Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Difference between revisions of "EE4J Build"

(Deployment to OSSRH / Maven Central)
Line 42: Line 42:
 
|[[File:MavenBuildStep.png]]
 
|[[File:MavenBuildStep.png]]
 
|- style="vertical-align:top;"
 
|- style="vertical-align:top;"
|5. It's required to add <code>--pinentry-mode loopback</code> as gpg argument in the pom.xml (only required if you are not using the ee4j:parent:1.0.2 or higher):
+
|5. Since a newer GPG version (> 2.1+) is used on the new infra, it's required to add <code>--pinentry-mode loopback</code> as gpg argument in the pom.xml (only required if you are not using the ee4j:parent:1.0.2 or higher and if you are on the new infra):
 
   <plugin>
 
   <plugin>
 
     <groupId>org.apache.maven.plugins</groupId>
 
     <groupId>org.apache.maven.plugins</groupId>

Revision as of 09:11, 16 November 2018

This page gives an overview of the build setup and infrastructure for EE4J projects.

Build infrastructure overview

Every EE4J project can request it's own Jenkins instance. All sub projects of a project share a single Jenkins instance.

All EE4J JIPPs will be hosted on CloudBees Jenkins Enterprise (CJE) / CloudBees Core infrastructure. Projects that still have a Jenkins instance on our old infrastructure will be migrated in Q4 2018. Jenkins instances running on ci.eclipse.org (e.g. https://ci.eclipse.org/grizzly) are currently hosted on the old infrastructure. Jenkins instances running on jenkins.eclipse.org (e.g. https://jenkins.eclipse.org/glassfish) are hosted on our new infrastructure (CJE/Core). Please note: the sub domains ci.eclipse.org and jenkins.eclipse.org will be unified at a later date.

Please see the EE4J Project Provisioning Status Google Doc for details.

How to requests a Jenkins instance?

Please file a bug file a bug against Eclipse Foundation > Community > CI-Jenkins to request your project's own instance. Make include the name of your project and ensure your project lead can +1 the request.

Deployment to OSSRH / Maven Central

Deploying artifacts to OSSRH (OSS Repository Hosting provided by Sonatype) requires an account at OSSRH. It is also required to sign all artifacts with GPG. The Eclipse IT team will set this up for the project.

Required steps for a freestyle build job

Note.png
Note
Please note, this is currently a workaround and will be improved in the future.


1. Insert secret-subkeys.gpg as secret file in job InjectSecretFile2.png
2. Inject settings-security.xml file into .m2 directory. The target must really be /home/jenkins/.m2/ and not settings-security.xml alone.


You can add it somewhere else, but you will need to add -Dsettings.security=path/to/security-settings.xml to every Maven invocation.

InjectSettingsSecurity.png
3. Import GPG keyring with --batch and trust the keys non-interactively in a shell build step
 gpg --batch --import ${KEYRING}
 for fpr in $(gpg --list-keys --with-colons  | awk -F: '/fpr:/ {print $10}' | sort -u);
 do
   echo -e "5\ny\n" |  gpg --batch --command-fd 0 --expert --edit-key $fpr trust;
 done

GpgImport.png
4. If you're using a Maven build step, just select the proper Maven settings file.


If you're using a Shell build step, inject settings-<projectname>.xml into .m2 directory (like settings-security.xml in step 2). You either put it in /home/jenkins/.m2/settings.xml and it will be automatically used by all maven invocations, or put it somewhere else, but you will need to specify the path to this file with -s parameter.

MavenBuildStep.png
5. Since a newer GPG version (> 2.1+) is used on the new infra, it's required to add --pinentry-mode loopback as gpg argument in the pom.xml (only required if you are not using the ee4j:parent:1.0.2 or higher and if you are on the new infra):
 <plugin>
   <groupId>org.apache.maven.plugins</groupId>
   <artifactId>maven-gpg-plugin</artifactId>
   <version>1.6</version>
   <executions>
       <execution>
           <id>sign-artifacts</id>
           <phase>verify</phase>
           <goals>
               <goal>sign</goal>
           </goals>
           <configuration>
               <gpgArguments>
                   <arg>--pinentry-mode</arg>
                   <arg>loopback</arg>
               </gpgArguments>
           </configuration>
       </execution>
   </executions>
 </plugin>

Example pipeline build job (for GPG signing)

Note.png
Note
Please note, this is currently a workaround and will be improved in the future.


This is a simple pipeline job, that allows to test the GPG signing. The credentials ID and the config file IDs need to be changed accordingly.

node {
    def mvnHome
    def javaHome
    stage('Preparation') {
        cleanWs()
        mvnHome = tool 'apache-maven-latest'
        javaHome = tool 'oracle-jdk8-latest'
    }
    stage('Build') {
        sh "JAVA_HOME=${javaHome} ${mvnHome}/bin/mvn -U archetype:generate -DgroupId=com.mycompany.app -DartifactId=my-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false"
        sh '''cat >my-app/pom.xml <<EOL
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>com.mycompany.app</groupId>
  <artifactId>my-app</artifactId>
  <packaging>jar</packaging>
  <version>1.0-SNAPSHOT</version>
  <name>my-app</name>
  <url>http://maven.apache.org</url>
  <dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>3.8.1</version>
      <scope>test</scope>
    </dependency>
  </dependencies>
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-gpg-plugin</artifactId>
        <version>1.6</version>
        <executions>
          <execution>
            <id>sign-artifacts</id>
            <phase>verify</phase>
            <goals>
              <goal>sign</goal>
            </goals>
            <configuration>
              <gpgArguments>
                <arg>--pinentry-mode</arg>
                <arg>loopback</arg>
              </gpgArguments>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
</project>
EOL'''
        withCredentials([file(credentialsId: '1097961b-0a5c-4ef0-92b5-77878c392027', variable: 'KEYRING')]) {
            sh 'gpg --batch --import ${KEYRING}'
            sh 'for fpr in $(gpg --list-keys --with-colons  | awk -F: \'/fpr:/ {print $10}\' | sort -u); do echo -e "5\ny\n" |  gpg --batch --command-fd 0 --expert --edit-key ${fpr} trust; done'
            configFileProvider([configFile(fileId: 'a31774d9-a4fe-4901-ab01-8db2b63cd079', targetLocation: '/home/jenkins/.m2/')]) {
                configFileProvider([configFile(fileId: '5f77ec66-dc5e-4d29-999f-311501789ba0', variable: 'MVN_SETTINGS')]) {
                    sh "JAVA_HOME=${javaHome} ${mvnHome}/bin/mvn -f my-app/pom.xml -s $MVN_SETTINGS clean verify"
                }
            }
        }
        sh 'gpg --verify my-app/target/my-app-1.0-SNAPSHOT.jar.asc'
    }
}

Push commits/tag to GitHub repository

In order to be able to push to GitHub repositories, you need 2 things:

  • Configure the git user email and user name in a shell build step:
git config --global user.email "<projectname>-bot@eclipse.org"
git config --global user.name "Eclipse <projectname> Bot"
  • Activate the SSH Agent with the GitHub Bot SSH credentials in the binding section of your freestyle job configuration:

Ee4j-ssh-agent.png

or configure it in your pipeline job like this (the ID would need to be changed accordingly):

sshagent(['77beedf8-6b8c-4627-a318-33b025486f94']) {
    // git push [...]
}

Back to the top