Jenkins-based Cookbook Pipeline
This cookbook sets up a Chef CI/CD based on Jenkins Pipelines.
It is subject of a talk at Config Management Camp 2017 on Feb 6th and is currently a work in progress!
Feel free to give it a try!
Please have a look at slides of the talk mentioned above.
export JENKINS_GITHUB_LOGIN=johndoe
export JENKINS_GITHUB_TOKEN=123456supersecure
Warning: A side-effect is that Jenkins will update the commit statuses of cookbooks that it touches. I haven’t found a way to disable that.
.kitchen.yml
copies your workstation’s Chef config (including your private key) into the VM:
export JENKINS_COPY_CHEF_CREDENTIALS=1
This is needed for all the steps that require authentication againgst your Chef server, like cookbook uploading or maybe even resolving cookbooks (in case you have specified it as source
in your Berksfile
).
Warning: Obviously, this will upload cookbooks if pipelines are passed successfully.
Point node['jenkins_chefci']['github_organization']
to the organization containing your cookbooks (playing with the default org TYPO3-cookbooks-test should still be fine).
Converge test-kitchen:
kitchen converge full-ubuntu-1604
The Github API user and token can be set in a wrapper cookbook using node.run_state[:jenkins_chefci_github_user]
/ node.run_state[:jenkins_chefci_github_token]
, similar to the Jenkins cookbooks node.run_state[:jenkins_private_key]
.
Manually configure an organization-level webhook in GitHub with Push and Repository events enabled and point it to /github-webhook
of your Jenkins server.
Set the attributes for the ~/.chef/config.rb
file via node['jenkins_chefci']['knife_config']
:
node['jenkins_chefci']['knife_config']['node_name'] = 'jenkins-node-name'
node['jenkins_chefci']['knife_config']['chef_server_url'] = 'https://chef.example.org'
/var/lib/jenkins/.chef/client.pem
to allow interaction with the Chef Server./etc/chef-jenkins-api.key
by default. (include this in your backup or when you move the Jenkins installation to a new host)NullPointerException
at the end of your pipeline runs, just save the Jenkins system config once (because the Slack plugin is stupid).