Essential Jenkins

Linkedin Learning - Instructor: Michael J.

The Jenkins Pipeline

Two pipeline formats:

  • Scripted node {}
  • Declaritive pipeline {}

Pipeline Configuration: Agent

// run on first available system
agent any

// run on system with label "linux"
agent {
  label 'linux'
}

// run pipeline inside docker container using specified image
agent {
  docker {
    image 'maven'
  }
}

// defer agent selection to stages
agent none

Pipeline Configuration: Stages and Steps

Example

stages {
  stage('Build') {
    steps {
      echo 'This is build step'
    }
  }
  stage('Test') {...}
  stage('Deploy') {...}

Pipeline Steps

Some common pipeline steps include: echo, git, sh, archiveArtifact.

A more complete list can be found in the Jenkins docs

Pipeline Syntax Generator is a powerful addition that allows for snippets to be generated and included in pipeline.

Variables in Pipeline

Three types:

  1. Environment
  • ALL_CAPS
  • Can be scoped globally or locally
  • Accessing variables
    • echo env.MAX_SIZE or echo MAX_SIZE
    • echo "$env.MAX_SIZE" or echo "$MAX_SIZE"
    • echo "${env.MAX_SIZE}" or echo "${MAX_SIZE}"
    • Important to stay consistent.
  1. Current Build
  • Values referring to current build
  • Variables are properties of currentBuild
    • Example: currentBuild.duration
  • Useful for dynamic operations
  1. Parameters
  • Get values when job is triggered
pipeline {
  agent any
  parameters {
    ...
  }
  ...
}
  • Accessing can be done via params.PARAM_NAME or "${params.PARAM_NAME}"
  • Must include name, default value, and description.
  • Parameter Types:
    • String (good for single word)
    • Text (good for multiple lines)
    • Boolean (true/false)
    • Choice
    • Password (masked)

Conditionals and Manual Approvals

Control flow for pipeline can be conditioned with the when {} keyword. The conditions for when are:

  • branch : useful when acting with a VCS (eg: git)
  • environment : useful when working with diff environments (eg: dev, prod)
  • expression: most flexible, allowing for groovy expressions that return true or false

Manual Approval

pipeline {
   agent any
   stages {
      stage('XYZ') {
         steps {
            input message: 'Confirm deployment to production...', ok: 'Deploy'
         }
      }
   }
}

Jenkins and VCS

Pipeline as Code with a Jenkinsfile

Benefits include:

  • Supporting a gitops approach by having a repo as a single source of truth
  • Can be stored with other project files
  • Review before merge
  • Tracks changes / version history of jenkinsfile
  • “Configuration as Code” -> CASC
  • Alot of flexibility in the pipeline {}

Generic steps for connecting GitHub repo with Jenkins pipeline:

  • Create github repo
  • Create Jenkins pipeline, add link to repo for Jenkinsfile / GitHub project
  • In github, create a webhook
    • Link to webhook follows format: https://<JENKINS_URL>/github-webhook/
    • Content type should be application/json
    • Trigger is a push event
  • When repo is updated, i.e., commit to main, pipeline is triggered

Running scripts from pipeline

Instead of creating a messy Jenkinsfile, we can leverage the repo to include scripts, such as build.sh and call it in the Jenkinsfile instead of manually inputting all the shell commands.

Status Badges

Requires “Embeddable Build Status” plugin.

Agents and Distributed Builds

Jenkins Components

  • Controller: provides web interface to manage config
    • Best practice to limit jobs running on controller
  • Node: server or system connected to controller
    • SSH node: connects to servers with SSH keys
    • Docker node: jobs run in new container on build
  • Agent: process running on node that manages job and reports status to controller

Artifacts and Testing

Fingerprinting

Artifacts can be shared between jobs with the “Copy Artifact” plugin. Using fingerprinting, an md5 checksum is created and jenkins maintains a database of these checksums.

Testing and Code Coverage

Testing is a critical part of the CI pipeline. Many tools, but share common report formats. Code Coverage measure the code covered during the testing.

JUNit and Code Coverage API are plugins which support the testing and code coverage in the pipeline.

Securing Jenkins

Users and Projects

Few admins, other users assigned with ’need-to-know’ privileges.

Matrix Authorization Strategy Plugin These permissions are global, however also project-based permissions can be assigned. Similar role user can also be placed into a group which is assigned permissions.

Secrets and Credentials

Jenkins can store and manage sensitive info.

Accessing Credentials:

  • credentials()
  • withCredentials()