Jenkins - MariMendM/devops-sandbox GitHub Wiki

Jenkins

Page of tips and how-tos for Jenkins.

GitHub integration

GitHub Server Configuration at Jenkins

At Jenkins:

  • Install plugin "GitHub"

At GitHub, create account personal token:

  • Under profile, navigate menus Settings -> Developer Settings -> Personal Access Tokens
    • Generate new token
      • Note = Jenkins (any name desired)
      • Select scopes (at least scopes <admin:repo_hook> and <repo:status>)
      • Click generate token and COPY IT!

At Jenkins, create GitHub credentials:

  • Under profile, navigate menu Credentials
    • In "Stores from parent", click "Jenkins"
      • In "System", click "Global credentials"
        • Add credentials
          • Kind = Secret text
          • Scope = Global
          • Secret = CTRL-V token generated at GitHub
          • ID = GithubTokenCredential (any name desired)
          • Description = Personal access token from GitHub (any description desired)
          • Click OK

At Jenkins, add GitHub server:

  • Navigate menus Manage Jenkins -> Configure system
    • In the section "Github"
      • Add Github Server
      • Name = MariMendMGitHub (any name desired)
      • API URL = https://api.github.com
      • Credentials = GithubTokenCredential (the one created above; will be identified by Description instead of ID)
      • Click "test connection"; it shall work!
      • Enable option "manage hooks"
      • Click "advanced options" (the one from section GitHub, not the one from GitHub Server itself)
        • Enable option "override hook URL" and copy URL displayed (something like http://<DNS-or-IP>:8080/github-webhook/)
      • Click "save"

SSH Credential for groovy scripts (jenkinsfile)

Create SSH private/public pair of keys:

  • At linux, use "ssh-keygen"
    • Private key will be used in JENKINS
    • Public key will be used in GitHub

At GitHub, configure SSH credential:

  • Under profile, navigate menus Settings -> SSH and GPG Keys
    • Click "New SSH key"
      • Title = Jenkins (any name desired)
      • Key = CTRL-V <public> key generated
      • Click "Add SSH key"

At Jenkins, create GitHub credentials:

  • Under profile, navigate menu Credentials
    • In "Stores from parent", click "Jenkins"
      • In "System", click "Global credentials"
        • Add credentials
          • Kind = SSH Username with private key
          • Scope = Global
          • ID = GithubSSHCredential (any name desired; it is the name used inside jenkinsfile)
          • Description = SSH private key to GitHub for groovy script (any description desired)
          • Username = GitHub account user name
          • Private key = CTRL-V <private> key generated
          • Passphrase = leave blank (or fulfill it with passphrase from key file, as input in ssh-keygen)

Example of pipeline's groovy script stage using SSH credentials:

  stage('Cloning github repository')
  {  steps
     {   git url: '[email protected]:MariMendM/examplerepo.git', credentialsId: 'GithubSSHCredential'
     }
  }

Configuring automatic webhook GitHub-Jenkins (for pipeline)

Considerations before start:

  • Next steps assume a pipeline is already created
  • Jenkins' job must be run at least once manually before the hook will work

At Jenkins, configure Jenkins' part of webhook:

  • Navigate to pipeline job, menu Configure
    • In section "general", enable option "GitHub project"
    • In section "build triggers", enable option "GitHub hook trigger for GITScm polling"
    • Click Save

At GitHub, configure GitHub's part of webhook::

  • Navigate to repository, menus Settings -> Webhooks
    • Add Webhook
    • Payload URL = CTRL-V hook URL from Jenkins Server Configuration (something like http://<DNS-or-IP>:8080/github-webhook/ - it must end with "/")
    • Content type = application/json (or application/x-www-form-urlencoded for Pull Request events in Freestyle Jobs)
    • Secret = leave blank (TO-DO: test with secret)
    • Select events to trigger the webhook
    • Click "add webhook"

Configuring Docker/DockerHub integration

At Jenkins:

  • Install plugin "Docker Pipeline"

At Jenkins's host:

  • Install Docker
  • Add Jenkins user to docker group
   sudo usermod -a -G docker jenkins
  • Restart Jenkins
   sudo service jenkins restart

At DockerHub, create account access token:

  • Under profile, navigate menus Account Settings -> Security
    • Click "New access token"
      • Access Token Description = Jenkins (any name desired)
      • Click "Create" and COPY IT!

At Jenkins, create DockerHub credentials:

  • Under profile, navigate menu Credentials
    • In "Stores from parent", click "Jenkins"
      • In "System", click "Global credentials"
        • Add credentials
        • Kind = Username with password
        • Scope = Global
        • Username = DockerHub user name
        • Password = CTRL-V token generated at DockerHub
        • ID = DockerhubUsrTokenCredential (any name desired; it is the name used inside jenkinsfile)
        • Description = User and access token from DockerHub (any description desired)
        • Click OK

At Jenkins, Configure Docker:

  • Navigate menus Manage Jenkins -> Configure system
    • In the section 'Declarative Pipeline (Docker)'
      • Docker Label = leave empty (used when docker is not installed on the same Jeninks' host)
      • Docker Registry URL = https://hub.docker.com/
      • Registry Credentials = DockerhubUsrTokenCredential (created above)

Configuring Extended email notification (with gmail smtp)

Considerations before to start:

  • SMTP Port shall be opened for outbound in Jenkins server

At Jenkins:

  • Install plugin "Email Extension Plugin"

At Gmail's Google Account (with 2FA activated):

  • Navigate Manage google account -> Security
    • In "Signing in to Google", click "App Passwords"
      • Select app = email
      • Select device = Other (type something like Jenkins)
      • Click "Generate" and COPY IT!

At Jenkins, configure SMTP:

  • Navigate menus Manage Jenkins -> Configure system
    • In section "Extended Email Notification"
      • SMTP Server = smtp.gmail.com
      • SMTP Port = 465
      • Click advanced
        • Username = gmail's email to be used as sender ([email protected])
        • Password = type password or token provided at gmail's step above
        • Enable "Use SSL"
      • Default user email suffix : @gmail.com
      • Configure predefined fields, if desired
      • Click "Default triggers" and choose automatic emails (if desired)

At Jenkins pipeline's groovy script:

  • Example01: via emailext step
	emailext body: 'Test Message',
		subject: 'Test Subject',
		to: '[email protected]'
  • Example02: via emailext step, using plugin's global configuration (available tokens are documented at Manage Jenkins -> Extended Email Notification)
	emailext body: '$DEFAULT_CONTENT',
		subject: '$DEFAULT_SUBJECT',
		to: '[email protected]'
  • Example03: to add all people who caused a change in the change set and the user who initiated the build:
	emailext body: "Build ${env.BUILD_TAG} successful",
		recipientProviders: [developers(), requestor()],
		subject: 'Test Subject',
		to: '[email protected]'
⚠️ **GitHub.com Fallback** ⚠️