-
Notifications
You must be signed in to change notification settings - Fork 70
/
.gitlab-ci.yml
108 lines (81 loc) · 3.08 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
stages:
- deploy_to_sonatype
- create_key
- run_unit_tests
variables:
REGISTRY: 486234852809.dkr.ecr.us-east-1.amazonaws.com
# ryuk is a privileged container started by testcontainers which cleans up containers at the end of testing
# It is not necessary for our gitlab CI env as #ci-cd infra tears everything down at the end of a gitlab run
TESTCONTAINERS_RYUK_DISABLED: "true"
# Testing is handled by circleCI for PRs, but we also run maven tests as part of the deploy process
# This run_unit_tests job is useful for ensuring the tests run fine without any of the deployment bits
run_unit_tests:
stage: run_unit_tests
rules:
- when: manual
allow_failure: true
tags:
- "runner:docker"
image: eclipse-temurin:8u412-b08-jdk
script:
- ./mvnw -Dhttps.protocols=TLSv1.2 -Dcheckstyle.skip=true -Dtests.log_level=info -Djdk.attach.allowAttachSelf=true -B test
artifacts:
expire_in: 1 mos
when: always
paths:
- ./target/surefire-reports/*.txt
# From the tagged repo, push the release artifact
deploy_to_sonatype:
stage: deploy_to_sonatype
rules:
# All releases are manual
- when: manual
allow_failure: true
tags:
- "runner:docker"
image: eclipse-temurin:8u412-b08-jdk
script:
# Ensure we don't print commands being run to the logs during credential
# operations
- set +x
- echo "Installing AWSCLI..."
- apt update
- apt install -y python3 python3-pip
- python3 -m pip install awscli
- echo "Fetching Sonatype user..."
- export SONATYPE_USER=$(aws ssm get-parameter --region us-east-1 --name ci.jmxfetch.publishing.sonatype_username --with-decryption --query "Parameter.Value" --out text)
- echo "Fetching Sonatype password..."
- export SONATYPE_PASS=$(aws ssm get-parameter --region us-east-1 --name ci.jmxfetch.publishing.sonatype_password --with-decryption --query "Parameter.Value" --out text)
- echo "Fetching signing key password..."
- export GPG_PASSPHRASE=$(aws ssm get-parameter --region us-east-1 --name ci.jmxfetch.signing.gpg_passphrase --with-decryption --query "Parameter.Value" --out text)
- echo "Fetching signing key..."
- gpg_key=$(aws ssm get-parameter --region us-east-1 --name ci.jmxfetch.signing.gpg_private_key --with-decryption --query "Parameter.Value" --out text)
- printf -- "$gpg_key" | gpg --import --batch
- set -x
- echo "Building release..."
- ./mvnw -Djdk.attach.allowAttachSelf=true -DperformRelease=true -Daether.checksums.algorithms=SHA-512,SHA-256,SHA-1,MD5 --settings ./settings.xml clean deploy
artifacts:
expire_in: 12 mos
paths:
- ./target/*.jar
- ./target/*.pom
- ./target/*.asc
- ./target/*.md5
- ./target/*.sha1
- ./target/*.sha256
- ./target/*.sha512
# This job creates the GPG key used to sign the releases
create_key:
stage: create_key
when: manual
tags:
- "runner:docker"
image: $REGISTRY/ci/agent-key-management-tools/gpg:1
variables:
PROJECT_NAME: "jmxfetch"
script:
- /create.sh
artifacts:
expire_in: 13 mos
paths:
- ./pubkeys/