целостности -->
<createChecksum>true</createChecksum>
</configuration>
</execution>
</executions>
</plugin>
i-maven-javadoc-plugin
Ikhiqiza i-javadoc yephrojekthi.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
<!-- Генерация javadoc должна быть после фазы генерации ресурсов -->
<phase>prepare-package</phase>
<configuration>
<!-- Очень помогает в публичных проектах -->
<failOnError>true</failOnError>
<failOnWarnings>true</failOnWarnings>
<!-- Убирает ошибку поиска документации в target директории -->
<detectOfflineLinks>false</detectOfflineLinks>
</configuration>
</execution>
</executions>
</plugin>
Uma unemojula engaqukethe i-java (isibonelo izinsiza kuphela)
Noma awufuni ukukhiqiza i-javadoc ngokomgomo, bese usiza maven-jar-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>empty-javadoc-jar</id>
<phase>generate-resources</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>javadoc</classifier>
<classesDirectory>${basedir}/javadoc</classesDirectory>
</configuration>
</execution>
</executions>
</plugin>
i-maven-gpg-plugin
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<!-- Сборка будет падать, если отсутствует GPG ключ -->
<!-- Подписываем артефакты только на фазе deploy -->
<phase>deploy</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
I-nexus-staging-maven-plugin
Ukucushwa:
<project>
<!-- ... -->
<build>
<plugins>
<!-- ... -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- Обновляем метаданные, чтобы пометить артефакт как release -->
<!-- Не влияет на snapshot версии -->
<updateReleaseInfo>true</updateReleaseInfo>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<!-- Отключаем плагин -->
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
<distributionManagement>
<snapshotRepository>
<id>sonatype</id>
<name>Nexus Snapshot Repository</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>sonatype</id>
<name>Nexus Release Repository</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>
Uma unephrojekthi yamamojula amaningi futhi ungadingi ukulayisha imojula ethile endaweni yokugcina, udinga ukungeza nexus-staging-maven-plugin
ngefulegi skipNexusStagingDeployMojo
<build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
</plugin>
</plugins>
</build>
Ngemva kokulanda, izinguqulo zesifinyezo/zokukhishwa ziyatholakala ku
<repositories>
<repository>
<id>SonatypeNexus</id>
<url>https://oss.sonatype.org/content/groups/staging/</url>
<!-- Не надо указывать флаги snapshot/release для репозитория -->
</repository>
</repositories>
Ama-pluses amaningi
- Uhlu olucebile kakhulu lwemigomo yokusebenza ne-nexus repository (
mvn help:describe -Dplugin=org.sonatype.plugins:nexus-staging-maven-plugin
). - Hlola ukukhishwa okuzenzakalelayo ukuze kulayishwe ku-maven central
Umphumela
Ishicilela inguqulo ye-SNAPSHOT
Uma wakha iphrojekthi, kuyenzeka ukuthi uqalise umsebenzi mathupha ukuze ulande inguqulo ye-SNAPSHOT ku-nexus
Lapho lo msebenzi wethulwa, umsebenzi ohambisanayo kuphrojekthi yokupha uyacushwa (
Ilogi eyisikiwe
Running with gitlab-runner 11.10.0 (3001a600)
on Deploy runner JSKWyxUw
Using Shell executor...
Running on ih1174328.vds.myihor.ru...
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
$ rm -rf .* *
$ git config --global credential.helper store
$ echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" >> ~/.git-credentials
$ git clone ${DEPLOY_CI_REPOSITORY_URL} .
Cloning into 'shields4j'...
$ git checkout ${DEPLOY_CI_COMMIT_SHA}
Note: checking out '850f86aa317194395c5387790da1350e437125a7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 850f86a... skip deploy test-core
$ for pom in $(find . -name pom.xml); do # collapsed multi-line command
$ if [[ "${DEPLOY_CI_COMMIT_TAG}" != "" ]]; then # collapsed multi-line command
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0 [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5:set (default-cli) @ shields4j-parent ---
[INFO] Searching for local aggregator root...
