Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "EE4J Build"
(Clarify SSH Agent configuration) |
|||
Line 20: | Line 20: | ||
{| class="wikitable" | {| class="wikitable" | ||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
− | |1. Insert <code>secret-subkeys. | + | |1. Insert <code>secret-subkeys.asc</code> as secret file in job |
| [[File:InjectSecretFile2.png]] | | [[File:InjectSecretFile2.png]] | ||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
Line 152: | Line 152: | ||
</source> | </source> | ||
− | * Activate the SSH Agent with the GitHub Bot SSH credentials in the | + | * Activate the SSH Agent with the GitHub Bot SSH credentials in the '''Binding''' section of your freestyle job configuration (note that this is separate from the Git credential configuration in the Source Code Management section): |
[[File:ee4j-ssh-agent.png]] | [[File:ee4j-ssh-agent.png]] |
Revision as of 19:40, 15 February 2019
This page gives an overview of the build setup and infrastructure for EE4J projects.
Contents
Build infrastructure overview
Every EE4J project can request it's own Jenkins instance. All sub projects of a project share a single Jenkins instance.
All EE4J JIPPs will be hosted on CloudBees Jenkins Enterprise (CJE) / CloudBees Core infrastructure. Projects that still have a Jenkins instance on our old infrastructure will be migrated in Q4 2018. Jenkins instances running on ci.eclipse.org (e.g. https://ci.eclipse.org/grizzly) are currently hosted on the old infrastructure. Jenkins instances running on jenkins.eclipse.org (e.g. https://jenkins.eclipse.org/glassfish) are hosted on our new infrastructure (CJE/Core). Please note: the sub domains ci.eclipse.org and jenkins.eclipse.org will be unified at a later date.
Please see the EE4J Project Provisioning Status Google Doc for details.
How to requests a Jenkins instance?
Please file a bug file a bug against Eclipse Foundation > Community > CI-Jenkins to request your project's own instance. Make include the name of your project and ensure your project lead can +1 the request.
Deployment to OSSRH / Maven Central
Deploying artifacts to OSSRH (OSS Repository Hosting provided by Sonatype) requires an account at OSSRH. It is also required to sign all artifacts with GPG. The Eclipse IT team will set this up for the project.
Required steps for a freestyle build job
Example pipeline build job (for GPG signing)
This is a simple pipeline job, that allows to test the GPG signing. The credentials ID and the config file IDs need to be changed accordingly.
node { def mvnHome def javaHome stage('Preparation') { cleanWs() mvnHome = tool 'apache-maven-latest' javaHome = tool 'oracle-jdk8-latest' } stage('Build') { sh "JAVA_HOME=${javaHome} ${mvnHome}/bin/mvn -U archetype:generate -DgroupId=com.mycompany.app -DartifactId=my-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false" sh '''cat >my-app/pom.xml <<EOL <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.mycompany.app</groupId> <artifactId>my-app</artifactId> <packaging>jar</packaging> <version>1.0-SNAPSHOT</version> <name>my-app</name> <url>http://maven.apache.org</url> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>3.8.1</version> <scope>test</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> <version>1.6</version> <executions> <execution> <id>sign-artifacts</id> <phase>verify</phase> <goals> <goal>sign</goal> </goals> <configuration> <gpgArguments> <arg>--pinentry-mode</arg> <arg>loopback</arg> </gpgArguments> </configuration> </execution> </executions> </plugin> </plugins> </build> </project> EOL''' withCredentials([file(credentialsId: '1097961b-0a5c-4ef0-92b5-77878c392027', variable: 'KEYRING')]) { sh 'gpg --batch --import "${KEYRING}"' sh 'for fpr in $(gpg --list-keys --with-colons | awk -F: \'/fpr:/ {print $10}\' | sort -u); do echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key ${fpr} trust; done' configFileProvider([configFile(fileId: 'a31774d9-a4fe-4901-ab01-8db2b63cd079', targetLocation: '/home/jenkins/.m2/')]) { configFileProvider([configFile(fileId: '5f77ec66-dc5e-4d29-999f-311501789ba0', variable: 'MVN_SETTINGS')]) { sh "JAVA_HOME=${javaHome} ${mvnHome}/bin/mvn -f my-app/pom.xml -s $MVN_SETTINGS clean verify" } } } sh 'gpg --verify my-app/target/my-app-1.0-SNAPSHOT.jar.asc' } }
Push commits/tag to GitHub repository
In order to be able to push to GitHub repositories, you need 2 things:
- Configure the git user email and user name in a shell build step:
git config --global user.email "<projectname>-bot@eclipse.org" git config --global user.name "Eclipse <projectname> Bot"
- Activate the SSH Agent with the GitHub Bot SSH credentials in the Binding section of your freestyle job configuration (note that this is separate from the Git credential configuration in the Source Code Management section):
or configure it in your pipeline job like this (the ID would need to be changed accordingly):
sshagent(['77beedf8-6b8c-4627-a318-33b025486f94']) { // git push [...] }