...
 
Commits (2)
<?xml version="1.0"?>
<settings>
<servers>
<server>
<id>sonatype</id>
<username>${MAVEN_REPO_USER}</username>
<password>${MAVEN_REPO_PASS}</password>
</server>
</servers>
<profiles>
<profile>
<id>sign_and_deploy</id>
<properties>
<gpg.executable>gpg</gpg.executable>
<gpg.passphrase>${GPG_PASSPHRASE}</gpg.passphrase>
</properties>
<repositories>
<repository>
<id>sonatype</id>
<name>Snapshots Repository for Downloads</name>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
</profile>
</profiles>
</settings>
FROM openjdk:7u181-jdk-slim
RUN apt-get -q update --yes \
&& apt-get -q install --yes --no-install-recommends git maven ant curl gnupg2 \
&& rm -rf /var/lib/apt/lists/*
RUN echo ============== && \
java -version && \
javac -version && \
mvn -version && \
ant -version && \
git --version && \
gpg --version && \
curl --version
WORKDIR /root
ENTRYPOINT /bin/bash
# Overview
By adding a `.gitlab-ci.yml` file to the root directory of the source
repository and configuring the GitLab project to use
[a Runner](https://docs.gitlab.com/ee/ci/runners/README.html) you are
activating [GitLab's continuous integration service](https://about.gitlab.com/product/continuous-integration),
which in its turn will give you an ability to automatically trigger
your CI [pipeline](https://docs.gitlab.com/ee/ci/pipelines.html) for
each push to the repository. For more general information please refer
to [the getting started guide](https://docs.gitlab.com/ee/ci/quick_start/README.html).
# Bitbucket integration
GitLab CI/CD can be used with GitHub or any other Git server. Instead
of moving the entire project to GitLab, we will connect our Butbucket
repository to get the benefits of GitLab CI/CD. That will set up
repository mirroring and create a lightweight project where issues,
merge requests, wiki, and snippets disabled (these features can be
re-enabled later).
Below are the steps required to be taken.
1. In GitLab create a **CI/CD for external repo**, select **Repo by URL**
and create the project. GitLab will import the repository and enable
Pull Mirroring.
2. In GitLab create a [Personal Access Token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html)
with api scope. This will be used to authenticate requests from the web
hook that will be created in Bitbucket to notify GitLab of new commits.
3. In Bitbucket from **Settings > Webhooks** create a new web hook to
notify GitLab of new commits.
The web hook URL should be set to the GitLab API to trigger pull
mirroring, using the Personal Access Token, which has been just
generated for the authentication. The web hook Trigger should be set
to ‘Repository Push’.
```
https://gitlab.com/api/v4/projects/<CI_PROJECT_ID>/mirror/pull?private_token=<PERSONAL_ACCESS_TOKEN>
```
`PERSONAL_ACCESS_TOKEN`: the generated personal access token
`CI_PROJECT_ID`: the GitLab project ID, it can be found on the
landing page of the project
4. In Bitbucket create an **App Password** from Bitbucket **Settings >
App Passwords** to authenticate the build status script setting commit
build statuses in Bitbucket. Repository write permissions are required.
5. In GitLab from **Settings > CI/CD > Variables** add variables to
allow communication with Bitbucket via the Bitbucket API.
`BITBUCKET_ACCESS_TOKEN`: the Bitbucket app password created above
`BITBUCKET_USERNAME`: the username of the Bitbucket account
`BITBUCKET_NAMESPACE`: set this if your GitLab and Bitbucket
namespaces differ
`BITBUCKET_REPOSITORY`: set this if your GitLab and Bitbucket
project names differ
The required `build-status` script can be found under `ci/gitlab` path.
GitLab should now be configured to mirror changes from Bitbucket,
run CI/CD pipelines configured in `.gitlab-ci.yml` and push the status
to Bitbucket.
For extra details please refer to [the original GitLab guide](https://docs.gitlab.com/ee/ci/ci_cd_for_external_repos/bitbucket_integration.html) .
# Triggering the Okapi project pipeline
When you get done with the Bitbucket integration, make sure the
following variables are declared:
`OKAPI_TRIGGER_TOKEN`: the trigger token which has to be added to the
Okapi project before that (needs to be added under
**Settings > CI/CD > Variables**)
`OKAPI_SNAPSHOTS_BRANCH`: the snapshots branch of Okapi project
`OKAPI_PROJECT_ID`: the Okapi project ID in GitLab, it can be found on
the landing page of the Okapi project
So, the following line from the `.gitlab-ci.yml` can be executed successfully:
```
curl -X POST -F token=${OKAPI_TRIGGER_TOKEN} -F ref=${OKAPI_SNAPSHOTS_BRANCH} https://gitlab.com/api/v4/projects/${OKAPI_PROJECT_ID}/trigger/pipeline
```
# Sonatype integration
The following secret variables have to be declared under
**Settings > CI/CD > Variables**:
`MAVEN_REPO_USER`: sonatype user
`MAVEN_REPO_PASS`: sonatype user's password
`OPENSSL_ENC_KEY`: the OpenSSL key for decoding the code signing key
`OPENSSL_ENC_IV`: the OpenSSL initialisation vector for decoding the code signing key
`GPG_PASSPHRASE`: the pass-phrase for the code signing key
# Building the Docker image
The docker image is built offline (on a dev machine) and uploaded to GitLab.
See https://gitlab.com/okapiframework/okapi/container_registry
#
# The jobs of one stage are going to be run simultaneously.
#
# The verification stage jobs:
# - verification
#
# The deployment stage jobs:
# - snapshot
# - release
#
# The trigger stage jobs:
# - okapi-snapshot-trigger
#
# Normally, on pushing to the code repository the "verification" job is run.
#
# If a branch is a "snapshot branch", then the "snapshot" job is run.
# If a branch is a "tag", then the "release" job is run.
#
# If a branch is a "snapshot branch", then the "okapi-snapshot-trigger"
# job is run.
#
# If any of the jobs fails, no other consequential job is run.
#
stages:
- verification
- deployment
- trigger
variables:
CI_GITLAB_PATH: "ci/gitlab"
CI_SCRIPTS_PATH: "${CI_GITLAB_PATH}/scripts"
DOCKER_DRIVER: "overlay2"
GIT_DEPTH: "3"
MAVEN_CLI_OPTS: "--settings ${CI_GITLAB_PATH}/.m2/settings.xml --batch-mode --errors --show-version"
OKAPI_PROJECT_ID: "okapiframework%2Fokapi"
OKAPI_SNAPSHOTS_BRANCH: "dev"
SNAPSHOTS_BRANCH: "dev"
# CI_DEBUG_TRACE: "true" # WARNING: all secret variables will be exposed to a job output!
image: registry.gitlab.com/okapiframework/okapi:jdk7
before_script:
- ${CI_SCRIPTS_PATH}/before-job
after_script:
- ${CI_SCRIPTS_PATH}/after-job
verification:
stage: verification
cache:
paths:
- ${HOME}/.m2/repository/
before_script:
- ${CI_SCRIPTS_PATH}/before-job
script:
- mvn verify ${MAVEN_CLI_OPTS}
- touch ${CI_GITLAB_PATH}/${CI_JOB_NAME}-passed
.deployment: &deployment
stage: deployment
cache:
paths:
- ${HOME}/.m2/repository/
policy: pull
before_script:
- ${CI_SCRIPTS_PATH}/before-job
- ${CI_SCRIPTS_PATH}/gpg-import
script:
- mvn deploy ${MAVEN_CLI_OPTS} -DskipITs --activate-profiles sign_and_deploy,release #--quiet
- touch ${CI_GITLAB_PATH}/${CI_JOB_NAME}-passed
snapshot:
<<: *deployment
only:
variables:
- $SNAPSHOTS_BRANCH == $CI_COMMIT_REF_NAME
except:
- tags
- master
release:
<<: *deployment
only:
- tags
okapi-snapshot-trigger:
stage: trigger
script:
- curl -X POST -F token=${OKAPI_TRIGGER_TOKEN} -F ref=${OKAPI_SNAPSHOTS_BRANCH} https://gitlab.com/api/v4/projects/${OKAPI_PROJECT_ID}/trigger/pipeline
- touch ${CI_GITLAB_PATH}/${CI_JOB_NAME}-passed
only:
variables:
- $SNAPSHOTS_BRANCH == $CI_COMMIT_REF_NAME
except:
- tags
- master
#!/usr/bin/env bash
if [ ! -f ${CI_GITLAB_PATH}/${CI_JOB_NAME}-passed ] ; then
BUILD_STATUS=failed ${CI_SCRIPTS_PATH}/build-status;
else
BUILD_STATUS=passed ${CI_SCRIPTS_PATH}/build-status;
fi
#!/usr/bin/env bash
rm -f ${CI_GITLAB_PATH}/${CI_JOB_NAME}-passed
BUILD_STATUS=running ${CI_SCRIPTS_PATH}/build-status
#!/usr/bin/env bash
# Push GitLab CI/CD build status to Bitbucket Cloud
if [ -z "$BITBUCKET_ACCESS_TOKEN" ]; then
echo "ERROR: BITBUCKET_ACCESS_TOKEN is not set"
exit 1
fi
if [ -z "$BITBUCKET_USERNAME" ]; then
echo "ERROR: BITBUCKET_USERNAME is not set"
exit 1
fi
if [ -z "$BITBUCKET_NAMESPACE" ]; then
echo "Setting BITBUCKET_NAMESPACE to $CI_PROJECT_NAMESPACE"
BITBUCKET_NAMESPACE=$CI_PROJECT_NAMESPACE
fi
if [ -z "$BITBUCKET_REPOSITORY" ]; then
echo "Setting BITBUCKET_REPOSITORY to $CI_PROJECT_NAME"
BITBUCKET_REPOSITORY=$CI_PROJECT_NAME
fi
BITBUCKET_API_ROOT="https://api.bitbucket.org/2.0"
BITBUCKET_STATUS_API="$BITBUCKET_API_ROOT/repositories/$BITBUCKET_NAMESPACE/$BITBUCKET_REPOSITORY/commit/$CI_COMMIT_SHA/statuses/build"
BITBUCKET_KEY="$CI_GITLAB_PATH/$CI_JOB_NAME"
BITBUCKET_NAME="$CI_JOB_STAGE:$CI_JOB_NAME:$BUILD_STATUS"
BITBUCKET_DESCRIPTION="Pipeline #$CI_PIPELINE_ID"
case "$BUILD_STATUS" in
running)
BITBUCKET_STATE="INPROGRESS"
;;
passed)
BITBUCKET_STATE="SUCCESSFUL"
;;
failed)
BITBUCKET_STATE="FAILED"
;;
esac
echo "Pushing status to $BITBUCKET_STATUS_API..."
