Home
Jenkins is a continuous integration (CI) server. It is in use on Eclipse servers for Eclipse projects as part of the Common Build Infrastructure (CBI). This page is about the hosted service at Eclipse.org. For more information on the project itself, or to download Jenkins, please see the Jenkins project page.
Jenkins instances are maintained by the Eclipse Webmasters/Release Engineers.
- List of Jenkins Instances Per Project (JIPP):
- https://ci.eclipse.org/ (cluster-based infra)
- Need help actually building your code: ask your project mentors, or ask on the Common Build mailing list (cbi-dev). There are no dumb questions.
- Subscribe to cbi-dev here: https://dev.eclipse.org/mailman/listinfo/cbi-dev
Please file a HelpDesk ticket to request your project's own instance. Please ensure your project lead can +1 the request.
Unfortunately, for security reasons, you cannot do that. We run an infrastructure open to the internet, which potentially runs stuff from non-trusted code (e.g., PR) so we need to follow a strict policy to protect the common good.
More specifically, we run containers using an arbitrarily assigned user ID (e.g. 1000100000) in our OpenShift cluster. The group ID is always root (0) though. The security context constraints we use for running projects' containers is "restricted". You cannot change this level from your podTemplate.
Unfortunately, most of images you can find on DockerHub (including official images) do not support running as an arbitrary user. Actually, most of them expect to run as root, which is definitely a bad practice.
OpenShift publishes guidelines with best practices about how to create Docker images. More specifically, see the section about how to support running with arbitrary user ID.
To test if an image is ready to be run with an arbitrarily assigned user ID, you can try to start it with the following command line:
$ docker run -it --rm -u $((1000100000 + RANDOM % 100000)):0 image/name:tag
You can use and integrate the eclipse foundation jenkins shared library named: jenkins-pipeline-library. This library propose a containerBuild function for building docker images in the eclipse foundation infrastructure.
@Library('releng-pipeline') _
pipeline {
agent any
environment {
HOME = "${env.WORKSPACE}"
}
stages {
stage('build') {
agent {
kubernetes {
yaml loadOverridableResource(
libraryResource: 'org/eclipsefdn/container/agent.yml'
)
}
}
steps {
container('containertools') {
containerBuild(
credentialsId: '<jenkins-credential-id>',
name: 'docker.io/<namespace-name>/<container-name>',
version: 'latest'
)
}
}
}
}
}
You need to specify the tools persistence volume.
pipeline {
agent {
kubernetes {
label 'my-agent-pod'
yaml """
apiVersion: v1
kind: Pod
spec:
containers:
- name: custom-name
image: my-custom-image:latest
tty: true
command:
- cat
volumeMounts:
- name: tools
mountPath: /opt/tools
volumes:
- name: tools
persistentVolumeClaim:
claimName: tools-claim-jiro-<project_shortname>
"""
}
}
stages {
stage('Run maven') {
steps {
container('custom-name') {
sh '/opt/tools/apache-maven/latest/bin/mvn -version'
}
}
}
}
}- Important: Do not forget to replace
<project_shortname>in the claimName with your project name (e.g.tools-claim-jiro-cbifor the CBI project).**
- Important: Do not forget to replace
Due to recent changes in the Jenkins Kubernetes plugin, you need to specify an empty dir volume for /home/jenkins, if your build uses a directory like /home/jenkins/.ivy2 or /home/jenkins/.npm.
pipeline {
agent {
kubernetes {
label 'my-agent-pod'
yaml """
apiVersion: v1
kind: Pod
spec:
containers:
- name: custom-name
image: my-custom-image:latest
tty: true
command:
- cat
volumeMounts:
- mountPath: "/home/jenkins"
name: "jenkins-home"
readOnly: false
volumes:
- name: "jenkins-home"
emptyDir: {}
"""
}
}
stages {
stage('Run maven') {
steps {
container('custom-name') {
sh 'mkdir -p /home/jenkins/foobar'
}
}
}
}
}- Note: We are not satisfied with this workaround and are actively looking for a more convenient way to let projects use custom containers without specifying a bunch of volume mounts.**
You cannot just cp stuff to a folder. You need to do that with ssh. Therefore SSH credentials need to be set up on the project's Jenkins instance. This is already set up by default for all instances on our infrastructure.
