Hello Dan, we treat tooling like software as well. Ticket creation is an automated 2 click process and the package qa will not take more than 5 minutes for small changes.
External libraries from central may be used at free will, but we recommend stuff in a so called toolbox, these dependencies are managed in the department pom. The (programming) architects and we help discovering alternatives in our toolbox, stuff from repositories outside central is mostly put in a third-party repo in Artifactory. Regards Mirko -- Sent from my mobile Am 31.05.2015 00:06 schrieb "Dan Tran" <[email protected]>: > Hi Mirko > > Looks like you have Artifactory to store all of release artifacts and > another 'release' repo to store the final approved release > > Is internal tooling, thirdparty upload going thru the same release > process? > > Thanks > > -Dan > > On Sat, May 30, 2015 at 2:41 PM, Mirko Friedenhagen < > [email protected] > > wrote: > > > Hello Dan, > > > > - Every developer may deploy SNAPSHOTs, however this is normally done > > by Jenkins. > > - We do not enforce staging from Jenkins, however almost all projects > > do this. We do not enforce this, so Jenkins outages do not inhibit > > releasing hot fixes. > > - Releases are deployed to a staging repository in Artifactory and we > > have a process called package-qa where for every staged release a > > corresponding JIRA ticket has to be created with information (changes, > > Wiki page, diff link since last release, ticket queue). This is a > > central place where you may see all releases in one place. > > - This ticket is parsed by a script from Jenkins which procures > > artifacts from staging to a releases repository and adds general > > quality information from SonarQube and Jenkins as well as the SHA1 > > sums to the ticket so we have a second record which may be used to > > detect forgery. Additionally the script checks for the existence of > > the SCM tag and retrieves the number of changed lines between > > releases. > > - No blocker or critical and no new major issues are allowed in > > SonarQube, otherwise procurement will fail. > > - The reporter and the "mover" have to be different persons to enforce > > a "four eyes" principle. > > - The "mover" (sometimes someone from development QA, most of the > > times nowadays another developer) has to check some things and must > > inspect the diff to detect whether all changes are explained. > > - Our operations teams will only pick production releases from the > > final releases repository, other stages may pick up artifacts from the > > staging repository. > > - We do not sign artifacts. > > > > Regards > > Mirko > > Regards Mirko > > -- > > http://illegalstateexception.blogspot.com/ > > https://github.com/mfriedenhagen/ (http://osrc.dfm.io/mfriedenhagen) > > https://bitbucket.org/mfriedenhagen/ > > > > > > On Sat, May 30, 2015 at 7:31 PM, Dan Tran <[email protected]> wrote: > > > Thanks Mirko > > > > > > * What about snapshot and release policy, do developers/qa have > access > > to > > > deploy snapshot and release artifacts? > > > * do you use artifact signing similar to Maven Central? > > > > > > > > > Thanks again > > > > > > -Dan > > > > > > On Sat, May 30, 2015 at 9:21 AM, Mirko Friedenhagen < > > [email protected] > > >> wrote: > > > > > >> What I forgot: > > >> > > >> patience, social skills and remembering that not every application > > >> developer needs to be a build specialist are important as well :-) > > >> > > >> Regards > > >> Mirko > > >> -- > > >> Sent from my mobile > > >> Am 30.05.2015 07:29 schrieb "Dan Tran" <[email protected]>: > > >> > > >> > Hi > > >> > > > >> > > > >> > I would like to ask if the community can share with me what it > takes > > to > > >> > maintain an enterprise build system with continuous integration of > > 100+ > > >> > developer + QA and growing using Maven. The build system contains > > many > > >> > components with their own release cycle and they do integrate > > together. > > >> > > > >> > > > >> > - is java skill set to develop plugin a must? > > >> > - do you have a team or just a few of deep understanding of Maven > > >> > developers? > > >> > - will a none java RelEng able to perform Maven release? > > >> > - does your RelEng maintains the pom or developers? > > >> > - what are your challenges? > > >> > > > >> > Thanks > > >> > > > >> > -Dan > > >> > > > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > >
