GitLab/Jenkins Webhooks with IBM Cloud Private
After installing and configuring GitLab and Jenkins in IBM Cloud Private, I’ve found it is useful to configure a WebHook between Gitlab and Jenkins such that when a commit occurs in a GitLab project a Jenkins Job is automatically started. This reduces the time required to build and deploy each iteration during the application modernization process and leaves the final project with a fully automated CI/CD pipeline.
In the following sections I will show you how to install the GitLab plugin for Jenkins and configure Jenkins to be able to retrieve metadata from GitLab using an Access Token. I will then configure an example Job to be started when I commit code to GitLab.
Install the GitLab Jenkins Plugin
The GitLab plugin for Jenkins provides the functionality to listen for the WebHook message from GitLab and start a Jenkins Job. Let’s start by installing the plugin. I am assuming you’ve completed the tasks in my previous article.
1. In Jenkins, click Jenkins → Manage Jenkins → Manage Plugins
2. Select the Available tab and enter gitlab in the Filter box. Select the GitLab plugin and click Install without restart
3. The installation of the plugin will start. Click the Restart Jenkins when the installation is complete and no jobs are running option.
4. When the plugin installation is complete, Jenkins will restart and you will be returned to the Jenkins Update Center.
The plugin is now installed and ready to use
Configure a GitLab Access Token
In the installing and configuring GitLab and IBM Cloud article I configured Jenkins to be able to connect to GitLab using an SSH Key however, the GitLab WebHook requires API Access to get metadata from GitLab. In this section we’ll create a API Access Token in GitLab and configure Jenkins to use it.
1. In GitLab, click on your user icon in the top right corner and select Settings
2. Click Access Tokens on the menu that is displayed
3. On the Add a personal access token page, give the token a Name such as Jenkins and set the Expires at to a suitable time in the future (here I’ve gone with 10 years). Set the scope to api and click Create personal access token
4. GitLab will then generate the Access Token and display it. Copy the token somewhere safe as you will need it in the upcoming steps and you only get to see it on this page and can’t access it again.
5. In Jenkins, click Jenkins → Credentials → System → Global credentials (unrestricted) and then click Add Credentials
6. Select GitLab API token from the Kind dropdown and copy the Access Token from GitLab in to the API token box. Give the credential an ID (Jenkins) and a Description. Click OK
Configure the Jenkins Job
Now it is time to configure a Jenkins Job for GitLab to trigger using the WebHook. In the previous article I used a Multibranch pipeline as an example Job to prove the Jenkins and GitLab SSH communication, however I need to use a Pipeline Job for the GitLab plugin to work.
1. In Jenkins, click New Item and create a new Pipeline named test-webhook and click OK
2. In the Build Triggers section, click Build when a change is pushed to Gitlab.. and leave the parameters as the defaults. Note down the GitLab webhook URL value for use later and then click Advanced
3. Scroll down to the Secret token line and click Generate to generate a new secret that GitLab can use to communicate with Jenkins securely. Copy the generated value for use later.
4. In the Pipeline section, set the Definition to Pipeline script from SCM and select Git from the SCM dropdown
5. In the Repositories section, enter ssh://git@gitlab.9.37.138.12.nip.io:2222/liberty/test.git as the Repository URL and ensure that the Credentials box shows the liberty credential you created for the SSH connection in the previous article. Click Advanced…
6. Enter origin in the Name box and +refs/heads/*:refs/remotes/origin/* +refs/merge-requests/*/head:refs/remotes/origin/merge-requests/* in the Refspec box
7. Click Save
Configure the GitLab project
The GitLab project can now be configured to trigger Jenkins. We will need the GitLab webhook URL and the Jenkins Secret token from the Jenkins project.
1. In GitLab, navigate to the test project
2. If your project is empty you will see a message such as the one shown below. Click the Add README button, enter some text and click Commit changes.
3. Use the menu on the left side of the screen to select Settings → Integrations
4. Enter the GitLab webhook URL from the previous step as the URL and the Jenkins Secret token from the previous step as the Secret Token
5. Scroll down and disable the SSL verification and click Add webhook
6. Scroll back down to the Webhooks section and select Test → Push events to trigger a test
7. The result should be a HTTP 200 message shown in GitLab
8. In Jenkins, navigate to the test-webhook project and verify that a failed job was triggered and has a comment that it was Started by GitLab push by liberty. The job failed as the project didn’t contain a Jenkinsfile which is expected
Conclusion
You’ve now configured GitLab and Jenkins such that a commit in GitLab will automatically securely trigger a Jenkins job. This gives you the foundation for your CI/CD pipeline that should be used to ensure that the latest code in GitLab is always build and deployed to IBM Cloud Private.
