This guy is trying to set up a CI/CD pipeline. Please don’t distract him.
Update! I was saved by Rultor today!
Today @rultors saved a lot of time for me just by not letting me merge branches pic.twitter.com/pJTpEpdwI7
— Ivan Ivanchuk (@L3r8y) March 24, 2023
This blog post is an addition to the previous post for Java projects that will be published in Maven Central. Well, if you are reading this, I assume you know about Rultor and are trying to setup @rultor release, tag is '1.0.0'
. But for some reason you can’t. I’m here to help you deal with your helplessness. So let’s begin…
Register your groupId
The first thing that you need is to create a jira ticket for the new project and register your groupId
.
Secret repository
The second thing you need to create, is a private repository on GitHub.
After that, you must create a configuration file for rultor .rultor.yml
and a folder where your secret files will be stored. The usual name for this is assets
.
Inside .rultor.yml
you put the repositories that will be given access to your secrets:
friends:
- nickname/reponame
Now your secret repository should look like this.
secrets-repo-name
|
|–– .rultor.yml
|–– assets/
GPG keys
Attention if you already installed gpg
and created some key, you should delete it
gpg --delete-key "YOUR_OLD_KEY"
gpg --delete-secret-key "YOUR_OLD_KEY"
Go to ~/.gnupg
and delete two files: pubring.gpg
and secring.gpg
, they may not exist.
Start
Well, you should install gpg
After that you have to create a new key:
-
gpg --full-gen-key
-
Please select what kind of key you want: (1) RSA and RSA (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (9) ECC (sign and encrypt) *default* (10) ECC (sign only) (14) Existing key from card Your selection? 1 # choose 1
-
RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) 2048 # choose 2048
-
Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 # choose 0
-
Next steps are pretty obvious. Comment should be left empty.
-
After you’ve created a key you should upload it into couple of servers:
gpg --keyserver keys.openpgp.org --send-keys YOUR_KEY
gpg --keyserver keyserver.ubuntu.com --send-keys YOUR_KEY
-
You see a message like
gpg: sending key KEY_ID to SERVER_NAME
, okay, you should save thisKEY_ID
- it looks like a mess of numbers and letters. -
Now, you have to create the
secring.gpg
andpubring.gpg
gpg --export > ~/.gnupg/pubring.gpg
gpg --keyring secring.gpg --export-secret-keys > ~/.gnupg/secring.gpg
-
Load these files from
~/.gnupg
in the secret repository which you created before. -
Create file
assets/settings.xml
which looks like:<?xml version="1.0" encoding="UTF-8"?> <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> <servers> <server> <id>ossrh</id> <username>JIRA_USERNAME</username> <password>JIRA_PASSWORD</password> </server> </servers> <profiles> <profile> <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <gpg.passphrase>passphrase</gpg.passphrase> <gpg.keyname>KEY_ID</gpg.keyname> <gpg.homedir>/home/r</gpg.homedir> </properties> </profile> </profiles> </settings>
-
Add
KEY_ID
that you saved insettings.xml
into field<gpg.keyname>KEY_ID</gpg.keyname>
-
Add your
passphrase
into<gpg.passphrase>passphrase</gpg.passphrase>
- Add your jira
username
andpassword
that you used to create the ticket.
Your secret repository now looks like this.
secrets-repo-name
|
|–– .rultor.yml
|–– assets/
|
|–– settings.xml
|–– secring.gpg
|–– pubring.gpg
Configure main repository
There are only the necessary things, I do not provide the complete pom.xml
file.
...
<scm>
<connection>scm:git:git@github.com:l3r8yJ/sa-tan.git</connection>
<developerConnection>scm:git:ssh://@github.com:l3r8yJ/sa-tan.git</developerConnection>
<url>https://github.com/l3r8yJ/sa-tan/tree/master</url>
</scm>
<developers>
<developer>
<name>Your Name</name>
<email>Your Email</email>
<roles>
<role>Your Role</role>
</roles>
</developer>
</developers>
<licenses>
<license>
<name>Your License</name>
<url>https://www.opensource.org/licenses/mit-license.php</url>
</license>
</licenses>
<ciManagement>
<system>Your CI</system>
<url>https://www.rultor.com/</url>
</ciManagement>
...
...
<profiles>
<profile>
<id>release</id>
<activation>
<activeByDefault>false</activeByDefault>
<property>
<name>gpg.keyname</name>
</property>
</activation>
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.5.0</version>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.2.1</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.0.1</version>
<configuration>
<gpgArguments>
<arg>--pinentry-mode</arg>
<arg>loopback</arg>
</gpgArguments>
</configuration>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.13</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
Then you need to configure your .rultor.yml
inside the project repository.
assets:
settings.xml: nickname/secret_repo#assets/settings.xml
secring.gpg: nickname/secret_repo#assets/secring.gpg
pubring.gpg: nickname/secret_repo#assets/pubring.gpg
release:
pre: false
sensetive:
- settings.xml
script: |-
[[ "${tag}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] || exit -1
mvn versions:set "-DnewVersion=${tag}"
git commit -am "${tag}"
mvn clean deploy -Prelease --errors --settings ../settings.xml
Done
Now you can go to some issue and try @rultor release
!
Thank you; I hope this post was interesting for you, also you can correct me in the comments if I made mistakes, etc.