Jenkins Pipelines are used to define, manage, and automate the entire lifecycle of software delivery processes (a.k.a. CI/CD pipelines). These pipelines provide a structured way to define the steps and stages involved in building, testing, deploying, and delivering software applications.
Jenkins Pipelines enable teams to automate repetitive tasks, and ensure consistent and reliable software releases.
Let's take the Docker images build process as an example...
In our development workflow, whenever we wanted to create a new version of our application, we had to manually run the docker build
command to create a Docker image.
This process involved remembering the right set of build arguments, manually managing images, and we had no any mechanism to track the build history.
With Jenkins Pipelines, we can automate the build process, which makes it consistent and reproducible process. In addition, Jenkins provides a clear view of the build status, logs, and any errors encountered during the build.
A Jenkins pipeline is defined in a file usually called Jenkinsfile
, stored as part of the code repository.
In this file you instruct Jenkins on how to build, test, and deploy your application by specifying a series of stages, steps, and configurations.
There are two main types of syntax for defining Jenkins pipelines in a Jenkinsfile: Declarative Syntax and Scripted Syntax.
- Declarative syntax is a more structured and easy. It uses a predefined set of functions (a.k.a directives) to define the pipeline's structure.
- Scripted syntax provides a more flexible and powerful way to define pipelines. It allows you to use Groovy scripting to customize and control every aspect of the pipeline. This pipelines won't be covered in this course.
The Jenkinsfile
typically consists of multiple stages, each of which performs a specific steps, such as building the code as a Docker image, running tests, or deploying the software to Kubernetes cluster.
Let's create a declarative pipeline that builds aa docker image for the Roberta app.
- In your repository, in branch
main
, create a file calledbuild.Jenkinsfile
in the root directory as the following template:
pipeline {
agent any
stages {
stage('Build') {
steps {
sh 'ls'
sh 'echo building...'
}
}
}
}
The Jenkinsfile you've provided is written in Declarative Pipeline syntax. Let's break down each part of the code:
pipeline { ... }
: This is the outermost block that encapsulates the entire pipeline definition.agent any
: This directive specifies the agent where the pipeline stages will run. Theany
keyword indicates that the pipeline can run on any available agent (Jenkins agent or worker). Agents are the compute resources where the pipeline stages are executed.stages { ... }
: The stages block contains a series of stages that define the major steps in the pipeline. Stages represent different phases of the software delivery process.stage('Build') { ... }
: This directive defines a specific stage named "Build." Each stage represents a logical phase of your pipeline, such as building, testing, deploying, etc.steps { ... }:
Inside the stage block, the steps block contains the individual steps or tasks to be executed within that stage.sh 'echo building...'
: This directive is a step that executes a shell command. In this case, it uses the sh (shell) step to run the shell command 'echo building...'. This step prints "building..." to the console.
- Commit and push your changes.
- From the main Jenkins dashboard page, choose New Item.
- Enter the project name (e.g.
RobertaBuild
), and choose Pipeline. - Check GitHub project and enter the URL of your GitHub repo.
- Under Build Triggers check GitHub hook trigger for GITScm polling.
- Under Pipeline choose Pipeline script from SCM.
- Choose Git as your SCM, and enter the repo URL.
- If you don't have yet credentials to GitHub, choose Add and create Jenkins credentials.
- Kind must be Username and password
- Choose informative Username (as github or something similar)
- The Password should be a GitHub Personal Access Token with the following scope:
Click here to create a token with this scope.
repo,read:user,user:email,write:repo_hook
- Enter
github
as the credentials ID. - Click Add.
- Under Branches to build enter
main
as we want this pipeline to be triggered upon changes in branch main. - Under Script Path write the path to your
build.Jenkinsfile
defining this pipeline. - Save the pipeline.
- Test the integration by add a
sh
step to thebuild.Jenkinsfile
, commit & push and see the triggered job.
Well done! You've implemented an automated build pipeline for the Roberta app.
Let's discuss the execution stages when your pipeline is running:
- Job scheduling: When you trigger a pipeline job, Jenkins schedules the job on one of its available agents (also known as nodes). Agents are the machines that actually execute the build steps. In our case, the pipline runs on the Jenkins server machine itself, known as the built-in node. This is very bad practice, and we will change it soon. Each agent can have one or more executors, which are worker threads responsible for running jobs concurrently.
- Workspace creation: Jenkins creates a workspace directory on the agent's file system. This directory serves as the working area for the pipeline job.
- Checkout source code: Jenkins checks out the source code into the workspace.
- Pipeline execution: Jenkins executes your pipeline script step-by-step.