curl --request POST $BITBUCKET_STATUS_API \
--user $BITBUCKET_USERNAME:$BITBUCKET_ACCESS_TOKEN \
--header "Content-Type:application/json" \
--silent \
--data "{ \"state\": \"$BITBUCKET_STATE\",
\"key\": \"$BITBUCKET_KEY\",
\"name\": \"$BITBUCKET_NAME\",
\"description\": \"$BITBUCKET_DESCRIPTION\",
\"url\": \"$CI_JOB_URL\" }"
#!/usr/bin/env bash
GPG_CONF=".gnupg/gpg.conf"
GPG_AGENT_CONF=".gnupg/gpg-agent.conf"
OPENSSL_CLI_OPTS="enc -aes-256-cbc -K ${OPENSSL_ENC_KEY} -iv ${OPENSSL_ENC_IV}"
openssl ${OPENSSL_CLI_OPTS} -d -in ${CI_GITLAB_PATH}/code-signing-key.asc.enc -out ${CI_GITLAB_PATH}/code-signing-key.asc
gpg --quiet --batch --import ${CI_GITLAB_PATH}/code-signing-key.asc
echo "use-agent" > ${HOME}/${GPG_CONF}
echo "pinentry-mode loopback" >> ${HOME}/${GPG_CONF}
echo "allow-loopback-pinentry" > ${HOME}/${GPG_AGENT_CONF}
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>net.sf.okapi</groupId>
<artifactId>xlifftk-build-okapi</artifactId>
<version>1.1.7</version>
<packaging>pom</packaging>
<modelVersion>4.0.0</modelVersion>
<name>Okapi Build</name>
<url>http://code.google.com/p/okapi-xliff-toolkit</url>
<name>Okapi XLIFF Toolkit</name>
<description>The Okapi Framework is a cross-platform and free open-source
set of components and applications that offer extensive support for
localizing and translating documentation and software.</description>
<url>https://bitbucket.org/okapiframework/xliff-toolkit</url>
<licenses>
<license>
<name>Apache License, Version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
<distribution>repo</distribution>
</license>
</licenses>
<issueManagement>
<system>Google Code</system>
<url>http://code.google.com/p/okapi-xliff-toolkit/issues</url>
<system>Bitbucket</system>
<url>https://bitbucket.org/okapiframework/xliff-toolkit/issues</url>
</issueManagement>
<developers>
<developer>
<name>Okapi Developer Team</name>
<email>contact@okapiframework.org</email>
<organization>None</organization>
<organizationUrl>https://okapiframework.org</organizationUrl>
</developer>
</developers>
<scm>
<connection>scm:git:https://bitbucket.org/okapiframework/xliff-toolkit.git</connection>
<developerConnection>scm:git:https://bitbucket.org/okapiframework/xliff-toolkit</developerConnection>
<url>https://bitbucket.org/okapiframework/xliff-toolkit/src</url>
</scm>
<distributionManagement>
<repository>
<id>sonatype</id>
<name>Sonatype Releases</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
</repository>
<snapshotRepository>
<id>sonatype</id>
<name>Sonatype Snapshots</name>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
</distributionManagement>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.deploy.skip>false</maven.deploy.skip>
</properties>
<modules>
<module>libraries</module>
......@@ -99,7 +140,66 @@
</plugin>
</plugins>
</build>
<profiles>
<profiles>
<profile>
<id>sign_and_deploy</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.5</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<skip>false</skip>
<lockMode>never</lockMode>
<defaultKeyring>false</defaultKeyring>
<useAgent>false</useAgent>
<gpgArguments>
<arg>--no-random-seed-file</arg>
<arg>--no-permission-warning</arg>
</gpgArguments>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.8</version>
<extensions>true</extensions>
<executions>
<execution>
<id>default-deploy</id>
<phase>deploy</phase>
<goals>
<goal>deploy</goal>
</goals>
</execution>
</executions>
<configuration>
<serverId>sonatype</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<!-- Set this to true and the release will automatically proceed and sync to Central Repository will follow -->
<autoReleaseAfterClose>false</autoReleaseAfterClose>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>release</id>
<build>
......@@ -117,6 +217,22 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.0.0</version>
<configuration>
<doclint>none</doclint>
</configuration>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
......