Jenkins - Master Strategy for Prod & Non-Prod Environments - jenkins

I am trying to get a CI/CD pipeline going, my problem arises from having to create separate Jenkins instances of Prod and Non-Prod environments.
My CI/CD setup is pretty basic, I use a jenkinsfile with a series of standard steps, that are automatically triggered by pull request approvals on develop or master branches. Now if we go with 2 separate Jenkins masters, one per environment, how can the pipeline still work? So basically, when pull requests are approved on develop branch, Jenkinsfile executes a bunch of steps (test-build-archive artifact) on Non-Prod Jenkins Master and when pull requests are approved on master branch, Jenkinsfile executes steps(promote archived artifact to prod) on Prod Jenkins Master.

Related

How to decouple Jenkins CI and gitlab CI pipelines?

I've only been working with Jenkins so far. We have configured a Multibranch Pipeline job to automatically build and test software. The tasks are written in Groovy and stored as Jenkinsfile in the root directory of our git repository.
Recently, we have decided to add another mechanism to automatically generate documentation. The generation of documentation (but this could be any other task) has been realized using GitLab CI.
Both pipelines are practically independent - and both are triggered by a git commit/push. What I do not understand is: why and how is the Jenkins pipeline execution associated with the GitLab CI pipeline? In the following screenshot a new column "External" appears - representing the Jenkins pipeline job.
That's not really a big issue. But as both pipelines should be independent - the results of the runs should not influence each other. However, it seems that when the Jenkins job fails, i.e. "External", the GitLab CI pipeline also fails:
Is there a way to better decouple those pipelines, i.e. let them fail or succeed individually?
This is because the Gitlab Branch Source Plugin automatically notify Gitlab about then Jenkins pipeline status. This allow you to see the result of a build directly in Gitlab. If you want to have only the result of the Gitlab CI pipeline in Gitlab, you can disable this feature :
Additional Traits:
These traits can be selected by selecting Add in
the Behaviours section.
[...]
Skip pipeline status notifications - Disable notifying GitLab server
about the pipeline status.
[...]
So in yout Gitlab group, just go the Configure > Projects > Gitlab Group > Add and select Skip pipeline status notifications.
why and how is the Jenkins pipeline execution associated with the GitLab CI pipeline? In the following screenshot a new column "External" appears - representing the Jenkins pipeline job.
In general, "External" statuses are created using the commit build status API -- Jenkins uses this API to report the Jenkins pipeline build status to GitLab CI.
This external status for Jenkins appears in your GitLab pipeline because you have configured your Jenkins server/project to report build statuses to GitLab or you have setup a webhook integration with Jenkins in GitLab (note these may be set at the group level or by an administrator, not necessarily the project level)
To remove this from your pipeline, you should disable any existing integration configurations and setup your Jenkins project independently of any GitLab integration. e.g. using git polling to trigger jenkins builds and remove any updateGitlabCommitStatus calls in your groovy scripts / build stages.

Ephemeral Jenkins Pipeline Jobs from Github and Jenkinsfile

I have automated Jenkins master and slaves deployment and redeployment successfully.
I know how to manually create pipeline jobs and add github repos to use their Jenkinsfiles for the steps.
my issue is how can I automate the pipeline jobs addition to jenkins after its been destroyed and redeployed without having to manually create the pipeline jobs and point to Jenkinsfile each time.
I have seen this done before in a container environment with chef and docker when redeployed or updated it re-adds all the pipelines automatically again.
I want to not use the UI at all only to confirm job status progress and verify settings.
I would recommend looking at the JobDSL Plugin to create jobs, using a seed job to create them on initial Jenkins startup. The Jenkins Configuration-as-Code plugin can be used to setup any other configuration outside the jobs.

DevOps Continuos Delivery for Java Script

Can i use Jenkins integration for DevOps Continuos Delivery Pipeline for JavaScript code builds?
I am trying to build/propose a solution for integrating Jenkins tool and to remove manual code build and deployments to remove the manual effort for my team.
Generally in Jenkins, you can use the below:
Build -> Automated Test -> Dev Deploy -> QA Approval -> QA Deploy
The Seed Job is the one which will be creating other Jenkins job automatically but the seed job itself will be configured manually. The Seed Job will read the DSL script, parse those and create appropriate Job configurations in Jenkins.
After the seed job runs successfully, we will have a job created for our sample app.
The Seed job will create the following set of jobs which will eventually be part of the pipeline. The Seed job will also create a Jenkins pipeline view.
Build: This job includes the configuration for the building project, job triggers, scm location, jdk version to use, maven goals, artifact upload to repo like Artifactory.
Test: This job can call test suites and decide to call a downstream job or not.
Dev Deploy: Simple job with a trigger to the Promotion Job if the deployment was successful.
This job can call the script to perform a deployment or use tools like Bamboo or Urbancode.
Usually a Dev deploy doesn’t need promotion, but we can add that step if required.
QA Promotion: This job includes a send email notification to the person/group responsible for approval. The email contains a link for promotion.
The Promotion Email link can look like this: http://localhost:8080/XXX/XXXXX/XXX
The same can be done for the UAT and Prod:
We can chain multiple Promotion Jobs and Deploy jobs to accomplish the need for another environment, for e.g. UAT Promotion -> UAT Deploy ->PreProd Promotion -> PreProd Deploy -> Prod Promotion -> Prod Deploy
And here for all the above mentioned processes it can be done via Jenkins tool
Also yes, to answer your question you definitely can use Jenkins integration in Devops Pipeline.
If you are building your solution in cloud or in any domain servers then you might have to get the Jenkins integrated in the same environment.

Jenkins Pipeline - How to maintain over time

I am currently using Cloudbees Jenkins Coreas my Jenkins solution.
I am using Jenkins Pipelines to write our Jenkins job configuration. These pipelines are stored in GitHub repositories. Each Jenkins job when created is connected to a GitHub Repository where the source code is pulled from, and that's where the Jenkinsfile is stored and Jenkins reads from.
Below are some high-level photos for how our Jenkins jobs are configured.
The advantage of the way these jobs are configured is the Jenkinsfile is always read from the master branch. Meaning if a rouge developer tries to remove stages from the Jenkinsfile from within there own branch, it doesn't matter because the Jenkinsfile is always read from the master branch (which is always protected).
However, the one massive drawback to this - is how do teams and developers who are devops engineerings make changes to the Jenkinsfile? For example, let's say a developer creates a branch called feature-jenkins-search and they edit the Jenkinsfile adding a new stage in the pipeline. Whenever they push these changes to GitHub to test - they can't test as it's always read from the master branch? Meaning devops engineerings have to work directly on the master branch? Surely this is not the best way to go and there is a better configuration to set?
We do want to still provide the security that if a developer is rougue and
You should really look into the Jenkins multi-branch pipeline feature. The Jenkins multi-branch pipeline allows to create a single configuration item in Jenkins (a bit like a folder) that can detect all the branches and pull requests in a GitHub repository with a Jenkinsfile and build them using automatically created jobs. Inside this multi-branch pipeline object when it is configured in Jenkins, you will find a number of jobs to build the various branches and pull-requests in the GitHub repository.
So your developers should maintain a Jenkinsfile in every branch they work on in GitHub to build that branch in your Jenkins server.
It is possible to make the Jenkinsfile do branch specific handling if required with conditional stages / when conditions in the Jenkinsfile pipelines in each branch.
You can lock down the master branch so that code and Jenkinsfile changes from other branches can only be merged with an approved PR (pull request). There is good integration between Jenkins and GitHub such that you can configure the master branch to only allow a PR to be merged if the PR is buildable in Jenkins. So if developers add new stages / processing to a Jenkinsfile on a branch being merged to master, it should be validated so that builds of your master branch are not broken.
There is a lot of configurability in the Jenkins multi-branch pipeline object for detection and handling of branches and it may be necessary to experiment to get it right for what you need with your team. If you cannot find this feature in Jenkins, it is probably because the correct Jenkins pipeline and GitHub related plugins are not installed.
You could also have a look at a similar Jenkins feature called the Jenkins GitHub Organization Folder which allows to detect and build all repos and branches at a GitHub Organization level. But when starting out, I would suggest to look into the multi-branch pipeline at the single repo level first.
These features are discussed in the Jenkins pipeline documentation. We use these features with our internal GitHub and Jenkins server and it works very well.
I think you will find the idea of using a single Jenkinsfile in the master branch to be used for building all branches is unworkable, as you have seen!

Run script before removing job in Jenkins Pipelines

I'm setting up a development environment where I have Jenkins as CI server (using pipelines), and the last build step in Jenkinsfile is a deployment to staging. The idea is to have a staging environment for each branch that is pushed.
Whenever someone deletes a branch (sometimes after merging), Jenkins automatically removes its respective job.
I wonder if there is a way to run a custom script before the automatic job removal, then I would be able to connect to the staging server and stop or remove all services that are running for the job that is going to be deleted.
The plugin multibranch-action-triggers-plugin might be worth a look.
This plugin enables building/triggering other jobs when a Pipeline job is created or deleted, or when a Run (also known as Build) is deleted by a Multi Branch Pipeline Job.

Resources