This service provide access to the Eclipse Foundation file servers storage:
/home/data/httpd/download.eclipse.org/home/data/httpd/archive.eclipse.org/home/data/httpd/download.polarsys.org/home/data/httpd/download.locationtech.org
You need to activate the SSH Agent plugin in your job configuration and select the proper credentials genie.''projectname'' (ssh://projects-storage.eclipse.org).
Then you can use ssh, scp, rsync and sftp commands to deploy artifacts to the server, e.g.,
scp -o BatchMode=yes target/my_artifact.jar genie.<projectname>@projects-storage.eclipse.org:/home/data/httpd/download.eclipse.org/<projectname>/
ssh -o BatchMode=yes genie.<projectname>@projects-storage.eclipse.org ls -al /home/data/httpd/download.eclipse.org/<projectname>/
rsync -a -e ssh <local_dir> genie.<projectname>@projects-storage.eclipse.org:/home/data/httpd/download.eclipse.org/<projectname>/It is possible to deploy build output from within Maven, using Maven Wagon and wagon-ssh-external. As the build environment uses an SSH agent, the Maven Wagon plugins must use the external SSH commands so that the agent is used.
If the build outputs are executables or p2 update site and not Maven artifacts then the standard maven deploy needs to be disabled. E.g. with this in the appropriate profile in the parent/pom.xml
<plugin>
<artifactId>maven-deploy-plugin</artifactid>
<configuration>
<skip>true</skip>
</configuration>
</plugin>Define some properties for the destination in parent/pom.xml:
<download-publish-path>/home/data/httpd/download.eclipse.org/[projectname]/snapshots/update-site</download-publish-path>
<download-remote-publish-path>genie.[projectname]@projects-storage.eclipse.org:/home/data/httpd/download.eclipse.org/[projectname]/snapshots/update-site</download-remote-publish-path>Define the Wagon transport in parent/pom.xml:
<build>
<plugins>
<plugin>
...
</plugin>
</plugins>
<extensions>
<extension>
<groupId>org.apache.maven.wagon</groupid>
<artifactId>wagon-ssh-external</artifactid>
<version>3.0.0</version>
</extension>
</extensions>
</build>Do the actual upload during the deploy phase (be sure to add that to the Maven invocation).
<plugin>
<groupId>org.codehaus.mojo</groupid>
<artifactId>wagon-maven-plugin</artifactid>
<version>2.0.0</version>
<executions>
<execution>
<id>prepare-publish</id>
<phase>deploy</phase>
<goals>
<goal>sshexec</goal>
</goals>
<configuration>
<url>scpexe://${download-remote-publish-path}</url>
<commands>
<command>rm -rf ${download-publish-path}/*</command>
</commands>
</configuration>
</execution>
<execution>
<id>publish</id>
<phase>deploy</phase>
<goals>
<goal>upload</goal>
</goals>
<configuration>
<fromDir>target/repository</fromdir>
<includes>*/**</includes>
<url>scpexe://${download-remote-publish-path}</url>
<toDir></todir>
</configuration>
</execution>
</executions>
</plugin><toDir></todir> appears to be relative to the path given in the URL.
Be careful with paths and properties to ensure you upload to the correct place and do not delete the wrong thing.
Eclipse Memory Analyzer uses the above with Maven Wagon to deploy the snapshot nightly builds.
pipeline {
agent any
stages {
stage('stage 1') {
...