[INFO] Local aggregation root: /home/gitlab-deployer/JSKWyxUw/0/TouchBIT/deploy/shields4j
[INFO] Processing change of org.touchbit.shields4j:shields4j-parent:1.0.0 -> 1.0.0-SNAPSHOT
[INFO] Processing org.touchbit.shields4j:shields4j-parent
[INFO] Updating project org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:client
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:test-core
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] Processing org.touchbit.shields4j:testng
[INFO] Updating parent org.touchbit.shields4j:shields4j-parent
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:client
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO] Updating dependency org.touchbit.shields4j:test-core
[INFO] from version 1.0.0 to 1.0.0-SNAPSHOT
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 0.992 s]
[INFO] test-core .......................................... SKIPPED
[INFO] Shields4J client ................................... SKIPPED
[INFO] TestNG listener 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.483 s
[INFO] Finished at: 2019-04-21T02:40:42+03:00
[INFO] ------------------------------------------------------------------------
$ mvn clean deploy -DskipTests=${SKIP_TESTS}
[INFO] Scanning for projects...
[INFO] Inspecting build with total of 4 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 4 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Shields4J [pom]
[INFO] test-core [jar]
[INFO] Shields4J client [jar]
[INFO] TestNG listener [jar]
[INFO]
[INFO] --------------< org.touchbit.shields4j:shields4j-parent >---------------
[INFO] Building Shields4J 1.0.0-SNAPSHOT [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
...
DELETED
...
[INFO] * Bulk deploy of locally gathered snapshot artifacts finished.
[INFO] Remote deploy finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0-SNAPSHOT ........................... SUCCESS [ 2.375 s]
[INFO] test-core .......................................... SUCCESS [ 3.929 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.815 s]
[INFO] TestNG listener 1.0.0-SNAPSHOT ..................... SUCCESS [ 36.134 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.629 s
[INFO] Finished at: 2019-04-21T02:41:32+03:00
[INFO] ------------------------------------------------------------------------
Ngenxa yalokho, inguqulo ilayishwa ku-nexus
Zonke izinguqulo zesifinyezo zingasuswa endaweni yokugcina kuwebhusayithi
Ukushicilela inguqulo yokukhishwa
Uma umaka efakiwe, umsebenzi ohambisanayo kuphrojekthi yokuphakela ucushwa ngokuzenzakalelayo ukulanda inguqulo yokukhishwa ku-nexus (
Ingxenye engcono kakhulu ukuthi ukukhishwa okuseduze kuqalwa ngokuzenzakalelayo ku-nexus.
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1037".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1037
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1037".
Waiting for operation to complete...
.........
[INFO] Remote staged 1 repositories, finished with success.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 9.603 s]
[INFO] test-core .......................................... SUCCESS [ 3.419 s]
[INFO] Shields4J client ................................... SUCCESS [ 9.793 s]
[INFO] TestNG listener 1.0.0 .............................. SUCCESS [01:23 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:47 min
[INFO] Finished at: 2019-04-21T04:05:46+03:00
[INFO] ------------------------------------------------------------------------
Futhi uma kukhona okungahambi kahle, umsebenzi uzohluleka nakanjani
[INFO] Performing remote staging...
[INFO]
[INFO] * Remote staging into staging profile ID "9043b43f77dcc9"
[INFO] * Created staging repository with ID "orgtouchbit-1038".
[INFO] * Staging repository at https://oss.sonatype.org:443/service/local/staging/deployByRepositoryId/orgtouchbit-1038
[INFO] * Uploading locally staged artifacts to profile org.touchbit
[INFO] * Upload of locally staged artifacts finished.
[INFO] * Closing staging repository with ID "orgtouchbit-1038".
Waiting for operation to complete...
.......
[ERROR] Rule failure while trying to close staging repository with ID "orgtouchbit-1039".
