I'm looking for recommendations for the best way to use Maven in a
multi-stage Jenkins pipeline build to deploy only at the end.  At the
moment, I'm using Sonatype Nexus 3.x, which means i don't have the benefit
of staging repos.   Consequently, I have to ensure that the only released
versions of my libraries/application are final - they've passed QA.
Additionally, the team wants to ensure that the version numbers are always
incremental and every version in the repo is a consumable version (ie: I
cannot deploy a version 1.2.3 which has not passed QA/Acceptance Tests, and
furthermore, I cannot deploy a 1.2.2 followed by a 1.2.4).

What that requirement translates to is that I have to ensure that the
binary built is fully tested before promoting it to Nexus. (and that I
shouldn't be appending build numbers to the maven version number).

In my mind, I would like to do something the following in a Pipeline build:

stage('build') { steps { sh 'mvn clean install'} }

stage('Confirm deploy to QA'){

steps {

checkpoint 'test server deployed'

script {

env.DEPLOY_TO_QA_TEST = input message: 'User input required',

submitter: 'authenticated',

parameters: [choice(name: 'Deploy to acceptance test server', choices:
'no\nyes', description: 'Choose "yes" if you want to deploy the QA test
server')]

}

}

}

stage('deployQA') {

when {

environment name: 'DEPLOY_TO_QA_TEST', value: 'yes'

}

steps{

/* deploy the build to a QA environment */  }

}


stage('Confirm deploy to UAT'){ // prompt user }

stage {'deployUAT') { /* deploy the build to a PreProd/User Acceptance
Testing enviornment */}


stage('Confirm publish to Nexus'){ // prompt user }

stage('publish') {

    steps {

      // mvn deploy -DskipTests (just deploy - don't rebuild)

    }

}


Basically, I want to design my Jenkins pipeline to be my staging process.
The problem I have is I'm not sure how I can only deploy at the end of the
pipeline.  When maven runs the deploy lifecycle, it will run through all
the other stages and reassemble my binaries, which technically are not
longer the same as those that were approved.  So consequently, my binary
hashes that were approved earlier in the pipeline are not the same hashes
that are deployed in Nexus.

I realize that i can probably do some work and use the Reproducible Build
plugin (https://zlika.github.io/reproducible-build-maven-plugin/), but that
too comes with drawbacks (I want build timestamps in my Manifest files, and
zip entries, etc).

Am I sunk?  Is my only hope to wait until Sonatype releases Staging repos
for Nexus 3.x sometime in Q2?  Or is there some other way I can work around
this?

How is everyone else handling this situation?

Thanks for sharing.

Eric

Reply via email to