}
stage('Deploy') {
steps {
sshagent ( ['projects-storage.eclipse.org-bot-ssh']) {
sh
ssh -o BatchMode=yes genie.projectname@projects-storage.eclipse.org rm -rf /home/data/httpd/download.eclipse.org/projectname/snapshots
ssh -o BatchMode=yes genie.projectname@projects-storage.eclipse.org mkdir -p /home/data/httpd/download.eclipse.org/projectname/snapshots
scp -o BatchMode=yes -r repository/target/repository/* genie.projectname@projects-storage.eclipse.org:/home/data/httpd/download.eclipse.org/projectname/snapshots
}
}
}
}
}- Important: A 'jnlp' container is automatically added, when a custom pod template is used to ensure connectivity between the Jenkins master and the pod. If you want to deploy files to download.eclipse.org, you only need to specify the known-hosts volume for the JNLP container (as seen below) to avoid "host verification failed" errors.**
pipeline {
agent {
kubernetes {
label 'my-pod'
yaml
apiVersion: v1
kind: Pod
spec:
containers:
- name: maven
image: maven:alpine
command:
- cat
tty: true
- name: jnlp
volumeMounts:
- name: volume-known-hosts
mountPath: /home/jenkins/.ssh
volumes:
- name: volume-known-hosts
configMap:
name: known-hosts
}
}
stages {
stage('Build') {
steps {
container('maven') {
sh 'mvn clean verify'
}
}
}
stage('Deploy') {
steps {
container('jnlp') {
sshagent ( ['projects-storage.eclipse.org-bot-ssh']) {
sh
ssh -o BatchMode=yes genie.projectname@projects-storage.eclipse.org rm -rf /home/data/httpd/download.eclipse.org/projectname/snapshots
ssh -o BatchMode=yes genie.projectname@projects-storage.eclipse.org mkdir -p /home/data/httpd/download.eclipse.org/projectname/snapshots
scp -o BatchMode=yes -r repository/target/repository/* genie.projectname@projects-storage.eclipse.org:/home/data/httpd/download.eclipse.org/projectname/snapshots
}
}
}
}
}
}Every JIPP has a Maven settings file set up that specifies our local Nexus instance as cache for Maven Central.
- Important: In Jiro this works out of the box for the default pod templates (labels: basic, centos-7). No additional configuration is required for Freestyle and Pipeline jobs. For custom containers, see below: Custom container on Jiro**
You need to add the settings-xml volume, like shown below. Please note, the m2-repo volume is required as well, otherwise /home/jenkins/.m2/repository is not writable.
- Note: In custom containers the
user.homeenvironment variable needs to be set to/home/jenkinsvia MAVEN_OPTS, otherwise settings.xml and settings-security.xml can not be found.**
- Note: In custom containers the
pipeline {
agent {
kubernetes {
label 'my-agent-pod'
yaml """
apiVersion: v1
kind: Pod
spec:
containers:
- name: maven
image: maven:alpine
tty: true
command:
- cat
env:
- name: "MAVEN_OPTS"
value: "-Duser.home=/home/jenkins"
volumeMounts:
- name: settings-xml
mountPath: /home/jenkins/.m2/settings.xml
subPath: settings.xml
readOnly: true
- name: m2-repo
mountPath: /home/jenkins/.m2/repository
volumes:
- name: settings-xml
secret:
secretName: m2-secret-dir
items:
- key: settings.xml
path: settings.xml
- name: m2-repo
emptyDir: {}
"""
}
}
stages {
stage('Run maven') {
steps {
container('maven') {
sh 'mvn -version'
}
}
}
}
}If your project does not have its own repo on Nexus yet, then simply file a bug and specify what project you'd like a Nexus repo for.
If your project does have its own repo on Nexus already, then you can use Maven (or Gradle) to deploy your artifacts. This is also described here: https://wiki.eclipse.org/Services/Nexus#Deploying_artifacts_to_repo.eclipse.org.
- Note: On our cluster-based infra (Jiro), a separate Maven settings file for deployment to Nexus is not required. All information is contained in the default Maven settings file located at
/home/jenkins/.m2/settings.xml, which does not need to be specified explicitly in your job configuration.**
- Note: On our cluster-based infra (Jiro), a separate Maven settings file for deployment to Nexus is not required. All information is contained in the default Maven settings file located at
You need to add the settings-xml volume, like shown below. Please note, the m2-repo volume is required as well, otherwise /home/jenkins/.m2/repository is not writable.
