Build should trigger via PR in jenkins - jenkins

we need to trigger the jenkins job in multibranch Pipeline (Jenkinsfile)
below points:
my multibranch detects 5 branches like 1,2,3,4,5 and master.(GITHUB)
Condition:
Raise a PR for branch 1 and request for review, once review completed by approved, then build should be triggered.
After approved the review, merge the branch1 in master then build should be triggered.

You could consider a GitHub Action, which would, when your criteria are matched, run a Jenkins job, using appleboy/jenkins-action.
But that supposes your Jenkins can be seen by GitHub, which, for github.com, means your Jenkins is rechable through internet.
Not a good idea (for security reasons).
That approach is however more sensible if by "GitHub" you mean an on-premise GHE (GitHub for Enterprise).
If this is about github.com, then you need a GitHub Jenkins plugin, but it only deals with post-receive hook and also needs a public URL to contact your Jenkins.
You would need to develop a script to query GitHub event and check your PR review is in the required state: jenkinsci/pipeline-github-plugin could help.

Related

Jenkins not triggering build on PR merged in bitbucket

We are using Bitbucket cloud to host our repos and Jenkins for CI/CD.
I have setup a multibranch pipeline which has develop and release branches. I want to trigger develop branch whenever a PR is merged from the feature branches to develop a branch (In fact on any manual webhook edit).
Below are the cases I tried:
Setup Manage hook in Jenkin:
This creates a webhook in bitbucket and when PR is merged, build is triggered.
But when I disable the Repository Push option in the webhook, the build is not triggering on PR merge.
Setup the webhook manually:
In this case, the Jenkins logs show the branch name as PR-XY since not triggering the develop branch.
I have set up a regex to filter branches (only develop and release are allowed) and when I add regex like PR(.*) then build gets triggers from the PR section (not desired case).
I want the build to be triggered from the develop branch, not as the PR branch. I have followed most of the options available in the forums but it's not working. Any help regarding this will be appreciated.
I faced the same issue, it's look like most of jenkins plugins like bitbucket plugin does not trigger the pipeline on merge only. even though i set the bitbucket trigger options like this:
unless you add a check mark next to push option.
to solve this i used another Jenkins plugin called Bitbucket Push and Pull Request
just make sure to uninstall Bitbucket plugin if you have it.
so you can use this one as they mentioned in there docs.
and follow the setup instructions.
note: i only test it with normal pipeline job

How to track if Jenkins Job is not referring to master branch?

I am facing an issue where I notice in my organisation sometimes engineers make changes to the Jenkins file and they change the Jenkins job branch inside the Branch Specifier (blank for 'any') section. Now, the issue is engineers sometimes forget to merge their changes from their dedicated branch to the stable branches such as the master branch for example.
I want to track all those Jenkins Jobs and send it an alert on Slack if the Jenkins Jobs are running from non-master branches. It will help me and my team to trace out easily the jobs which are not running from the master branch.
Sending alerts via Slack is easy, I am more interested in tracing the non-master branches.
Basically you want to receive an alarm if Jenkins is building a branch other than 'master'?
Since editing Jenkinsfile does not make sense (as your developers can change the file to their taste), you need to think of something else. One of my thoughts was to make Jenkins run on Jenkinsfile2 which would send your alarm and then just build Jenkinsfile. But that is not fully thought through (I guess this is not a full match: How to invoke a jenkins pipeline A in another jenkins pipeline B)
Another, easier to implement option could be to have another Jenkins job monitoring the same repository. It runs a pipeline directly coded in Jenkins that just checks the branch name and sends the alarm if need be. The branch name should be available

Approve github PR in jenkins pipeline

I am trying to create a process that blocks a github PR from being approved and merged to the main branch until a Jenkins pipeline can confirm that a terraform plan (or whatever checks need to happen for that repo) are successful.
There are two restrictions with though
we're not allowed to install plugins that aren't approved by the company, and that's just too much hassle!
the Jenkins instance is internal so I can't use a webhook
I'm trying to use a multibranch pipeline to execute when a PR is raised but I can't see how to approve the PR once the check is complete, perhaps this isn't the best way to go?
I'd appreciate any help/pointers on this
Thanks

