Commit e990baac authored by Denis Konovalyenko's avatar Denis Konovalyenko Committed by Mihai Nita

Merged in DenisKonovalyenko/xliff-toolkit/gitlab-integration (pull request #9)

Gitlab integration
Approved-by: Mihai Nita's avatarMihai Nita <mihnita@gmail.com>
parents 8b0d03ff bba3e41c
#
# The jobs of one stage are going to be run simultaneously.
#
# The verification stage jobs:
# - verification
#
# The deployment stage jobs:
# - snapshot
# - release
#
# The status stage jobs:
# - success
# - snapshot-success
# - failure
#
# On pushing to the code repository the "verification" job is run.
# If during any job run, except the "snapshot-success" and "success" ones,
# a failure occurs, the "failure" job is run.
#
# If a branch is a "snapshot branch", then the "snapshot" job is run.
# If a branch is a "tag", then the "release" job is run.
#
# If the "snapshot" job run succeeded, the "success" and "snapshot-success"
# jobs are run.
# If the "verification" job run succeeded and there is no "snapshot" or
# "release" job for this pipeline, the "success" job is run.
#
stages:
- verification
- deployment
- status
variables:
CI_GITLAB_PATH: "ci/gitlab"
MAVEN_IMAGE: "maven:3.5.4-jdk-8"
BASH_CURL_IMAGE: "cosmintitei/bash-curl:latest"
MAVEN_CLI_OPTS: "--settings ${CI_GITLAB_PATH}/.m2/settings.xml --batch-mode --errors --show-version"
OPENSSL_CLI_OPTS: "enc -aes-256-cbc -K ${OPENSSL_ENC_KEY} -iv ${OPENSSL_ENC_IV}"
GPG_CONF: ".gnupg/gpg.conf"
GPG_AGENT_CONF: ".gnupg/gpg-agent.conf"
OKAPI_PROJECT_ID: "9036176"
OKAPI_SNAPSHOTS_BRANCH: "dev"
SNAPSHOTS_BRANCH: "dev"
# CI_DEBUG_TRACE: "true" # WARNING: all secret variables will be exposed to a job output!
verification:
stage: verification
image: ${MAVEN_IMAGE}
cache:
paths:
- ${HOME}/.m2/repository/
- ${HOME}/target/
script:
- BUILD_STATUS=running BUILD_KEY=push ${CI_GITLAB_PATH}/build-status
- mvn verify ${MAVEN_CLI_OPTS}
.deployment: &deployment
stage: deployment
image: ${MAVEN_IMAGE}
cache:
paths:
- ${HOME}/.m2/repository/
- ${HOME}/target/
policy: pull
script:
- openssl ${OPENSSL_CLI_OPTS} -d -in ${CI_GITLAB_PATH}/code-signing-key.asc.enc -out ${CI_GITLAB_PATH}/code-signing-key.asc
- gpg --quiet --batch --import ${CI_GITLAB_PATH}/code-signing-key.asc
- echo "use-agent" > ${HOME}/{GPG_CONF}
- echo "pinentry-mode loopback" >> ${HOME}/${GPG_CONF}
- echo "allow-loopback-pinentry" > ${HOME}/${GPG_AGENT_CONF}
- mvn deploy ${MAVEN_CLI_OPTS} -DskipITs -Dmaven.test.skip=true --activate-profiles sign_and_deploy,release #--quiet
snapshot:
<<: *deployment
only:
variables:
- $SNAPSHOTS_BRANCH == $CI_COMMIT_REF_NAME
except:
- tags
- master
release:
<<: *deployment
only:
- tags
except:
- branches
.status: &status
stage: status
image: ${BASH_CURL_IMAGE}
before_script:
- ""
after_script:
- ""
snapshot-success:
<<: *status
script:
- curl -X POST -F token=${OKAPI_TRIGGER_TOKEN} -F ref=${OKAPI_SNAPSHOTS_BRANCH} https://gitlab.com/api/v4/projects/${OKAPI_PROJECT_ID}/trigger/pipeline
only:
variables:
- $SNAPSHOTS_BRANCH == $CI_COMMIT_REF_NAME
except:
- tags
- master
when: on_success
success:
<<: *status
script:
- BUILD_STATUS=passed BUILD_KEY=push ${CI_GITLAB_PATH}/build-status
when: on_success
failure:
<<: *status
script:
- BUILD_STATUS=failed BUILD_KEY=push ${CI_GITLAB_PATH}/build-status
when: on_failure
......@@ -11,6 +11,11 @@
<groupId>net.sf.okapi.applications</groupId>
<packaging>pom</packaging>
<name>Okapi Applications Build</name>
<properties>
<maven.deploy.skip>false</maven.deploy.skip>
</properties>
<modules>
<module>lynx</module>
<!-- do not add integration-tests here as it needs to be run separately -->
......
