Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

EE4J Build

This page gives an overview of the build setup and infrastructure for EE4J projects.

Build infrastructure overview

Every EE4J project can request it's own Jenkins instance. All sub projects of a project share a single Jenkins instance.

All EE4J JIPPs will be hosted on CloudBees Jenkins Enterprise (CJE) / CloudBees Core infrastructure. Projects that still have a Jenkins instance on our old infrastructure will be migrated in Q4 2018. Jenkins instances running on ci.eclipse.org (e.g. https://ci.eclipse.org/grizzly) are currently hosted on the old infrastructure. Jenkins instances running on jenkins.eclipse.org (e.g. https://jenkins.eclipse.org/glassfish) are hosted on our new infrastructure (CJE/Core). Please note: the sub domains ci.eclipse.org and jenkins.eclipse.org will be unified at a later date.

Please see the EE4J Project Provisioning Status Google Doc for details.

How to requests a Jenkins instance?

Please file a bug file a bug against Eclipse Foundation > Community > CI-Jenkins to request your project's own instance. Make include the name of your project and ensure your project lead can +1 the request.

Deployment to OSSRH / Maven Central

Deploying artifacts to OSSRH (OSS Repository Hosting provided by Sonatype) requires an account at OSSRH. It is also required to sign all artifacts with GPG. The Eclipse IT team will set this up for the project.

Here are the required steps to configure your Jenkins build job for deployment to OSSRH:

1. Insert secret-subkeys.gpg as secret file in job InjectSecretFile2.png
2. Inject settings-security.xml file into .m2 directory. The target must really be /home/jenkins/.m2/ and not settings-security.xml alone.


You can add it somewhere else, but you will need to add -Dsettings.security=path/to/security-settings.xml to every Maven invocation.

InjectSettingsSecurity.png
3. Import GPG keyring with --batch and trust the keys non-interactively in a shell build step
 gpg --batch --import ${KEYRING}
 for fpr in $(gpg --list-keys --with-colons  | awk -F: '/fpr:/ {print $10}' | sort -u);
 do
   echo -e "5\ny\n" |  gpg --batch --command-fd 0 --expert --edit-key $fpr trust;
 done

GpgImport.png
4. If you're using a Maven build step, just select the proper Maven settings file.


If you're using a Shell build step, inject settings-<projectname>.xml into .m2 directory (like settings-security.xml in step 2). You either put it in /home/jenkins/.m2/settings.xml and it will be automatically used by all maven invocations, or put it somewhere else, but you will need to specify the path to this file with -s parameter.

MavenBuildStep.png
5. It's required to add --pinentry-mode loopback as gpg argument in the pom.xml:
 <plugin>
   <groupId>org.apache.maven.plugins</groupId>
   <artifactId>maven-gpg-plugin</artifactId>
   <version>1.6</version>
   <executions>
       <execution>
           <id>sign-artifacts</id>
           <phase>verify</phase>
           <goals>
               <goal>sign</goal>
           </goals>
           <configuration>
               <gpgArguments>
                   <arg>--pinentry-mode</arg>
                   <arg>loopback</arg>
               </gpgArguments>
           </configuration>
       </execution>
   </executions>
 </plugin>

Please note this is currently a workaround and will be improved in the future.

Back to the top