|
|
| Line 1: |
Line 1: |
| − | This page gives an overview of the build setup and infrastructure for EE4J projects.
| + | #REDIRECT [[Jenkins]] |
| − | | + | |
| − | == Build infrastructure overview ==
| + | |
| − | Every EE4J project can request it's own Jenkins instance. All sub projects of a project share a single Jenkins instance.
| + | |
| − | | + | |
| − | All EE4J JIPPs will be hosted on CloudBees Jenkins Enterprise (CJE) / CloudBees Core infrastructure. Projects that still have a Jenkins instance on our old infrastructure will be migrated in Q4 2018. Jenkins instances running on ci.eclipse.org (e.g. https://ci.eclipse.org/grizzly) are currently hosted on the old infrastructure. Jenkins instances running on jenkins.eclipse.org (e.g. https://jenkins.eclipse.org/glassfish) are hosted on our new infrastructure (CJE/Core). Please note: the sub domains ci.eclipse.org and jenkins.eclipse.org will be unified at a later date.
| + | |
| − | | + | |
| − | Please see the [https://docs.google.com/spreadsheets/d/1O2NA6YddYQy34riTabQd_lkNwwFzKq1HevxCJYNXrv4 EE4J Project Provisioning Status Google Doc] for details.
| + | |
| − | | + | |
| − | === How to requests a Jenkins instance? ===
| + | |
| − | Please [https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Community&component=CI-Jenkins&short_desc=JIPP%20Request file a bug] file a bug against Eclipse Foundation > Community > CI-Jenkins to request your project's own instance. Make include the name of your project and ensure your project lead can +1 the request.
| + | |
| − | | + | |
| − | === Deployment to OSSRH / Maven Central ===
| + | |
| − | Deploying artifacts to OSSRH (OSS Repository Hosting provided by Sonatype) requires an account at OSSRH. It is also required to sign all artifacts with GPG. The Eclipse IT team will set this up for the project.
| + | |
| − | | + | |
| − | ==== Required steps for a freestyle build job ====
| + | |
| − | | + | |
| − | {{Note|Note| Please note, this is currently a workaround and will be improved in the future.}}
| + | |
| − | | + | |
| − | {| class="wikitable"
| + | |
| − | |- style="vertical-align:top;"
| + | |
| − | |1. Insert <code>secret-subkeys.asc</code> as secret file in job
| + | |
| − | | [[File:InjectSecretFile2.png]]
| + | |
| − | |- style="vertical-align:top;"
| + | |
| − | |2. Inject <code>settings-security.xml</code> file into .m2 directory. The target must really be <code>/home/jenkins/.m2/</code> and not <code>settings-security.xml</code> alone.
| + | |
| − | <br/>
| + | |
| − | You can add it somewhere else, but you will need to add <code>-Dsettings.security=path/to/security-settings.xml</code> to every Maven invocation.
| + | |
| − | |[[File:InjectSettingsSecurity.png]]
| + | |
| − | |- style="vertical-align:top;"
| + | |
| − | |3. Import GPG keyring with <code>--batch</code> and trust the keys non-interactively in a shell build step<code>
| + | |
| − | gpg --batch --import "${KEYRING}"
| + | |
| − | for fpr in $(gpg --list-keys --with-colons | awk -F: '/fpr:/ {print $10}' | sort -u);
| + | |
| − | do
| + | |
| − | echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key $fpr trust;
| + | |
| − | done
| + | |
| − | </code>
| + | |
| − | |[[File:GpgImport.png|700px]]
| + | |
| − | |- style="vertical-align:top;"
| + | |
| − | |4. If you're using a Maven build step, just select the proper Maven settings file.
| + | |
| − | <br/>
| + | |
| − | If you're using a Shell build step, inject <code>settings-<projectname>.xml</code> into <code>.m2</code> directory (like <code>settings-security.xml</code> in step 2). You either put it in <code>/home/jenkins/.m2/settings.xml</code> and it will be automatically used by all maven invocations, or put it somewhere else, but you will need to specify the path to this file with <code>-s</code> parameter.
| + | |
| − | |[[File:MavenBuildStep.png]]
| + | |
| − | |- style="vertical-align:top;"
| + | |
| − | |5. Since a newer GPG version (> 2.1+) is used on the new infra, it's required to add <code>--pinentry-mode loopback</code> as gpg argument in the pom.xml (only required if you are not using the ee4j:parent:1.0.2 or higher and if you are on the new infra):
| + | |
| − | <plugin>
| + | |
| − | <groupId>org.apache.maven.plugins</groupId>
| + | |
| − | <artifactId>maven-gpg-plugin</artifactId>
| + | |
| − | <version>1.6</version>
| + | |
| − | <executions>
| + | |
| − | <execution>
| + | |
| − | <id>sign-artifacts</id>
| + | |
| − | <phase>verify</phase>
| + | |
| − | <goals>
| + | |
| − | <goal>sign</goal>
| + | |
| − | </goals>
| + | |
| − | '''<configuration>'''
| + | |
| − | '''<gpgArguments>'''
| + | |
| − | '''<arg>--pinentry-mode</arg>'''
| + | |
| − | '''<arg>loopback</arg>'''
| + | |
| − | '''</gpgArguments>'''
| + | |
| − | '''</configuration>'''
| + | |
| − | </execution>
| + | |
| − | </executions>
| + | |
| − | </plugin>
| + | |
| − | |
| + | |
| − | |}
| + | |
| − | | + | |
| − | ==== Example pipeline build job (for GPG signing) ====
| + | |
| − | | + | |
| − | {{Note|Note| Please note, this is currently a workaround and will be improved in the future.}}
| + | |
| − | | + | |
| − | This is a simple pipeline job, that allows to test the GPG signing. The credentials ID and the config file IDs need to be changed accordingly.
