Commit 20e54de3 authored by Tuukka Lehtonen's avatar Tuukka Lehtonen
Browse files

Gitlab pipeline to take over Jenkins job

gitlab #1

(cherry picked from commit 887c5337)
parent c6b5e05c
Pipeline #3650 passed with stage
in 32 seconds
variables:
# This will suppress any download for dependencies and plugins or upload messages which would clutter the console log.
# `showDateTime` will show the passed time in milliseconds. You need to specify `--batch-mode` to make this work.
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
# As of Maven 3.3.0 instead of this you may define these options in `.mvn/maven.config` so the same config is used
# when running from the command line.
# `installAtEnd` and `deployAtEnd` are only effective with recent version of the corresponding plugins.
MAVEN_CLI_OPTS: "--show-version"
# Allows controlling whether JAR signing also does timestamping
# Give the TSA server URL in TSA to use time stamping.
# e.g. http://timestamp.digicert.com
# This repository contains so little data that its OK to use TSA for every build
TSA: "http://timestamp.digicert.com"
PUBLISH_ADDRESS: "www.simantics.org"
BASE_DOWNLOAD_DIR: "/var/www/http-www.simantics.org/download"
image: registry.simupedia.com/ci-images/maven-eclipse-adoptopenjdk-11:latest
.common_before_script: &common_before_script
# Support code signing but only when committing to a `release/*` branch or creating a `v*` tag
- |
if [ -f ${KEYSTORE} ]; then
if [[ $CI_COMMIT_BRANCH =~ ^release\/.*$ || $CI_COMMIT_TAG =~ ^v.*$ ]]; then
echo "Building release/* branch or v* tag => Support signing"
base64 -d ${KEYSTORE} > ${KEYSTORE}.keystore
echo "jarsigner.keystore=${KEYSTORE}.keystore" >> ${SIGN_PROPERTIES}
if [ -n "$TSA" ]; then echo "jarsigner.tsa=${TSA}" >> ${SIGN_PROPERTIES}; fi
fi
fi
# Needed because ssh doesn't accept the private key unless it has 600 permissions
- chmod 600 "$GITLAB_PRIVATE_KEY"
# Initialize SSH connectivity to publish target
# StrictHostKeyChecking=no needed on first connection, because .ssh/known_hosts doesn't contain the target host key.
- ssh -o StrictHostKeyChecking=no -i $GITLAB_PRIVATE_KEY $GITLAB_USERNAME@$PUBLISH_ADDRESS echo
# Enforce branch-pipeline workflow to avoid getting pipeline for merge requests
include:
- template: 'Workflows/Branch-Pipelines.gitlab-ci.yml'
stages:
- publish
publish:
stage: publish
before_script:
- *common_before_script
script:
- |
if [[ -f "${KEYSTORE}.keystore" ]]; then
./sign.sh "${KEYSTORE}.keystore" "${SIGN_PROPERTIES}" "${TSA}"
# And regenerate P2 repository metadata after signing to fix checksums
./publish.sh /opt/eclipse/eclipse $CI_PROJECT_DIR/p2
fi
- export EXT_COMPONENT_DIR="$BASE_DOWNLOAD_DIR/$CI_COMMIT_REF_NAME/external-components"
- export PUBLISH_DIR="$EXT_COMPONENT_DIR/manual"
- ssh -i $GITLAB_PRIVATE_KEY $GITLAB_USERNAME@$PUBLISH_ADDRESS mkdir -p "$PUBLISH_DIR"
- rsync -e "ssh -i $GITLAB_PRIVATE_KEY" --stats --verbose composite/* $GITLAB_USERNAME@$PUBLISH_ADDRESS:$EXT_COMPONENT_DIR
- rsync -e "ssh -i $GITLAB_PRIVATE_KEY" --stats --verbose --recursive --delete p2/ $GITLAB_USERNAME@$PUBLISH_ADDRESS:$PUBLISH_DIR
rules:
- if: '$CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH =~ /^(release|feature|private)\/.*$/ || $CI_COMMIT_TAG =~ /^v.*$/'
when: on_success
- when: never
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment