Bachlor's thesis on Wrocław University of Science and Technology
./setup_docker_gid.sh
docker-compose up -d
./setup_gerrit_repo.sh -p gerrit-http-passwordWhat is gerrit-http-password ? Sadly in order to configure the whole stack almost all of the gerrit related configuration relays on gerrit REST API so this step has to be performed manually by providing HTTP generated password for administratior in gerrit portal.
Alright alright, but how do I retrive the password !
Simply navigate to gerrit when the container is fully started (INFO com.google.gerrit.pgm.Daemon : Gerrit Code Review 3.2.3 ready in docker log of the container). Skip the plugin installation part, you should be automatically logged in as admin, top right corner settings wheel, left section HTTP Credentials, Click on GENERATE NEW PASSWORD, supply to script.
Go checkout gerrit and jenkins to see the magic happen !
Also clone the repo locally and push some changes to gerrit to check whether jenkins catches everthing.
When restarting
During playtime be sure to also clear docker volumes since compose uses them (to make sure you have a fresh install each time you spin up the containers)
-
Add reverse proxy in front of the containers to easily access given services on user friendly URLS. Just use SWAG with proper Nginx config and autocertbot.
-
Configure Cloud section in JCasC to use docker containers as slaves (also provisioned by jenkins when needed)
- docker-workflow (for docker inside pipeline)
- workflow-aggregator (for pipelines support)
- gerrit-code-review (better alternative to gerrit trigger)
- job-dsl (dynamic job configuration)
- configuration-as-code (JCasC)
Overall Jenkins config
JCasC has been used in order to setup initial jobs for Jenkins, provide credentials for Gerrit jenkins user (JenkinsCI) who has correct permissions set up and configure other basic settings.
Job setup
We have a Job definitions JCasC-Job-DSL-Seed in JCasC config which is reponsible for processing job definitions inside given gerrit repo (groovy definitions inside jobs folder). This Jenkins job is created at container startup by JCasC. This job is not triggered automatically since the Job definitions in Jenkins do not change that often, it can be triggered from Jenkins UI or with curl when needed.
The nice thing is that JobDSL supports many Pipeline configurations and DynamicDSL extends the possibilities for almost every possible Jenkins plugin therefor no more Jenkins UI clicking, simply upload the definitions to given folder and trigger the preconfigured job :) -> Profit ? We have Jenkins job configured as Code which are easly to recreate.
All the configuration is done via Gerrit REST API. The only cumbersome settings is the Gerrit HTTP password which is needed in order to query all the endpoints. This has to provided by user therefore there is no place for full automation, the password needs to be retrieved from admin settings in portal.
All the configuration was parametrized with variables so the script could be potentially used in real world scenarions where other authentication is required.
The setup script does the following:
- Install checks plugin
- Adds Verified label which is no longer automatically setup during Gerrit initialization
- Grants permissions for Adminstrator and Non-interactive users to check plugin and label modification
- Creates Jenkins user with preconfigured password (same password is used in JCasC to configure inital job)
- Creates new gerrit repository
- Adds sample check to repository
- Adds webhook which is required for Gerrit<->Jenkins integration (Communicats with Gerrit Code Review plugin)
- We assume webhooks plugin is already installed on Gerrit (Gerrit docker image has it preinstalled)
https://www.youtube.com/watch?v=pyPMeCW-Q5k -> How GerritForge runs things (tbh this presentation is just the top of the mountain and the plugin does not have a documentation at all)
Gerrit source code -> Yeah it has been handy when configuring all the stuff :D
Gerrit Code Review Jenkins plugin -> still under heavy development, no documentation at all but after you grasp the idea it is really powerfull. Currently implemented methods
Implement checks in GerritForge -> this has been dug from google conversations in order to make this setup work