| + | |
| − | | + | |
| − | <source lang="groovy" style="border:1px solid;padding: 5px; margin: 5px;">
| + | |
| − | node {
| + | |
| − | def mvnHome
| + | |
| − | def javaHome
| + | |
| − | stage('Preparation') {
| + | |
| − | cleanWs()
| + | |
| − | mvnHome = tool 'apache-maven-latest'
| + | |
| − | javaHome = tool 'oracle-jdk8-latest'
| + | |
| − | }
| + | |
| − | stage('Build') {
| + | |
| − | sh "JAVA_HOME=${javaHome} ${mvnHome}/bin/mvn -U archetype:generate -DgroupId=com.mycompany.app -DartifactId=my-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false"
| + | |
| − | sh '''cat >my-app/pom.xml <<EOL
| + | |
| − | <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| + | |
| − | xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
| + | |
| − | <modelVersion>4.0.0</modelVersion>
| + | |
| − | <groupId>com.mycompany.app</groupId>
| + | |
| − | <artifactId>my-app</artifactId>
| + | |
| − | <packaging>jar</packaging>
| + | |
| − | <version>1.0-SNAPSHOT</version>
| + | |
| − | <name>my-app</name>
| + | |
| − | <url>http://maven.apache.org</url>
| + | |
| − | <dependencies>
| + | |
| − | <dependency>
| + | |
| − | <groupId>junit</groupId>
| + | |
| − | <artifactId>junit</artifactId>
| + | |
| − | <version>3.8.1</version>
| + | |
| − | <scope>test</scope>
| + | |
| − | </dependency>
| + | |
| − | </dependencies>
| + | |
| − | <build>
| + | |
| − | <plugins>
| + | |
| − | <plugin>
| + | |
| − | <groupId>org.apache.maven.plugins</groupId>
| + | |
| − | <artifactId>maven-gpg-plugin</artifactId>
| + | |
| − | <version>1.6</version>
| + | |
| − | <executions>
| + | |
| − | <execution>
| + | |
| − | <id>sign-artifacts</id>
| + | |
| − | <phase>verify</phase>
| + | |
| − | <goals>
| + | |
| − | <goal>sign</goal>
| + | |
| − | </goals>
| + | |
| − | <configuration>
| + | |
| − | <gpgArguments>
| + | |
| − | <arg>--pinentry-mode</arg>
| + | |
| − | <arg>loopback</arg>
| + | |
| − | </gpgArguments>
| + | |
| − | </configuration>
| + | |
| − | </execution>
| + | |
| − | </executions>
| + | |
| − | </plugin>
| + | |
| − | </plugins>
| + | |
| − | </build>
| + | |
| − | </project>
| + | |
| − | EOL'''
| + | |
| − | withCredentials([file(credentialsId: '1097961b-0a5c-4ef0-92b5-77878c392027', variable: 'KEYRING')]) {
| + | |
| − | sh 'gpg --batch --import "${KEYRING}"'
| + | |
| − | sh 'for fpr in $(gpg --list-keys --with-colons | awk -F: \'/fpr:/ {print $10}\' | sort -u); do echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key ${fpr} trust; done'
| + | |
| − | configFileProvider([configFile(fileId: 'a31774d9-a4fe-4901-ab01-8db2b63cd079', targetLocation: '/home/jenkins/.m2/')]) {
| + | |
| − | configFileProvider([configFile(fileId: '5f77ec66-dc5e-4d29-999f-311501789ba0', variable: 'MVN_SETTINGS')]) {
| + | |
| − | sh "JAVA_HOME=${javaHome} ${mvnHome}/bin/mvn -f my-app/pom.xml -s $MVN_SETTINGS clean verify"
| + | |
| − | }
| + | |
| − | }
| + | |
| − | }
| + | |
| − | sh 'gpg --verify my-app/target/my-app-1.0-SNAPSHOT.jar.asc'
| + | |
| − | }
| + | |
| − | }
| + | |
| − | </source>
| + | |
| − | | + | |
| − | === Push commits/tag to GitHub repository ===
| + | |
| − | | + | |
| − | In order to be able to push to GitHub repositories, you need 2 things:
| + | |
| − | | + | |
| − | * Configure the git user email and user name in a shell build step:
| + | |
| − | | + | |
| − | <source lang="bash" style="border:1px solid;padding: 5px; margin: 5px;">
| + | |
| − | git config --global user.email "<projectname>-bot@eclipse.org"
| + | |
| − | git config --global user.name "Eclipse <projectname> Bot"
| + | |
| − | </source>
| + | |
| − | | + | |
| − | * Activate the SSH Agent with the GitHub Bot SSH credentials in the '''Binding''' section of your freestyle job configuration (note that this is separate from the Git credential configuration in the Source Code Management section):
| + | |
| − | | + | |
| − | [[File:ee4j-ssh-agent.png]]
| + | |
| − | | + | |
| − | or configure it in your pipeline job like this (the ID would need to be changed accordingly):
| + | |
| − | | + | |
| − | <source lang="groovy" style="border:1px solid;padding: 5px; margin: 5px;">
| + | |
| − | sshagent(['77beedf8-6b8c-4627-a318-33b025486f94']) {
| + | |
| − | // git push [...]
| + | |
| − | }
| + | |
| − | </source>
| + | |
| − | | + | |
| − | | + | |
| − | [[Category:CBI]] [[Category:Releng]] [[Category:Jenkins]] [[Category:Jakarta_EE]]
| + | |
