This guy is trying to set up a CI/CD pipeline. Please don’t distract him.
Update! I was saved by Rultor today!
Today @rultors saved a lot of time for me just by not letting me merge branches pic.twitter.com/pJTpEpdwI7
— Ivan Ivanchuk (@L3r8y) March 24, 2023
This blog post is an addition to the previous post for Java projects that will be published in Maven Central. Well, if you are reading this, I assume you know about Rultor and are trying to setup @rultor release, tag is '1.0.0'. But for some reason you can’t. I’m here to help you deal with your helplessness. So let’s begin…
Register your groupId
The first thing that you need is to create a jira ticket for the new project and register your groupId.
Secret repository
The second thing you need to create, is a private repository on GitHub.
After that, you must create a configuration file for rultor .rultor.yml and a folder where your secret files will be stored. The usual name for this is assets.
Inside .rultor.yml you put the repositories that will be given access to your secrets:
friends:
- nickname/reponame
Now your secret repository should look like this.
secrets-repo-name
|
|–– .rultor.yml
|–– assets/
GPG keys
Attention if you already installed gpg and created some key, you should delete it
gpg --delete-key "YOUR_OLD_KEY"
gpg --delete-secret-key "YOUR_OLD_KEY"
Go to ~/.gnupg and delete two files: pubring.gpg and secring.gpg, they may not exist.
Start
Well, you should install gpg
After that you have to create a new key:
-
gpg --full-gen-key -
Please select what kind of key you want: (1) RSA and RSA (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (9) ECC (sign and encrypt) *default* (10) ECC (sign only) (14) Existing key from card Your selection? 1 # choose 1 -
RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) 2048 # choose 2048 -
Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 # choose 0 -
Next steps are pretty obvious. Comment should be left empty.
-
After you’ve created a key you should upload it into couple of servers:
gpg --keyserver keys.openpgp.org --send-keys YOUR_KEYgpg --keyserver keyserver.ubuntu.com --send-keys YOUR_KEY -
You see a message like
gpg: sending key KEY_ID to SERVER_NAME, okay, you should save thisKEY_ID- it looks like a mess of numbers and letters. -
Now, you have to create the
secring.gpgandpubring.gpggpg --export > ~/.gnupg/pubring.gpggpg --keyring secring.gpg --export-secret-keys > ~/.gnupg/secring.gpg -
Load these files from
~/.gnupgin the secret repository which you created before. -
Create file
assets/settings.xmlwhich looks like:<?xml version="1.0" encoding="UTF-8"?> <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> <servers> <server> <id>ossrh</id> <username>JIRA_USERNAME</username> <password>JIRA_PASSWORD</password> </server> </servers> <profiles> <profile> <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>passphrase</gpg.passphrase> <gpg.keyname>KEY_ID</gpg.keyname> <gpg.homedir>/home/r</gpg.homedir> </properties> </profile> </profiles> </settings> -
Add
KEY_IDthat you saved insettings.xmlinto field<gpg.keyname>KEY_ID</gpg.keyname> -
Add your
passphraseinto<gpg.passphrase>passphrase</gpg.passphrase> - Add your jira
usernameandpasswordthat you used to create the ticket.
Your secret repository now looks like this.
secrets-repo-name
|
|–– .rultor.yml
|–– assets/
|
|–– settings.xml
|–– secring.gpg
|–– pubring.gpg
Configure main repository
There are only the necessary things, I do not provide the complete pom.xml file.
...
<scm>
<connection>scm:git:git@github.com:l3r8yJ/sa-tan.git</connection>
<developerConnection>scm:git:ssh://@github.com:l3r8yJ/sa-tan.git</developerConnection>
<url>https://github.com/l3r8yJ/sa-tan/tree/master</url>
</scm>
<developers>
<developer>
<name>Your Name</name>
<email>Your Email</email>
<roles>
<role>Your Role</role>
</roles>
</developer>
</developers>
<licenses>
<license>
<name>Your License</name>
<url>https://www.opensource.org/licenses/mit-license.php</url>
</license>
</licenses>
<ciManagement>
<system>Your CI</system>
<url>https://www.rultor.com/</url>
</ciManagement>
...
...
<profiles>
<profile>
<id>release</id>
<activation>
<activeByDefault>false</activeByDefault>
<property>
<name>gpg.keyname</name>
</property>
</activation>
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.5.0</version>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.2.1</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.0.1</version>
<configuration>
<gpgArguments>
<arg>--pinentry-mode</arg>
<arg>loopback</arg>
</gpgArguments>
</configuration>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.13</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
Then you need to configure your .rultor.yml inside the project repository.
assets:
settings.xml: nickname/secret_repo#assets/settings.xml
secring.gpg: nickname/secret_repo#assets/secring.gpg
pubring.gpg: nickname/secret_repo#assets/pubring.gpg
release:
pre: false
sensetive:
- settings.xml
script: |-
[[ "${tag}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] || exit -1
mvn versions:set "-DnewVersion=${tag}"
git commit -am "${tag}"
mvn clean deploy -Prelease --errors --settings ../settings.xml
Done
Now you can go to some issue and try @rultor release!
Thank you; I hope this post was interesting for you, also you can correct me in the comments if I made mistakes, etc.