- Note: In custom containers the
user.homeenvironment variable needs to be set to/home/jenkinsvia MAVEN_OPTS, otherwise settings.xml and settings-security.xml can not be found.**
- Note: In custom containers the
pipeline {
agent {
kubernetes {
label 'my-agent-pod'
yaml """
apiVersion: v1
kind: Pod
spec:
containers:
- name: maven
image: maven:alpine
tty: true
command:
- cat
env:
- name: "MAVEN_OPTS"
value: "-Duser.home=/home/jenkins"
volumeMounts:
- name: settings-xml
mountPath: /home/jenkins/.m2/settings.xml
subPath: settings.xml
readOnly: true
- name: settings-security-xml
mountPath: /home/jenkins/.m2/settings-security.xml
subPath: settings-security.xml
readOnly: true
- name: m2-repo
mountPath: /home/jenkins/.m2/repository
volumes:
- name: settings-xml
secret:
secretName: m2-secret-dir
items:
- key: settings.xml
path: settings.xml
- name: settings-security-xml
secret:
secretName: m2-secret-dir
items:
- key: settings-security.xml
path: settings-security.xml
- name: m2-repo
emptyDir: {}
"""
}
}
stages {
stage('Run maven') {
steps {
container('maven') {
sh 'mvn clean deploy'
}
}
}
}
}Deploying artifacts to OSSRH (OSS Repository Hosting provided by Sonatype) requires an account at OSSRH. It is also required to sign all artifacts with GPG. The Eclipse IT team will set this up for the project.
Please file a bug for this first.
- Note: On our cluster-based infra (Jiro), a separate Maven settings file for deployment to OSSRH is not necessary. All information is contained in the default Maven settings file located at
/home/jenkins/.m2/settings.xml, which does not need to be specified explicitly in your job configuration.
If you are using a custom container, please see https://wiki.eclipse.org/Jenkins#Custom_container_on_Jiro_3**
- Note: On our cluster-based infra (Jiro), a separate Maven settings file for deployment to OSSRH is not necessary. All information is contained in the default Maven settings file located at
1. Insert secret-subkeys.asc as secret file in job
|
File:InjectSecretFile2.png |
2. Import GPG keyring with --batch and trust the keys non-interactively in a shell build step (before the Maven call) gpg --batch --import "${KEYRING}"
for fpr in $(gpg --list-keys --with-colons | awk -F: '/fpr:/ {print $10}' | sort -u);
do
echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key $fpr trust;
done
|
700px |
3. If a newer GPG version (> 2.1+) is used, --pinentry-mode loopback needs to be added as gpg argument in the pom.xml.
This does not need to be added when using the "centos-7"/"migration" pod template (which uses GPG 2.0.22)!
<plugin>
<groupid>org.apache.maven.plugins</groupid>
<artifactid>maven-gpg-plugin</artifactid>
<version>1.6</version>
<executions>
&lt;execution&gt;
&amp;lt;id&amp;gt;sign&amp;#45;artifacts&amp;lt;/id&amp;gt;
&amp;lt;phase&amp;gt;verify&amp;lt;/phase&amp;gt;
&amp;lt;goals&amp;gt;
&amp;amp;lt;goal&amp;amp;gt;sign&amp;amp;lt;/goal&amp;amp;gt;
&amp;lt;/goals&amp;gt;
&amp;lt;configuration&amp;gt;
&amp;amp;lt;gpgarguments&amp;amp;gt;
&amp;amp;amp;lt;arg&amp;amp;amp;gt;&amp;amp;amp;#45;&amp;amp;amp;#45;pinentry&amp;amp;amp;#45;mode&amp;amp;amp;lt;/arg&amp;amp;amp;gt;
&amp;amp;amp;lt;arg&amp;amp;amp;gt;loopback&amp;amp;amp;lt;/arg&amp;amp;amp;gt;
&amp;amp;lt;/gpgarguments&amp;amp;gt;
&amp;lt;/configuration&amp;gt;
&lt;/execution&gt;
</executions>
</plugin>
|
This is a simple pipeline job, that allows to test the GPG signing.
