CodeReview實(shí)踐-Gerrit自動觸發(fā)JenkinsCI
Gerrit + Jenkins
背景
當(dāng)前團(tuán)隊(duì)使用Gerrit來做代碼管理、CodeReview。計(jì)劃實(shí)現(xiàn)當(dāng)review提交到了Gerrit并且review通過(merged)自動觸發(fā)Jenkins流水線。以前接觸Gitlab比較多,Gerrit還是第一次開始用,踩了點(diǎn)坑記錄下來。本文主要講述Gerrit Trigger流水線配置,關(guān)于服務(wù)器配置等細(xì)節(jié)問題暫不研究,降低復(fù)雜性。
Gerrit 配置
我們可以通過Docker的方式快速啟動一個Gerrit實(shí)例,默認(rèn)Gerrit使用的是HTTP 8080端口、SSH29418端口。通過CANONICAL_WEB_URL參數(shù)指定服務(wù)器網(wǎng)頁地址。
docker run --name gerrit -itd \-p 8088:8080 \-p 29418:29418 \-e CANONICAL_WEB_URL=http://192.168.1.200:8088 gerritcodereview/gerrit
啟動成功后,默認(rèn)打開的是一個插件安裝的頁面,此時可以根據(jù)個人需要安裝相關(guān)插件,也可以跳過。
默認(rèn)登錄就是admin, 創(chuàng)建一個Jenkins用戶。
登錄Jenkins用戶然后配置SSH-KEY,創(chuàng)建ssh-key添加到j(luò)enkins用戶配置中。
[root@zeyang-nuc-service ~]# kubectl exec -it jenkins-6ccf555769-sfdw6 -n devops bashbash-4.2$ iduid=1000(jenkins) gid=1000(jenkins) groups=1000(jenkins)bash-4.2$ ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/var/jenkins_home/.ssh/id_rsa):Created directory '/var/jenkins_home/.ssh'.Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /var/jenkins_home/.ssh/id_rsa.Your public key has been saved in /var/jenkins_home/.ssh/id_rsa.pub.The key fingerprint is:SHA256:nGqkSVAUuc2xrGe8Bz/xuWcQ/YVrDISPJux+tCZkJgI jenkins@jenkins-6ccf555769-sfdw6The key's randomart image is:+---[RSA 2048]----+| .+o . || .. . . . || . = + = . || E.. =.o.+ + . .|| ..o..So . + o || .o+*.* o = || o+oX + + . || .. * * o || . =.+ |+----[SHA256]-----+
默認(rèn)的key在JENKINS_HOME目錄中/var/jenkins_home/.ssh/id_rsa。
bash-4.2$ cat /var/jenkins_home/.ssh/id_rsa.pubssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCb+BcXnBXG4f4T3MSDsL/aNLm4zlMkX5xn5pwC4eaep+XMe9kXMsYJZ3xuQ1dxUTAeTHAYX33IsclpE63H0nXdNj8cgcC9dnyXFYGieKfSx44JeP3O4rcMFN+cPGlEcIVJdTF8RfpvDANObCUJ0fnsw7f/yVImdwqGbXaBsU11+s6uRuCghXUw1JhA4H+mVp89YZN7ilhif4I8rol/cUkcKnQhxM0ziClWL5VLBTfpO5QNhj+vy2JICMSgU93EEs0LgBUdT2Q+1tduQo3R7fNOkQm46y1oonoUMzXTr9/kOlcAxZR9kIT7WYPxGQGCoyf2AiMP3VKwowv98MenDCFZ jenkins@jenkins-6ccf555769-sfdw6
這里使用的是id_rsa.pub,復(fù)制文件內(nèi)容,然后添加到Gerrit Jenkins用戶中。(記得點(diǎn)擊ADD)
將Jenkins用戶加入Non-interactive Users組。BROWSE>Groups>Non-Interactive Users>Members。
創(chuàng)建一個倉庫,然后簡單的設(shè)置下repo權(quán)限:
refs/* :read Non-interactive Usersrefs/heads/* : Label Code-Review Non-interactive Users
Gerrit 2.7+ ?創(chuàng)建一個組Event Streaming Users,將Jenkins用戶加入。
設(shè)置All-projects access 權(quán)限, BROWSE> repos>All-Projects>Access>Global Capabilities >Stream Events 。
allow Event Streaming Users
到此,Gerrit配置基本上已經(jīng)完成了,頁面樣式很簡潔。
Jenkins配置
首先我們安裝Gerrit Hook插件,然后進(jìn)入系統(tǒng)管理會看到gerrit的圖標(biāo)。
Connection error : com.jcraft.jsch.JSchException: Auth fail 錯誤一般是ssh-key問題。
在流水線項(xiàng)目中添加Gerrit Trigger.
Ok,Jenkins的配置完成了。接下來開始測試自動觸發(fā)。
創(chuàng)建codereview
[root@zeyang-nuc-service devops]# lsaa,txt aasss,txt sss test.txt[root@zeyang-nuc-service devops]# echo 123 >test.txt[root@zeyang-nuc-service devops]# git add .[root@zeyang-nuc-service devops]# git commit -m "init"[master 77f6474] init1 file changed, 1 insertion(+), 1 deletion(-)[root@zeyang-nuc-service devops]# git push origin HEAD:refs/for/masterUsername for 'http://192.168.1.200:8088': adminPassword for 'http://[email protected]:8088':Enumerating objects: 3, done.Counting objects: 100% (3/3), done.Delta compression using up to 8 threads.Compressing objects: 100% (2/2), done.Writing objects: 100% (2/2), 253 bytes | 253.00 KiB/s, done.Total 2 (delta 1), reused 0 (delta 0)remote: Resolving deltas: 100% (1/1)remote: Processing changes: refs: 1, new: 1, doneremote:remote: SUCCESSremote:remote: http://192.168.1.200:8088/c/devops/+/21 init [NEW]remote:To http://192.168.1.200:8088/devops* [new branch] HEAD -> refs/for/master
merge 測試
Gerrit傳遞的參數(shù)還是挺多的,可以很方便的獲取。基本上這些參數(shù)就夠用了。
Pipeline As Code
//Pipeline paramsString BRANCH_NAME = "${env.GERRIT_BRANCH}"String PROJECT_NAME = "devops"String PROJECT_URL = "http://192.168.1.200:8088/devops"currentBuild.description = "Trigger By ${BRANCH_NAME}"//Pipelinepipeline{agent {node { label "build" //指定運(yùn)行節(jié)點(diǎn)的標(biāo)簽或者名稱}}options{skipDefaultCheckout()}triggers {//配置gerrit觸發(fā)器gerrit customUrl: '',gerritProjects: [[branches: [[compareType: 'ANT', pattern: '**']],compareType: 'PLAIN',disableStrictForbiddenFileVerification: false,pattern: "${PROJECT_NAME}"]],serverName: 'devops',triggerOnEvents: [changeMerged()]}stages{stage("GetCode"){steps{echo "========executing GetCode========"//下載代碼checkout([$class: 'GitSCM', branches: [[name: "${BRANCH_NAME}"]],doGenerateSubmoduleConfigurations: false,extensions: [],submoduleCfg: [],userRemoteConfigs: [[url: "${PROJECT_URL}"]]])}}}post{always{echo "========always========"cleanWs()}success{echo "========pipeline executed successfully ========"}failure{echo "========pipeline execution failed========"}}}
到此基本上觸發(fā)就已經(jīng)完成了,后續(xù)添加構(gòu)建和發(fā)布步驟。Gerrit進(jìn)行CodeReview還是很方便的,現(xiàn)在每次提交的代碼、Jenkinsfile都需要先進(jìn)行CodeReview才能進(jìn)行merge。哈哈,注意文件中的空格.....