In order to integrate Jenkins with Gerrit, we need to install a series of plugins through the Jenkins plugin manager. The URLs and screenshots included in this book are referring to Jenkins version 1.519 on the host myhost.mydomain.com
, running on port 8080, while Gerrit will still be running on the same host on port 8443 (HTTPS).
The following plugins are needed on Jenkins:
Jenkins Git Client plugin: Provides support for the Git protocol using the JGit library. This is optional.
Jenkins Git plugin: Provides the integration of Git as version control for fetching the code.
Jenkins Gerrit Trigger plugin: Allows you to fetch the patch-sets from Gerrit changes, trigger a build, and, based on the results, submit a score with comments back to Gerrit.
The Gerrit trigger plugin is very flexible and powerful, but rather complex to configure and get working correctly. It connects to Gerrit using two different protocol settings:
First of all, we need to define a batch user that will be used by Jenkins to connect to Gerrit and access code along with the associated information on its repository. Do not define surrogate users on the LDAP (Lightweight Directory Access Protocol) or external authentication system. For batch usage of Jenkins automation, it is strongly recommended that you use a Gerrit internal user with limited authorization access to the system intended to be used.
Assuming that our Jenkins instance is run by the user jenkins
with a SSH key pair under /home/jenkins/.ssh
without a pass phrase protection (otherwise Jenkins cannot automatically use the key), we can use the Gerrit create-account
command from an existing Gerrit admin user:
$ cat /home/jenkins/.ssh/id_rsa.pub | \ ssh -p 29418 [email protected] gerrit create-account \ --group "'Non-Interactive Users'" --full-name Jenkins \ --email [email protected] \ --ssh-key - jenkins
Next we need to make sure that this newly created account is granted the necessary permissions on Gerrit All-Projects
on the Non-Interactive Users
group:
Read
access torefs/*
means permission to read and then clone any change from Gerrit repositoriesLabel Verified/-1..+1
torefs/heads/*
means permission to label any change as verify from -1 up to +1 scoreStream events
means permission to listen to Gerrit stream events remotely
The Jenkins Gerrit trigger needs to have the Gerrit canonical URL and SSH connectivity details specified on its custom configuration page available at http://myhost.mydomain.com:8080/gerrit-trigger
. Click on the Test Connection button to validate SSH connectivity and log in to Gerrit. The configuration can then be saved, but will not be active until the Gerrit trigger daemon inside Jenkins is restarted. Next click on the Start/Stop buttons at the bottom of the page or restart Jenkins and look for the following message in the log:
com.sonyericsson.hudson.plugins.gerrit.gerritevents.GerritHandler runINFO: Ready to receive data from Gerrit
Once the daemon has been successfully restarted, you can double-check the end-to-end functionality by opening the Gerrit trigger page on http://myhost.mydomain.com:8080/gerrit_manual_trigger
, entering the string status:open
in the Query field, and clicking on the Search button. You should see the same list of open changes shown in Gerrit on the page https://myhost.mydomain.com:8443/#/q/status:open,n,z
.