Hello Dan, - Every developer may deploy SNAPSHOTs, however this is normally done by Jenkins. - We do not enforce staging from Jenkins, however almost all projects do this. We do not enforce this, so Jenkins outages do not inhibit releasing hot fixes. - Releases are deployed to a staging repository in Artifactory and we have a process called package-qa where for every staged release a corresponding JIRA ticket has to be created with information (changes, Wiki page, diff link since last release, ticket queue). This is a central place where you may see all releases in one place. - This ticket is parsed by a script from Jenkins which procures artifacts from staging to a releases repository and adds general quality information from SonarQube and Jenkins as well as the SHA1 sums to the ticket so we have a second record which may be used to detect forgery. Additionally the script checks for the existence of the SCM tag and retrieves the number of changed lines between releases. - No blocker or critical and no new major issues are allowed in SonarQube, otherwise procurement will fail. - The reporter and the "mover" have to be different persons to enforce a "four eyes" principle. - The "mover" (sometimes someone from development QA, most of the times nowadays another developer) has to check some things and must inspect the diff to detect whether all changes are explained. - Our operations teams will only pick production releases from the final releases repository, other stages may pick up artifacts from the staging repository. - We do not sign artifacts.
Regards Mirko Regards Mirko -- http://illegalstateexception.blogspot.com/ https://github.com/mfriedenhagen/ (http://osrc.dfm.io/mfriedenhagen) https://bitbucket.org/mfriedenhagen/ On Sat, May 30, 2015 at 7:31 PM, Dan Tran <[email protected]> wrote: > Thanks Mirko > > * What about snapshot and release policy, do developers/qa have access to > deploy snapshot and release artifacts? > * do you use artifact signing similar to Maven Central? > > > Thanks again > > -Dan > > On Sat, May 30, 2015 at 9:21 AM, Mirko Friedenhagen <[email protected] >> wrote: > >> What I forgot: >> >> patience, social skills and remembering that not every application >> developer needs to be a build specialist are important as well :-) >> >> Regards >> Mirko >> -- >> Sent from my mobile >> Am 30.05.2015 07:29 schrieb "Dan Tran" <[email protected]>: >> >> > Hi >> > >> > >> > I would like to ask if the community can share with me what it takes to >> > maintain an enterprise build system with continuous integration of 100+ >> > developer + QA and growing using Maven. The build system contains many >> > components with their own release cycle and they do integrate together. >> > >> > >> > - is java skill set to develop plugin a must? >> > - do you have a team or just a few of deep understanding of Maven >> > developers? >> > - will a none java RelEng able to perform Maven release? >> > - does your RelEng maintains the pom or developers? >> > - what are your challenges? >> > >> > Thanks >> > >> > -Dan >> > >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
