安装 Jenkins

SCM, 全称Source Coce Management, 主要作用是监视"版本控制系统"(比如gitlab).

Blue Ocean 重新思考Jenkins的用户体验,从头开始设计Jenkins Pipeline, 但仍然与自由式作业兼容,Jenkins是同步的

docker安装

注意不要使用:jenkins:2.60.3-alpine 而是 jenkins/jenkins:lts

# 老版本:jenkins:2.60.3-alpine 三年未更新
https://hub.docker.com/_/jenkins
# DEPRECATED; use "jenkins/jenkins:lts" instead 首页已经建议使用:jenkins/jenkins:lts

# 新版本
# https://hub.docker.com/r/jenkins/jenkins/tags
# lts版本,可以使用docker调用系统的docker服务
# docker run -u 0 --privileged \
#     -d --name blueocean \
#     -u root \
#     -p 8081:8080 \
#     -v /data/blueocean_home:/var/jenkins_home \
#     -v /var/run/docker.sock:/var/run/docker.sock \
#     -v $(which docker):/usr/bin/docker \
#     -v "$HOME":/home \
#     jenkinsci/blueocean
docker run -u 0 --privileged \
    -d --name myjenkins \
    -p 8080:8080 -p 50000:50000 \
    -v /data/jenkins_home:/var/jenkins_home \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v $(which docker):/usr/bin/docker \
    jenkins/jenkins:lts-jdk11

# 进入docker
# docker exec -it myjenkins /bin/bash
# 查看密码
docker exec myjenkins cat /var/jenkins_home/secrets/initialAdminPassword
# c9323a6749124818ae8f379df3568af8
http://192.168.1.180:8080/

二进制安装

包下载地址

cat /var/lib/jenkins/secrets/initialAdminPassword
# 1969111886f84dccad1d850a229ff8bd

# 授权:jenkins /var/run/docker.sock: connect: permission denied
# 如果docker有自己的用户组,则为:usermod -a -G docker jenkins
usermod -a -G root jenkins
# 临时测试:chmod 666 /var/run/docker.sock

安装gitea插件

gitea

Gitea | Jenkins plugin

安装Docker 插件

DockerDocker Pipeline

安装Nexus

下载地址

常见地址

# 中央仓库客户端请求的时候,自动缓存
http://localhost:8081/repository/maven-central/
# 私有快照
http://localhost:8081/repository/maven-snapshots/
# 私有发布版本
http://localhost:8081/repository/maven-releases/

mvn配置

pom.xml

<project>
......
<distributionManagement>
    <repository>
      <id>zaza</id>
      <name>Releases</name>
      <url>http://localhost:8081/repository/maven-releases</url>
    </repository>
    <snapshotRepository>
      <id>zaza</id>
      <name>Snapshot</name>
      <url>http://localhost:8081/repository/maven-snapshots</url>
    </snapshotRepository>
  </distributionManagement>
</project>

~/.m2/settings.xml

作为私有仓库,同时作为central的镜像节点

<settings>
    <mirrors>
        <mirror>
            <id>zaza</id>
            <name>zaza</name>
            <mirrorOf>central</mirrorOf>
            <!-- 国内推荐阿里云的Maven镜像 -->
            <!-- <url>https://maven.aliyun.com/repository/central</url> -->
            <url>http://localhost:8081/repository/maven-central/</url>
        </mirror>
    </mirrors>
    <servers>
      <server>
        <id>zaza</id>
        <username>admin</username>
        <password>71382b73-942a-4328-99d2-0d83155fa83b</password>
      </server>
  </servers>  
</settings>

发布

mvn deploy
# 快照版本 <version>1.0-SNAPSHOT</version>
# 正式版本 <version>1.0.0</version>

安装gitea

官方文档

安装maven

Maven – Welcome to Apache Maven

CICD搭建

原理

  1. 开发人员
  2. 提交到gitea
  3. Jenkins定期扫描
  4. Jenkins读取版本库的Jenkinsfile文件
  5. 管道方式执行Jenkinsfile
  6. Jenkinsfile可以将代码发布到Nexus私有仓库

创建Gitea用户、组织、团队

  1. login to your Gitea instance with an administrator account. 管理员账号登录
  2. create a new user, e.g. “jenkins”. Set password to something secure - you will not need it for login. 创建用户:jenkins
  3. add the jenkins user to the organization you want to build projects for in jenkins (either by adding him to an existing team or adding a new “ci”-team). Make sure that team is associated to the repositories you want to build. 创建组织: 组织名称:ops 可见性:私有 ,新建团队(主要用于权限管理):ci ,ci团队权限:只需要访问代码即可, 并将用户jenkins加入ci团队, 通常建议组织由管理员创建? 注意:这里需要将私有仓库迁移至组织下
  4. log out of Gitea. 退出管理员账号
  5. log back in as the new “jenkins” user. jenkins 账号登录
  6. in user profile settings, go to “application” and add a new access token. Make sure to note the token shown. 创建token

创建jenkins用户,重新登录并生成jenkins账户token:329bc5907bd7e690e553647bae29003d31b3f836

Jenkins添加Gitea认证源

Gitea | Jenkins plugin

This is only necessary when using branch-api plugin version >=2.7.0

  1. When configuring the new item, select “Repository Sources”
  2. In the “Gitea organzations” section, add a new credential of type “Gitea personal access token”.
  3. Add the access token created before for the jenkins user in Gitea. Ignore the error about the token not having the correct length.
  4. In the “Owner” field, add the name of the organization in Gitea you want to build projects for (not the full name).
  5. Fill the rest of the form as required. Click “Save”. The following scan should list the repositories that the jenkins user can see in the organization selected.

系统管理->系统设置->Gitea Servers->新增:这里主要添加认证,注意Gitea的仓库需要授权给jenkins,才能正常访问

Name:Gitea

Server URL:http://192.168.1.180:3000/

勾选Manage hooks->Credentials->添加->Jenkins:

类型(Kind):Gitea Personal Access Token

范围(Scope):系统(System)

Token(Gitea生成的):这里是Gitea用户生成的token 329bc5907bd7e690e553647bae29003d31b3f836

新建任务:{0} 文件夹

这个方案适用于自动扫描组织下面所有的版本库和版本分支

{0} 文件夹(Organization Folder):

创建后->Projects->Repository Sources

Gitea Organization:这个是对应的Gitea服务器

Credentials:保存到对应的任务名里面,这里是Gitea用户生成的token 329bc5907bd7e690e553647bae29003d31b3f836

Owner:ops Gitea对应的组织名称

扫描 Gitea Organization 触发器:5min

Child Scan Triggers:5min

参考