pipeline {
agent any
tools {
maven 'apache-maven-latest'
jdk 'adoptopenjdk-hotspot-jdk8-latest'
}
stages {
stage('Build') {
steps {
sh "mvn -B -U archetype:generate -DgroupId=com.mycompany.app -DartifactId=my-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false"
sh cat >my-app/pom.xml <<EOL
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelversion>
<groupId>com.mycompany.app</groupid>
<artifactId>my-app</artifactid>
<packaging>jar</packaging>
<version>1.0-SNAPSHOT</version>
<name>my-app</name>
<url>http://maven.apache.org</url>
<dependencies>
<dependency>
<groupId>junit</groupid>
<artifactId>junit</artifactid>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupid>
<artifactId>maven-gpg-plugin</artifactid>
<version>1.6</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
<configuration>
<gpgArguments>
<arg>--pinentry-mode</arg>
<arg>loopback</arg>
</gpgarguments>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
EOL
withCredentials([file(credentialsId: 'secret-subkeys.asc', variable: 'KEYRING')]) {
sh 'gpg --batch --import "${KEYRING}"'
sh 'for fpr in $(gpg --list-keys --with-colons | awk -F: \'/fpr:/ {print $10}\' | sort -u); do echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key ${fpr} trust; done'
}
sh "mvn -B -f my-app/pom.xml clean verify"
sh 'gpg --verify my-app/target/my-app-1.0-SNAPSHOT.jar.asc'
}
}
}
}When you are using a custom container on Jiro, you will need to add the settings-xml and settings-security-xml volume, like shown below.
Please note:
- the m2-repo volume is required as well, otherwise /home/jenkins/.m2/repository is not writable
- the toolchains-xml volume is optional, but added for completeness
- you also might need to add additional volumes like volume-known-hosts (as described here: https://wiki.eclipse.org/Jenkins#How_do_I_deploy_artifacts_to_download.eclipse.org.3F)
pipeline {
agent {
kubernetes {
label 'my-agent-pod'
yaml """
apiVersion: v1
kind: Pod
spec:
containers:
- name: maven
image: maven:alpine
tty: true
command:
- cat
volumeMounts:
- name: settings-xml
mountPath: /home/jenkins/.m2/settings.xml
subPath: settings.xml
readOnly: true
- name: toolchains-xml
mountPath: /home/jenkins/.m2/toolchains.xml
subPath: toolchains.xml
readOnly: true
- name: settings-security-xml
mountPath: /home/jenkins/.m2/settings-security.xml
subPath: settings-security.xml
readOnly: true
- name: m2-repo
mountPath: /home/jenkins/.m2/repository
volumes:
- name: settings-xml
secret:
secretName: m2-secret-dir
items:
- key: settings.xml
path: settings.xml
- name: toolchains-xml
configMap:
name: m2-dir
items:
- key: toolchains.xml
path: toolchains.xml
- name: settings-security-xml
secret:
secretName: m2-secret-dir
items:
- key: settings-security.xml
path: settings-security.xml
- name: m2-repo
emptyDir: {}
"""
}
}
stages {
stage('Run maven') {
steps {
container('maven') {
sh 'mvn -version'
}
}
}
}
}| Error message | Solution |
| gpg: signing failed: Not a tty |
GPG version > 2.1 is used and --pinentry-mode loopback needs to be added to the maven-gpg-plugin config in the pom.xml (see above).
|
| gpg: invalid option "--pinentry-mode" |
GPG version < 2.1 is used and --pinentry-mode loopback needs to be removed from the maven-gpg-plugin config in the pom.xml
|
| gpg: no default secret key: No secret key gpg: signing failed: No secret key | GPG keyring needs to be imported (see above) |
Integrating SonarCloud into a project's CI builds is quite easy. Please open a Bugzilla issue for this and the releng/webmaster team will help you set this up.
We're setting this up with the webmaster's SonarCloud.io account, so there is no need to provide a SonarCloud token. To avoid leaking the token in the console log, we store it as secret text (Jenkins credentials).
We will configure the SonarQube Jenkins plugin to use SonarCloud to achieve a slightly better integration with Jenkins. For example, a link to SonarCloud will show up in the left menu of a job page.
For a freestyle job configuration two things need to be done:
- Under "Build environment" enable "Use secret text(s) or file(s)", add "Secret text", name the variable "SONARCLOUD_TOKEN" and select the right credential (e.g. "Sonarcloud token").