<?xml version="1.0"?>
<settings>
<servers>
<server>
<id>sonatype</id>
<username>${MAVEN_REPO_USER}</username>
<password>${MAVEN_REPO_PASS}</password>
</server>
</servers>
<profiles>
<profile>
<id>SUREFIRE-1588</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<argLine>-Djdk.net.URLClassPath.disableClassPathURLCheck=true</argLine>
</properties>
</profile>
<profile>
<id>sign_and_deploy</id>
<properties>
<gpg.executable>gpg</gpg.executable>
<gpg.passphrase>${GPG_PASSPHRASE}</gpg.passphrase>
</properties>
</profile>
</profiles>
</settings>
# Overview
By adding a `.gitlab-ci.yml` file to the root directory of the source
repository and configuring the GitLab project to use
[a Runner](https://docs.gitlab.com/ee/ci/runners/README.html) you are
activating [GitLab's continuous integration service](https://about.gitlab.com/product/continuous-integration),
which in its turn will give you an ability to automatically trigger
your CI [pipeline](https://docs.gitlab.com/ee/ci/pipelines.html) for
each push to the repository. For more general information please refer
to [the getting started guide](https://docs.gitlab.com/ee/ci/quick_start/README.html).
# Bitbucket integration
GitLab CI/CD can be used with GitHub or any other Git server. Instead
of moving the entire project to GitLab, we will connect our Butbucket
repository to get the benefits of GitLab CI/CD. That will set up
repository mirroring and create a lightweight project where issues,
merge requests, wiki, and snippets disabled (these features can be
re-enabled later).
Below are the steps required to be taken.
1. In GitLab create a **CI/CD for external repo**, select **Repo by URL**
and create the project. GitLab will import the repository and enable
Pull Mirroring.
2. In GitLab create a [Personal Access Token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html)
with api scope. This will be used to authenticate requests from the web
hook that will be created in Bitbucket to notify GitLab of new commits.
3. In Bitbucket from **Settings > Webhooks** create a new web hook to
notify GitLab of new commits.
The web hook URL should be set to the GitLab API to trigger pull
mirroring, using the Personal Access Token, which has been just
generated for the authentication. The web hook Trigger should be set
to ‘Repository Push’.
```
https://gitlab.com/api/v4/projects/<CI_PROJECT_ID>/mirror/pull?private_token=<PERSONAL_ACCESS_TOKEN>
```
`PERSONAL_ACCESS_TOKEN`: the generated personal access token
`CI_PROJECT_ID`: the GitLab project ID, it can be found on the
landing page of the project
4. In Bitbucket create an **App Password** from Bitbucket **Settings >
App Passwords** to authenticate the build status script setting commit
build statuses in Bitbucket. Repository write permissions are required.
5. In GitLab from **Settings > CI/CD > Variables** add variables to
allow communication with Bitbucket via the Bitbucket API.
`BITBUCKET_ACCESS_TOKEN`: the Bitbucket app password created above
`BITBUCKET_USERNAME`: the username of the Bitbucket account
`BITBUCKET_NAMESPACE`: set this if your GitLab and Bitbucket
namespaces differ
`BITBUCKET_REPOSITORY`: set this if your GitLab and Bitbucket
project names differ
The required `build-status` script can be found under `ci/gitlab` path.
GitLab should now be configured to mirror changes from Bitbucket,
run CI/CD pipelines configured in `.gitlab-ci.yml` and push the status
to Bitbucket.
For extra details please refer to [the original GitLab guide](https://docs.gitlab.com/ee/ci/ci_cd_for_external_repos/bitbucket_integration.html) .