[ERROR]
[ERROR] Nexus Staging Rules Failure Report
[ERROR] ==================================
[ERROR]
[ERROR] Repository "orgtouchbit-1039" failures
[ERROR] Rule "signature-staging" failures
[ERROR] * No public key: Key with id: (1f42b618d1cbe1b5) was not able to be located on <a href=http://keys.gnupg.net:11371/>http://keys.gnupg.net:11371/</a>. Upload your public key and try the operation again.
...
[ERROR] Cleaning up local stage directory after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Deleting context 9043b43f77dcc9.properties
[ERROR] Cleaning up remote stage repositories after a Rule failure during close of staging repositories: [orgtouchbit-1039]
[ERROR] * Dropping failed staging repository with ID "orgtouchbit-1039" (Rule failure during close of staging repositories: [orgtouchbit-1039]).
[ERROR] Remote staging finished with a failure: Staging rules failure!
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Shields4J 1.0.0 .................................... SUCCESS [ 4.073 s]
[INFO] test-core .......................................... SUCCESS [ 2.788 s]
[INFO] Shields4J client ................................... SUCCESS [ 3.962 s]
[INFO] TestNG listener 1.0.0 .............................. FAILURE [01:07 min]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
Ngenxa yalokho, sisele nesinqumo esisodwa kuphela. Susa le nguqulo noma uyishicilele.
Ngemuva kokukhishwa, ngemuva kwesikhathi esithile ama-artifact azongena
ngaphandle kwesihloko
Kwaba ukutholwa kimi ukuthi i-maven ikhomba ezinye izinqolobane zomphakathi.
Kwadingeka ngengeze i-robots.txt ngoba yayikhomba inqolobane yami endala.
isiphetho
Esinakho
- Iphrojekthi ehlukile yokusebenzisa lapho ungasebenzisa khona imisebenzi embalwa ye-CI yokulayisha ama-artifact kumakhosombe omphakathi ngezilimi ezihlukahlukene zokuthuthukiswa.
- Iphrojekthi ethi Khipha ihlukanisiwe ekuphazamisekeni kwangaphandle futhi ingashintshwa kuphela abasebenzisi abanendima Yomnikazi Nomphathi.
- I-Specific Runner ehlukile enenqolobane "eshisayo" ukuze iqhube imisebenzi yokuphakela kuphela.
- Ukushicilela izinguqulo zesifinyezo/ukukhishwa endaweni yokugcina yomphakathi.
- Ukuhlola okuzenzakalelayo kwenguqulo yokukhishwa ukuze ilungele ukushicilelwa ku-maven central.
- Ukuvikelwa ekushicilelweni okuzenzakalelayo kwezinguqulo "eziluhlaza" enkabeni ye-maven.
- Yakha futhi ushicilele izinguqulo zesifinyezo "ngokuchofoza".
- Inqolobane eyodwa yokuthola izinguqulo zesifinyezo/ukukhishwa.
- Ipayipi elijwayelekile lokwakha/ukuhlola/lokushicilela iphrojekthi ye-java.
Ukusetha i-GitLab CI akusona isihloko esiyinkimbinkimbi njengoba sibonakala ekuqaleni. Kwanele ukusetha i-CI ngesisekelo se-turnkey izikhathi ezimbalwa, futhi manje ukude nomuntu oyimfundamakhwela kule ndaba. Ngaphezu kwalokho, imibhalo ye-GitLab ayisebenzi kakhulu. Ungesabi ukuthatha isinyathelo sokuqala. Umgwaqo uvela ngaphansi kwezitebhisi zomuntu ohambayo (angikhumbuli ukuthi ubani owakusho :)
Ngingajabula ukuthola impendulo.
Esihlokweni esilandelayo ngizokhuluma ngendlela yokumisa i-GitLab CI ukuze iqhube imisebenzi ngokuhlolwa kokuhlanganiswa ngokuncintisana (ukuqhuba izinsizakalo ngaphansi kokuhlolwa usebenzisa i-docker-compose) uma unomgijimi wegobolondo oyedwa kuphela.
Source: www.habr.com