- either a shell build step or a Maven build step can be used to run the sonar goal with the right parameters:
mvn clean verify sonar:sonar -Dsonar.projectKey=<project-name> -Dsonar.organization=<organization> -Dsonar.host.url=${SONAR_HOST_URL} -Dsonar.login=${SONARCLOUD_TOKEN}
For a pipeline job the following needs to be added:
withCredentials([string(credentialsId: 'sonarcloud-token', variable: 'SONARCLOUD_TOKEN')]) {
withSonarQubeEnv('SonarCloud.io') {
mvn clean verify sonar:sonar -Dsonar.projectKey=<project-name> -Dsonar.organization=<organization> -Dsonar.host.url=${SONAR_HOST_URL} -Dsonar.login=${SONARCLOUD_TOKEN}
}
}Please note: <project-name></project-name> and <organization></organization> should be replaced with the corresponding project name and organization.
In general, we want to avoid handing out admin rights in the future. At the same time, - in the spirit of configuration as code - we are planning to allow projects to submit pull requests to our Jiro repo and change the configuration of their CI instance. E.g. adding plugins, etc. This will allow better tracking of configuration changes and rollback in case of issues.
We understand that some projects heavily rely on their admin permissions. We will make sure to find an amicable solution in those cases.
The preferred way is to open a pull request in the Jiro GitHub repo. For example, to add a new plugin to the CBI instance, one would need to edit https://github.com/eclipse-cbi/jiro/blob/master/instances/technology.cbi/config.jsonnet and add the ID of the plugin to the plugins+ section. If the jenkins+/plugins+ section does not exist yet, it needs to be added as well.
Example:
{
project+: {
fullName: "technology.cbi",
displayName: "Eclipse CBI",
},
jenkins+: {
plugins+: [
"jacoco",
],
}
}
Only additional plugins that are not listed in https://wiki.eclipse.org/Jenkins#Default_plugins_-_Jiro_.28ci-staging.eclipse.org.2Fxxx_and_ci.eclipse.org.2Fxxx.29 need to be added to the config.jsonnet file.
The ID of a Jenkins plugin can be found here: https://plugins.jenkins.io/
If this sounds to complicated, you can also open a bug on Bugzilla.
The preferred static website generator for build Eclipse project websites is Hugo. You should first put your Hugo sources in a dedicated Git repository, either at GitHub if your source code is already hosted at GitHub or at git.eclipse.org. If you don't have such a repository already, feel free to open a request, the Eclipse IT team will create one for you.
Note that each and every Eclipse project automatically gets a Git repository with git.eclipse.org/www.eclipse.org/&lt;project_name&gt; (see this repository index for complete list). This is not where you want to push your Hugo sources. This repository contains the webpages that are automatically and regularly pulled and published on the www.eclipse.org HTTP server. All the content from the master branch will eventually be available at the URL https://www.eclipse.org/<project_name/>.
Once your Hugo sources are in the proper repository, create a file named Jenkinsfile at the root of the repository with the following content (don't forget to specify the proper value for PROJECT_NAME and PROJECT_BOT_NAME environment variable):
environment {
PROJECT_NAME = "&lt;project_name&gt;" // must be all lowercase.
PROJECT_BOT_NAME = "&lt;Project_name&gt; Bot" // Capitalize the name
}
triggers { pollSCM('H/10 * * * *')
}
options {
buildDiscarder(logRotator(numToKeepStr: '5'))
checkoutToSubdirectory('hugo')
}
stages {
stage('Checkout www repo') {
steps {
dir('www') {
sshagent(['git.eclipse.org-bot-ssh']) {
sh '''
git clone ssh://genie.${PROJECT_NAME}@git.eclipse.org:29418/www.eclipse.org/${PROJECT_NAME}.git .
git checkout ${BRANCH_NAME}
'''
}
}
}
}
stage('Build website (master) with Hugo') {
when {
branch 'master'
}
steps {
container('hugo') {
dir('hugo') {
sh 'hugo -b https://www.eclipse.org/${PROJECT_NAME}/'
}
}
}
}
stage('Build website (staging) with Hugo') {
when {
branch 'staging'
}
steps {
container('hugo') {
dir('hugo') {
sh 'hugo -b https://staging.eclipse.org/${PROJECT_NAME}/'
}
}
}
}
stage('Push to $env.BRANCH_NAME branch') {
when {
anyOf {
branch "master"
branch "staging"
}
}
steps {
sh 'rm -rf www/* && cp -Rvf hugo/public/* www/'
dir('www') {
sshagent(['git.eclipse.org-bot-ssh']) {
sh '''
git add -A
if ! git diff --cached --exit-code; then
echo "Changes have been detected, publishing to repo 'www.eclipse.org/${PROJECT_NAME}'"
git config user.email "${PROJECT_NAME}-bot@eclipse.org"
git config user.name "${PROJECT_BOT_NAME}"
git commit -m "Website build ${JOB_NAME}-${BUILD_NUMBER}"
git log --graph --abbrev-commit --date=relative -n 5
git push origin HEAD:${BRANCH_NAME}
else
echo "No changes have been detected since last build, nothing to publish"
fi
'''
}
}
}
}
}
}
Finally, you can create a multibranch pipeline job on your project's Jenkins instance. It will automatically be triggered on every new push to your Hugo source repository, build the website and push it to the git.eclipse.org/www.eclipse.org/&lt;project_name&gt;.git repository. As mentioned above, the Eclipse Foundation website's infrastructure will eventually pull the content of the latter and your website will be published and available on http://www.eclipse.org/<project_name>.
If you don't have a Jenkins instance already, ask for one. If you need assistance with the process, open a ticket.
By default, Jenkins project configurations using the GitLab Branch Source plugin are set up with 'Trusted Members' as the default option.
Definition of 'trusted members': [Recommended] Discover merge requests from forked projects whose authors have Developer/Maintainer/Owner access levels in the origin project.
To accept contributions from contributors with fork project, the project should:
- Configure the CI project by changing 'Discover merge requests from forks' to 'Members'.
- The project lead should add the user to the list of collaborators in PMI.
- The contributor should change the forked project's visibility to public.
The Jenkins GitLab Plugin and GitLab Branch Source Plugin will be installed by default on every Jiro instance (yours might need to be redeployed). The GitLab integration should work similar to the integration with GitHub and the respective plugins, yet some naming/functionality might be different or missing.
Please let us know if you want to use GitLab with Jenkins and open a Bugzilla issue (Product: Community, Component: CI-Jenkins). We will help you set up the integration on your Jenkins instance.
Here is what we will do:
- create a GitLab bot user
- create a GitLab API token
- set up a webhook that can trigger builds on pushes or merge requests
You may use the Jenkins Gerrit Trigger Plugin in order to run a Jenkins job to verify each new patchset uploaded to Gerrit for code review. Jenkins (named "CI Bot") will then also vote on these changes using the "Verify" voting category.
Below, the configuration sections for the Git plugin and the Gerrit trigger plugin of the verification job used by the EGit project may serve as an example.
- Check This project is parameterized. Click the Add button and select String Parameter. Set the parameter Name to GERRIT_REFSPEC and Default Value to refs/heads/master.
- Under Source Code Management select Git.
- Under Repositories, click on Advanced and change the Refspec to ${GERRIT_REFSPEC}.
- Under Additional Behaviours, add Strategy for choosing what to build and select Gerrit Trigger as a strategy.
Note that the section Branches to build won't be used and may be deleted.
- Under Build Triggers, select Gerrit event.
- Under Trigger on, click on Add and select at least Patchset Created. This will configure the job to run on each new patchset. You can also add additional trigger, like Comment Added Contains Regular Expression. In the example below, a build will be triggered for the latest patch set if the comment is exactly CI Bot, run a build please.
- Finally, configure at least one Gerrit Project. The pattern is the name of project (i.e. if your repository is
git.eclipse.org/&lt;xx&gt;/&lt;yy&gt;.git, then fill the patternxx/yy). The Branches section is the list of branch to listen for events as configured above. Generally, you want one, named master to build patches submitted for the master branche, or&#42;&#42;to build patches submitted to each and every branches. Set the type to Path.
Under "Build" click the "Add a build step" button, and select the appropriate action. The actual action depends on what you want Hudson to do. A typical example, for projects build with Maven is to select "Invoke Maven 3" and set "Maven 3" to "apache-maven-latest" and "Goals" to "clean verify".