# Triggering the Okapi project pipeline
When you get done with the Bitbucket integration, make sure the
following variables are declared:
`OKAPI_TRIGGER_TOKEN`: the trigger token which has to be added to the
Okapi project before that (needs to be added under
**Settings > CI/CD > Variables**)
`OKAPI_SNAPSHOTS_BRANCH`: the snapshots branch of Okapi project
`OKAPI_PROJECT_ID`: the Okapi project ID in GitLab, it can be found on
the landing page of the Okapi project
So, the following line from the `.gitlab-ci.yml` can be executed successfully:
```
curl -X POST -F token=${OKAPI_TRIGGER_TOKEN} -F ref=${OKAPI_SNAPSHOTS_BRANCH} https://gitlab.com/api/v4/projects/${OKAPI_PROJECT_ID}/trigger/pipeline
```
# Sonatype integration
The following secret variables have to be declared under
**Settings > CI/CD > Variables**:
`MAVEN_REPO_USER`: sonatype user
`MAVEN_REPO_PASS`: sonatype user's password
`OPENSSL_ENC_KEY`: the OpenSSL key for decoding the code signing key
`OPENSSL_ENC_IV`: the OpenSSL initialisation vector for decoding the code signing key
`GPG_PASSPHRASE`: the pass-phrase for the code signing key
#!/usr/bin/env bash
# Push GitLab CI/CD build status to Bitbucket Cloud
if [ -z "$BITBUCKET_ACCESS_TOKEN" ]; then
echo "ERROR: BITBUCKET_ACCESS_TOKEN is not set"
exit 1
fi
if [ -z "$BITBUCKET_USERNAME" ]; then
echo "ERROR: BITBUCKET_USERNAME is not set"
exit 1
fi
if [ -z "$BITBUCKET_NAMESPACE" ]; then
echo "Setting BITBUCKET_NAMESPACE to $CI_PROJECT_NAMESPACE"
BITBUCKET_NAMESPACE=$CI_PROJECT_NAMESPACE
fi
if [ -z "$BITBUCKET_REPOSITORY" ]; then
echo "Setting BITBUCKET_REPOSITORY to $CI_PROJECT_NAME"
BITBUCKET_REPOSITORY=$CI_PROJECT_NAME
fi
BITBUCKET_API_ROOT="https://api.bitbucket.org/2.0"
BITBUCKET_STATUS_API="$BITBUCKET_API_ROOT/repositories/$BITBUCKET_NAMESPACE/$BITBUCKET_REPOSITORY/commit/$CI_COMMIT_SHA/statuses/build"
BITBUCKET_KEY="ci/gitlab-ci/$CI_JOB_NAME"
case "$BUILD_STATUS" in
running)
BITBUCKET_STATE="INPROGRESS"
BITBUCKET_DESCRIPTION="The build is running!"
;;
passed)
BITBUCKET_STATE="SUCCESSFUL"
BITBUCKET_DESCRIPTION="The build passed!"
;;
failed)
BITBUCKET_STATE="FAILED"
BITBUCKET_DESCRIPTION="The build failed."
;;
esac
echo "Pushing status to $BITBUCKET_STATUS_API..."
curl --request POST $BITBUCKET_STATUS_API \
--user $BITBUCKET_USERNAME:$BITBUCKET_ACCESS_TOKEN \
--header "Content-Type:application/json" \
--silent \
--data "{ \"state\": \"$BITBUCKET_STATE\", \"key\": \"$BITBUCKET_KEY\", \"description\":
\"$BITBUCKET_DESCRIPTION\",\"url\": \"$CI_PROJECT_URL/-/jobs/$CI_JOB_ID\" }"
......@@ -44,28 +44,20 @@
<distributionManagement>
<repository>
<id>ossrh</id>
<name>Nexus Releases</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
<id>sonatype</id>
<name>Sonatype Releases</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
</repository>
<snapshotRepository>
<id>ossrh</id>
<name>Nexus Snapshots</name>
<id>sonatype</id>
<name>Sonatype Snapshots</name>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
</distributionManagement>
<repositories>
<repository>
<id>okapi-xliff</id>
<name>okapi-xliff-repository</name>
<url>http://repository-okapi.forge.cloudbees.com/release/</url>
<layout>default</layout>
</repository>
</repositories>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.deploy.skip>false</maven.deploy.skip>
</properties>
<modules>
......@@ -180,10 +172,17 @@
</gpgArguments>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.7</version>
<version>1.6.8</version>
<extensions>true</extensions>
<executions>
<execution>
......@@ -195,7 +194,7 @@
</execution>
</executions>
<configuration>
<serverId>ossrh</serverId>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- Set this to true and the release will automatically proceed and sync to Central Repository will follow -->
<autoReleaseAfterClose>false</autoReleaseAfterClose>
......
......@@ -8,6 +8,10 @@
<name>Okapi XLIFF Toolkit Build Root</name>
<url>http://code.google.com/p/okapi-xliff-toolkit</url>
<properties>
<maven.deploy.skip>true</maven.deploy.skip>
</properties>
<modules>
<module>okapi</module>
<module>applications</module>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment