GERRIT+JENKINS背景目前团队使用Gerrit进行代码管理和CodeReview。计划是当审核提交给Gerrit,审核通过(合并)时,自动触发Jenkinspipeline。以前接触过很多Gitlab,但是Gerrit是第一次用,走了不少弯路记录一下。本文主要介绍GerritTrigger管道的配置,服务器配置等细节暂时不研究,以降低复杂度。Gerrit配置我们可以通过Docker快速启动一个Gerrit实例。默认情况下,Gerrit使用HTTP端口8080和SSH端口29418。通过CANONICAL_WEB_URL参数指定服务器网页地址。dockerrun--namegerrit-itd\-p8088:8080\-p29418:29418\-eCANONICAL_WEB_URL=http://192.168.1.200:8088gerritcodereview/gerrit启动成功后,默认打开一个插件安装页面。相关插件需要安装,也可以跳过。默认登录是admin,创建一个Jenkins用户。登录Jenkins用户并配置SSH-KEY,创建ssh-key并添加到jenkins用户配置中。[root@zeyang-nuc-service~]#kubectlexec-itjenkins-6ccf555769-sfdw6-ndevopsbashbash-4.2$iduid=1000(jenkins)gid=1000(jenkins)groups=1000(jenkins)bash-4.2$ssh-keygenGeneratingpublic/privatersakeypair.Enterfileinwhichtosavethekey(/var/jenkins_home/.ssh/id_rsa):Createddirectory'/var/jenkins_home/.ssh'.Enterpassphrase(emptyfornopassphrase):Entersamepassphraseagain:Youridentificationhasbeensavedin/var/jenkins_home/.ssh/id_rsa.Yourpublickeyhasbeensavedin/var/.jenkins_homessh/id_rsa.pub.Thekeyfingerprintis:SHA256:nGqkSVAUuc2xrGe8Bz/xuWcQ/YVrDISPJux+tCZkJgIjenkins@jenkins-6ccf555769-sfdw6Thekeysrandomartimageis:+---[RSA2048]----+|.+o.||.....||.=+=.||E..=.o.++..||..o..So.+o||.o+*.*o=||o+oX++.||..**o||.=.+|+----[SHA256]-----+默认的key在JENKINS_HOME目录中/var/jenkins_home/.ssh/id_rsa。bash-4.2$cat/var/jenkins_home/.ssh/id_rsa.pubssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAABAQCb+BcXnBXG4f4T3MSDsL/aNLm4zlMkX5xn5pwC4eaep+XMe9kXMsYJZ3xuQ1dxUTAeTHAYX33IsclpE63H0nXdNj8cgcC9dnyXFYGieKfSx44JeP3O4rcMFN+cPGlEcIVJdTF8RfpvDANObCUJ0fnsw7f/yVImdwqGbXaBsU11+s6uRuCghXUw1JhA4H+mVp89YZN7ilhif4I8rol/cUkcKnQhxM0ziClWL5VLBTfpO5QNhj+vy2JICMSgU93EEs0LgBUdT2Q+1tduQo3R7fNOkQm46y1oonoUMzXTr9/kOlcAxZR9kIT7WYPxGQGCoyf2AiMP3VKwowv98MenDCFZjenkins@jenkins-6ccf555769-sfdw6这里使用的是id_rsa.pub,复制文件内容,添加到GerritJenkins用户。(记得点击ADD)将Jenkins用户添加到Non-interactiveUsers组。BROWSE>Groups>Non-InteractiveUsers>Members。创建仓库,然后简单设置repo权限:refs/*:readNon-interactiveUsersrefs/heads/*:LabelCode-ReviewNon-interactiveUsersGerrit2.7+创建组EventStreamingUsers,添加Jenkins用户。设置所有项目访问权限,BROWSE>repos>All-Projects>Access>GlobalCapabilities>StreamEvents。allowEventStreamingUsers至此Gerrit配置基本完成,页面样式非常简洁。Jenkins配置首先我们安装GerritHook插件,然后进入系统管理就可以看到gerrit图标了。连接错误:com.jcraft.jsch.JSchException:Authfail错误通常是ssh-key问题。将Gerrit触发器添加到管道项目。好了,Jenkins的配置就完成了。接下来,开始测试自动触发。创建代码审查[root@zeyang-nuc-servicedevops]#lsaa,txtaasss,txtssstest.txt[root@zeyang-nuc-servicedevops]#echo123>test.txt[root@zeyang-nuc-servicedevops]#gitadd.[root@zeyang-nuc-servicedevops]#gitcommit-m"init"[master77f6474]init1filechanged,1insertion(+),1deletion(-)[root@zeyang-nuc-servicedevops]#gitpushoriginHEAD:refs/for/masterUsernamefor'http://192.168.1.200:8088':adminPasswordfor'http://admin@192.168.1.200:8088':Enumeratingobjects:3,done.Countingobjects:100%(3/3),done.Deltacompressionusingupto8threads.Compressingobjects:100%(2/2),done.Writingobjects:100%(2/2),253bytes|253.00KiB/s,done.Total2(delta1),reused0(delta0)remote:Resolvingdeltas:100%(1/1)remote:Processingchanges:refs:1,new:1,doneremote:remote:SUCCESSremote:remote:http://192.168.1.200:8088/c/devops/+/21init[NEW]remote:Tohttp://192.168.1.200:8088/devops*[newbranch]HEAD->refs/for/mastermergeGerrit测试传递的参数相当多,很容易获取。基本上这些参数就够了。管道即代码//PipelineparamsStringBRANCH_NAME="${env.GERRIT_BRANCH}"StringPROJECT_NAME="devops"StringPROJECT_URL="http://192.168.1.200:8088/devops"currentBuild.description="TriggerBy${BRANCH_NAME}"//管道管道{agent{node{label"build"//指定运行节点的标签或名称}}options{skipDefaultCheckout()}triggers{//配置gerrit触发器gerritcustomUrl:'',gerritProjects:[[branches:[[compareType:'ANT',pattern:'**']],compareType:'PLAIN',disableStrictForbiddenFileVerification:false,pattern:"${PROJECT_NAME}"]],serverName:'devops',triggerOnEvents:[changeMerged()]}阶段{stage("GetCode"){steps{echo"========executingGetCode========"//下载代码checkout([$class:'GitSCM',branches:[[name:"${BRANCH_NAME}"]],doGenerateSubmoduleConfigurations:false,extensions:[],submoduleCfg:[],userRemoteConfigs:[[url:"${PROJECT_URL}"]]])}}}post{always{echo"========总是========"cleanWs()}success{echo"========pipelineexecutedsuccessfully========"}failure{echo"========pipelineexecutionfailed========"}}}至此,trigger基本完成,添加build和release步骤Gerrit进行CodeReview就很方便了。现在每一个提交的代码和Jenkinsfile都需要经过CodeReview才能合并。哈哈,付费关注文件Spacesin...【编者推荐】SpringBoot中从类路径加载文件人工智能加速目标瞄准帮助人机融合即时打击如何优先处理DevOps变更?iPhone12mini有没有5G物联网对会计行业有什么好处?