Jenkins Pipeline build specific branches on pull/pr

I think I'm missing something quite simple here so I thought I would ask.
I have a development branch that developers raise PR's against, when this occurs I would like my Jenkins pipeline to automatically trigger.
Then once a merge happens and a push goes to the development branch, I want to do some extra steps which I have configured in the pipeline successfully.
The problem is how do I get Jenkins to automatically checkout and build branches that have a PR raised against development?
Currently I'm using GitHub hook trigger for GITScm polling and I can see the triggers in github being fired but it just constantly rebuilds the master branch instead of the branch that the PR is being raised on.
We are using github-branch-source and this automatically builds PRs.
There is a nice documentation: cloudbees docu

Jenkins Pipeline - How to maintain over time

I am currently using Cloudbees Jenkins Coreas my Jenkins solution.
I am using Jenkins Pipelines to write our Jenkins job configuration. These pipelines are stored in GitHub repositories. Each Jenkins job when created is connected to a GitHub Repository where the source code is pulled from, and that's where the Jenkinsfile is stored and Jenkins reads from.
Below are some high-level photos for how our Jenkins jobs are configured.
The advantage of the way these jobs are configured is the Jenkinsfile is always read from the master branch. Meaning if a rouge developer tries to remove stages from the Jenkinsfile from within there own branch, it doesn't matter because the Jenkinsfile is always read from the master branch (which is always protected).
However, the one massive drawback to this - is how do teams and developers who are devops engineerings make changes to the Jenkinsfile? For example, let's say a developer creates a branch called feature-jenkins-search and they edit the Jenkinsfile adding a new stage in the pipeline. Whenever they push these changes to GitHub to test - they can't test as it's always read from the master branch? Meaning devops engineerings have to work directly on the master branch? Surely this is not the best way to go and there is a better configuration to set?
We do want to still provide the security that if a developer is rougue and
You should really look into the Jenkins multi-branch pipeline feature. The Jenkins multi-branch pipeline allows to create a single configuration item in Jenkins (a bit like a folder) that can detect all the branches and pull requests in a GitHub repository with a Jenkinsfile and build them using automatically created jobs. Inside this multi-branch pipeline object when it is configured in Jenkins, you will find a number of jobs to build the various branches and pull-requests in the GitHub repository.
So your developers should maintain a Jenkinsfile in every branch they work on in GitHub to build that branch in your Jenkins server.
It is possible to make the Jenkinsfile do branch specific handling if required with conditional stages / when conditions in the Jenkinsfile pipelines in each branch.
You can lock down the master branch so that code and Jenkinsfile changes from other branches can only be merged with an approved PR (pull request). There is good integration between Jenkins and GitHub such that you can configure the master branch to only allow a PR to be merged if the PR is buildable in Jenkins. So if developers add new stages / processing to a Jenkinsfile on a branch being merged to master, it should be validated so that builds of your master branch are not broken.
There is a lot of configurability in the Jenkins multi-branch pipeline object for detection and handling of branches and it may be necessary to experiment to get it right for what you need with your team. If you cannot find this feature in Jenkins, it is probably because the correct Jenkins pipeline and GitHub related plugins are not installed.
You could also have a look at a similar Jenkins feature called the Jenkins GitHub Organization Folder which allows to detect and build all repos and branches at a GitHub Organization level. But when starting out, I would suggest to look into the multi-branch pipeline at the single repo level first.
These features are discussed in the Jenkins pipeline documentation. We use these features with our internal GitHub and Jenkins server and it works very well.
I think you will find the idea of using a single Jenkinsfile in the master branch to be used for building all branches is unworkable, as you have seen!

Resources