The Build phase builds the app source code and store the build artifact somewhere, make it ready to be deployed.
In our case, a docker image is our build artifact, but in general, there are many other build tools that can be used in different programming languages and contexts (e.g. maven, npm
, gradle
, etc...)
We now want to complete the build.Jenkinsfile
pipeline, such that on every run of this job,
a new docker image of the app will be built and stored in container registry (DockerHub or ECR).
- Modify the
build.Jenkinsfile
to build an docker image and push it. Your stage might look like:
stage('Build') {
steps {
sh '''
docker login ...
docker build ...
docker tag ...
docker push ...
'''
}
}
- Feel free to create other
stage
s according to your needs. - Your image should be pushed either to DockerHub or ECR repo.
- You can use the timestamp, or the
BUILD_NUMBER
orBUILD_TAG
environment variables to tag your Docker images, but don't tag the images aslatest
. - If using ECR, give your EC2 instance an appropriate role to push an image to ECR.
- Use the
environment
directive to store global variable and make your pipeline a bit more elegant.
Let's create another new Jenkins pipeline that deploys the image we've just built to a Kubernetes cluster.
We would like to trigger the Deploy pipeline after every successful running of the Build pipeline.
- In the app repo, create another
Jenkinsfile
calleddeploy.Jenkinsfile
. In this pipeline we will define the deployment steps for the roberta app:
pipeline {
agent any
stages {
stage('Deploy') {
steps {
// complete this code to deploy to real k8s cluster
sh '# kubectl apply -f ....'
}
}
}
}
- In the Jenkins dashboard, create another Jenkins Pipeline (can be named
RobertaDeploy
), fill it similarly to the Build pipeline, but don't trigger this pipeline as a result of a GitHub hook event (why?).
We now want that every successful Build pipeline running will automatically trigger the Deploy pipeline. We can achieve this using the following two steps:
- In
build.Jenkinsfile
, add the Pipeline: Build function that triggers the Deploy pipeline:
stage('Trigger Deploy') {
steps {
build job: '<deploy-job-name>', wait: false, parameters: [
string(name: 'ROBERTA_IMAGE_URL', value: "<full-url-to-docker-image>")
]
}
}
Where:
<deploy-job-name>
is the name of your Deploy pipeline (should beRobertaDeploy
).<full-url-to-docker-image>
is a full URL to the Docker image you've just built. You environment variable to make it dynamically according to the image tag. E.g. :value: "${IMAGE_NAME}:${IMAGE_TAG}"
.
- In the
deploy.Jenkinsfile
define a string parameter that will be passed to this pipeline from the Build pipeline:
pipeline {
agent ..
# add the below line in the same level an `agent` and `stages`:
parameters { string(name: 'ROBERTA_IMAGE_URL', defaultValue: '', description: '') }
stages ...
}
Test your simple CI/CD pipeline end-to-end.
Enter the interactive self-check page
Use the post
directive and the docker image prune
command to cleanup the built Docker images from the disk.
Review some additional pipeline features, as part of the options
directive. Add the options{}
clause with the relevant features for the Build and Deploy pipelines.
Jenkins does not clean the workspace by default after a build. Jenkins retains the contents of the workspace between builds to improve performance by avoiding the need to re-fetch and recreate the entire workspace each time a build runs.
Cleaning the workspace can help ensure that no artifacts from previous builds interfere with the current build.
Configure stage('Clean Workspace')
stage to clean the workspace before or after a build.
Integrate snyk
image vulnerability scanning into your build-deploy pipline.
- Create a Secret text Jenkins credentials containing the snyk API token.
- Use the
withCredentials
step, read your Snyk API secret asSNYK_TOKEN
env var, and perform the security testing using simplesh
step andsynk
cli. - Sometimes, Snyk alerts you for a vulnerability that has no update available, or that you do not believe to be currently exploitable in your application. You can ignore a specific vulnerability in a project using the
snyk ignore
command:
snyk ignore --id=<ISSUE_ID>
- Bonus: use Snyk Jenkins plugin or use the Jenkins HTML publisher plugin together with snyk-to-html project to generate a UI friendly Snyk reports in your pipeline page.
Create a new Jenkins pipeline and code the corresponding Jenkinsfile
, to periodically backup the Jenkins server in S3.
- In the Jenkinsfile, use bash script that compresses the
/var/lib/jenkins
directory into a.tar.gz
file, excluding some files. - Push the
.tar.gz
file to an S3 bucket. - The pipeline should be running periodically once a day.
https://www.jenkins.io/blog/2017/02/15/declarative-notifications/