Date: Fri, 29 Mar 2024 08:58:21 +0000 (UTC) Message-ID: <827995733.7733.1711702701597@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7732_1602239343.1711702701596" ------=_Part_7732_1602239343.1711702701596 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Our Travis CI is no longer the current method for building Grouper artif= acts. See the J= enkins page for the current method.
For a normal commit: Just push to the master branch, wait about 10 minut= es and check Travis (https://travis-ci.com/Internet2/grouper) for a su= ccessful build
For a numbered release:
As of December 2021, our open source account on travis-ci.com had run ou= t of free credits, and had stopped building releases. There was an option t= o petition for more free credits that would have lasted for a while. Howeve= r, it was decided at that time to move the process to our own Jenkins build= process which used servers owned by Internet2.
Grouper is configured against Travis CI to execute the full build on eve= ry commit. For tags matching a specific pattern of "GROUPER_RELEASE_a.b.c(r= c#)" it will also build release artifacts using that version from the tag, = and publish those artifacts to the Maven Sonatype repository. There is an <= a class=3D"external-link" href=3D"https://travis-ci.org/Internet2/grouper">= Internet2/Grouper account in Travis connected to the Grouper Github rep= ository, and you (?) should have access to view the Travis build status if = you have developer access in Github (CR Feb/2020 not sure about this). .
Travis builds all grouper branches where there is a .travis.yml at the r= oot of the repository, as long as the current branch is specified as an all= owed branch in that file. This is a YAML configuration that tells Travis wh= at version of Java should be available, which commands to use for the build= lifecycle and which scripts to execute after a successful build. Before Gr= ouper 2.5.0, the Travis setup included a post-build step to publish the Mav= en snapshot artifacts to the Sonatype snapshot repository. As of version 2.= 5.0, this no longer publishes snapshot artifacts, as they were of limited u= se. Instead, it simply does a `mvn package` phase of grouper-parent (repeat= ed for the set of Java vendors and versions defined in the YAML file) to te= st for a successful build of all projects. If the Travis build status for t= he current branch changes from success->fail or fail->success, the co= mmitter should get an email reporting the status change.
For a pushed tag that matches GROUPER_RELEASE_n.n.n or GROUPER_RELEASE_n= .n.n"rc"n, a second Travis job will be initiated. As with normal commits, t= he job will start with a maven "package" goal for all defined Java targets.= If successful, the next step will be to execute the script travis/deploy-t= o-sonatype.sh, to rebuild the artifacts as release versions and publish the= m to our Sonatype staging repository. The script will parse out the dotted = version out of the tag string, update the versions in the pom.xml, rebuild = all the projects, generate source and javadoc artifacts, and then sign them= with an included PGP key. Finally, the script will deploy all these artifa= cts and associated pgp signatures (*.asc files) to the Sonatype staging rep= ository.
If successful, the artifacts will appear in a new folder in our Sonatype= staging repository (https://oss.sonatype.org/), Currently (Feb 2020), there is a sh= ared account to access this repository. A subfolder will appear with a name= such as "eduinternet2middlewaregrouper-####". The status should be "closed= ", indicating that Travis was able to finalize its upload of the artifacts.= In this state, the repository can be tested as a private repository, by ad= ding it as a profile in maven settings.xml (see below), or it can be promot= ed to "release" which will publish it in the public repository. After being= released, the artifacts will eventually be propagated to other Maven repos= itory sites, such as https://search.maven.org/ and https://mvnrepository.com/.
Because Travis requires certain secrets for the Sonatype login and PGP e= ncryption to be accessible via a Git repository, encrypted versions of the = files can be stored and then decrypted as needed by the Travis jobs. If a v= alue needs to be modified or added, There is a ruby-based script that can d= o the encryption. It can be installed in a custom Docker container as a one= -off process, or installed directly on a Unix workstation. The following st= eps have been successful in getting a working Docker container for the trav= is client.
1) Install an improved RNG service on the host
sudo apt install rng-tools5
sudo rngd -r /dev/urandom
2) Set up a new API key in your Github account
read:org, repo, user:email, write:repo_hook
=E2=80=93 see=
https://github.com/travis-ci/travis.rb/i=
ssues/708#issuecomment-697005010)If you try to execute `travis login` without setting up the api key, you= will get an email detailing these same steps
3) Initialize the docker container
#host docker pull ubuntu:bionic docker run --name travis-client -it ubuntu:bionic bash
#contai= ner apt-get update apt-get install -y gcc make ruby-dev gem install travis
4) Log into the travis client
travis = login --com --github-token {token}
(result: Successfully logged in as <github-account>!)
5a) Encrypt a value
travis = encrypt SONATYPE_USER=3D_secret_ -r Internet2/grouper --pro travis encrypt SONATYPE_PWD=3D_secret_ -r Internet2/grouper --pro # (not currently used) travis encrypt GH_TOKEN=3D_secret_ -r Internet2/grou= per --pro
(Our Travis account is on travis-ci.com; if it were on travis-ci.org we = would remove parameter --pro)
The result will go into .travis.yml, added to the section:
env: global: - secure: "....."
5b) OR encrypt a file
travis = encrypt-file secretfile secretfile.enc -r Internet2/grouper
The resulting encrypted file can then be added to the Git repository (pr= eferably the /travis/ subdirectory). The output will give helpful informati= on on additional openssl job steps to be added to .travis.yml that will dec= rypt the file before it is needed.