# Set-up `Jenkins` build trigger for private git server
Next to my [private git server](/blog/private-git-server.md) I have a
[`Jenkins`](https://www.jenkins.io) server to build some software that I run or
use in-house. GitHub has `Webhooks` to give Jenkins a sign to start building a
Job.
I'd like something simular from my private git-server after a `git push`.
# `Git` server
In order for a repository to "act" after a `git push` this repository needs to
have a **`post-receive`** hook. This an executable script in the `hooks/`
directory of the (bare) repository on the git server.
`Git` will pass 3 parameters via `STDIN` of this hook and it can act on them:
- ***old revision*** (sha)
- ***new revision*** (sha)
- ***reference name*** (refs/heads/...)
For this project I'll use the ***reference name*** to determine the branch that is
passed to Jenkins (for details see the script [in the
project](#the-software-project)).
If the branch that was pushed to is either `preview` or `main` the hook will
use the `curl` programme to trigger the build via an URL on the `Jenkins`
server.
# `Jenkins` server
By creating a ***Pipeline script from SCM*** type of job in `Jenkins` it will
clone/checkout the last revision for the URL configured to see if it can find
the magic `Jenkinsfile` to execute.
My set-up is such that the backend machine the software will be running on, is
also the Jenkins-build-node, this helps me in case the os is different from the
one running on the `Jenkins` machine.
## User to run jobs
I have created a user `git-builder` in `Jenkins` that can run jobs (I use the
*Role-based Authorization Strategy* plugin). This user has a password. To
start a `Jenkenis` job, I will use `curl`.
`Jenkins` needs credentials of that user to login before it can start a job. I
used a seperate file `jenkins-git-builder.netrc` that I can pass to `curl` with
the `--netrc-file` switch so it can pass the credentials without the password
in plain text in the command line. For safekeeping I put it in `~git/.ssh` with
`0400` permissions (see **`man ftp`** for more information on `.netrc`).
## Setting up a build-pipeline for Jenkins
Jenkenis uses a language called *Groovy* and this is used to write the
`Jenkinsfile` that defines how to build your project. This is done as a so
called *declarative pipeline* and follows a strict syntax. ***This is not a
Groovy/Jenkins tutorial.***
**NOTE**: There is a nasty catch here, one wants to work with the interaction
between `git` and `Jenkins`, debugging the `Jenkinsfile` (that is usually in
your repository) will involve commits and pushes to the remote repository, this
may clutter the repository with irrelevant commits. My advice is to do this
work in a separate branch and once finished, merge into the main branch and
remove the development branch.
## The Jenkins job
#### New Item > all >
- [x] **Enter an item name**: `Example`
- [x] Pipeline
#### General
- [x] Do not allow concurrent builds
- [x] This project is parameterized
- *String Parameter*
**Name**: `buildBranch`
**Default Value**: `preview`
**Description**: `The branch to build`
#### Build Triggers
- [x] *Trigger builds remotely (e.g., from scripts)*
- Authentication Token: `example-token`
*Use the following URL to trigger build remotely:
JENKINS_URL/job/Example/build?token=TOKEN_NAME or
/buildWithParameters?token=TOKEN_NAME*
#### Pipeline
- [x] Pipeline script from SCM
- [x] Git
Repository URL: `ssh://git@my-git/~/example-git-webhook`
Credentials: (identity managed in Jenkins and git-`authorized_keys`)[1](#1)
Branches to build:
- [x] `*/preview`
- [x] `*/main`
# The software project
The software project is actually the **`post-receive`** hook and the
**`Jenkinsfile`** to be used for this project. (Here is
[tarball](https://www.test-smoke.org/download/example-git-webhook.tgz) of a
clean git repository with all the files).
In the build step, the `Perl` dependencies will be installed in
`/var/lib/jammy` (or whatever the output of **`lsb_release -cs`** is). The
script will be installed in `/var/lib/example//bin/post-receive`.
# Install the hook
One can just copy[2](#2) the script to the
`~git/example-git-webhook/hooks` directory and make sure it is executable.
# The author
![Abe Timmerman](https://www.test-smoke.org/images/bolhoed.jpg)
© MMXXII - Abe Timmerman
Over 30 years experience with Linux and programming (mainly Perl).
This was written on Tue 9 August 2022.
----
###### [1]
I just do `ssh-keygen -f /tmp/git-jenkins-key -P ''`, put
`/tmp/git-jenkins-key` in jenkins and put `/tmp/git-jenkins-key.pub` in `git`s
`authorized_keys` and remove the keypair from `/tmp`.
###### [2]
On the git server in the `~git/example-git-webhook` directory one could also `git
ls-tree main bin/` and then `git cat-file blob {sha for bin/post-receive} >
hooks/post-receive`